Jibin Joseph / PCMag: UK mobile operator Virgin Media O2 creates Daisy, an AI-generated “scambaiter” tool that mimics the voice of an elderly woman to waste scammers' time  —  After a survey found that 71% of Brits want revenge on scammers, mobile operator O2 deploys Daisy, an AI tool that keeps fraudsters on the line to waste their time.

Security tool sprawl makes it harder to manage environments and overwhelms teams

SentinelOne described some of ransomware groups’ favorite techniques for targeting cloud services

Hijacking domains using a ‘Sitting Ducks attack’ remains an underrecognized topic in the cybersecurity community. Few threat researchers are familiar with this attack vector, and knowledge is scarce. However, the prevalence of these attacks and the risk to organizations are significant. Infoblox researchers estimate that over 1 million registered domains could be vulnerable daily. More evidence found on Sitting Ducks Attacks During a Sitting Ducks attack, the malicious actor gains control of a domain by … More → The post Cybercriminals hijack DNS to build stealth attack networks appeared first on Help Net Security.

Microsoft has pulled the November 2024 Exchange security updates released during this month's Patch Tuesday because of email delivery issues on servers using custom mail flow rules. [...]

Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange.

NHS supplier that leaked employee info fell victim to fiddly access controls that can leave databases dangling online Private businesses and public-sector organizations are unwittingly exposing millions of people's sensitive information to the public internet because they misconfigure Microsoft’s Power Pages website creation problem.…

Decrypt: Eighteen US states, led by Kentucky, sue the SEC and its commissioners, including Chairman Gary Gensler, over its crackdown on the crypto industry  —  Ahead of an expected regulatory leadership transition following the election of Donald Trump, 18 states have filed suit against the Securities …

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes.

Alan Filion, believed to have operated under the handle “Torswats,” admitted to making more than 375 fake threats against schools, places of worship, and government buildings around the United States.

CISA and the FBI confirmed that Chinese hackers compromised the "private communications" of a "limited number" of government officials after breaching multiple U.S. broadband providers. [...]

We call this lead degeneration What's claimed to be more than 183 million records of people's contact details and employment info has been stolen or otherwise obtained from a data broker and put up for sale by a miscreant.…

There are quite a few bad ones, as well as some head-scratchers.

Web applications belonging to finance, healthcare, and IT organizations contain the most critical security vulnerabilities

Allowing staff to use communication channels outside an organization's control can create serious problems

More than 100 records shared by the hacker revealed the scraping of usernames, names, email addresses, biographies, follower and following counts, external URLs, and locations, as well as targeted usernames, user IDs and scrape IDs, account creation dates, and account categories.

    Google versus the bad guys. | Illustration: Alex Castro / The Verge

Google is beefing up its malware detection with new protections designed to suss out ever-sneakier bad actors. Android’s Google Play Protect service is getting an update called live threat detection which seeks out potentially harmful apps on your phone by analyzing app behavior and alerts you in realtime if something looks fishy. The update was first announced at Google I/O earlier this year and is available now to Pixel 6 and newer phones. It should come to additional non-Pixel Android phones from Lenovo, OnePlus, Nothing, and Oppo, among others “in the coming months.” Live threat detection targets particularly hard-to-spot malware apps that hide their intentions well. Rather than just scanning apps for malicious code when you...

Continue reading…

The business contact information for 122 million people circulating since February 2024 is now confirmed to have been stolen from a B2B demand generation platform. [...]

The leak caught national intelligence officials by surprise and led to an embarrassing Air Force Inspector General investigation.

It was discovered that Minizip in zlib incorrectly handled certain zip header fields. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.

Funding to run until end of decade

The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed on phones. Because users agreed to an opaque terms of service page, the Secret Service believes it doesn't need a warrant.

Music companies appeal, demanding payment for each song instead of each album.

DeFlock has mapped the locations of more than a thousand ALPRs around the United States and thousands more around the world.

Tens of thousands of exposed D-Link routers that have reached their end-of-life are vulnerable to a critical security issue that allows an unauthenticated remote attacker to change any user's password and take complete control of the device. [...]