🚨 CISA KEV 1[−]
2 Feb KEVCVEMap: Open-Source Tool to Query, Browse and Search CVEsThe tool leverages various valuable sources, such as the CISA's Known Exploited Vulnerabilities Catalog, Exploit Prediction Scoring System (EPSS), HackerOne CVE Discovery, and others, to provide comprehensive insights into vulnerabilities.HELPNETSECURITY.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
2 FebIvanti discloses 2 New zero-days, one already under exploitationTwo new zero-day vulnerabilities have been discovered in Ivanti Connect Secure and Ivanti Policy Secure products that are assigned with CVE-2024-21888 and CVE-2024-21893. Additionally, one of the vulnerabilities (CVE-2024-21893) has been reported to be exploited by threat actors …GBHACKERS.COM
2 FebRunc vulnerability CVE-2024-21626 allowing container escape in all Docker and Kubernetes environmentssubmitted by jlh to cybersecurity 3 points | 0 comments https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/ Seems like a really serious vulnerability, any container attack or malicious image could take over a container host if …DOCKER.COM
2 FebUS government agencies ordered to take Ivanti VPN products offlineIn January, Ivanti alerted customers that hackers were exploiting two zero-day vulnerabilities in its Ivanti Connect Secure and Ivanti Policy Secure. This week the company revealed that two other vulnerabilities were discovered in the meantime, with one already being exploited in…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
2 FebDarkGate Malware Delivered via Microsoft TeamsThreat actors have been spotted exploiting Microsoft Teams’ external access feature—enabled by default—allowing users to add external members to Teams chats. An AT&T customer identified an unsolicited Teams chat from an external user, suspected to be a phishing lure. It is re…CYWARE.COM
2 FebMultiple Malware Used in Attacks Exploiting Ivanti VPn FlawsThe attackers exploit known vulnerabilities to execute arbitrary commands and have been observed using various malware, including a custom web shell and open-source tools for post-exploitation activities.SECURITYAFFAIRS.COM
2 FebState-of-the-Art Redis Malware Bypasses Security Solutions to Hack ServersDiscovering a clandestine and potent menace, Aqua Nautilus researchers have brought to light the HeadCrab, an advanced threat actor wielding bespoke malware targeting Redis servers globally. Redis, an open-source, in-memory data structure store, serves as the unsuspecting b…GBHACKERS.COM
2 FebFritzFrog Botnet is Exploiting Log4Shell Bug Now, Experts SayThe botnet's shift to targeting vulnerable Java applications in a campaign called "Frog4Shell" poses a significant risk to internal machines that may have been neglected and remained unpatched.THERECORD.MEDIA
2 FebFritzFrog Botnet Attacking Linux Servers to Steal SSH CredentialsThe FritzFrog botnet, originally identified in 2020, is an advanced peer-to-peer botnet built in Golang that can operate on both AMD and ARM-based devices. With constant updates, the malware has developed over time, adding and enhancing features. A new strain of the FritzFrog bot…GBHACKERS.COM
2 FebZero Trust Implementation: Plan, Then Execute, One Step at a TimeTo overcome roadblocks, organizations should prioritize sensitive data, enforce strict authentication and authorization, implement micro-segmentation, and ensure employee awareness of security best practices.HELPNETSECURITY.COM
2 FebINTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPsAn INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs. The law enforcement effort, codenamed Synergia, took place between September and November 2023 in…THEHACKERNEWS.COM
2 FebCloudflare Breach: Nation-State Hackers Access Source Code and Internal DocsCloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code. The intrusion, w…THEHACKERNEWS.COM
2 FebInterpol Arrests More Than 30 Cybercriminals in Global ‘Synergia’ OperationInternational law enforcement, with the help of 60 agencies and private companies, detained 31 suspected cybercriminals and identified 1,300 malicious servers used for phishing and malware distribution.THERECORD.MEDIA
