Ransomware gang Cl0p has exploited a vulnerability in file transfer software MOVEit to compromise companies around the world. Security researcher Kevin Beaumont estimates “there are over one hundred” organizations affected by the attack, with British Airways, the BBC and Boots already confirmed as victims. Cl0p posted a message to companies who use MOVEit on their …
Valéry Marchive, a cybersecurity journalist, has published chat logs of negotiations between ransomware gangs and their victims. The goal, he explained in a Twitter thread, is to provide a resource for ransomware victims and researchers, since “What happens during #ransomware negotiations is rarely widely shared.” Background to the chats The chats take place after companies …
Did you know anyone can now register a domain name that ends in .zip or .mov? That’s thanks to Google, who opened up registrations for these domain extensions earlier this month. This has riled up many in the security community, who warn that .zip and .mov domains can be used maliciously. The potential for scams …
The Bl00dy Ransomware Gang is exploiting a vulnerability in print management software PaperCut to target schools, according to an advisory by CISA. While PaperCut fixed this vulnerability in March, not all organizations applied the patch immediately. CISA recommends these organizations consider themselves compromised and look for malicious activity. The Bl00dy Ransomware Gang The Bl00dy Ransomware …
Sophisticated phishing attacks that clone legitimate webpages and bypass two-factor authentication (2FA) are on the rise. Email security firm Cofense reported a 35% increase in phishing emails for these types of attacks compared to last year. How the phishing attacks work The links in these phishing emails direct victims to fraudulent sites that act as …
Twitter is failing to stop an account run by a ransomware gang from using its platform to distribute stolen information. Safe Not Scammed is not naming the gang or providing its account handle to avoid giving the criminals additional publicity. The ransomware account has posted links to stolen files it claims are from Socrates Academy …
YouTube videos claiming to help viewers download premium software for free are instead tricking them into downloading malware. An internet researcher going by the handle idclickthat raised the alarm about two such malware campaigns on Twitter earlier this week. Lumma info stealer campaign The first campaign targeted popular software, including Adobe Animate, AutoCAD by Autodesk …
T-Mobile needs to reset its “days since a data breach” counter back to 0, as Bleeping Computer reports the beleaguered wireless carrier has suffered its second data breach of 2023. What happened? According to information submitted to the Office of the Maine Attorney General, T-Mobile was breached by hackers between February 24th and March 30th, …
Earlier this week, Keystone Smiles, a daycare and community learning center based in Knox, Pennsylvania, became a victim of the LockBit ransomware group. Ransomware works by stealing data from a victim’s computer and then encrypting the original files so that the victim cannot access them. Ransomware operators inform the victim they must pay a hefty …
Earlier this week, Google announced their authenticator was finally getting a much-wanted feature: cloud backups. Yesterday, however, a duo of security researchers called Mysk warned users not to enable it since the backups are not end-to-end encrypted. Mysk explained “there is no option to add a passphrase” to secure the backup data so it is …
Google Authenticator is perhaps the best known authenticator, a type of app that generates 2FA codes. But it lacked a crucial feature that many of its competitors, like Authy, have had for a long time: cloud backups. The latest update to Google Authenticator, announced in a blog post by Google’s Christiaan Brand, changes that. In …
