Network SecurityFBI takes down 911 S5 botnet, ‘likely the world’s largest’ at 19M IPsLaura FrenchMay 30, 2024The botnet’s alleged operator was arrested last week and faces up to 65 years in prison.
IdentityOkta says Customer Identity Cloud prone to credential-stuffing attacksSteve ZurierMay 30, 2024Security pros say these type of disclosures by Okta could harm overall confidence in the short-term, but could also speed-up adoption of passwordless options.
Network SecurityCheck Point patches VPN 0-day exploited to target enterprisesLaura FrenchMay 29, 2024Exploitation attempts focused mostly on old local accounts with password-only authentication.
RansomwareNorth Korea’s ‘Moonstone Sleet’ targets victims with malicious toolsSteve ZurierMay 29, 2024Microsoft says the group leverages social-engineering techniques and has developed its own malware.
RansomwareRansomHub threatens to leak data of Christie’s auction house clientsLaura FrenchMay 28, 2024The ransomware group claims to have information on at least 500,000 Christie’s clients.
IdentityAttackers target old VPN accounts that relied on passwordsSteve ZurierMay 28, 2024Check Point Software sent a letter to its customers advising them to protect security gateways with certificate-based authentication.
Network SecurityMITRE shares lessons on VMware rogue VMs used in its own cyberattackLaura FrenchMay 24, 2024Attackers used a default account to create hidden VMs and persist in MITRE’s VMware environment.
Application securityGoogle patches fourth zero-day in May, eighth so far of 2024Steve ZurierMay 24, 2024Security pros say because this bug was exploited in the wild, assume threat actors have launched remote code execution attacks.
AI/ML‘Shadow AI’ on the rise; sensitive data input by workers up 156%Laura FrenchMay 23, 2024Up to 95.9% of workplace chatbot use is on personal accounts, risking data exposure.
RansomwareLondon Drugs waiting on LockBit’s next move after ransomware attackSteve ZurierMay 23, 2024The Canadian drug retailer maintains it won’t pay a $25 million ransom, while LockBit allegedly said it would start releasing stolen data.