Bill Toulas reports: Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. […] Researchers at Cyble have conducted an exercise to locate exposed Kubernetes instances across the itnernet, using similar scanning tools and search queries to those employed by malicious actors. The results show a…
Category: Commentaries and Analyses
Clever phishing method bypasses MFA using Microsoft WebView2 apps
Lawrence Abrams reports: A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. […] This week, cybersecurity researcher mr.d0x has created a new phishing method that uses Microsoft Edge WebView2 applications to easily steal a user’s authentication cookies and log into…
Ransomware Ransom Payments: A Geostrategic Risk
The following is a Google-translated statement addressing the significant and negative impact of ransom payments on the German economy and recommendations to reduce and eliminate the payment of ransoms. In the original German, “Lösegeldzahlungen bei Ransomware-Angriffen: ein geostrategisches Risiko” can be found at https://ransomletter.github.io/: Blackmail Trojans in the form of so-called ransomware have grown into…
Fake copyright infringement emails install LockBit ransomware
Bill Toulas reports: LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims. The recipients of these emails are warned about a copyright violation, allegedly having used media files without the creator’s license. These emails demand that the recipient remove the infringing content…
Unsurprisingly, hacktivists protest the overturn of a woman’s right to her own body
The announcement appeared on the Telegram channel of a group calling themself “SiegedSec:” TIME FOR SOME 1337 H4CKTIVISM!!! (4 the record, we will still do blackhat stuff 😉 Like many, we are also pro-choice, one shouldn’t be denied access to abortion. As added pressure to the U.S government, we have leaked many internal documents and…
Expensive week for Carnival Corp: a $1.25 million settlement with states over one breach, then a $5 million settlement with New York for violating state cybersecurity regulation
It seems this was the week for following up on Carnival Corporation breaches. Earlier this week, state attorneys general announced a $1.25 million multistate settlement with the cruise line over a 2019 data breach first disclosed in 2020. But there was other news concerning the cruise line this week, too. On Friday, the New York…