Security News > 2024 > March
Global law enforcement authorities' attempts to shutter the LockBit ransomware crew have sparked a fresh call for a ban on ransomware payments to perpetrators. Martin's comments reflect a growing belief in the cybersecurity community that a ban on ransom payments is the only way to disrupt the crime in the long term, despite the challenges that would come with such a move.
GitHub push protection - a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online - is being switched on by default for all public repositories.Since the beginning of this year, GitHub has detected over 1 million leaked secrets on public repositories, the company also shared.
Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is...
American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked. This incident was not caused by a data breach at American Express, but rather at a merchant processor in which American Express Card member data was processed.
American Express is warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked. In a data breach notification filed with the state of Massachusetts, American Express said that the breach occurred at one of its service providers used by their travel services division, American Express Travel Related Services Company.
A new phishing campaign is using fake Okta single sign-on pages for the Federal Communications Commission and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The victims are then prompted to resolve a captcha using hCaptcha - a tactic that prevents the phishing site from being identified and adds to its credibility - and are presented with a spoofed Okta SSO page.
Researchers have demonstrated a worm that spreads through prompt injection. In the second method, the researchers say, an image with a malicious prompt embedded makes the email assistant forward the message on to others.
Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. The security capabilities of public software package repositories plays a crucial factor in securing the open-source software supply chain.
A company’s lifecycle stage, size, and state have a significant impact on its security needs, policies, and priorities. This is particularly true for modern mid-market companies that are either...
Operation Cronos, led by the UK's National Crime Agency and the US's FBI, was put together by agencies from ten countries with the aim of closing down the world's most successful ransomware gang, LockBit. Best of all, the countdown timer by which LockBit displayed how long victims had left to pay up had been duplicated, only this time counting down to the unmasking of LockBit's head honcho, LockBitSupp.