Technology

DarkSide Ransomware Gang Extorted $90 Million from Several Victims in 9 Months

DarkSide, the hacker group behind the Colonial Pipeline ransomware attack earlier this month, received $90 million in bitcoin payments following a nine-month ransomware spree, making it one of the most profitable cybercrime groups. “In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets,” blockchain analytics firm Elliptic said. “

DarkSide Ransomware Gang Extorted $90 Million from Several Victims in 9 Months Read More »

A Simple 1-Click Compromised Password Reset Feature Coming to Chrome Browser

Google on Tuesday announced a new feature to its password manager that could be used to change a stolen password automatically with a single tap. Automated password changes build on the tool’s ability to check the safety of saved passwords. Thus when Chrome finds a password that may have been compromised as part of a data breach, it will

A Simple 1-Click Compromised Password Reset Feature Coming to Chrome Browser Read More »

Free “vCISO Clinic” offers Resource-Constrained InfoSec Leaders a Helping Hand

Leaders in the InfoSec field face a strange dilemma. On the one hand, there are hundreds of thousands of resources available to find online to read (or watch) if they have questions – that’s a benefit of a digital-first field. On the other hand, most leaders face challenges that – while not entirely unique each

Free “vCISO Clinic” offers Resource-Constrained InfoSec Leaders a Helping Hand Read More »

How Apple Gave Chinese Government Access to iCloud Data and Censored Apps

In July 2018, when Guizhou-Cloud Big Data (GCBD) agreed to a deal with state-owned telco China Telecom to move iCloud data belonging to Apple’s China-based users to the latter’s servers, the shift raised concerns that it could make user data vulnerable to state surveillance. Now, according to a deep-dive report from The New York Times, Apple’s privacy and security

How Apple Gave Chinese Government Access to iCloud Data and Censored Apps Read More »

70 European and South American Banks Under Attack By Bizarro Banking Malware

A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries. Dubbed “Bizarro” by Kaspersky researchers, the Windows malware is “using affiliates or recruiting money mules to operationalize their attacks, cashing out or simply to helping [sic]

70 European and South American Banks Under Attack By Bizarro Banking Malware Read More »

Experts Reveal Over 150 Ways to Steal Control of 58 Android Stalkerware Apps

A total of 158 privacy and security issues have been identified in 58 Android stalkware apps from various vendors that could enable a malicious actor to take control of a victim’s device, hijack a stalker’s account, intercept data, achieve remote code execution, and even frame the victim by uploading fabricated evidence. The new findings, which

Experts Reveal Over 150 Ways to Steal Control of 58 Android Stalkerware Apps Read More »

Apple’s Find My Network Can be Abused to Exfiltrate Data From Nearby Devices

Latest research has demonstrated a new exploit that enables arbitrary data to be uploaded from devices that are not connected to the Internet by simply sending “Find My Bluetooth” broadcasts to nearby Apple devices. “It’s possible to upload arbitrary data from non-internet-connected devices by sending Find My [Bluetooth Low Energy] broadcasts to nearby Apple devices

Apple’s Find My Network Can be Abused to Exfiltrate Data From Nearby Devices Read More »

Why Password Hygiene Needs a Reboot

In today’s digital world, password security is more important than ever. While biometrics, one-time passwords (OTP), and other emerging forms of authentication are often touted as replacements to the traditional password, today, this concept is more marketing hype than anything else. But just because passwords aren’t going anywhere anytime soon doesn’t mean that organizations don’t need to

Why Password Hygiene Needs a Reboot Read More »

U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized

Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark web sites operated by the gang, including its DarkSide Leaks blog, ransom

U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized Read More »

Experts Warn About Ongoing AutoHotkey-Based Malware Attacks

Cybersecurity researchers have uncovered an ongoing malware campaign that heavily relies on AutoHotkey (AHK) scripting language to deliver multiple remote access trojans (RAT) such as Revenge RAT, LimeRAT, AsyncRAT, Houdini, and Vjw0rm on target Windows systems. At least four different versions of the campaign have been spotted starting February 2021, according to researchers from Morphisec

Experts Warn About Ongoing AutoHotkey-Based Malware Attacks Read More »