ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
This week’s security news is mostly about weak spots
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
This week’s security news is mostly about weak spots
Affected factories back up and running, we're told
Amazon, Apple, Google, and Microsoft among major customers Data I/O, a major electronics manufacturer whose customers include Amazon, Apple, Google, and Microsoft, notified federal regulators that it fell victim to a ransomware infection on August 16 that continues to disrupt its business operations.…
Look over there! Amidst its own failure to fix a couple of bugs now under mass exploitation and being abused for espionage, data theft, and ransomware infections, Microsoft said Monday that it spotted a macOS vulnerability some months ago that could allow attackers to steal private data. Redmond reported the bug to Cupertino, which issued a fix back in March.…
Also, BianLian Ransomware Hackers Aren't Really Mailing YouThis week, the U.S. sanctioned the Nemesis admin, Poco RAT spotted in Latin America, Apple challenged a British order to weaken encryption and the FBI warned against scam letters purportedly from BianLian. Also, a Nigerian tax scammer extradited to the U.S., a new botnet and a Webex vulnerability.
Legal Expert Jonathan Armstrong Unpacks Issues in Big Tech, Ransomware, AI and MoreIn the latest weekly update, legal expert Jonathan Armstrong joined three ISMG editors to discuss the Department of Justice's antitrust lawsuit against Apple, ransomware payment dilemmas and AI copyright infringement fears - highlighting the intricate legal issues shaping big tech and cybersecurity.
Also: Avast Agrees to $16.5 Million Civil Penalty to Settle Privacy InvestigationThis week: more fallout from LockBit, Avast to pay $16.5M, Russia-linked group targeted mail servers, no indication that AT&T was hacked, analysis of a patched Apple flaw, Microsoft enhanced logging, an Android banking Trojan, North Korean hackers and a baking giant fell to ransomware.
Also: Ivanti Exploitation Continues; Apple Fixes First Zero-Day of 2024This week, U.S. short seller lender EquiLend Holdings was hacked, the Ivanti exploitation continued, Apple addressed the first zero-day of 2024, Ukraine said hackers had hit a Russian research center, Kasseika ransomware evolved, North Korean hackers were active, and Trello experienced a data leak.
Report: 2.6 Billion Personal Records Exposed in the Last 2 YearsThe number of data breaches in the U.S. has hit an all-time high, amid mounting attacks against third-party vendors and aggressive ransomware attacks, says a report from Apple and a Massachusetts Institute of Technology researcher. Breaches have more than tripled between 2013 and 2022.
Under construction: The world's leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be.
Plus: Accused is innocent until proven guilty, but is known to be an Apple fan FBI agents have arrested a Russian man suspected of being part of the Lockbit ransomware gang. An unsealed complaint alleges the 20-year-old was an Apple fanboy, an online gambler, and scored 80 percent of at least one ransom payment given to the criminals.…
In targeting Apple users, LockBit is going where no major ransomware gang has gone before. But it's a warning shot, and Mac users need not worry yet.
Threat actors behind the LockBit ransomware operation have developed new artifacts that can encrypt files on devices running Apple's macOS operating system
As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple
Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems
Plus: Hive hits health-care org, law enforcement ransomware response is lacking, and orgs can't meet new disclosure rules In Brief Cybercriminals have used fake emergency data requests (EDRs) to steal sensitive customer data from service providers and social media firms. At least one report suggests Apple, and Facebook's parent company Meta, were victims of this fraud.…