Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Malicious PyPi package steals Discord auth tokens from devs
A malicious package named ‘pycord-self’ on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The package mimics the highly popular ‘discord.py-self,’ which has nearly 28 million downloads, and even offers the functionality of the legitimate project. The official package is a Python […]
US sanctions Chinese firm, hacker behind telecom and Treasury hacks
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group. “Yin Kecheng has been a cyber actor for over a decade and is affiliated with the People’s Republic […]
FCC orders telecoms to secure their networks after Salt Tyhpoon hacks
The Federal Communications Commission (FCC) has ordered U.S. telecommunications carriers to secure their networks following last year’s Salt Typhoon security breaches. Today’s action comes after FCC Chairwoman Jessica Rosenworcel said in early December that the FCC would act “urgently” to require U.S. carriers to secure their systems from cyberattacks. “We now have a choice to make. We […]
GDPR complaints filed against TikTok, Temu for sending user data to China
Non-profit privacy advocacy group “None of Your Business” (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user’s data to China and infringing European Union’s general data protection regulation (GDPR). Founded by Austrian privacy activist Max Schrems, NOYB works through legal action against companies that violate users’ privacy rights, particularly in […]
W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks
A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. The W3 Total Cache plugin uses multiple caching techniques to optimize a website’s speed, reduce load times, and generally improve its SEO ranking. The flaw is tracked […]
Microsoft expands testing of Windows 11 admin protection feature
Microsoft has expanded its Windows 11 administrator protection tests, allowing Insiders to enable the security feature from the Windows Security settings. First introduced in October in a preview build for Windows 11 Insiders in the Canary Channel, admin protection uses a hidden, just-in-time elevation mechanism and Windows Hello authentication prompts that only unlock admin rights when needed […]
US cracks down on North Korean IT worker army with more sanctions
The U.S. Treasury Department has sanctioned a network of individuals and front companies linked to North Korea’s Ministry of National Defense that have generated revenue via illegal remote IT work schemes. “The DPRK continues to rely on its thousands of overseas IT workers to generate revenue for the regime, to finance its illegal weapons programs, […]
Wolf Haldenstein law firm says 3.5 million impacted by data breach
Wolf Haldenstein Adler Freeman & Herz LLP (“Wolf Haldenstein”) reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. The incident took place on December 13, 2023, but the firm says data analysis and digital forensic complications severely delayed the completion of its investigation. Last Friday, […]
Biden signs executive order to bolster national cybersecurity
Days before leaving office, President Joe Biden signed an executive order to shore up the United States’ cybersecurity by making it easier to sanction hacking groups targeting federal agencies and the nation’s critical infrastructure. These also include ransomware gangs, which have been continuously targeting U.S. healthcare organizations in recent years, causing disruptions by encrypting systems […]
FTC sues GoDaddy for years of poor hosting security practices
The Federal Trade Commission (FTC) will require web hosting giant GoDaddy to implement basic security protections, including HTTPS APIs and mandatory multi-factor authentication, to settle charges that it failed to secure its hosting services against attacks since 2018. FTC says the Arizona-based company’s claims of reasonable security practices also misled millions of web-hosting customers because GoDaddy […]