Digital money laundering pays, until it doesn't An Ohio man, who operated the Grams dark-web search engine and the Helix cryptocurrency money-laundering service associated with it, has been sentenced to three years in prison.…

QR codes arrive via an age-old delivery system Switzerland's National Cyber Security Centre (NCSC) has issued an alert about malware being spread via the country's postal service.…

ProPublica: Investigation: Microsoft offered the US government free cybersecurity upgrades in 2021, increasing government reliance on Microsoft due to high switching costs  —  - Raising the Bar: President Joe Biden asked tech companies to “raise the bar on cybersecurity.”

It’s with sadness that we note the passing of Thomas E. Kurtz, on November 12th. He was co-inventor of the BASIC programming language back in the 1960s, and though his …read more

OpenBSD has released an important bug fix addressing a potential double-free vulnerability within its Network File System (NFS) client and server implementation. OpenBSD is a Unix-like operating system renowned for its strong focus on security, simplicity, and correctness, with features like OpenSSH, PF (firewall), and W^X. It emphasizes “secure by default” principles, proactive security measures, […] The post OpenBSD Double-Free Vulnerability Let Attackers Exploit NFS Client & Server appeared first on Cyber Security News.

Israeli surveillance firm NSO Group reportedly used multiple zero-day exploits, including an unknown one named "Erised," that leveraged WhatsApp vulnerabilities to deploy Pegasus spyware in zero-click attacks, even after getting sued. [...]

SentinelOne described some of ransomware groups’ favorite techniques for targeting cloud services

Security tool sprawl makes it harder to manage environments and overwhelms teams

Hijacking domains using a ‘Sitting Ducks attack’ remains an underrecognized topic in the cybersecurity community. Few threat researchers are familiar with this attack vector, and knowledge is scarce. However, the prevalence of these attacks and the risk to organizations are significant. Infoblox researchers estimate that over 1 million registered domains could be vulnerable daily. More evidence found on Sitting Ducks Attacks During a Sitting Ducks attack, the malicious actor gains control of a domain by … More → The post Cybercriminals hijack DNS to build stealth attack networks appeared first on Help Net Security.

Jibin Joseph / PCMag: UK mobile operator Virgin Media O2 creates Daisy, an AI-generated “scambaiter” tool that mimics the voice of an elderly woman to waste scammers' time  —  After a survey found that 71% of Brits want revenge on scammers, mobile operator O2 deploys Daisy, an AI tool that keeps fraudsters on the line to waste their time.

Microsoft has pulled the November 2024 Exchange security updates released during this month's Patch Tuesday because of email delivery issues on servers using custom mail flow rules. [...]

Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange.

NHS supplier that leaked employee info fell victim to fiddly access controls that can leave databases dangling online Private businesses and public-sector organizations are unwittingly exposing millions of people's sensitive information to the public internet because they misconfigure Microsoft’s Power Pages website creation problem.…

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes.

Decrypt: Eighteen US states, led by Kentucky, sue the SEC and its commissioners, including Chairman Gary Gensler, over its crackdown on the crypto industry  —  Ahead of an expected regulatory leadership transition following the election of Donald Trump, 18 states have filed suit against the Securities …

Web applications belonging to finance, healthcare, and IT organizations contain the most critical security vulnerabilities

CISA and the FBI confirmed that Chinese hackers compromised the "private communications" of a "limited number" of government officials after breaching multiple U.S. broadband providers. [...]

Alan Filion, believed to have operated under the handle “Torswats,” admitted to making more than 375 fake threats against schools, places of worship, and government buildings around the United States.

Google versus the bad guys. | Illustration: Alex Castro / The Verge

Google is beefing up its malware detection with new protections designed to suss out ever-sneakier bad actors. Android’s Google Play Protect service is getting an update called live threat detection which seeks out potentially harmful apps on your phone by analyzing app behavior and alerts you in realtime if something looks fishy. The update was first announced at Google I/O earlier this year and is available now to Pixel 6 and newer phones. It should come to additional non-Pixel Android phones from Lenovo, OnePlus, Nothing, and Oppo, among others “in the coming months.” Live threat detection targets particularly hard-to-spot malware apps that hide their intentions well. Rather than just scanning apps for malicious code when you...

Continue reading…

There are quite a few bad ones, as well as some head-scratchers.