Security News > 2023

The U.S. Department of Justice charged four suspects for their alleged involvement in a pig butchering fraud scheme that resulted in more than $80 million in victim losses. Criminals behind pig butchering scams approach victims via various messaging apps, dating platforms, or social media platforms, build trust, and introduce them to investment schemes that eventually allow them to drain the targets' cryptocurrency wallets.

This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries. Banking trojans are malware that targets people's online bank accounts and money by stealing credentials and session cookies, bypassing 2FA protections, and sometimes even performing transactions automatically.

Discord has made security key multi-factor authentication available for all accounts on the platform, bringing significant security and anti-phishing benefits to its 500+ million registered users. Discord has now brought the WebAuthn feature to all Discord users, allowing users to replace the legacy MFA system that relies on time-based one-time passwords, 8-digit one-time backup codes, and SMS messages carrying a 6-digit verification code.

The research lab says in breach notification letters filed with the Maine Attorney General's Office this week that the attackers exfiltrated the data of 45,047 current and former employees, as well as their dependents and spouses. "The event did not impact INL's own network, or other networks or databases used by employees, lab customers or other contractors. The breach only impacted the cloud-based Oracle HCM test environment that resides off-site."INL said.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

Ledger is warnings users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs. Ledger is a hardware wallet that lets users buy, manage, and securely store their digital assets offline, supporting multiple cryptocurrencies, including Bitcoin and Ethereum. The company offers a library called the "Ledger dApps Connect Kit" that allows web3 apps to connect to Ledger hardware wallets.

Help Net Security sponsored and attended Cybersecurity Marketing Society’s CyberMarketingCon 2023 in Austin, TX. Over the three days of the conference, there were 35 speakers, keynotes, and 15...

Cybersecurity researchers have identified a set of 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom...

Tools like Specops Password Auditor are beneficial as they enable scanning and detection of weak passwords within AD, including those found in breached password lists. A third-party password solution that can enforce longer passwords, and block the use of high-probability passwords, is the best approach.

Updated The offensive cyber unit linked to Russia's Foreign Intelligence Service is exploiting the critical vulnerability affecting the JetBrains TeamCity CI/CD server at scale, and has been since September, authorities warn. The exploit in TeamCity could give attackers enough access to manipulate a software's source code, sign certificates, and compile and deploy processes, the advisory says.