News

DuckDuckGo, a privacy focused web browser, has come under fire for allowing Microsoft trackers on third-party sites as part of their syndicated search content contract with the company. The search engine takes pride in not tracking user searches or behaviour, and not building user profiles to display targeting advertising, instead using contextual advertisements from their partners. While DuckDuckGo does not store personal identifiers, Microsoft advertising can track your IP address, among other information, when clicking...

A new report from the United States Senate Committee on Homeland Security & Governmental Affairs has revealed that the US government lacks comprehensive data on ransomware attacks. Notably, the report shows that authorities are largely in the dark as to how much is lost in ransom payments. The report is the culmination of a 10-month investigation into ransomware. It cites FBI statistics that reveal the agency received 3729 ransomware complaints with relative losses upwards of $49.2m. The...

US automobile behemoth General Motors (GM) has confirmed that it suffered a credential stuffing attack last month. GM said that it detected malicious login activity between April 11-29 2022, resulting in the exposure of customer information and allowing hackers to redeem gift card reward points. GM sent a data breach notification to affected customers, saying: "We are writing to follow-up on our email to you, advising you of a data incident involving the identification of...

Clearview AI has been fined by the UK's Information Commissioner's Office (ICO) for breaking UK data protection laws. The £7.5m fine is a huge reduction from the £17m the ICO initially planned to fine the web-based intelligence platform in November 2021. The initial fine was proposed following a joint investigation conducted in accordance with the Australian Privacy Act and the UK Data Protection Act 2018. The company has been punished for building an online database...

A minimum of two research institutes in Russia and third likely in Belarus have suffered an espionage attack carried out by a Chinese nation-state advanced persistent threat grout (APT).  Codenamed "Twisted Panda," the attacks come in the wake of Russia's military invasion of Ukraine, an event that has prompted many threat actors to switch tactics and stage opportunistic attacks. Check Point, an Israeli cybersecurity firm, disclosed details of the latest intelligence-gathering operation, attributing it to...

Deep fakes depicting videos of Elon Musk and other prominent figures in the cryptocurrency scene are promoting a BitVex trading platform scam that steals deposited currency. The spoof BitVex crypto trading platform claims to be owned by Tesla CEO Elon Musk, saying in the deep fake that he created the site to allow investors to earn up to 30% returns on cryptocurrency deposits. The videos are created by modifying legitimate interviews with deep fake technology...

Conti ransomware gang has shut down their operation, taking infrastructure offline and informing team leaders that the brand ceases to exist. Yelisey Boguslavskiy, head of research at Advanced Intel, tweeted yesterday that the gang's internal infrastructure had been switched off. Although public-facing ransom negotiation sites and the "Conti News" data leak are still online, Boguslavskiy told BleepingComputer that Tor admin panels are no longer online.  

On 16 April 2022, the ContiNews ransomware PR site posted the gang's newest victim: the Ministry of Finance of Costa Rica. Three days later, the post was updated with a sample of the stolen data, and a threat to continue attacks against Costa Rican agencies unless the government paid a requested ransom of $10 million. On April 21, the post was updated to include the URLs of two more compromised government departments - the Ministry...

A programming issue at the Texas Department of Insurance (TDI) exposed the personal information of nearly two million Texans for nearly three years. The department revealed that information such as Social Security numbers, addresses, dates of birth and phone numbers was made publicly available from March 2019 to January 2022. The information belongs to 1.8 million Texan workers who have filed compensation claims. The TDI issued a public notice on March 24, saying that it...

US authorities have warned that the Democratic People’s Republic of Korea (DPRK) is sending IT workers to get freelance jobs at companies worldwide, with the goal of obtaining privileged access that could be used to open the door for cyber intrusions. Thousands of "highly skilled IT workers" have been directed or forced to target freelance jobs at organisations in wealthier nations by the North Korean state. It's believed that said workers use a variety of...