Amazon helps the US Department of Justice thwart international cybercriminal group Anonymous Sudan
Two individuals behind the Anonymous Sudan cybercriminal group were indicted by the U.S. Department of Justice, which acknowledged AWS for its contributions.
The United States Department of Justice (DOJ) recently announced the takedown of Anonymous Sudan, a prolific entity in the distributed denial-of-service (DDoS) space who are known especially for their politically motivated hacktivism. This takedown is a huge step toward making the internet a safer place, and it required significant effort from multiple parties, including Akamai.
Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World
A federal grand jury indictment unsealed today charges two Sudanese nationals with operating and controlling Anonymous Sudan, an online cybercriminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies in the United States and around the world.
Fake recruiter coding tests target devs with malicious Python packages
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.
Jetpack fixes critical information disclosure flaw existing since 2016
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.
British intelligence services to protect all UK schools from ransomware attacks
GCHQ's National Cyber Security Centre (NCSC) is rolling out a free service that will help protect schools from connecting to malicious internet domains.
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wild. This must be the first time real-world attackers have reversed a patch, and reproduced a vulnerability, before some dastardly researchers released a detection artefact generator tool of their own. /s At watchTowr's core, we're all about identifying and validating ways into organisations - sometimes through vulnerabilities in network border appliances - without requiring such luxuries as credentials or asset lists.
MITRE’s AI Incident Sharing initiative helps organizations receive and hand out data on real-world AI incidents. Non-profit technology and R&D company MITRE has introduced a new mechanism that enables organizations to share intelligence on real-world AI-related incidents. Shaped in collaboration with over 15 companies, the new AI Incident Sharing initiative aims to increase community knowledge of threats and defenses involving AI-enabled systems.
48-page report citing Ars Technica urges FTC, FCC investigate connected TV data harvesting. Gen AI, potentially racially discrimniatory practices head concerns.
Dutch police arrest admin of 'Bohemia/Cannabia' dark web market
An international law enforcement operation led to the arrest of one of the three administrators of the dual dark web market 'Bohemia/Cannabia,' known for hosting ads for drug sales and distributed denial of service (DDoS) attacks.
Telekopye transitions to targeting tourists via hotel booking scam
ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms.
The breach does not appear to impact the main consumer Verizon network, and instead involves the company’s push to talk (PTT) product, marketed to public sector agencies and enterprises.
Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server
Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security. #Deprecated #L2TP #Microsoft #PPTP #Server #VPN #Windows
After breach of billions of records, National Public Data files for bankruptcy | Cybernews
National Public Data, a company responsible for a massive leak of Social Security numbers in the summer, has filed for bankruptcy. That's unsurprising.
U.S., Microsoft seize over 100 websites allegedly used by Russian spies
The FBI and Microsoft have seized more than 100 web domains they say Russian intelligence used for cyber-espionage, according to court documents unsealed Thursday.
Internet Archive hacked, data breach impacts 31 million users
Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.
Following the publication of my blog post A Practical Guide to PrintNightmare in 2024, a few people brought to my attention that there was a way to bypass the Point and Print (PnP) restrictions recommended at the end. So, rather than just updating this article with a quick note, I decided to dig a little deeper, and see if I could find a better way to protect against the exploitation of PnP configurations.
