Security Leftovers
-
Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities
Apple has updated its security advisories to add new iOS and macOS vulnerabilities, including ones belonging to a new class of bugs.
-
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm
The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.
-
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
-
Phishing Page Branded with Your Corporate Website, (Tue, Feb 21st)
Here is another perfect example that shows how attackers abuse free services...
-
The Insecurity of Photo Cropping
The Intercept has a long article on the insecurity of photo cropping:
One of the hazards lies in the fact that, for some of the programs, downstream crop reversals are possible for viewers or readers of the document, not just the file's creators or editors. Official instruction manuals, help pages, and promotional materials may mention that cropping is reversible, but this documentation at times fails to note that these operations are reversible by any viewers of a given image or document.
-
HardBit Ransomware Offers to Set Ransom Based on Victim’s Cyberinsurance
HardBit ransomware operators want to work with victims to negotiate a ransom behind the back of cyberinsurance companies.
-
Sobeys admits to data breach in November 2022 | CTV News
Months after a suspected cyberattack shutdown pharmacy services for a number of days, the Maritime company that owns Sobeys is alerting customers and employees, past and present, about a data breach of personal information.
-
[Cr]ackers Scored Data Center Logins for Some of the World's Biggest Companies
In an episode that underscores the vulnerability of global computer networks, hackers got ahold of login credentials for data centers in Asia used by some of the world’s biggest businesses, a potential bonanza for spying or sabotage, according to a cybersecurity research firm.
-
St. Paul, Minnesota: KFI Engineers pays $300k ransom, Black Basta ransomware group thanks...
A negotiation that lasted a few days was enough for the group of cybercriminals Black Basta to pocket a ransom of $300k, the initial amount requested by the ransomware group was $600k.
The American company KFI Engineers, with its headquarters in St. Paul in the state of Minnesota, finally decided to come to terms with its extortionists; more money that enters the coffers of a group of cybercriminals, more money that will allow Black Basta to finance his group and his illegal actions.
-
HardBit ransomware gang adjusts their demands so the insurance company would cover the ransom cost
The HardBit ransomware group first appeared on the threat landscape in October 2022, but unlike other ransomware operations, it doesn’t use a double extortion model at this time.
The gang threatens victims of further attacks if their ransom demands are not met. Once infected the network of an organization, the HardBit ransomware group instructs victims to contact them by email or via the Tox instant messaging platform.