The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates’ money by pretending the FBI seized their site and infrastructure.
The gang announced they are now selling the source code for the malware for the hefty price of $5 million.…
Passwords play a critical role in most organizations’ security. But they can also represent a significant expense. From the countless hours your service desk spends resetting passwords and unlocking accounts, to the massive cost of security incidents or data breaches, passwords cost you money.
While getting rid of passwords completely isn’t a realistic option for most organizations, there are things you can do to make them more secure and cost-effective.…
COMMENTARY
Although it wasn’t called biometrics at the time, a rudimentary form of the technology emerged in 1901 when Scotland Yard adopted fingerprint classification to identify criminal suspects. The biometrics field has come a long way in the more than 120 years since then.
Public and private sector organizations now use it to identify and authenticate individuals to grant access to computer systems, such as laptops and tablets, and enterprise applications such as human resources or customer relationship management systems.…
Cybercriminals have developed an enhanced version of the infamous GhostLocker ransomware that they are deploying in attacks across the Middle East, Africa, and Asia.
Two ransomware groups, GhostSec and Stormous, have joined forces in the attack campaigns with double-extortion ransomware attacks using the new GhostLocker 2.0 to infect organizations in Lebanon, Israel, South Africa, Turkey, Egypt, India, Vietnam, and Thailand, as well as other locations.…
The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense announced it had breached the Russian Ministry of Defense servers as part of a special operation, and exfiltrated confidential documents.
Stolen documents include:
confidential documents, including orders and reports circulated among over 2000 structural units of the Russian military service.…American Express is notifying its customers that their credit cards were exposed in a breach involving a third-party service provider.
In a data breach notification filed with the state of Massachusetts, the American bank holding and financial services company notes that its own systems were not compromised by the incident. …
The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddleShark.
Kimsuky (aka Thallium and Velvet Chollima) is a North Korean state-sponsored hacking group known for cyber espionage attacks on organizations and governments worldwide.…
The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark.
Kimsuky (aka Thallium and Velvet Chollima) is a North Korean state-sponsored hacking group known for cyber espionage attacks on organizations and governments worldwide.…
American Express (Amex) notifies customers that their credit card information has been compromised in a data breach involving a third-party merchant processor. The company did not disclose the number of impacted customers.
“We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system.”…
The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.
While BlackCat’s data leak blog has been down since Friday, BleepingComputer had confirmed that negotiation sites were still active over the weekend.…
The National Intelligence Service (NIS) in South Korea warns that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks.
NIS says these attacks increased in the second half of 2023 until recently, targeting internet-exposed servers vulnerable to known flaws for initial access to corporate networks.…
3/4/24: Article updated with further clarification from American Express that it was a merchant processor who was hacked, not one of their service providers.
American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked.
This incident was not caused by a data breach at American Express, but rather at a merchant processor in which American Express Card member data was processed. …
Mar 04, 2024NewsroomAI Security / Vulnerability
As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform.
These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said.
“The model’s payload grants the attacker a shell on the compromised machine, enabling them to gain full control over victims’ machines through what is commonly referred to as a ‘backdoor,'” senior security researcher David Cohen said.…
The digital sphere has witnessed a surge in AI-fueled tax fraud, presenting a grave threat to individuals and organisations alike. Over the past year and a half, the capabilities of artificial intelligence tools have advanced rapidly, outpacing government efforts to curb their malicious applications.
LexisNexis’ Government group CEO, Haywood Talcove, recently exposed a new wave of AI tax fraud, where personally identifiable information (PII) like birthdates and social security numbers are exploited to file deceitful tax returns.…
Georgia’s largest county is still repairing damage inflicted on its government a month ago by hackers who shut down office phone lines, left clerks unable to issue vehicle registrations or marriage licenses and threatened to publicly release sensitive data they claimed to have stolen unless officials paid ransom.…
In the vast digital landscape, data breaches have become an unfortunate reality. However, some breaches stand out as monumental, and the recent discovery of the “mother of all breaches” (MOAB) is one such instance. Let’s delve into the details of this massive security incident and explore its implications for businesses.…
Restaurant chain Golden Corral says personal information was compromised in an August 2023 data breach. The post Golden Corral Data Breach Impacts 180,000 Employees appeared first on SecurityWeek. Read More
SecurityWeek RSS Feed…
PRESS RELEASE
ORANGE COUNTY, Calif. and RICHMOND, Va., Feb. 28, 2024 /PRNewswire/ — Troutman Pepper has formalized an Incidents + Investigations Team that caters to a growing need for comprehensive legal services around data breaches and cybersecurity incidents. Comprising attorneys from coast-to-coast, the team offers clients 24/7 support in this critical area.
“The team tackles the legal, security, and communication challenges that companies encounter during a data or cybersecurity incident,” said Partner Sadia Mirza, co-leader of the Incidents + Investigations Team.…