Sat.Sep 24, 2022

article thumbnail

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, “America is looking for me because I have enormous information and they need it.” A copy of the passport for Denis Kloster, as posted to his Vkontakte

article thumbnail

Weekly Update 314

Troy Hunt

Wow, what a week! Of course there's lots of cyber / tech stuff in this week's update, but it was really only the embedded tweet below on my mind so I'm going to leave you with this then come to you from somewhere much more exotic than usual (and I reckon that's a pretty high bar for me!) next week 😎 Absolutely over the moon to formally make @Charlotte_Hunt_ a part of our family ❤️ 💍 pic.twitter.com/XfahXElboC — Troy Hunt (@troyhunt) Septem

Software 189
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Colonial Pipeline ransomware group using new tactics to become more dangerous

Tech Republic Security

Dubbed Coreid, the group has adopted a new version of its data exfiltration tool and is offering more advanced capabilities to profitable affiliates, says Symantec. The post Colonial Pipeline ransomware group using new tactics to become more dangerous appeared first on TechRepublic.

article thumbnail

September Snafus: Hackers Take Advantage of Unwitting Employees

Approachable Cyber Threats

Category News, Social Engineering. Risk Level. Several large companies were hacked in the first half of September. The common theme? All of the attacks were carried out with relatively simple phishing and social engineering techniques. So far in September, IHG , Uber , and Rockstar Games have all been victims of major independent cyber attacks. Though the attacks had different results for each company, the techniques and underlying vulnerabilities that were exploited shared a common theme.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Training the next generation of cybersecurity experts to close the crisis gap

Tech Republic Security

The biggest threat to cybersecurity departments could be the lack of qualified employees, leaving companies vulnerable. The post Training the next generation of cybersecurity experts to close the crisis gap appeared first on TechRepublic.

article thumbnail

London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches

The Hacker News

The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said, adding "he remains in police custody.

Hacking 98

More Trending

article thumbnail

Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released

The Hacker News

Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers' network. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.

article thumbnail

Ukraine: SSU dismantled cyber gang that stole 30 million accounts

Security Affairs

The cyber department of Ukraine ‘s Security Service (SSU) dismantled a gang that stole accounts of about 30 million individuals. The cyber department of Ukraine ‘s Security Service (SSU) has taken down a group of hackers that is behind the theft of about 30 million individuals. The gang was offering the stole accounts for sale on the dark web, according to the SSU they earned almost UAH 14 million from the sale.

article thumbnail

UK Police arrests teen believed to be behind Uber, Rockstar hacks

Bleeping Computer

The City of London police announced on Twitter today the arrest of a British 17-year-old teen suspected of being involved in recent cyberattacks. [.].

Hacking 97
article thumbnail

Sophos warns of a new actively exploited flaw in Firewall product

Security Affairs

Sophos warns that a critical code injection security vulnerability in its Firewall product is actively exploited in the wild. Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild. The CVE-2022-3236 flaw resides in the User Portal and Webadmin of Sophos Firewall, its exploitation can lead to code execution (RCE). “A code injection vulnerability allowing remote code execution was discov

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

What Are the Benefits of Outsourcing to an IT Support Company?

SecureBlitz

All businesses rely on some form of IT in the modern era. The majority use complete networks throughout the office so that employees can communicate with each other and customers daily. If there is ever an IT issue, this can inhibit productivity and, in some severe circumstances, put the company’s reputation and operations at risk. […]. The post What Are the Benefits of Outsourcing to an IT Support Company?

Risk 73
article thumbnail

App Developers Increasingly Targeted via Slack, DevOps Tools

Dark Reading

Slack, Docker, Kubernetes, and other applications that allow developers to collaborate have become the latest vector for software supply chain attacks.

article thumbnail

Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach

Schneier on Security

This one has chewed-up tentacles. (Note that this is a different squid than the one that recently washed up on a South African beach.). As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

194
194
article thumbnail

Can My Identity be Stolen from My Birth Certificate?

Identity IQ

Can My Identity be Stolen from My Birth Certificate? IdentityIQ. For most U.S. citizens, an official birth certificate may be the most critical document to have in their possession. Birth certificates back up your identity using your name, date of birth, place of birth, your sex/gender as recorded at birth and the identity of your parents. They’re commonly referred to as “breeder documents” because they can be used to facilitate the acquisition of other official identity documents, including dri

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Where VCs Are Investing in Cybersecurity

eSecurity Planet

Between a plunging stock market, rising interest rates and a slumping economy, raising venture capital has not been easy this year. This has even been the case for high-priority categories like cybersecurity. According to data from PitchBook, venture capital investments have reached about $13.66 billion so far this year, down significantly from $26.52 billion in 2021.