2 FebJuniper Networks Releases Security Bulletin for Juniper Secure AnalyticsJuniper Networks released a security bulletin to address multiple vulnerabilities affecting Juniper Secure Analytics optional applications. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrat…CISA.GOV
2 FebInterpol operation Synergia takes down 1,300 servers used for cybercrimeAn international law enforcement operation code-named 'Synergia' has taken down over 1,300 command and control servers used in ransomware, phishing, and malware campaigns. [...]BLEEPINGCOMPUTER.COM
2 FebWikileaks Source And Former CIA Worker Joshua Schulte Sentenced To 40 Years JailPACKETSTORMSECURITY.COM
2 FebLurie Children's Hospital took systems offline after cyberattackLurie Children's Hospital in Chicago was forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances. [...]BLEEPINGCOMPUTER.COM
2 FebE-Coli, #Mercedes, #Cloudflare, #Ivanti, Volt Typhoon, GIGO, #AI, #Congress, Aaran Leyland, and moreE-Coli, #Mercedes, #Cloudflare, #Ivanti, Volt Typhoon, GIGO, #AI, #Congress, Aaran Leyland, and more are on this edition of the Security Weekly News. →Watch live here: https://securityweekly.com/live →Subscribe to our podcasts: https://securityweekly.com/subscribe →Join our commu…YOUTUBE.COM
2 FebState Privacy Laws Have Been Crippled by Big Tech, New Report SaysThe report, conducted by the Electronic Privacy Information Center and U.S. PIRG Education Fund, highlights the lack of strong enforcement provisions, transparency, and individual data rights in these laws.THERECORD.MEDIA
2 FebE-Coli, Mercedes, Cloudflare, Ivanti, VT, GIGO, AI, Congress, Aaran Leyland and more - SWN #359E-Coli, Mercedes, Cloudflare, Ivanti, Volt Typhoon, GIGO, AI, Congress, Aaran Leyland, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-359YOUTUBE.COM
2 FebFeds Face a Midnight Deadline for Resetting Ivanti GatewaysCISA Says Agencies Must Disconnect and Reset Ivanti VPN Devices by Midnight Friday U.S. federal agencies have until midnight Friday to disconnect Ivanti VPN devices and perform a factory reset before reconnecting them to the network. Fifteen agencies use the gateways, which were …DATABREACHTODAY.CO.UK
2 FebGoogle offers free access to fuzzing frameworkFuzzing can be a valuable tool for ferreting out zero-day vulnerabilities in software. In hopes of encouraging its use by developers and researchers, Google announced Wednesday it’s now offering free access to its fuzzing framework, OSS-Fuzz . According to Google, tangible securi…CSOONLINE.COM
2 FebAnyDesk says hackers breached its production servers, resets passwordsAnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. [...]BLEEPINGCOMPUTER.COM
2 FebFritzFrog Botnet Exploits Log4ShellBotnet Looks for Vulnerable Internal Network Machines Delivering more proof that the Log4Shell vulnerability is endemic, Akamai researchers detected botnet malware updated to use the flaw as an infection vector. Log4Shell burst into public awareness in late 2021 when security res…DATABREACHTODAY.CO.UK
2 FebThe Week in Ransomware - February 2nd 2024 - No honor among thievesAttacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. [...]BLEEPINGCOMPUTER.COM
2 FebAnyDesk says hackers breached its production servers, reset passwordsAnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. [...]BLEEPINGCOMPUTER.COM
2 Feb31 People Arrested in Global Cybercrime CrackdownLaw enforcement in 50 countries partner to take down ransomware, banking malware, and phishing threats. The post 31 People Arrested in Global Cybercrime Crackdown appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 5[−]
2 FebFTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breachEducation tech company Blackbaud agreed to settle with the U.S. Federal Trade Commission over the company’s security practices that resulted in a 2020 data breach. The FTC alleges that Blackbaud, a U.S.-based company that provides financial and administrative software to colleges…TECHCRUNCH.COM
2 FebWhite House Rejects Efforts to Undo SEC Cyber Disclosure RuleThe Biden administration opposes a congressional effort to undo the SEC's cybersecurity incident disclosure rule, citing the need for transparency to combat increasing cyberattacks.CYBERSECURITYDIVE.COM
