Cybercrime

Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility

But can you really take crims at their word?

Security16 Dec 2024 | 1

Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat'

Personal and financial data probably stolen

Cyber-crime16 Dec 2024 | 2

Are your Prometheus servers and exporters secure? Probably not

Infosec in brief Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more

Security15 Dec 2024 | 1

Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks

IOCONTROL targets IoT and OT devices from a ton of makers, apparently

Research13 Dec 2024 | 15

Android beefs up Bluetooth tag stalker protections

Wider ecosystem still has work to do, though

Personal Tech13 Dec 2024 | 24

North Korea's fake IT worker scam hauled in at least $88M over six years

DoJ thinks it's found the folks that ran it, and some of the 'IT warriors' sent out to fleece employers

Cyber-crime13 Dec 2024 | 3

Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push

Holiday cheer comes in the form of three arrests and 27 shuttered domains

Cyber-crime12 Dec 2024 | 5

US names Chinese national it alleges was behind 2020 attack on Sophos firewalls

Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware

Cyber-crime11 Dec 2024 | 4

Fully patched Cleo products under renewed 'zero-day-ish' mass attack

Thousands of servers targeted while customers wait for patches

Research10 Dec 2024 |

Heart surgery device maker's security bypassed, data encrypted and stolen

Sounds like th-aorta get this sorted quickly

Cyber-crime10 Dec 2024 | 20

Bitfinex heist gets the Netflix treatment after 'cringey couple' sentenced

Streamer's trademark dramatic style takes on Bitcoin Bonnie and Clyde

Cyber-crime10 Dec 2024 | 6

China's Salt Typhoon recorded top American officials' calls, says White House

No word yet on who was snooped on. Any bets?

CSO09 Dec 2024 | 24

Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket

Exclusive ShinyHunters-linked heist thought to have been ongoing since March

Research09 Dec 2024 | 9

How Chinese insiders are stealing data scooped up by President Xi's national surveillance system

Feature 'It's a double-edged sword,' security researchers tell The Reg

Public Sector08 Dec 2024 | 52

Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday'

Redmond threat intel maven talks explains this persistent pain to The Reg

Security06 Dec 2024 | 16

British hospitals hit by cyberattacks still battling to get systems back online

Updated Children's hospital and cardiac unit say criminals broke in via shared 'digital gateway service'

Cyber-crime05 Dec 2024 | 21

BT Group confirms attackers tried to break into Conferencing division

Sensitive data allegedly stolen from US subsidiary following Black Basta post

Cyber-crime05 Dec 2024 | 8

Cops arrest suspected admin of German-language crime bazaar

Drugs, botnets, forged docs, and more generated fortune for platform sellers

Cyber-crime04 Dec 2024 | 24

Major energy contractor reports 'limited' access to IT after ransomware locks files

ENGlobal customers include the Pentagon as well as major oil and gas producers

Security03 Dec 2024 | 11

Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online

Yet another result of the MOVEit mess

Cyber-crime03 Dec 2024 | 3

Russia arrests one of its own – a cybercrime suspect on FBI's most wanted list

The latest in an unusual change of fortune for group once protected by the Kremlin

Cyber-crime02 Dec 2024 | 58

Interpol nabs thousands, seizes millions in global cybercrime-busting op

Infosec in brief Also, script kiddies still a threat, Tornado Cash is back, UK firms lose billions to avoidable attacks, and more

Security01 Dec 2024 | 8

RansomHub claims to net data hat-trick against Bologna FC

Crooks say they have stolen sensitive files on managers and players

Cyber-crime30 Nov 2024 | 2

Ransom gang claims attack on NHS Alder Hey Children's Hospital

Second alleged intrusion on English NHS org systems this week

Cyber-crime29 Nov 2024 | 21

The only thing worse than being fired is scammers fooling you into thinking you're fired

Scumbags play on victims' worst fears in phishing campaign referencing UK Employment Tribunal

Cyber-crime28 Nov 2024 | 50

Salt Typhoon's surge extends far beyond US telcos

Plus, a brand-new backdoor, GhostSpider, is linked to the cyber spy crew's operations

Security27 Nov 2024 | 7

T-Mobile US takes a victory lap after stopping cyberattacks: 'Other providers may be seeing different outcomes'

