• German Police Raid DDoS-Friendly Host ‘FlyHosting’

    Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web service that catered to cybercriminals operating DDoS-for-hire services. Fly Hosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure.

  • UK Sets Up Fake Booter Sites To Muddy DDoS Market

    The United Kingdom's National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services. 

  • Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

    Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.

  • Why You Should Opt Out of Sharing Data With Your Mobile Provider

    A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device -- unless and until you affirmatively opt out of this data collection. Here's a primer on why you might want to do that, and how. Certain questions might be coming to mind right now, like "What the heck is CPNI?" And, 'If it's so 'customer proprietary,' why is AT&T sharing it with marketers?" Also maybe, "What can I do about it?" Read on for answers to all three questions.

  • Feds Charge NY Man as BreachForums Boss “Pompompurin”

    The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely first show up for sale. The forum's administrator "Pompompurin" has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums, a remarkably similar crime forum that the FBI infiltrated and dismantled in 2022.

  • Microsoft Patch Tuesday, March 2023 Edition

    Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction.

  • Two U.S. Men Charged in 2022 Hacking of DEA Portal

    Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims.

  • Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem

    Several commercial spyware vendors developed and used zero-day exploits against iOS and Android users last year. However, their exploit chains also relied on known vulnerabilities to work, highlighting the importance of both users and device manufacturers to speed up the adoption of security patches."The zero-day exploits were used alongside n-day exploits and took advantage of the large time gap between the fix release and when it was fully deployed on end-user devices," researchers with Google's Threat Analysis Group (TAG) said in a report detailing the attack campaigns. "Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits."To read this article in full, please click here

  • Italian privacy regulator bans ChatGPT over collection, storage of personal data

    Italy’s data privacy regulator has banned ChatGPT over alleged privacy violations relating to the chatbot’s collection and storage of personal data. With immediate effect, the Guarantor for the protection of personal data has ordered the temporary limitation of the processing of data of Italian users by ChatGPT parent firm OpenAI until it complies with EU General Data Protection Regulation (GDPR) privacy laws. It has also launched an investigation into ChatGPT, the Guarantor said. The ban comes in the wake of an open letter in which Twitter owner Elon Musk and a group AI industry executives called for a six-month pause in developing systems more powerful than OpenAI's newly launched GPT-4, citing potential risks to society.To read this article in full, please click here

  • New CISO appointments, February 2023

    The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Andrew Flynn, regional executive editor.To read this article in full, please click here

  • Kyndryl lays off staff in search of efficiency

    The layoffs are part of a restructuring initiative aimed at improving efficiency and customer service, Kyndryl says.

  • APT group Winter Vivern exploits Zimbra webmail flaw to target government entities

    An APT group known in the security industry as Winter Vivern has been exploiting a vulnerability in the Zimbra Collaboration software to gain access to mailboxes from government agencies in several European countries. While no clear links have been established between Winter Vivern and a particular country's government, security researchers have noted that its activities closely align with the interests of Russia and Belarus.The group, which is also tracked as TA473 or UAC-0114, has been operating since at least 2021 and past victims were identified in Lithuania, India, Vatican, and Slovakia. According to a report earlier this month by cybersecurity firm SentinelLabs, more recent targets include Polish government agencies, Ukraine's Ministry of Foreign Affairs, Italy's Ministry of Foreign Affairs, individuals within the Indian government, and telecommunications companies that support Ukraine in the ongoing war. In a new report released today, cybersecurity firm Proofpoint said it saw Winter Vivern campaigns late last year that targeted elected officials in the United States and their staffers.To read this article in full, please click here

  • 3CX DesktopApp compromised by supply chain attack

    3CX is working on a software update for its 3CX DesktopApp, after multiple security researchers alerted the company of an active supply chain attack in it. The update will be released in the next few hours; meanwhile the company urges customers to use its PWA (progressive web application) client instead. “As many of you have noticed the 3CX DesktopApp has a malware in it. It affects the Windows Electron client for customers running update 7,” Nick Galea, CEO at 3CX said in a security alert on Thursday. As an immediate response, the company advised users to uninstall and reinstall the app. To read this article in full, please click here

  • DXC Technology says global network is not compromised following Latitude Financial breach

    Soon after Latitude Financial revealed it suffered a cyber attack, DXC Technology quietly published a note on its website stating its global network and customer support networks were not compromised.When Latitude Financial, which is listed in the Australian Securities Exchange (ASX), first published about the attack it said the activity was believed to have “originated from a major vendor used” by the company. According to Latitude, the attacker obtained login credentials from an employee using it to “steal personal information that was held by two other services providers”.Latitude provides loans, credit cards and insurance in Australia, New Zealand, Canada and Singapore. Some of its services includes interest free instalments for JB Hi-Fi, The Good Guys and David Jones customers when shopping online.To read this article in full, please click here