2 FebMore Ransomware Victims Are Declining to Pay ExtortionistsWhile Average Falls Below 30%, We're Still Far From Seeing Criminal Profits Dry Up The number of victims who opt to pay a ransom appears to have declined to a record low. During the last three months of 2023, an average of 29% of organizations hit by ransomware paid a ransom - a …DATABREACHTODAY.CO.UK
2 FebUK Lawmakers Push Ahead With Revised Snoopers' CharterThe Investigatory Powers Bill Will Allow Police to Collect More Data Proposed legislation called the "snoopers' charter," which would allow British intelligence agencies to collect data on a large scale, cleared further parliamentary scrutiny this week despite mounting criticism …DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 21[−]
2 FebAlbania’s Institute of Statistics Suffers Cyberattack, Some Systems AffectedAlbania’s Institute of Statistics (INSTAT) suffered a cyberattack which affected some of its systems. The post Albania’s Institute of Statistics Suffers Cyberattack, Some Systems Affected appeared first on SecurityWeek .SECURITYWEEK.COM
2 FebUpdate: December Cyberattack on Chicago Community Hospital Claimed by LockBit GangSaint Anthony Hospital in Chicago experienced a cyberattack by the LockBit ransomware gang, with patient information being copied from the network. The gang demanded a $900,000 ransom, but the hospital refused to pay, prioritizing patient care.THERECORD.MEDIA
2 FebCloudflare Hacked Using Authentication Tokens Stolen in Okta AttackCloudflare's internal Atlassian server was breached by a suspected nation-state attacker in November 2023. The attacker gained access to Confluence, Jira, and Bitbucket systems, using stolen credentials from Okta's breach.BLEEPINGCOMPUTER.COM
2 FebFTC Blasts Blackbaud's 'Shoddy' Practices in Ransomware HackBlackbaud's lax security practices allowed a hacker to access and steal massive amounts of unencrypted consumer data, including personal, financial, and medical information, leading to regulatory actions from multiple government agencies.BANKINFOSECURITY.COM
2 FebRussian Spies Impersonating Western Researchers in Ongoing Hacking CampaignThe hackers, believed to be state-sponsored, have successfully compromised researchers by using sophisticated techniques to solicit feedback on academic articles and harvest credentials through fake Google Drive links.THERECORD.MEDIA
2 FebFBI and DOJ Disrupt Chinese Hacking OperationThe hacking group's activities included compromising vulnerable Cisco routers and using Netgear ProSafe firewalls as relay nodes for networks compromised by Chinese state hackers.BANKINFOSECURITY.COM
2 FebIndia-Linked Hackers Target Pakistan With Spyware in New CampaignThe campaign, attributed to the Patchwork APT group, targeted mostly Pakistani users through a honey-trap romance scam, with some apps reaching over 1,400 installs on Google Play and revealing 148 compromised devices in Pakistan and India.THERECORD.MEDIA
2 FebCybercriminals Replace Familiar Tactics to Exfiltrate Sensitive DataCybercriminals have shifted tactics, moving away from email-based attacks and targeting cloud and compromised applications to remain undetected longer and gain continuous access to systems and data.HELPNETSECURITY.COM
2 FebHow 2023 Broke Long-Running Records for Health Data BreachesThe healthcare sector experienced a record-breaking number of major data breaches in 2023, affecting over 135 million individuals, highlighting the urgent need for enhanced cybersecurity measures.BANKINFOSECURITY.COM
2 FebFTC slams Blackbaud for “shoddy security” after hacker stole data belonging to thousands of non-profits and millions of peopleData and software services firm Blackbaud's cybersecurity was criticised as "lax" and "shoddy" by the United States Federal Trade Commission (FTC) in a damning post-mortem of the business’s February 2020 data breach. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
2 FebUS Sanctions Iranian Cyber Heads for Attacks on Israeli TechSanctions Follow Iranian Cyberattacks Targeting US Critical Infrastructure Sectors The United States sanctioned senior leaders of the Iranian government cyber unit responsible for carrying out malicious cyber campaigns against American critical infrastructure sectors. The sanctio…DATABREACHTODAY.CO.UK
