Pulse of Truth

New York Times: Analysis of 3.2M+ Telegram messages from 16K+ channels shows how the app is inundated with criminal activity, CSAM, drug dealers, white nationalists, and more  —  Drug dealers, scammers and white nationalists openly conduct business and spread toxic speech on the platform …

It turns out some lifehacks can come with prison time.

American car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information. [...]

Recently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall warns. SonicWall warns that a recently fixed access control flaw, tracked as CVE-2024-40766 (CVSS v3 score: 9.3), in SonicOS is now potentially exploited in attacks. “An improper access control vulnerability has been identified in the SonicWall SonicOS management […]

Alphabet Inc.’s Google is abusing its dominant position in advertising technology, the UK’s antitrust agency warned in a move that could pave the way for hefty fines and an order to change one of the tech giant’s most lucrative businesses.

A newly discovered PyPI hijack technique called “Revival Hijack” has been exploited in the wild, posing a significant threat to thousands of Python packages. Identified by JFrog’s security research team, the method takes advantage of a loophole in the PyPI software registry that allows attackers to re-register package names that have been removed by their [...]

​Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack. [...]

Comments

Danny Nelson / CoinDesk: Telegram radically alters its stance on “illegal” use of its platform by letting users in private chats “flag illegal content” for review by its moderators  —  The decision comes after the CEO's arrest in France for allegedly failing to police illegal content.

Ransomware is an all-too-common occurrence: 83% of organizations have experienced at least one ransomware attack in the last year, 46% of respondents experienced four or more and 14% indicated they experienced 10 or more. Of those respondents who experienced at least one ransomware attack in the last year, 61% said it resulted in downtime of at least 24 hours, according to Onapsis. Source: Onapsis Of those organizations that experienced ransomware attacks, 89% said their Enterprise … More → The post 83% of organizations experienced at least one ransomware attack in the last year appeared first on Help Net Security.

Supply chains, 13M jobs and $649B a year at risk, so Uncle Sam is fighting back - with a request for info The US Department of Homeland Security is seeking help to assess the security of tech at maritime ports, to safeguard the 13 million jobs and $649 billion of economic activity generated by the nation’s docks.…

A Gizmodo analysis of OpenAI’s GPT store found more than 100 tools that appear to violate the company’s policies regarding sexual content, cheating, legal and medical advice, gambling, fake review generation, and romantic companionship.

Allowed access to 150k cameras, some in sensitive spots, but has been done for spamming Physical security biz Verkada has agreed to cough up $2.95 million following an investigation by the US Federal Trade Commission (FTC) – but the payment won’t make good its past security failings, including a blunder that led to CCTV footage of Tesla, Cloudflare, and others being snooped on. Instead, the fine is about spam.…

Comments

93GB of info feared pilfered in Montana by heartless crooks Planned Parenthood of Montana's chief exec says the org is responding to a cyber-attack on its systems, and has drafted in federal law enforcement and infosec professionals to help investigate and rebuild its IT environment.…

Better late than never The White House on Tuesday indicated it hopes to shore up the weak security of internet routing, specifically the Border Gateway Protocol (BGP).…

Sophisticated attack breaks security assurances of the most popular FIDO key.

​The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. [...]

A proximity resilience graph offers a more accurate representation of risk than heat maps and risk registers, and allows CISOs to tell a complex story in a single visualization.

Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services. [...]

Ransomware remains a concerning cybersecurity threat, with attacks becoming more frequent, severe, and costly. Recent reports highlight alarming trends, including increased attacks on critical sectors like healthcare, education, and manufacturing. The US, leading in global ransomware incidents, faces an exceptionally high risk, especially in education and healthcare. Organizations are frequently hit multiple times, and ransom payments, while common, often fail to prevent further disruption. Most ransomware attacks occur between 1 a.m. and 5 a.m. Malwarebytes … More → The post Ransomware attacks escalate as critical sectors struggle to keep up appeared first on Help Net Security.

Fota Wildlife Park in Co Cork has told visitors to its website to cancel credit and debit cards, following a cyber-attack

In April 2024, 15M records from the online florist Blooms Today were listed for sale on a popular hacking forum. The most recent data in the breach corpus was from November 2023 and appeared alongside 3.2M unique email addresses, names, phone numbers physical addresses and partial credit card data (card type, 4 digits of the number and expiry date). The breach did not expose sufficient card data to make purchases. Blooms Today did not respond when contacted about the incident.

Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords.

Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites. Scammers would enter the target’s phone number and name, and the service would initiate an automated phone call to the target that alerts them about unauthorized activity on their account.