Security News
Four vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched "Immediately," according to Microsoft, which spotted the flaws and disclosed them to the software vendor. Redmond's flaw finders reported the security holes in late August, and Perforce patched them in November, we're told, so hopefully you've already updated your installations and can relax.
The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. "ALPHV Blackcat affiliates have extensive networks and experience with ransomware and data extortion operations," the FBI says.
An international law enforcement operation codenamed 'Operation HAECHI IV' has led to the arrest of 3,500 suspects of various lower-tier cybercrimes and seized $300 million in illicit proceeds. 199 million of the seized amounts concern hard currency, and the remaining $101 million corresponds to the value of 367 digital/virtual assets, such as NFTs linked to cybercrime.
Microsoft has confirmed that some Windows 11 devices experience Wi-Fi connectivity issues after installing recent cumulative updates. "Microsoft has received reports of an issue in which some Wi-Fi adapters might not connect to some networks after installing KB5032288," Redmond said in a new update to the Windows release health hub.
An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. "As a result, the FBI identified and collected 946 public/private key pairs for Tor sites that the Blackcat Ransomware Group used to host victim communication sites, leak sites, and affiliate panels like the ones described above."
This manipulation lets attackers remove or modify messages exchanged through the communication channel, which leads to downgrading the public key algorithms used for user authentication or disabling defenses against keystroke timing attacks in OpenSSH 9.5. "The Terrapin attack exploits weaknesses in the SSH transport layer protocol in combination with newer cryptographic algorithms and encryption modes introduced by OpenSSH over 10 years ago."
Australia is about to get a national online ID system - the Digital ID - which promises to improve the security and privacy of data online. The Digital ID is the cumulation of a five-year, AUD $200 million investment as an effort to alleviate security concerns over the amount of data Australians give to companies to prove who they are online.
As the year comes to a close, Mac users should take these steps to ensure their device's security, performance and organization. Here are the year-end steps you should take to ensure your Mac is ready for 2024.
The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use. Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ransomware-as-a-service variant in the world based on the hundreds of millions of dollars in ransoms paid by victims around the world.
The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked...