A US government contractor working as an IT administrator at the State department is facing a maximum penalty of death or life in prison after being arrested on serious espionage charges. Abraham Teklu Lemma, 50, of Silver Spring, Maryland, has been charged with delivering national defense information to aid a foreign government, conspiracy to deliver
Security
The typical business in the US and UK loses over 4% of their online revenue every year due to malicious bot attacks, according to a new report from Netacea. The firm’s Death by a Billion Bots report was compiled from a survey of 440 businesses with an average online revenue of $1.9bn across the travel,
The International Criminal Court (ICC) yesterday confirmed the discovery of suspicious activity inside its IT network but revealed little else of a worrying security breach last week. The Netherlands-headquartered tribunal, which tries suspects of war crimes and crimes against humanity, posted a brief statement to X (formerly Twitter). “At the end of last week, the International
“I’m here to recruit you.” Was Christopher Wray, director of the FBI, really joking when he said that hiring people for the FBI was the reason for his presence at the Mandiant mWISE conference? During his opening keynote speech on September 18, Wray explained how collaborating with the private sector has changed the FBI’s approach
A further multimillion-dollar distribution of funds from Western Union to victims of fraud perpetrated via its payment network has begun, following a previous payout of $365m. The new $40m tranche of money was forfeited by the Colorado-headquartered financial services giant to the Department of Justice (DoJ) to reimburse 25,000 victims in the US and abroad.
China’s malicious cyber activity informs its preparations for a potential military conflict with the US, a new report from the Department of Defense (DoD) has claimed. The agency’s 2023 Cyber Strategy highlighted the People’s Republic of China (PRC) and Russia’s embrace of malicious cyber activity “as a means to counter US conventional military power and
Four out of five (80.3%) security vulnerabilities observed in organizations across all sectors come from a cloud environment, Palo Alto Networks’ Unit 42 found in its latest Attack Surface Threat Research. The report, published on September 14, 2023, outlined the most common cloud security flaws, of which 60% come from web framework takeover (22.8%), remote
A major data breach at Airbus revealed earlier this week stemmed from a RedLine info-stealer likely hidden in a pirated copy of Microsoft software, according to researchers. The European aerospace giant said it has launched an investigation into the incident. “As a major high-tech and industrial player, Airbus is also a target for malicious actors,”
Elon Musk is in the crosshairs of US federal regulators over his handling of privacy and security issues since he took over at X (formerly known as Twitter). In a new court filing made public on September 11, 2023, the US Department of Justice (DoJ) revealed further details about a Federal Trade Commission (FTC) investigation
The UK Government suffers from a major shortage of cybersecurity experts, putting critical services at high risk of cyber-attacks, a new report from the Parliament’s Public Accounts Committee (PAC) has found. The Committee revealed a major digital skills shortage in the civil service, which has under half the number of digital, data and tech professionals
MGM Resorts International, a well-known name in the world of hotels and casinos, has experienced a cybersecurity incident. According to a post on X (formerly Twitter), the incident caused trouble for critical parts of the company, including its main website, online bookings and in-casino services such as ATMs, slot machines and card payment machines. “MGM
Investigations have begun into a massive ransomware attack that has affected Sri Lanka’s government cloud system, Lanka Government Cloud (LGC). The investigation is being conducted by the Sri Lanka Computer Emergency Readiness Team and Coordination Center (CERT|CC). Sri Lanka’s Information and Communication Technology Agency (ICTA) confirmed the attack to several local news outlets on September
Security researchers at Cisco Talos have uncovered a scheme that preys on graphic designers and 3D modelers. Cyber-criminals are using cryptocurrency-mining malware to hijack the Graphics Processing Units (GPUs) commonly used in these fields. According to an advisory published by Cisco Talos on Thursday, this campaign has been active since at least November 2021. The
China has unveiled a new cyber capability powered by artificial intelligence, enabling the automatic generation of images for influence operations. These operations aim to mimic US voters across the political spectrum, fueling controversy along racial, economic and ideological lines. The findings come from a new report released by Microsoft Threat Analysis Center (MTAC) on Thursday.