2 Feb2 Chicago Hospitals Are Facing Cyberattack WoesPediatric Hospital and Safety-Net Facility Are Dealing With Recent Incidents Two Chicago hospitals are navigating the effects of recent cyberattacks. One, a children's hospital, has taken its IT network offline to respond to an incident, and the other, a nonprofit safety-net hosp…DATABREACHTODAY.CO.UK
2 FebCyber Fail: When Ransomware Gangs Get CarelessAlso: Rampant App Vulnerabilities, Cloud Misconfiguration and Why CISOs Matter Welcome to "Cyber Fail," where our experts uncover fails so we can all strengthen our defenses. Today, we examine what happens when ransomware groups get careless, application developers' laissez-faire…DATABREACHTODAY.CO.UK
2 FebISMG Editors: Why Are Microsoft's Systems So Vulnerable?Also: AI in Cloud Security, Integrating Zero Trust Principles into API Deployment In the latest weekly update, ISMG editors discussed the potential role of AI in cloud security, how the recent cyberattack on Microsoft by Russian state hackers highlighted the vulnerabilities assoc…DATABREACHTODAY.CO.UK
2 FebUS Slaps Sanctions on ‘Dangerous’ Iranian Hackers Linked to Water Utility HacksThe US government slaps sanctions against six Iranian government officials linked to cyberattacks against Israeli PLC vendor Unitronics. The post US Slaps Sanctions on ‘Dangerous’ Iranian Hackers Linked to Water Utility Hacks appeared first on SecurityWeek .SECURITYWEEK.COM
2 FebClorox Says Cyberattack Costs Exceed $49 MillionCleaning products maker Clorox puts the impact of the damaging cyberattack at $49 million so far and expects to incur more costs in 2024. The post Clorox Says Cyberattack Costs Exceed $49 Million appeared first on SecurityWeek .SECURITYWEEK.COM
2 FebFTC Orders Blackbaud to Address Poor Security PracticesFTC and fundraising software company Blackbaud reach settlement over poor security practices that led to a major data breach. The post FTC Orders Blackbaud to Address Poor Security Practices appeared first on SecurityWeek .SECURITYWEEK.COM
2 FebBiden to Veto Attempt to Overturn SEC Cyber Incident Disclosure RulesPresident Biden would veto Republican lawmakers’ attempt to overturn the SEC’s recent cyber incident disclosure rules. The post Biden to Veto Attempt to Overturn SEC Cyber Incident Disclosure Rules appeared first on SecurityWeek .SECURITYWEEK.COM
2 FebCloudflare Hacked by Suspected State-Sponsored Threat ActorA nation-state threat actor accessed internal Cloudflare systems using credentials stolen during the Okta hack. The post Cloudflare Hacked by Suspected State-Sponsored Threat Actor appeared first on SecurityWeek .SECURITYWEEK.COM
🕵️ THREAT INTELLIGENCE 16[−]
2 FebISC Stormcast For Friday, February 2nd, 2024 https://isc.sans.edu/podcastdetail/8836, (Fri, Feb 2nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
2 FebA Self-Enforcing Protocol to Solve GerrymanderingIn 2009, I wrote : There are several ways two people can divide a piece of cake in half. One way is to find someone impartial to do it for them. This works, but it requires another person. Another way is for one person to divide the piece, and the other person to complain (to the…SCHNEIER.COM
2 FebNew Android Malware on Google Play Disguised as Messaging or News AppsTwelve malicious Android espionage applications have been discovered by researchers, with all of them executing a remote access trojan (RAT) code known as VajraSpy. Six of them were discovered to be available on Google Play Store, whereas the other six were discovered with VirusT…GBHACKERS.COM
2 FebMaturing Your Threat Modeling Skills with Adam Shostack and Tanya Jenka - 1 hoursubmitted by ashar to security_cpe 0 points | 0 comments Maturing Your Threat Modeling Skills with Adam Shostack and Tanya JenkaINFOSEC.PUB
2 FebDirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and CryptojackingThe Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency attributed the campaign to a threat actor it calls UAC-0027. DirtyMoe, active si…THEHACKERNEWS.COM
2 FebCloudzy Elevates Cybersecurity: Integrating Insights from Recorded Future to Revolutionize Cloud SecurityCloudzy, a prominent cloud infrastructure provider, proudly announces a significant enhancement in its cybersecurity landscape. This breakthrough has been achieved through a recent consultation with Recorded Future, a leader in providing real-time threat intelligence and cybersec…THEHACKERNEWS.COM
