Security News

The military junta controlling Myanmar has struggled to control all of its territory thanks in part to China backing rebel forces as a way of expressing its displeasure about cyberscam centers operating from the country. One issue Beijing wanted the junta to address was the proliferation of scam centers in Myanmar, as they often prey on Chinese netizens.

The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities. According to the German Federal Office for Information Security, around 45,000 Microsoft Exchange servers in Germany have Outlook Web Access enabled and are accessible from the Internet.

A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic. The attack is possible due to a vulnerability, currently tracked as CVE-2024-2169, in the implementation of the UDP protocol, which is susceptible to IP spoofing and does not provide sufficient packet verification.

More than 70 million records, allegedly stolen from AT&T in 2021, were dumped on a cybercrime forum at the weekend. The stolen files include names, Social Security Numbers, dates of birth, addresses, emails, phone numbers and other personal information, according to Dark Web Informer, who first spotted the massive data dump by the criminals.

Optum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. United Health Group is the largest American health insurance company, and its subsidiary, Optum Solutions, operates the Change Healthcare platform.

FBI's Internet Crime Complaint Center has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion. The number of relevant complaints submitted to the FBI in 2023 reached 880,000, 10% higher than the previous year, with the age group topping the report being people over 60, which shows how vulnerable older adults are to cybercrime.

A new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code. The malware contains encrypted source code for a malware downloader that is compiled and executed on the fly.

Overcoming the pressures of cybersecurity startup leadershipIn this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO's leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. How organizations can navigate identity security risks in 2024In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks and threats.

LockBit ransomware could be deployed through compromised website links, phishing, credential theft or other methods. Must-read security coverage LockBit website shut down.

LockBitSupp, the individual running the LockBit ransomware-as-a-service operation, has made good on one promise: the LockBit leak site is back online on backup domains, with lists of victims expected to be unveiled in the coming days. Last week, Operation Cronos hit LockBit hard by taking over their leak site and affiliate panel, disrupting part of their infrastructure, and arresting some suspected affiliates.