UK Arrests Four in ‘Scattered Spider’ Ransom Group

source: krebsonsecurity.com  |  image: pexels.com

 

Authorities in the United Kingdom this week arrested four people aged 17 to 20 in connection with recent data theft and extortion attacks against the retailers Marks & Spencer and Harrods, and the British food retailer Co-op Group. The breaches have been linked to a prolific but loosely-affiliated cybercrime group dubbed “Scattered Spider,” whose other recent victims include multiple airlines. Continue reading “UK Arrests Four in ‘Scattered Spider’ Ransom Group”

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

source: threatpost.com  |  image: pexels.com

 

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organizations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.

Continue reading “Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms”

Russia is upping hybrid attacks against Europe, Dutch intelligence says

source: nbcnews.com (contributed by FAN, Steve Page)  |  image: pexels.com

 

“We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine,” the director of the Dutch military intelligence agency said.

THE HAGUE, Netherlands — Russia is increasing its hybrid attacks aimed at undermining society in the Netherlands and its European allies, and Russian hackers have already targeted the Dutch public service, Dutch military intelligence agency MIVD said Tuesday.

“We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine,” MIVD director Peter Reesink said in the agency’s annual report. Continue reading “Russia is upping hybrid attacks against Europe, Dutch intelligence says”

Secret comms in danger as Second Phone Number iOS app leaks user texts

source: cybernews.com  |  image: pexels.com

 

A virtual phone number iOS app with millions of downloads in the US has exposed its users’ data, including messages, media, and sender and recipient details.

While there are many reasons to have a virtual phone number, privacy is the most common. This is not lost on Second Phone Number app creators, as its App Store description starts with “Need a second phone number for private calls and texts?”

However, users expecting privacy are in for a surprise. The Cybernews research team has found that the popular iPhone app’s misconfigured Firebase instance exposed user details likely not meant for the outside world. Continue reading “Secret comms in danger as Second Phone Number iOS app leaks user texts”

Critical Vulnerability Found in Canon Printer Drivers

source: securityweek.com  |  image: pixabay.com

Microsoft’s offensive security team has warned Canon about a critical vulnerability affecting some printer drivers. 

According to an advisory published last week by Canon, drivers associated with several production printers, office multifunction printers, and laser printers are affected by an out-of-bounds vulnerability. Continue reading “Critical Vulnerability Found in Canon Printer Drivers”

A New Era of Attacks on Encryption Is Starting to Heat Up

source: wired.com  |  image: pixabay.com

 

The UK, France, Sweden, and EU have made fresh attacks on end-to-end encryption. Some of the attacks are more “crude” than those in recent years, experts say.

OVER THE PAST decade, encrypted communication has become the norm for billions of people. Every day, Signal, iMessage, and WhatsApp keep billions of messages, photos, videos, and calls private by using end-to-end encryption by default—while Zoom, Discord, and various other services all have options to enable the protection. But despite the technology’s mainstream rise, long-standing threats to weaken encryption keep piling up.

Over the past few months, there has been a surge in government and law enforcement efforts that would effectively undermine encryption, privacy advocates and experts say, with some of the emerging threats being the most “blunt” and aggressive of those in recent memory. Officials in the UK, France, and Sweden have all made moves since the start of 2025 that could undermine or eliminate the protections of end-to-end encryption, adding to a multiyear European Union plan to scan private chats and Indian efforts that could damage encryption. Continue reading “A New Era of Attacks on Encryption Is Starting to Heat Up”

X is blocking links to Signal

source: theverge.com (contributed by FAN, Steve Page)  |  image: pexels.com

Users attempting to add their Signal.me URL to posts, DMs, and bio descriptions are being met with error messages.

X users are currently unable to post links to Signal.me, which are used to quickly and securely send direct messages to Signal users. A variety of failure notifications are being reported when X users attempt to post Signal links on the platform, some of which identify the blocked message as containing spam, harmful content, or malicious activity. Continue reading “X is blocking links to Signal”

We’re In for a Rude Awakening on Cybersecurity

source: city-journal.org (contributed by FAN, Steve Page)  |  image: pexels.com

America remains ill-prepared for Chinese hackers targeting critical infrastructure.

It’s a crisis that almost no one is talking about. The Chinese Communist Party is now the world’s preeminent practitioner of cyber warfare. Once notoriously loud and clumsy, the CCP’s hackers have become stealthy and sophisticated. They’re intercepting the calls and texts of our leaders and infiltrating servers at our ports, power plants, and water-treatment facilities. Yet hardly anyone seems to care. When Congress held hearings on cybersecurity late last year, only a handful of journalists bothered to cover them. Continue reading “We’re In for a Rude Awakening on Cybersecurity”

Chinese hackers infiltrated US Treasury Secretary’s PC — attackers had access to over 400 PCs

source: tomshardware.com (contributed by Steve Page)  |  image: pexels.com 

 

As reported last week, Chinese hackers infiltrated the U.S. Department of Treasury and gained access to several users’ workstations. However, according to Bloomberg, the infiltration was more severe than initially reported, as hackers managed to access systems belonging to Secretary Janet Yellen and other top officials.

Say Goodbye to Passwords

source: fastcompany.com  |  image: pixabay.com

 

Passkey adoption is up, and problems are being fixed.

It’s been a couple of years since Apple, Google, and Microsoft started trying to kill the password, and its demise seems more likely than ever.

In 2022, all three companies embraced an alternative called passkeys, which sync securely between your devices and are protected by face recognition, a fingerprint, or a PIN. The thinking goes that if you don’t have to remember a password—or even create one in a password manager—you’re less likely to fall prey to phishing scams. And if websites don’t have to store their customers’ passwords anymore, security breaches won’t be as disastrous. Continue reading “Say Goodbye to Passwords”