Author: nlqip

The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. FBI Cyber Division Assistant Director Bryan Vorndran announced this on Wednesday at the 2024 Boston Conference on Cyber Security. “From our ongoing…

Read More

Google shared details on a recently introduced Chrome feature that changes how cookies are requested, with early tests showing increased performance across all platforms. In the past, single-process browsers managed cookies easily because the data was kept in memory. However, modern browsers like Chrome use multiple processes to improve performance and security. Chrome runs a new…

Read More

“The threat actors leveraged many novel evasion techniques, such as overwriting ntdll.dll in memory to unhook the Sophos AV agent process from the kernel, abusing AV software for sideloading, and using various techniques to test the most efficient and evasive methods of executing their payloads,” the researchers said. The attackers used several malware payloads that…

Read More

Threat actors claim to be selling 3TB of data from Advance Auto Parts, a leading automotive aftermarket parts provider, stolen after breaching the company’s Snowflake account. Advance operates 4,777 stores and 320 Worldpac branches and serves 1,152 independently owned Carquest stores in the United States, Canada, Puerto Rico, the U.S. Virgin Islands, Mexico, and various…

Read More

An advisory from Rockwell Automation reiterates the importance of disconnecting operational technology devices with public-facing internet access and patching and mitigating systems vulnerable to several flaws. Background On May 21, Rockwell Automation published an advisory (SD1672) to provide guidance to customers on best practices to protect operational technology (OT) devices. Details For over a decade,…

Read More

In 2024, the CSO30 Australia will be judged based on the core pillars of business value and leadership. Judges will assess cybersecurity innovations introduced over the past two years that have improved an organisation’s security and operations, as well as how a cybersecurity leader has demonstrated leadership both within the organisation and across the wider…

Read More

Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests’ personal information and the keys for other rooms. These terminals allow people to book and check into the hotel themselves, handle the payment process via a POS subsystem, print invoices, and provision RFID…

Read More

Club Penguin fans hacked a Disney Confluence server to steal information about their favorite game but wound up walking away with 2.5 GB of internal corporate data, BleepingComputer has learned. Club Penguin was a multiplayer online game (MMO) from 2005 to 2018, featuring a virtual world where players could engage in games, activities, and chat…

Read More

Chinese state-sponsored actors have been targeting a government agency since at least March 2023 in a cyberespionage campaign that researchers track as Crimson Palace. According to a report from cybersecurity company Sophos, the campaign relied on new malware variants and three different activity clusters that indicate a coordinated attack. While initial access could not be determined,…

Read More

‘In just 12 months AI has taken a leap and, naturally, there’s an expectation that we’d all go from novices to experts in that short time. But unfortunately, that’s not the case; it’s not realistic,’ says Jason Magee, ConnectWise CEO. When it comes to the latest attack vectors, ConnectWise is focusing on how AI and…

Read More