Security News

The Data Access Agreement, by which the US and UK have agreed how one country can respond to lawful data demands from police and investigators in the other, took effect on Monday. The DAA spells out US and UK obligations under the Clarifying Lawful Overseas Use of Data Act, which the US Congress approved in 2018.

Tech companies are throwing their users to the wolves by allowing company employees, cops, and other third parties to access unprotected messages. "After the reversal of Roe v. Wade and with more rights cutbacks on the way, tech companies are throwing their users to the wolves by allowing company employees, cops, and other third parties to access unprotected messages."

A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world. "PlugX is modular malware that contacts a command and control server for tasking and can download additional plugins to enhance its capability beyond basic information gathering," Secureworks Counter Threat Unit said in a report shared with The Hacker News.

Microsoft is investigating an ongoing incident impacting administrators in North America who report seeing blank pages and 404 errors when trying to access the Microsoft 365 admin center.This outage could affect any admin in North America, as the company revealed on the Microsoft 365 Service health status page.

To ease this transition, reskilling programs designed for veterans are becoming increasingly popular, especially in the cybersecurity and IT fields where new talent is needed. To start, vets need to update and/or draft a new resume that reflects their current skill set, and while this may seem simple, it can be difficult for veterans who find themselves with large professional gaps or are unsure how to translate their military expertise into basic work skills.

A newly discovered multistage remote access trojan dubbed ZuoRAT has been used to target remote workers via small office/home office routers across North America and Europe undetected since 2020. The start of this campaign roughly lines up with a quick shift to remote work after the start of the COVID-19 pandemic which drastically increased the number of SOHO routers used by employees to access corporate assets from home.

A new joint Cybersecurity Advisory has been issued by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the Department of the Treasury and the Financial Crimes Enforcement Network to raise awareness and provide information about the Karakurt Data Extortion Group. The Karakurt Data Extortion Group, also known as Karakurt Team and Karakurt Lair, is a threat actor threatening companies to publicly disclose internal stolen data unless they receive payment of a ransom, which ranges from $25,000 USD to $13,000,000 USD in Bitcoin, within a week.

A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29, with some set of the activities associated with the crew assigned the moniker Nobelium.

If you're interested, the quickest way to "Know" Pi to seven significant digits is in the form 355/113, which comes out at 3.14159290, a mere 0.0000085% higher than the more precise 3.14159265. Why does Pi come out at close to 3.14, instead of, say, 3, or 4 or something easier to remember and more natural, in the mathematical sense of a whole number?

A cyberattack on Bridgestone Americas, one of the largest manufacturers of tires in the world, has been claimed by the LockBit ransomware gang. No details about the incident emerged until today when the LockBit ransomware gang claimed the attack by adding Bridgestone Americas to the list of their victims.