Monday, January 24, 2022

Alleged carder gang mastermind and three acolytes under arrest in Russia

The motto of the gang was "In Fraud We Trust", and they went by a dizzying range of online nicknames.

Cryptocoin broker Crypto.com says 2FA “bypass” led to $35m theft

The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.

Serious Security: Apple Safari leaks private data via database API – what you need to know

There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing

Romance scammer who targeted 670 women gets 28 months in jail

Found love online? Sending them money? Friends and family warning you it could be a scam? Don't be too quick to dismiss their concerns...

Serious Security: Linux full-disk encryption bug fixed – patch now!

Imagine if someone who didn't have your password could sneakily modify data that was encrypted with it.

REvil ransomware crew allegedly busted in Russia, says FSB

The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous "REvil" ransomware crew.

Wormable Windows HTTP hole – what you need to know

One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".

Home routers with NetUSB support could have critical kernel hole

Got a router that supports USB access across the network? You might need a kernel update...

JavaScript developer destroys own projects in supply chain “lesson”

Two popular open source JavaScript packages recently got "hacked" in a smbolic gesture by the original project creator.

MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.

The Case for Backing Up Source Code

As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.

Surge in Malicious QR Codes Sparks FBI Alert

QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.

Dark Souls 3 Servers Shut Down Due to Critical RCE Bug

The bug can allow attackers to remotely execute code on gamers’ computers. The devs temporarily deactivated PvP servers across multiple affected versions.
TechRepublic

REvil gang member arrests strike fear among cybercriminals on the Dark Web

Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals.