Third Chrome Zero-Day Patched by Google Within One Week (www.securityweek.com)
Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.
FBI takes down BreachForums ransomware website and Telegram channel (www.theregister.com)
The FBI, in combination with police around the world, have taken control of the website and Telegram channel of ransomware brokerage site BreachForums.
LockBitSupp Denies Identification of Group ‘Admin’, Opens Contest to Find Named Dmitry Yuryevich (thecyberexpress.com)
The Alleged LockBit Ransomware Mastermind Has Been Identified (www.wired.com)
MITRE Hack: China-Linked Group Breached Systems in December 2023 (www.securityweek.com)
MITRE has shared more details on the recently disclosed hack, including the new malware involved in the attack, attribution information, and a timeline of the attacker’s activities.
Nigeria & Romania Ranked Among Top Cybercrime Havens (www.darkreading.com)
A survey of cybercrime experts assessing the top cybercrime-producing nations results in some expected leaders — Russia, Ukraine, and China — but also some surprises.
Automattic buys Beeper for $125MM, launches closed-source "encrypted" messaging app (techcrunch.com)
Curious how none of the coverage of this purchase mention that the app isn’t open-source, which makes all of their claims of “end-to-end encryption” worthless...
Germany Warns Of 17k Vulnerable Microsoft Exchange Servers Exposed Online - RedPacket Security (www.redpacketsecurity.com)
cross-posted from: midwest.social/post/10338366...
Inside the Massive Alleged AT&T Data Breach (www.troyhunt.com)
AT&T says leaked data of 70 million people is not from its systems (www.bleepingcomputer.com)
WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw (thehackernews.com)
Fujitsu: Malware on Company Computers Exposed Customer Data (www.darkreading.com)
Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents (www.darkreading.com)
Former telecom manager admits to doing SIM swaps for $1,000 (www.bleepingcomputer.com)
StopCrypt: Most widely distributed ransomware evolves to evade detection (www.bleepingcomputer.com)
National Security Agency | Cybersecurity Information Sheets
CSI: Advancing Zero Trust Maturity Throughout the Network and Environment Pillar [pdf]...
JetBrains TeamCity Mass Exploitation Underway, Rogue Accounts Thrive (www.darkreading.com)
One of the vulnerabilities (identified as CVE-2024-27198) has a near-maximum severity CVSS rating of 9.8 out of 10 and is an authentication bypass issue in TeamCity’s Web component. Researchers from Rapid7 who discovered the vulnerability and reported it to JetBrains have described it as enabling a remote unauthenticated...
Chinese chap charged with stealing Google’s AI datacenter secrets (www.theregister.com)
U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp (thehackernews.com)
International warning: Attackers could gain persistence on Ivanti VPN appliances (www.csoonline.com)
New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion (thehackernews.com)
67K Customers Impacted by Data Breach, According to U-Haul (www.darkreading.com)
NIST Releases Version 2.0 of Landmark Cybersecurity Framework (www.nist.gov)
NIST is a US government org that produces industry guidlines on best practices for cybersecurity, and they’ve just released a massive update to their framework.
Pharmaceutical giant Cencora says data was stolen in a cyberattack (www.bleepingcomputer.com)
“On February 21, 2024, Cencora, Inc. (the “Company”), learned that data from its information systems had been exfiltrated, some of which may contain personal information,” reads the SEC filing....
Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub (thehackernews.com)