2 FebBsidesPhilly 2023 - 17 videossubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/521eb181-3280-4d7c-910d-c454ada0f032.png BsidesPhilly 2023 playlist BsidesPhilly 2023 - websiteINFOSEC.PUB
2 FebVendor Email Compromise Attacks Against Financial Services Surge 137% Last YearAnalysis of 2023 attacks shows how the financial services industry had a very bad year, with increases in both VEC and BEC attacks, targeting millions of dollars using very specific methods.KNOWBE4.COM
2 FebDetecting First-Party Fraud: Strategies and ChallengesCredit Union Lender Discusses Expanding Role of Credit Repair Companies in Fraud Detecting first-party fraud poses unique challenges. Data plays a critical role in spotting fraud by pointing out patterns such as high charge-off balances that hint at premeditated fraud, said Matt …DATABREACHTODAY.CO.UK
2 FebDavid KahnDavid Kahn has died . His groundbreaking book, The Codebreakers was the first serious book I read about codebreaking, and one of the primary reasons I entered this field. He will be missed.SCHNEIER.COM
2 FebFriday Squid Blogging: Illex Squid in Argentina WatersArgentina is reporting that there is a good population of illex squid in its waters ready for fishing, and is working to ensure that Chinese fishing boats don’t take it all. As usual, you can also use this squid post to talk about the security stories in the news that I hav…SCHNEIER.COM
2 FebLayoffs Hit Security Vendors Okta, Proofpoint, NetographyProminent security vendors Okta and Proofpoint announced layoffs affecting almost 1,000 employees in the United States and Israel. The post Layoffs Hit Security Vendors Okta, Proofpoint, Netography appeared first on SecurityWeek .SECURITYWEEK.COM
2 FebDraftKings Hacker Sentenced to 18 Months in PrisonJoseph Garrison has received an 18-month prison sentence for accessing 60,000 DraftKings user accounts using credential stuffing. The post DraftKings Hacker Sentenced to 18 Months in Prison appeared first on SecurityWeek .SECURITYWEEK.COM
2 FebNetherlands Fines Uber Over Data ProtectionDutch regulators impose a 10 million euro ($10.8 million) fine on ride-hailing app Uber for lack of transparency in treating the personal data of its drivers. The post Netherlands Fines Uber Over Data Protection appeared first on SecurityWeek .SECURITYWEEK.COM
2 FebEx-CIA Computer Engineer Gets 40 Years in Prison for Giving Spy Agency Hacking Secrets to WikiLeaksFormer CIA software engineer sentenced to 40 years in prison for biggest theft of classified information in CIA history and for possession of child sexual abuse images and videos. The post Ex-CIA Computer Engineer Gets 40 Years in Prison for Giving Spy Agency Hacking Secrets to W…SECURITYWEEK.COM
2 FebRussian APT28 Hackers Targeting High-Value Orgs with NTLM Relay AttacksRussian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called APT28, have set their eyes …THEHACKERNEWS.COM
🌐 CYBER THREAT LANDSCAPE 6[−]
2 FebPurpleFox Malware Infects Thousands of Computers in UkrainePurpleFox is a modular Windows botnet malware with rootkit capabilities, allowing it to hide and persist on infected devices, and it can be used for activities like introducing more potent payloads and launching DDoS attacks.BLEEPINGCOMPUTER.COM
2 FebExposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking CampaignThe attackers use evasion techniques such as using memory-backed temporary file stores and Base64-encoded scripts to make forensics harder and eliminate competing miner processes on infected machines.THEHACKERNEWS.COM
2 FebPayment Fraud is Hitting Organizations Harder Than Ever BeforeAccording to Trustpair, 96% of US companies experienced at least one fraud attempt in the past year, with 83% seeing an increase in cyber fraud. Fraudsters used various tactics such as text messages, fake websites, and CEO/CFO impersonations.HELPNETSECURITY.COM
2 FebCyber Security Today, Week in Review for Feb. 2, 2024This episode features discussion on hacks at 23andMe, Microsoft, the Canadian government, and on the FBI's warning on the cyber threat from ChinaCYBERSECURITYTODAY.LIBSYN.COM
