Security News > 2024 > January

Beyond blockchain: Strategies for seamless digital asset integrationIn this Help Net Security interview, Jean-Philippe Aumasson, CSO at Taurus, emphasizes the often-overlooked complexities of key generation, storage, and distribution, underlining the necessity for a high level of security maturity in handling digital assets. Attackers can steal NTLM password hashes via calendar invitesA recently patched vulnerability in Microsoft Outlook that can be used by attackers to steal users' NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Taler has shared on Friday.

Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang.

The Kansas City Area Transportation Authority announced it was targeted by a ransomware attack on Tuesday, January 23. KCATA is a bi-state public transit agency serving seven counties of Missouri and Kansas, operating 78 bus routes and 6 MetroFlex routes using a fleet of 300 buses.

The Kansas City Area Transportation Authority announced it was targeted by a ransomware attack on Tuesday, January 23.KCATA is a bi-state public transit agency serving seven counties of Missouri and Kansas, operating 78 bus routes and 6 MetroFlex routes using a fleet of 300 buses.

Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry...

Microsoft, a week after disclosing that Kremlin-backed spies broke into its network and stole internal emails and files from its executives and staff, has now confirmed the compromised corporate account used in the genesis of the heist didn't even have multi-factor authentication enabled. On Thursday, Redmond admitted Midnight Blizzard - a Moscow-supported espionage team also known as APT29 or Cozy Bear - "Utilized password spray attacks that successfully compromised a legacy, non-production test tenant account that did not have multifactor authentication enabled."

Amazing footage of a black-eyed squid carrying thousands of eggs. They tend to hang out about 6,200 feet below sea level.

Jack Cable, a CISA senior technical advisor, writes that in 2019 when he was a computer science student at Stanford University in California, he didn't need to take any cybersecurity courses to graduate. Nearly five years later, "That list of the top 24 universities in computer science hasn't changed: 23 still don't require cybersecurity," Cable wrote in his memo.

Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which comes with both the Desktop Experience and Server Core installation options for Datacenter and Standard editions, Annual Channel for Container Host and Azure Edition.

Microsoft has launched flighting for Windows Server systems enrolled in its Windows Insider open software testing program. "If you have a recent Windows Server insider build installed, you can now go to Windows Update in Settings app, and check for updates. This will bring you a newer build, as a Feature update," said Microsoft software engineer Artem Pronichkin.