Security

0 Comments
A leading California-based gaming developer has admitted that a serious cyber-attack on its systems has halted all updates. Tencent-owned Riot Games, which produces popular titles like League of Legends and Valorant, explained briefly what happened in a series of tweets on Friday. “Earlier this week, systems in our development environment were compromised via a social
0 Comments
UK postal service Royal Mail announced on January 18, 2022, that it has resumed some “limited” international shipping following the ransomware attack that hit the company on January 11. These limited services include “International Standard and International Economy letters which do not require a customs declaration” and “International Business Standard (untracked) and International Business Economy
0 Comments
WhatsApp has been hit with a €5.5m ($5.9m) fine for GDPR violations by Ireland’s Data Protection Commission (DPC). In addition to the fine, WhatsApp Ireland has been directed to bring its data processing operations into compliance within six months. The case showcased significant disagreements between European data protection authorities about the extent of WhatsApp’s liability.
0 Comments
Security researchers discovered over 400 malicious packages in the popular open source registry npm in December, and dozens more in PyPI. Sonatype explained in a blog post that its AI tooling spotted 422 malicious npm packages focused mainly on data exfiltration via typosquatting or “dependency confusion attacks.” Additionally, it found 58 malicious packages in PyPI,
0 Comments
Some 94% of European organizations are struggling to find skilled practitioners to take up crucial privacy-related roles, according to new research from professional association ISACA. The IT audit and governance body polled 375 privacy professionals across the region in Q4 2022, as part of a wider global study: Privacy in Practice. It found that, although
0 Comments
Security researchers detected twice as many cases of corporate access being sold on the dark web by initial access brokers (IABs) last year as during the previous 12 months, with the number of brokers also surging. Group-IB spotted 2348 instances of IAB sales activity between H2 2021 and H1 2022, with the number of countries
0 Comments
by Paul Ducklin Another day, another series of cryptocurrency scams… …these, fortunately, brought to a halt, though sadly not before they’d defrauded “investors” around the globe to the tune of millions of dollars. According to Europol, 216 people were questioned in Bulgaria, Cyprus, Germany and Serbia; 15 have already been arrested; 22 searches were conducted,
0 Comments
TikTok has been fined €5m ($5.4m) by the French data protection regulator for failing to provide users with enough information on the purpose of cookies on its site or give them an easy way to decline those cookies. The Commission Nationale de l’Informatique et des Libertés (CNIL) said the multimillion-dollar fine was levied at TikTok UK
0 Comments
Russian cyber-criminals have been observed on dark web forums trying to bypass OpenAI’s API restrictions to gain access to the ChatGPT chatbot for nefarious purposes. Various individuals have been observed, for instance, discussing how to use stolen payment cards to pay for upgraded users on OpenAI (thus circumventing the limitations of free accounts). Others have
0 Comments
The pro-Russia hacktivist group known as NoName057(16) has recently started new attacks against organizations and businesses across Poland, Lithuania and other countries. Most recently, the group began targeting the websites of the Czech presidential election candidates. According to SentinelOne, who discovered the new campaigns, the group conducted these campaigns by using public Telegram channels, a distributed
0 Comments
The Guardian has confirmed that threat actors stole the personal data of UK staff members during the ransomware attack that affected its systems on December 20, 2022. The updates come from The Guardian Media Group’s chief executive, Anna Bateson, and The Guardian‘s editor-in-chief, Katharine Viner, who emailed staff members on Wednesday. The executives have described
0 Comments
A new advanced persistent threat (APT) group dubbed ‘Dark Pink’ by Group-IB (and ‘Saaiwc Group’ by Chinese cybersecurity researchers) has been spotted targeting various entities across Asia-Pacific and Europe, mainly with spear phishing techniques. According to a new advisory published by Group-IB earlier today, Dark Pink began operations as early as mid-2021, although the group’s
0 Comments
The US Supreme Court gave the green light on Monday for WhatsApp to pursue a lawsuit against NSO Group, the Israeli surveillance company, for installing the Pegasus spyware on roughly 1400 devices where WhatsApp was also installed. More specifically, the court has ruled that WhatsApp is allowed to sue for damages ensued by the malicious installation
0 Comments
The South African threat actors known as “Automated Libra” have been improving their techniques to exploit cloud platform resources for cryptocurrency mining. According to Palo Alto Networks Unit 42, the threat actors have used a new Captcha-solving system alongside a more aggressive use of CPU resources for mining and the mix of “freejacking” with the
0 Comments
US-based health and human services organization Maternal & Family Health Services (MFHS) has reported being hit by a ransomware attack. The non-profit made the announcement on Thursday, saying its systems were compromised between August 21, 2021, and April 4, 2022. An investigation launched in April last year revealed the attack may have exposed sensitive information
0 Comments
Ongoing hacking campaigns orchestrated by the threat actor group Blind Eagle (also known as APT-C-36) have been spotted targeting individuals across South America. Security experts from Check Point Research (CPR) unveiled the findings in a new advisory published on Thursday, describing a novel infection chain involving an advanced toolset. “For the last few months, we have
0 Comments
Meta’s instant messaging subsidiary WhatsApp has officially introduced proxy support, reportedly to tackle internet disruption tactics used by repressive governments. The company made the announcement in a blog post on Thursday, saying the new feature is designed to put the power into people’s hands to maintain access to WhatsApp if their connection is blocked or
0 Comments
by Paul Ducklin There’s been a bit of a kerfuffle in the technology media over the past few days about whether the venerable public-key cryptosystem known as RSA might soon be crackable. RSA, as you probably know, is short for Rivest-Shamir-Adleman, the three cryptographers who devised what turned into an astonishingly useful and long-lived encryption
0 Comments
Threat actors have exploited Fortinet Virtual Private Network (VPN) devices to try and infect a Canadian-based college and a global investment firm with ransomware. The findings come from eSentire’s Threat Response Unit (TRU), which reportedly stopped the attacks and shared information about them with Infosecurity ahead of publication. eSentire said the threat actors tried to