2 FebStalkerware apps PhoneSpector and Highster appear to shut downThe makers of two phone surveillance services appear to have shuttered after the owner agreed to settle state accusations of illegally promoting spyware that his companies developed. PhoneSpector and Highster were consumer-grade phone monitoring apps that facilitated the covert s…TECHCRUNCH.COM
2 FebGrandoreiro banking malware disrupted – Week in security with Tony AnscombeThe banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windowsWELIVESECURITY.COM
🎙️ PODCASTS 1[−]
2 FebCyber Security Today, Feb. 2, 2024 - AI fakes are making trouble for facial recognition logins, and moreThis episode reports on US government action on vulnerable Ivanti gateways and moreCYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 17[−]
2 FebWhite House Seeks Ideas on Boosting AI PrivacyThe Office of Management and Budget is soliciting feedback on how federal agencies should identify and mitigate privacy risks related to AI and commercially available information.BANKINFOSECURITY.COM
2 FebUS Announces Another Arrest in BTC-e Cybercrime CaseThe U.S. Department of Justice has announced that Aliaksandr Klimenka, a Belarusian and Cypriot national allegedly linked to the cryptocurrency exchange BTC-e, is in U.S. custody and faces charges related to money laundering.THERECORD.MEDIA
2 FebCryptocurrency scams metastasize into new forms“DeFi mining” scams adopted by pig-butchering rings create more problems for those trying to defend against them.SOPHOS.COM
2 FebCrime Bosses Behind Myanmar Cyber ‘Fraud Dens’ Handed Over to Chinese GovernmentThe crime families in the Kokang region of Myanmar have been running large-scale cyber fraud and illicit enterprises, including casinos, and have been involved in human trafficking and money laundering.THERECORD.MEDIA
2 FebApateWeb: Large-Scale Campaign Delivers Scareware and PUPsResearchers at Unit 42 have identified a large-scale campaign named ApateWeb that employs over 130,000 domains to distribute scareware, PUPs, and other scam pages. The campaign involves adware programs, a rogue browser, and various browser extensions. User awareness and the use o…CYWARE.COM
2 FebFormer CIA Engineer Sentenced to 40 Years for Leaking Classified DocumentsA former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New York (SDNY) for transmitting classified documents to WikiLeaks and for possessing child pornographic material. Joshua Adam Schulte, …THEHACKERNEWS.COM
2 FebFlorida Teen Faces Federal Charges in $800,000 Crypto TheftA 19-year-old Florida teenager, Noah Michael Urban, has been charged with 14 criminal counts, including wire fraud and aggravated identity theft, for his involvement in a cryptocurrency theft scam using SIM swapping.BANKINFOSECURITY.COM
2 FebBTC-e server admin indicted for laundering ransom payments, stolen cryptoAliaksandr Klimenka, a Belarusian and Cypriot national, has been indicted in the U.S. for his involvement in an international cybercrime money laundering operation. [...]BLEEPINGCOMPUTER.COM
2 FebChina is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warnsChina-sponsored attacks likened to "placing bombs in water treatment facilities, and power plants". Is it just me, or does this sound like the plot of a Mission Impossible movie?GRAHAMCLULEY.COM
2 FebUS Senate Panel Hears Plea for Action on Bank Spoofing ScamsA top U.S. banking lobbyist told a Senate panel Thursday there are limits to what financial institutions can do to stop scammers from draining individual banking accounts and called on regulators like the FCC to do more to combat caller ID spoofing.BANKINFOSECURITY.COM
2 FebMan Sentenced to Six Years in Prison for Stealing Millions in Cryptocurrency via SIM SwappingA 22-year-old man from the US, Daniel James Junk, has been sentenced to 72 months in federal prison for his involvement in a fraudulent scheme that led to the theft of millions of dollars through SIM swapping.SECURITYAFFAIRS.COM
2 FebCyber security at home and in the office: Secure your devices, computers, and networks (ITSAP.00.007)CYBER.GC.CA
2 FebUber Fined Nearly $11 Million by Dutch Data RegulatorThe regulatory fine resulted from complaints by French Uber drivers and a Paris-based civil society organization, highlighting the significance of user rights and privacy concerns.BANKINFOSECURITY.COM