Security News

The investigation relies on information mainly gathered by the US central bank regarding an internal probe of 13 persons of interest known as the P-network. Those individuals were allegedly part of a network engaged in a "Sustained malign influence and information theft campaign" targeting the Federal Reserve.

The U.S. State Department has increased rewards paid to anyone providing information on any North Korean-sponsored threat groups' members to $10 million. These increased bounties add to rewards of up to $5 million announced by the State Department in March for info on DPRK-backed threat actors targeting crypto exchanges and financial institutions worldwide to support the North Korean regime's illicit activities.

T-Mobile US has agreed to pay about $550 million to end legal action against it and improve its security after crooks infiltrated the self-described Un-carrier last summer and harvested personal data belonging to almost 77 million customers. The cellular network operator agreed to pay $350 million plus legal fees to settle a class-action lawsuit brought by customers whose data was compromised in an August 2021 privacy breach, according to documents filed with the US Securities and Exchange Commission on Friday.

US Cyber Command has disclosed 20 new strains of malware among the numerous software nasties and cyberattacks being used against Ukrainian targets over the last few months. In an alert this week, the Pentagon's cyberspace wing made public indicators of compromise associated with various malware strains that were found in Ukrainian networks by the country's security service.

A man suspected of providing the IT infrastructure behind the Gozi banking trojan has been extradited to the US to face a string of computer fraud charges. According to court documents [PDF], Paunescu allegedly ran a "Bulletproof hosting" service using computers in Romania, America, and other locations to help cybercriminals distribute Gozi and other malware including the Zeus Trojan and SpyEye Trojan.

That's certainly the case for a troika of cybercriminals alleged to have been behind the infamous Gozi "Banking Trojan" malware, which first appeared in the late 2000s. Kuzmin, as we explained at the time, was effectively the COO of the group, hiring coders to create malware for the gang, and managing a bunch of cybercrime affiliates to deploy the malware and fleece victims - an operating model known as crimeware-as-a-service that is now used almost universally by ransomware gangs.

Unless you had read the manual really carefully, and taken additional precautions yourself by adding a layer of your own security on top of Log4j, your software could come unstuck. INPUT OUTCOME ----------------- ---------------------- CURRENT=$ /$ -> CURRENT=Java version 17.0.1/Windows 10 10.0 Server account is: $ -> Server account is: root $ -> SECRETDATAINTENDEDTOBEINMEMORYONLY. Clearly, if you're accepting logging text from a trusted source, where it's reasonable to allow the loggee to control the logger by telling it to substitute plain text with chosen internal data, this sort of text rewriting is useful.

The US Federal Communications Commission notified Congress on Friday that the cost to rip and replace equipment kit from Huawei and ZTE installed at US telcos is more than $3 billion higher than funding allocated for the program. FCC chair Jessica Rosenworcel wrote to explain the situation, which arose from the USA's desire to remove Chinese comms kit at local carriers in the name of national security.

The short notice given by the exchange via a private email left some customers suspecting if this was an "Exit scam" or caused by another mysterious incident. Crypto platform shut down: 5 days left to take out funds.

US security technology provider L3Harris has courted controversial Israeli spyware firm NSO with an aim to buy it, according to reports. The New York Times claims L3Harris in recent months sent a team to Israel to try to smooth passage of the deal, which was made challenging by US president Joe Biden's decision to blacklist NSO following the use of its Pegasus software to crack phones of politicians and campaigners.