Scott Ikeda reports: The Attorney General of the United Kingdom has declared the country can make use of defensive cyber attacks when “key services” (such as critical infrastructure and banks) are struck by foreign threat actors. The country is taking a formal position on extending international law to the digital realm, something that nations have…
Category: Commentaries and Analyses
Telegram Reportedly Exposed User Data To Authorities
Isobel Sullivan reports: If you’re one of Telegram’s 500 million active users, your privacy may no longer be guaranteed. Last Friday Der Spiegel, Germany’s largest news site, revealed that operators of the messaging platform handed over personal data to the authorities, despite the app claiming that they have never succumbed to such requests. […] While Telegram…
US agencies detail the digital ‘plumbing’ used by Chinese state-sponsored hackers
Martin Matishak reports: U.S. agencies on Tuesday offered new details about how Chinese state-sponsored hackers have used publicly known vulnerabilities to target internet service providers and major telecommunications firms around the globe over the last two years. Taking advantage of common vulnerabilities and exposures (CVEs) allows malicious actors backed by Beijing to break into victim…
Is cyberinsurance for cyberattacks becoming harder to find and more costly?
Attorney Jeff Drummond writes: News from the Cyberinsurance Market: Healthcare entities are finding that cybersecurity insurance is getting harder to find. Insurers are leaving the market, and prices are going up. Having cyberinsurance has always been a good call, from the time the insurance first hit the market, because (i) the risk is so hard to quantify,…
Qbot malware now uses Windows MSDT zero-day in phishing attacks
Sergiu Gatlan reports: A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware. Proofpoint first reported Monday that the same zero-day was used in phishing targeting US and EU government agencies. Read more at BleepingComputer.
Aurora pays $6 mn bug bounty to ethical hacker
Shashank Bhardwaj reports: Aurora, the bridging and scaling solution for Ethereum (ETH), announced on Tuesday that it had given a $6 million bug bounty to an ethical security hacker by the name of pwning.eth for discovering a critical vulnerability in the Aurora Engine. The bounty was paid by Aurora in collaboration with Immunefi, which is…