Funny what putting more effort and resources into IT security can do

CSO27 Nov 2024 | 9

Man accused of hilariously bad opsec as alleged cybercrime spree detailed

Complaint claims he trespassed, gave himself discounts, and sorted CCTV access…

Cyber-crime26 Nov 2024 | 24

1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole

Updated PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more

CSO22 Nov 2024 | 22

SafePay ransomware gang claims Microlise attack that disrupted prison van tracking

Fledgling band of crooks says it stole 1.2 TB of data

Cyber-crime22 Nov 2024 | 3

Mega US healthcare payments network restores system 9 months after ransomware attack

Change Healthcare’s $2 billion recovery is still a work in progress

Cyber-crime20 Nov 2024 | 5

Healthcare org Equinox notifies 21K patients and staff of data theft

Ransomware scum LockBit claims it did the dirty deed

Cyber-crime20 Nov 2024 | 1

China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

No word on when or if the issue will be fixed

Security19 Nov 2024 | 2

Palo Alto Networks tackles firewall-busting zero-days with critical patches

Amazing that these two bugs got into a production appliance, say researchers

Patches19 Nov 2024 | 4

Crook breaks into AI biz, points $250K wire payment at their own account

Fastidious attacker then tidied up email trail behind them

Cyber-crime19 Nov 2024 | 12

Ford 'actively investigating' after employee data allegedly parked on leak site

Updated Plus: Maxar Space Systems confirms employee info stolen in digital intrusion

Security18 Nov 2024 | 3

Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

If you didn't fix this a month ago, your to-do list probably needs a reshuffle

Virtualization18 Nov 2024 | 4

T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears

updated Un-carrier said to be among those hit by Salt Typhoon, including AT&T, Verizon

Networks18 Nov 2024 | 2

Pirate programmer walks the plank for role in massive TV streaming operation

US considers the cases concerning Jetflicks to be the largest of their kind

Personal Tech18 Nov 2024 | 37

Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit

Yank access to management interface, stat

CSO15 Nov 2024 | 28

Keyboard robbers steal 171K customers' data from AnnieMac mortgage house

Names and social security numbers of folks looking for the biggest loan of their lives exposed

Cyber-crime15 Nov 2024 | 6

Bitfinex burglar bags 5 years behind bars for Bitcoin heist

A nervous wait for rapper wife who also faces a stint in the clink

Cyber-crime15 Nov 2024 | 4

Cybercriminal devoid of boundaries gets 10-year prison sentence

Serial extortionist of medical facilities stooped to cavernous lows in search of small payouts

Cyber-crime14 Nov 2024 | 6

Kids' shoemaker Start-Rite trips over security again, spilling customer card info

Updated Full details exposed, putting shoppers at serious risk of fraud

Cyber-crime14 Nov 2024 | 14

Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'

Updated Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds

Research14 Nov 2024 | 5

Data broker amasses 100M+ records on people – then someone snatches, sells it

We call this lead degeneration

Cyber-crime13 Nov 2024 | 18

Ransomware fiends boast they've stolen 1.4TB from US pharmacy network

American Associated Pharmacies yet to officially confirm infection

Cyber-crime13 Nov 2024 | 1

China's Volt Typhoon crew and its botnet surge back with a vengeance

Ohm, for flux sake

Public Sector13 Nov 2024 | 4

Here's what we know about the suspected Snowflake data extortionists

A Canadian and an American living in Turkey 'walk into' cloud storage environments…

Cyber-crime12 Nov 2024 | 5

FBI issues warning as crooks ramp up emergency data request scams

Just because it's .gov doesn't mean that email is trustworthy

Cyber-crime11 Nov 2024 | 12

Dark web crypto laundering kingpin sentenced to 12.5 years in prison

Prosecutors hand Russo-Swede a half-billion bill

Cyber-crime11 Nov 2024 | 24

Winos4.0 abuses gaming apps to infect, control Windows machines

'Multiple' malware samples likely targeting education orgs

Security08 Nov 2024 | 6

Don't open that 'copyright infringement' email attachment – it's an infostealer

Curiosity gives crims access to wallets and passwords

Research07 Nov 2024 | 21

Cybercrooks are targeting Bengal cat lovers in Australia for some reason

In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos

Research06 Nov 2024 | 15

Operation Synergia II sees Interpol swoop on global cyber crims

22,000 IP addresses taken down, 59 servers seized, 41 arrests in 95 countries

Cyber-crime06 Nov 2024 | 3

Cyberattackers stole Microlise staff data following DHL, Serco disruption

Experts say incident has 'all the hallmarks of ransomware'

Cyber-crime06 Nov 2024 | 5