Security News

An international law enforcement operation has seized the website and domains for WT1SHOP, a criminal marketplace that sold stolen credit cards, I.D. cards, and millions of login credentials. WT1SHOP was one of the largest criminal marketplaces of PII data commonly used by threat actors to buy credentials for account takeovers, credit cards used for online purchases, and government I.D. cards for identity theft.

Cybercriminals hit the Los Angeles Unified School District over the holiday weekend with a ransomware attack that temporarily shut down email, computer systems, and applications. Federal agencies including the FBI and CISA are working on-site to assist the US's second-largest public school district in its response.

Google and its YouTube subsidiary have joined other social media networks pledging to keep the 2022 US midterm elections safe and free from Russian trolls - and anyone else spewing democracy-damaging disinformation - by taking down such content. The election strategies follow Google's move to ban MAGA message-board Truth Social from its Play store until the app removes content that incites violence.

US mobile carriers know a lot about where their customers are located, and according to letters sent to the Federal Communications Commission, they routinely store such data for years, willingly hand it over to law enforcement if served a proper subpoena, and say users can't opt out. News that cellular carriers are storing sensitive location data isn't surprising given previous actions taken against AT&T, Verizon, T-Mobile US and Sprint by the FCC in 2020 for selling location data to third parties.

To find out how current CISOs landed in that role, their aspirations, the compensation they receive, and which risks they face and responsibilities they shoulder, analysts with international executive search firm Heidrick & Struggles have asked 327 CISOs to participate in their 2022 Global CISO Survey. Who reports to CISOs and to whom do the CISOs report?

The U.S. Federal Trade Commission announced today that it filed a lawsuit against Idaho-based data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices. The company provides access to consumers' location data through a data feed its clients can access via online data marketplaces after paying for a $25,000 subscription.

TikTok has joined Twitter in publishing new US midterm misinformation rules, with considerable crossover in scope and style. Eric Han, TikTok's head of US safety, shared in a blog post that the social video platform is taking a variety of steps to provide access to authoritative information and counter election misinformation.

Conti is the name of a well-known ransomware gang - more precisely, what's known as a ransomware-as-a-service gang, where the ransomware code, and the blackmail demands, and the receipt of extortion payments from desperate victims are handled by a core group. About two years ago, the REvil ransomware gang put up a cool $1,000,000 as front money in an underground hacker-recruiting forum, trying to entice new affiliates to join their cybercriminal capers.

The US government is putting a face on a claimed member of the infamous Conti ransomware group as part of a $10 million reward for information about five of the gang's crew. "The reward notice included the aliases of the alleged attackers -"Tramp," "Dandis," "Professor,"Reshaev," and "Target" - and came with a photo of a man and a message underneath it that said, "Is this the Conti associate known as 'Target'?".

The U.S. State Department announced a $10 million reward today for information on five high-ranking Conti ransomware members, including showing the face of one of the members for the first time. Today, for the first time, the State Department revealed the face of a known Conti ransomware operator known as 'Target,' offering rewards of up to $10 million for information on him and four other members known as 'Tramp,' 'Dandis,' 'Professor,' and 'Reshaev.