Security News

Keen infosec watchers will remember last year that the ransomware attack at MGM Resorts was, per the attacker's own account of the situation, orchestrated by phishing an IT helpdesk worker in just the space of 10 minutes. Red Canary says these types of attacks are usually pulled off by cybercrims phoning an organization's helpdesk while pretending to be an employee.

McDonald's has blamed a third-party service provider's configuration change, not a cyberattack, for the global outage that forced many of its fast-food restaurants to close. According to a statement shared by the company's Chief Information Officer Brian Rice, the global technology system outage began around midnight CDT on Friday.

The U.S. Department of Justice is recovering $2.3 million worth of cryptocurrency linked to a "Pig butchering" fraud scheme that victimized at least 37 people across the United States. Pig butchering is a social engineering scam where fraudsters contact people on social media and messaging platforms to build trust.

While both Okta and Duo offer strong identity management features like multi-factor authentication, user provisioning, single sign-on and endpoint visibility, there are still notable differences in how each vendor approaches IAM. Duo, which is now part of Cisco Security, takes a more unified approach to IAM, while Okta uses a two-pronged approach: workforce identity cloud and customer identity cloud. While pricing in both Okta and Duo is based on the number of users, Okta's is further determined by the product you choose.

A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the...

PornHub has now added Texas to its blocklist, preventing users in the state from accessing its site in protest of age verification laws. The bill requires adult sites showing sexual material to perform age verification to confirm a visitor from Texas is 18 years old.

Microsoft announced that Office LTSC 2024, the next Office LTSC release, will enter a commercial preview phase starting next month and will be generally available later this year. The company will also release Office 2024 later this year, a new version of on-premises Office for consumers, which comes with five years of support and the traditional "One-time purchase" model.

Moldovan national Sandu Boris Diaconu has been sentenced to 42 months in prison for operating E-Root, a major online marketplace that sold access to hacked computers worldwide. "The victims span the globe and all industries, as well as at least one local government agency in Tampa. Many victims were subject to ransomware attacks, and some of the stolen credentials listed on the Marketplace were linked to stolen identity tax fraud schemes."

Organisations surveyed in the report acknowledge that burnout and fatigue have contributed to lower team productivity, the success of some cyber attacks and employees choosing to seek new roles or leave the industry entirely. Burnout among cyber pros a known problem for years in APAC. Burnout in cybersecurity is a well-known problem.

A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts. SIM swapping is an unauthorized porting of a targeted person's phone number to another physical SIM card or eSIM chip controlled by the attacker.