FCC kicks China Telecom out of United States
Image: Getty Images The United States Federal Communications Commission (FCC) has removed the authority of china Telecom to operate in the US, and given it 60 days to pack its
Australia launches new initiative for blocking scam government texts
The federal government has launched a new initiative to block scam text messages posing as legitimate government sender IDs. The new initiative was launched following a year-long pilot program that
SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike
Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader. SquirrelWaffle,
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there’s no guarantee that Azure or AWS are delivering services in a hardened
F5 beats Wall Street expectations for Q4, capping strong 2021
Application security company F5 Networks delivered better-than-expected fourth-quarter financial results, reporting non-GAAP net income of $185 million, or $3.01 per diluted share, on revenue of non-GAAP $617 million. The fourth-quarter
State Department to Form Cyber Bureau
State Department to Form Cyber Bureau The United States is planning to create a new government department that will deal with matters of digital policy and cybersecurity. On Monday, Secretary
Lazarus Attackers Turn to the IT Supply Chain
Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank. Lazarus
150 Arrested Over Darknet Drug Trafficking
150 Arrested Over Darknet Drug Trafficking An international law enforcement action has led to the arrest of 150 individuals worldwide on suspicion of buying or selling illicit goods on the
Scammers are emailing waves of unsolicited QR codes, aiming to steal Microsoft users' passwords
Written by AJ Vicens Oct 26, 2021 | CYBERSCOOP Email fraudsters are seizing on the attention around the quick response codes that have become more common in restaurants and stories,
Why the Next-Generation of Application Security Is Needed
New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here. By David
Study Coordinator Falsified Clinical Trial Data
Study Coordinator Falsified Clinical Trial Data A man from Colorado is facing a maximum prison sentence of 20 years after admitting to falsifying clinical trial data. Duniel Tejeda, formerly of
Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware
Fake Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain ‘inappropriate content.” Musical instruments, motorcycle parts and now malware — Craigslist really does have it all. The
Millions of Android devices abused by UltimaSMS Adware Scam
The UltimaSMS Adware scam is abusing Android apps to subscribe users to premium SMS services that charge up to $40/month depending on their mobile carrier and geographic location. Avast researchers
DOJ, Europol arrest hundreds as part of international darknet drug operation
DOJ The Justice Department, Europol and dozens of police forces worldwide announced hundreds of arrests and the seizure of $31 million as part of operation Dark HunTOR — an effort
Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users
The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet. Mozilla’s Firefox team has blocked add-ons that were abusing the proxy API in order
The Discovery of a Polygon Vulnerability Rewarded with a Prize to the Tune of $2 Million
A bug bounty reward worth $2 Million went to researcher Gerhard Wagner based on his discovery of a critical flaw located in Polygon’s Plasma Bridge. If successfully exploited, this Polygon
CISA warns of remote code execution vulnerability with Discourse
Open Source CISA urged developers to update Discourse versions 2.7.8 and earlier in a notice sent out on Sunday, warning that a remote code execution vulnerability was tagged as “critical.”
Almost All US Organizations Experienced a Cyber Event in the Past Year
Almost All US Organizations Experienced a Cyber Event in the Past Year Almost all (98%) US-based organizations experienced at least one cyber event in the past year, according to Deloitte’s 2021 Future
Site Deletion Vulnerability in Hashthemes Plugin
WordFence – Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 25, 2021, the Wordfence
UltimaSMS Subscription Fraud Campaign Targeted Android Users
The campaign was detected by Avast researchers, who dubbed it ‘UltimaSMS’, and also reported 80 related applications on the Google Play Store. Despite the fact that Google promptly deleted the applications,
Admins Urged by CISA to Patch Critical RCE Bug Found in Discourse
A critical RCE flaw discovered in the open-source Internet forum Discourse tracked as CVE-2021-41163, has been addressed in an urgent update on Friday. What Is Discourse? Discourse, which was founded in
Iranian state media blames hack for apparent fuel shortage, the latest incident to draw attention
Written by Jeff Stone Oct 26, 2021 | CYBERSCOOP Iranian officials say a cyberattack has forced the temporary closure of a government system that manages fuel subsidies, rendering it difficult
These ransomware criminals lost millions of dollars in payments when researchers secretly found mistakes in their code
A major ransomware operation was prevented from making millions of dollars after cybersecurity researchers discovered a flaw in the ransomware that enabled encrypted files to be recovered without paying a ransom to
Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads
UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service. Threat actors are using
AWS wins deal to store UK spy agencies' work, brings AI to the table
Intelligence agency GCHQ has signed a deal with Amazon Web Services (AWS) to host classified material and boost the use of artificial intelligence for espionage purposes. Although the procurement of
