Security News

The ransomware group, which has distributed ransomware to more than 1,000 victims, reportedly recovered control of its website on Tuesday. On Dec. 19, the Department of Justice announced the FBI had been working on a disruption campaign against the ransomware group known as ALPHV, Noberus or BlackCat that resulted in the seizure of several of the group's websites, visibility into their network and a decryption tool that could restore stolen data.

Cryptocurrency scammers are abusing a legitimate Twitter "Feature" to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs. On X, formerly and more widely known as Twitter, a post's URL consists of the account name of the person who tweeted it and a status ID, as shown below. This allows you to take an URL for a Tweet and modify the account name to whatever you want, even high-profile accounts.

Cryptocurrency scammers are abusing a legitimate X "Feature" to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs. On X, formerly Twitter, a post's URL consists of the account name of the person who tweeted it and a status ID, as shown below. This allows you to take an URL for a Tweet and modify the account name to whatever you want, even high-profile accounts.

The year 2023 was a big year for cyber security professionals in Australia. Experts from Rapid7 have argued that Australia can expect both advantages and risks from AI cyber tools in 2024.

A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. When configuring two-factor authentication on Instagram, the site will also provide eight-digit backup codes that can be used to regain access to accounts if you cannot verify your account using 2FA. This could happen for multiple reasons, such as switching your mobile number, losing your phone, and losing access to your email account.

On the other hand, Google's Cloud Cybersecurity Forecast 2024 report highlights the increased use of AI to scale malicious operations, nation-state-supported cybercriminal gangs, zero-day vulnerabilities and modern phishing as main attack vectors for the coming year. Notable 2023 OT-IT attacks include the late November ransomware attack on Ardent Health Services, which diverted ambulances and affected health emergency services across multiple U.S. states, and the attack on a water system in western Pennsylvania - claimed by an anti-Israeli Iranian cybercriminal group.

Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management solution.As Ivanti explained on Wednesday, these security flaws are due to WLAvalancheService stack or heap-based buffer overflow weaknesses reported by Tenable security researchers and Trend Micro's Zero Day Initiative.

Microsoft has fixed a known issue causing Wi-Fi network connectivity problems on Windows 11 systems triggered by recently released cumulative updates. Microsoft resolved this widespread known issue through Known Issue Rollback, a Windows feature that helps reverse flawed non-security updates delivered via Windows Update.

ESO Solutions, a provider of software products for healthcare organizations and fire departments, disclosed that data belonging to 2.7 million patients has been compromised as a result of a ransomware attack. The exact types of data exposed vary per individual, depending on the details the patients provided to the healthcare organizations using ESO's software and the care services they received.

Password attacks take many forms: from phishing schemes that dupe employees into handing over their login information, to underground markets where bad actors can sell or purchase stolen credentials. Nearly half of incidents cited in Verizon's 2023 Data Breach Investigations Report involved compromised passwords.