Security News

A US court has rejected spyware vendor NSO Group's motion to dismiss a lawsuit filed by Apple that alleges the developer violated computer fraud and other laws by infecting customers' iDevices with its surveillance software. Apple sued NSO, developer of the notorious Pegasus spyware, back in November 2021 and asked the court to permanently ban NSO from using any Apple software, services, or devices.

The Australian, US, and UK governments have announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. Medibank is a large health insurance provider in Australia that suffered a ransomware attack in October 2022, causing operational and business disruption.

Two US government agencies, the Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation, warned on Wednesday that drones made in China could be used to gather information on critical infrastructure. How Wi-Fi spy drones snooped on financial firm FCC suggests licensing 5GHz spectrum to drone operators Wing, Alphabet's drone delivery unit, designs bigger bird to deliver pasta, faster US lawmakers have Chinese LiDAR on their threat-detection radar.

The United States government has recommended that Conor Brian Fitzpatrick, the creator and lead administrator of the now-defunct BreachForums hacking forums, receive a sentence of 15 years in prison. "The defendant's administration of BreachForums played an instrumental role in bringing together more than 300,000 members to solicit, distribute, and access thousands of breached databases containing the stolen data of hundreds of companies, organizations, and governmental organizations of varying size and the PII of millions of U.S. persons," reads the sentencing proposal.

In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails. The now-executed seizure warrant was submitted by Special Agent Jollif of the United States Secret Service to recover funds stolen in a fake Norton subscription renewal email that led to the threat actor gaining access to a victim's PC and bank account.

Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stop The least surprising headline from 2023 is that ransomware again set new...

The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. "Today the SEC grants approval to Bitcoin ETFs for listing on registered national security exchanges," read the fake X post.

A US Naval sailor will face more than two years behind bars after pleading guilty to taking bribes from Chinese spies in exchange for sensitive military information. Larissa L Knapp, executive assistant director of the FBI's national security branch, said China's efforts to undermine the national security of the US and its allies have been "Aggressive" and at times illegal.

Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption. LoanDepot is a major nonbank mortgage lender in the United States, with over $140 billion in serviced loans and roughly 6,000 employees.

A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains. Microsoft security researcher Igal Lytzki spotted the attacks delivered over hijacked email threads last summer but couldn't retrieve the final payload. In September, AT&T's Alien Labs team of researchers noticed "a spike in phishing emails, targeting specific individuals in certain companies" and started to investigate.