AWS, Cloudflare, Google, helped Feds identify DDOS suspect • The Register
Infosec in brief PLUS The US Department of Justice has thanked Akamai, Amazon Web Services, Cloudflare, Digital Ocean, Flashpoint, Google, PayPal, and Unit 221B for their assistance in an investigation that last week led to charges against an alleged operator...
The good, the bad, and the frankly ridiculous • The Register
feature Thirty years ago, Netscape kicked off the first commercial bug bounty program. Since then, companies large and small have bought into the idea, with mixed results. Bug bounties seem simple: a flaw finder spots a vulnerability, responsibly discloses it,...
Murky Panda hackers exploit cloud trust to hack downstream customers
A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers. Murky Panda, also known as Silk Typhoon (Microsoft) and...
Data I/O ransomware attack ‘temporarily impacted’ operations • The Register
Data I/O, a major electronics manufacturer whose customers include Amazon, Apple, Google, and Microsoft, notified federal regulators that it fell victim to a ransomware infection on August 16 that continues to disrupt its business operations. "The Company is...
DaVita tells 2.4M people ransomware scum stole health data • The Register
Ransomware scum breached kidney dialysis firm Davita's labs database in April and stole about 2.4 million people's personal and health-related information. In a filing with the US Department of Health and Human Services, the global healthcare provider, which...
APT36 hackers abuse Linux .desktop files to install malware in new attacks
The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. The activity, documented in reports by CYFIRMA and CloudSEK, aims at data exfiltration and persistent espionage...
Criminal background checker APCS faces data breach • The Register
Exclusive A leading UK provider of criminal record checks for employers is handling a data breach stemming from a third-party development company. Access Personal Checking Services (APCS) has written to customers to notify them that their data has been...
Fake Mac fixes trick users into installing new Shamos infostealer
A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. The new malware, which is a variant of the Atomic macOS Stealer (AMOS), was developed by the...
Fake CAPTCHA tests trick users into running malware • The Register
Microsoft's security team has published an in-depth report into ClickFix, the social engineering attack which tricks users into executing malicious commands in the guise of proving their humanity. ClickFix pretends to be a standard CAPTCHA challenge. But,...
Interpol arrests 1,209 in Africa in cybercrime clampdown • The Register
Interpol's latest clampdown on cybercrime resulted in 1,209 arrests across the African continent, from ransomware crooks to business email compromise (BEC) scammers, the agency says. Operation Serengeti 2.0 took place between June and August this year, and the...