Security News > 2023 > May

The National Police of Spain said it arrested 40 individuals for their alleged involvement in an organized crime gang called Trinitarians. Among those apprehended include two hackers who carried out bank scams through phishing and smishing techniques and 15 other members of the crime syndicate, who have all been charged with a number of offenses such as bank fraud, forging documents, identity theft, and money laundering.

Cloud services providers that aren't based in Europe - like the Big Three - may have to team up with a cloud that is operated and maintained from the EU if they want ENISA's stamp of approval for handling sensitive data. ENISA, the European Union's cybersecurity agency, is currently developing a cybersecurity certification scheme that aims to better protect member-state governments' and businesses' data.

A ransomware group has tried and failed to extort money from Dragos, the industrial cybersecurity firm has confirmed on Wednesday, and reassured that none of its systems or its Dragos Platform had been breached. "The criminal group gained access by compromising the personal email address of a new sales employee prior to their start date, and subsequently used their personal information to impersonate the Dragos employee and accomplish initial steps in the employee onboarding process. The group accessed resources a new sales employee typically uses in SharePoint and the Dragos contract management system. In one instance, a report with IP addresses associated with a customer was accessed, and we've reached out to the customer," the company explained.

Google has announced new tools, features and updates to improve users' online safety, help them evaluate content found online, and alert them if their Gmail identity appears on the dark web.Another helpful "Tool" for users is the newly introduced option of using passkeys - digital keys linked to a user account and a website or app - to authenticate to one's Google account.

First, a trustworthy AI system must be controllable by the user. These requirements are all well within the technical capabilities of AI systems.

Multiple threat actors have capitalized on the leak of Babuk ransomware code in September 2021 to build as many as nine different ransomware families capable of targeting VMware ESXi systems. "These variants emerged through H2 2022 and H1 2023, which shows an increasing trend of Babuk source code adoption," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.

A nascent botnet called Andoryu has been found to exploit a now-patched critical security flaw in the Ruckus Wireless Admin panel to break into vulnerable devices. While the malware is known to weaponize remote code execution flaws in GitLab and Lilin DVR for propagation, the addition of CVE-2023-25717 shows that Andoryu is actively expanding its exploit arsenal to ensnare more devices into the botnet.

Twitter is officially beginning to roll out support for encrypted direct messages on the platform, more than six months after its chief executive Elon Musk confirmed plans for the feature in November 2022. The "Phase 1" of the initiative will appear as separate conversations alongside existing direct messages on users' inboxes.

GitHub has announced the general availability of a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ago, said it's also extending push protection to all public repositories at no extra cost.

Monitoring assets in ever-changing settings operating in both development and production stages presents challenges. In this Help Net Security video, Daniel Deeney, CEO at Paladin Cloud, discusses how companies face difficulties identifying security threats within cloud environments.