Scott Ikeda reports: The issue of banning ransomware payments has been contentious and hotly debated in governments throughout the world in the last few years, particularly as the problem seemed to grow out of control during the Covid-19 pandemic. In the US, the federal government has come down on the side of allowing payments but adding increasingly…
Category: Commentaries and Analyses
Hackers are using cookies to sidestep two-factor authentication
Fionna Agomuah reports: “Cookie stealing” is among the latest trends in cybercrimes that hackers are using to bypass credentials and access private databases, according to Sophos. Typical security advice for organizations has been to move their most sensitive information to cloud services or to use multifactor authentication (MFA) as a safety means. However, bad actors…
UPDATE NOW: Apple warns hackers could get ‘full admin access’ to iPhones, iPads, iMacs
AP and CNN report: Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices. In security updates posted online on Wednesday and Thursday, Apple said the vulnerability affects iPhones dating back to the 6S model, iPad 5th generation and later, iPad Air 2 and later, iPad…
BlackByte ransomware gang is back with new extortion tactics
Lawrence Abrams reports: The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit. After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls. Read more at…
Disrupting SEABORGIUM’s ongoing phishing operations
From Microsoft’s Blog: The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017. SEABORGIUM is a threat actor that originates from Russia, with objectives and victimology that align closely with Russian state interests. Its campaigns involve persistent phishing and credential theft…
Alberta OIPC’s 2022 PIPA Breach Report – Trends and Key Takeaways
John Cassell, Imran Ahmad,and Miranda Sharpe of Norton Rose Fulbright write: On July 27, 2022, the Office of the Information and Privacy Commissioner of Alberta (OIPC) released its 2022 PIPA Breach Report.[1] The report analyzes the nearly 2,000 breach reports[2] received by the OIPC during the ten year period since reporting was mandated in Alberta under…