Security News

A law firm acting on behalf of the Nevada Attorney General Aaron Ford has asked a state court to issue a temporary restraining order denying minors access to encrypted communication in Meta's Messenger application. The legal claim cites a statement from the National Center for Missing and Exploited Children that argues Meta's provision of end-to-end encryption in Messenger "Without exceptions for child sexual abuse material placed millions of children in grave danger."

The White House Office of the National Cyber Director urged tech companies today to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities. Such vulnerabilities are coding errors or weaknesses within software that can lead to memory management issues when memory can be accessed, written, allocated, or deallocated.

The ALPHV/BlackCat ransomware gang is reportedly responsible for the massive Change Healthcare cyberattack that has disrupted pharmacies across the US since last week. The Register has not independently confirmed that ALPHV was involved in the intrusion.

LockBit ransomware could be deployed through compromised website links, phishing, credential theft or other methods. Must-read security coverage LockBit website shut down.

Threat actors are exploiting a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams. Search engine crawlers index the redirects and list them on Google Search results, making them an effective strategy for SEO poisoning campaigns, leveraging a trusted domain to rank malicious URLs higher for specific queries.

Officials have until March 2 to cough up or stolen data gets leaked LockBit claims it's back in action just days after an international law enforcement effort seized the ransomware gang's servers...

Members of the Five Eyes intelligence alliance warned today that APT29 Russian Foreign Intelligence Service hackers are now switching to attacks targeting their victims' cloud services. The Russian cyberspies also compromised Microsoft 365 accounts belonging to various entities within NATO nations to obtain foreign policy-related data and targeted governments, embassies, and senior officials throughout Europe associated in a string of phishing attacks.

Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort. ThyssenKrupp AG is one of the world's largest steel producers, employing over 100,000 personnel and having an annual revenue of over $44.4 billion.

Supply chain attacks are often used, as those attacks allow a threat actor to hit multiple targets easily. No matter the motivation for a cybersecurity attack, identity-based and social engineering attacks are still taking center stage.

This adds up to mean that while cybersecurity training is valuable in building awareness and knowledge about password security, it has limitations in changing risky user behavior like password reuse. By combining training efforts with technology, organizations can create a more robust defense against risky password behavior.