The UK’s data protection regulator is set to review how period and fertility tracking applications process user information, after revealing that many women have concerns. The Information Commissioner’s Office (ICO) said it has contacted the developers of many of these apps to find out more. It also wants users to come forward and share their
A left-leaning think tank has urged a new UK Labour government to place cybersecurity front-and-center of its policymaking, borrowing from the Biden administration playbook where necessary. Progressive Britain’s new paper, CyberSecuronomics: Cybersecurity and Labour’s Modern Industrial Strategy, argued that the current Conservative government’s commitment to cyber is “insufficiently ambitious.” It said the UK still invests
Ukraine’s Computer Emergency Response Team (CERT-UA) issued an alert on September 5, 2023, about a cyber-attack attempted by Russian threat actor APT28 against a Ukrainian critical power infrastructure facility. The perpetrators planned to implement their intent using bulk emails from a fake address and a link to a ZIP archive, which, when opened, could have
A north London school and a Berkshire schools group have become the latest victims of serious cyber-attacks ahead of the new term, according to local reports. Highgate Wood School in Crouch End will now begin accepting pupils on September 11 rather than September 5 as originally intended. The secondary school, which serves local students aged 11–16, appears
Gigabytes of sensitive data related to British military and intelligence sites have been exposed by the infamous LockBit ransomware group. Zaun, a Wolverhampton-based manufacturer of fencing systems, has revealed it was hit by a cyber-attack carried out by LockBit on August 5-6. “In an otherwise up-to-date network, the breach occurred through a rogue Windows 7
SapphireStealer, an open-source information stealer, has emerged as a growing threat since its public debut last year. This malware is designed to pilfer sensitive data, including corporate credentials, and has since seen active usage and modifications by various threat actors. SapphireStealer was initially released on GitHub on December 25 2022. The malware targets browser credential databases
A Chinese-speaking cyber-criminal group named “Smishing Triad” has been observed conducting a large-scale smishing campaign targeting US citizens. This campaign has skillfully impersonated various postal and delivery services, including Royal Mail (UK), New Zealand Postal Service, Correos (Spain), PostNord (Sweden), Poste Italiane, Italian Revenue Service, USPS, Poczta Polska (Poland), J&T Express (Indonesia) and New Zealand Post.
Fortinet has observed significant threat exploitation targeting Adobe ColdFusion, a web development computing platform. This is despite a series of security updates (APSB23-40, APSB23-41, and APSB23-47) released by Adobe in July following reports of several critical vulnerabilities in its platform. Since those updates, however, Fortinet’s FortiGuard Labs IPS telemetry data has continued to detect numerous
The UK and its Five Eyes partners (Australia, Canada, New Zealand and the US) officially support Ukraine’s attribution of Infamous Chisel, a new piece of malware infecting Ukraine’s military personnel’s mobile phones, to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). In a joint report published on
The creators of ChatGPT, OpenAI, have launched ChatGPT Enterprise which it claims to be the “most powerful version of ChatGPT yet”. The company also claims that with the new version of its generative AI chatbot, users will get “enterprise-grade security and privacy”. Other features include unlimited higher-speed GPT-4 access, longer context windows for processing longer
by Paul Ducklin US food delivery compeny PurFoods, which trades as Mom’s Meals, has just admitted to a cyberintrusion that took place from 2023-01-16 to 2023-02-22. The company stated officially that: [The] cyberattack […] included the encryption of certain files in our network. Because the investigation identified the presence of tools that could be used
Microsoft has observed a proliferation of adversary-in-the-middle (AiTM) techniques deployed through phishing-as-a-service (PhaaS) platforms, the company explained in a series of tweets posted on August 28, 2023. On the one hand, there has been an increasing number of new AiTM-capable PhaaS platforms throughout 2023; on the other, established phishing services, such as PerSwaysion, have also
The North Korean state-sponsored actor Lazarus Group recently started a new campaign targeting internet backbone infrastructure and healthcare entities in Europe and the US, security researchers from Cisco Talos have found. The researchers said that the attackers began exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) in January 2023, only five days after it was disclosed. This
The FBI has urged users of affected Barracuda appliances to replace them immediately, after warning that they’re still being targeted by a Chinese APT group. A Flash update issued by the agency this week revealed that zero-day vulnerability CVE-2023-2868 continues to be exploited by the group, dubbed UNC4841 by Mandiant, in cyber-espionage attacks. “Barracuda customers
Security researchers are urging Azure Active Directory (AD) users to monitor for abandoned reply URLs after revealing a critical vulnerability in the Microsoft Power Platform. Secureworks said it discovered the reply URL takeover bug earlier in April and it was fixed by Microsoft within 24 hours. More specifically, the researchers had found an abandoned reply
The UK’s data protection watchdog is urging victims of so-called “text pests” to come forward after revealing that nearly a third (29%) of 18–34-year-olds have had their personal information misused. Text pest cases occur when an individual gives their personal details, including phone number or email, to a business for legitimate reasons. However, someone working
- « Previous Page
- 1
- …
- 14
- 15
- 16
- 17
- 18
- …
- 51
- Next Page »