News

  • Friday Squid Blogging: Piglet Squid

    Nice article on the piglet squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Read More

    Read More

  • MoonBounce UEFI implant used by spy group brings firmware security into spotlight

    Researchers uncovered a stealthy UEFI rootkit that’s being used in highly targeted campaigns by a notorious Chinese cyberespionage group with suspected government ties. The group is known for using software supply-chain attacks in the past. Dubbed MoonBounce by researchers from Kaspersky Lab, the implant’s goal is to inject a malicious driver into the Windows kernel…

    Read More

  • Attackers use public cloud providers to spread RATs

    A campaign that uses public cloud service providers to spread malware has been discovered by Cisco Talos. The offensive is the latest example of threat actors abusing cloud services like Microsoft Azure and Amazon Web Services for malicious purposes, security researchers Chetan Raghuprasad and Vanja Svajcer wrote in the Talos blog. To camouflage their activity,…

    Read More

  • Homelife of Connecticut Residents Secretly Recorded

    Homelife of Connecticut Residents Secretly Recorded A man from Connecticut has been arrested on suspicion of using digital devices to record his neighbors.  Waterford resident Keith Hancock allegedly recorded 10 victims from outside their homes, two of whom were juveniles. Six of the individuals were filmed while undressing.  Hancock is also suspected of recording more victims while…

    Read More

  • Pennsylvania Approves Ransomware Bill

    Pennsylvania Approves Ransomware Bill Pennsylvania has approved new legislation barring state and local governments from using taxpayers’ money to pay ransoms to cyber-criminals.  Senate Bill 726, amending Title 18 (Crimes and Offenses) of the Pennsylvania Consolidated Statutes, was approved by the Pennsylvania Senate on Wednesday. The legislation has now advanced to the House of Representatives for further consideration.…

    Read More

  • Crime Shop Sells Hacked Logins to Other Crime Shops

    Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites. Criminals…

    Read More

  • Memorial Health System Confirms Data Breach

    Memorial Health System Confirms Data Breach A cyber-attack on an Ohio-based health system may have exposed the protected health information (PHI) of 216,478 patients. Memorial Health System was hit with ransomware in the early hours of August 15 2021. The incident forced the health system to suspend user access to all information technology applications related to its operations.…

    Read More

  • China’s Olympics App Is Horribly Insecure

    China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes. Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but…

    Read More

  • (ISC)2 Appoints its First CISO

    (ISC)2 Appoints its First CISO (ISC)2 has announced the appointment of Jon France, CISSP, as its first chief information security officer (CISO). The non-profit association of certified cybersecurity professionals said France will lead all of its cybersecurity operations. This includes providing regular risk assessments and strategic insights to (ISC)2’s senior management and the board of…

    Read More

  • McAfee, FireEye merger yields Trellix, a unified XDR security company

    Trellix, a new company formed from the merger of cybersecurity giants McAfee Enterprise and FireEye, is intent on becoming the leader in XDR (extended detection and response) technology by combining applications from both of the formerly separate companies into an interoperable suite of products for threat prevention, detection and response. The strategy and the new…

    Read More

News, Advisories and much more

Exit mobile version