Malicious Firefox Add-ons Blocked
Mozilla Firefox is a free and open-source web browser that displays online pages using the Gecko rendering engine, which adheres to current and future web standards. What Happened? Mozilla disabled
Nobelium APT Group: A New Supply Chain Attack where Tech Resellers Are Targeted
Nobelium APT group, the one behind the famous SolarWinds attack and also associated with Russia’s spy agency, seems to reenter the threat landscape scene. This time its targets are tech resellers,
Ransomware has proliferated because it's 'largely uncontested', says GCHQ boss
GCHQ director Sir Jeremy Fleming. Image: Getty If you’ve wondered why ransomware has proliferated in recent years, it’s because until recently it has remained unchallenged, according to Sir Jeremy Fleming,
Threat Actors Exploit SQL-injection Vulnerability in the BillQuick Billing Software to Spread Ransomware
Researchers discovered that hackers actively exploit a critical SQL injection vulnerability in multiple versions of the web-based billing and invoicing system BillQuick to deploy ransomware on exposed systems. BillQuick Web
Nearly all US execs have experienced a cybersecurity threat, but some say there's still no plan
A new survey suggests the majority of US executives have encountered a cybersecurity incident but this has not translated into the creation of incident response plans. On Tuesday, Deloitte published
Global Security Skills Shortage Falls to 2.7 Million Workers
Global Security Skills Shortage Falls to 2.7 Million Workers The global cybersecurity skills shortage has fallen for the second consecutive year, but the size of the workforce is still 65%
Third-party data breach in Singapore hits healthcare provider
Another third-party security breach has been reported in Singapore, this time, affecting patients of Fullerton Health and compromising personal data that included bank account details in “a few cases”. The
GCHQ Boss: Ransomware Has Doubled in a Year
GCHQ Boss: Ransomware Has Doubled in a Year The volume of ransomware attacks on UK organizations has doubled over the past year, a British spy chief has warned. Director of
Schools put the brakes on facial recognition scheme for kids buying lunch
Schools in the United Kingdom have paused the rollout of facial recognition scans in cafeterias following backlash from data watchdogs and privacy advocates. Last week, the Information Commissioner’s Office (ICO),
BEC Costs UK Firms £140M Over Past Year
BEC Costs UK Firms £140M Over Past Year Reported business email compromise (BEC) incidents have hit 4600 cases over the past 12 months, costing individuals and businesses £138m in losses,
Mozilla Firefox cracks down on malicious add-ons used by 455,000 users
Mozilla’s Firefox browser team has cracked down on malicious add-ons, blocking software with a 455,000 user base. On October 25, the development team said that in early June, Firefox discovered
KT clarifies routing error caused outage instead of DDoS attack
Image: Getty Images South Korean telco KT has said its network outage on Monday was caused by an internal router issue, backtracking on its initial claim that the incident was
Home Affairs in talks to give telco more blocking powers against malicious messages
Image: Getty Images The Department of Home Affairs is in talks with the telecommunications industry to provide more powers to telcos for blocking spam and malicious content. “We are in
What To Expect in a Ransomware Negotiation
Trend Micro – This standard introduction shows a level of professionalism, indicating that the ransomware group uses a standard playbook for negotiating staff. While other ransomware families do not start
NSW government stands up dedicated unit to fight identity theft
The New South Wales government has established a dedicated unit that will provide support for citizens who have had their personal information or government proof of identity credentials stolen or
SolarWinds hackers, Nobelium, hit cloud providers and resellers
So far, Microsoft has informed 140 companies about the new attack campaign being carried out by Nobelium 14 of which were compromised by the group. The IT security researchers at
Defending Assets You Don’t Know About Against Cyberattacks
No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset
Austrac limited when regulating overseas terrorism financing via online platforms
Representatives from the Australian Transaction Reports and Analysis Centre (Austrac) on Monday said far-right extremists were increasingly using online platforms, such as Telegram and cryptocurrency exchange platforms, to fund their
Groove Calls for Cyberattacks on US as REvil Payback
The bold move signals a looming clash between Russian ransomware groups and the U.S. Following the recent international law enforcement effort that dismantled the infrastructure for the REvil ransomware group,
BQE Web Suite Billing App Rigged to Inflict Ransomware
An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware. Threat actors have been
BillQuick Billing App Rigged to Inflict Ransomware
A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware. Threat actors are picking
BillQuick says patch coming after Huntress report identifies vulnerabilities used in ransomware attack
BillQuick has said a short-term patch will be released addressing some of the vulnerabilities identified this weekend by cybersecurity firm Huntress. In a blog post on Friday, Huntress security researcher
What is a cybersecurity degree?
Cybersecurity schools train ethical hackers and information security analysts. A cybersecurity degree can help learners launch careers in this high-demand, lucrative field. Degree-seekers study cybersecurity at the undergraduate and graduate