Tech News
General news about the tech industry, trends, and major events.
US cracks down on North Korean IT worker army with more sanctions
The U.S. Treasury Department has sanctioned a network of individuals and front companies linked to North Korea’s Ministry of National Defense that have generated revenue via illegal remote IT work schemes. “The DPRK continues to rely on its thousands of overseas IT workers to generate revenue for the regime, to finance its illegal weapons programs, […]
Wolf Haldenstein law firm says 3.5 million impacted by data breach
Wolf Haldenstein Adler Freeman & Herz LLP (“Wolf Haldenstein”) reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. The incident took place on December 13, 2023, but the firm says data analysis and digital forensic complications severely delayed the completion of its investigation. Last Friday, […]
Biden signs executive order to bolster national cybersecurity
Days before leaving office, President Joe Biden signed an executive order to shore up the United States’ cybersecurity by making it easier to sanction hacking groups targeting federal agencies and the nation’s critical infrastructure. These also include ransomware gangs, which have been continuously targeting U.S. healthcare organizations in recent years, causing disruptions by encrypting systems […]
FTC sues GoDaddy for years of poor hosting security practices
The Federal Trade Commission (FTC) will require web hosting giant GoDaddy to implement basic security protections, including HTTPS APIs and mandatory multi-factor authentication, to settle charges that it failed to secure its hosting services against attacks since 2018. FTC says the Arizona-based company’s claims of reasonable security practices also misled millions of web-hosting customers because GoDaddy […]
New UEFI Secure Boot flaw exposes systems to bootkits, patch now
A new UEFI Secure Boot bypass vulnerability tracked as CVE-2024-7344 that affects a Microsoft-signed application could be exploited to deploy bootkits even if Secure Boot protection is active. The vulnerable UEFI application is present in multiple real-time system recovery tools from several third-party software developers. Bootkits represent a critical security threat that is difficult to detect because […]
Hackers leak configs and VPN credentials for 15,000 FortiGate devices
A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. The data was leaked by the “Belsen Group,” a new hacking group first appearing on social media and cybercrime […]
SAP fixes critical vulnerabilities in NetWeaver application servers
SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. As part of the January Security Patch Day, the vendor also released updates for other products to patch 12 additional issues rated with medium and high severity. “SAP strongly recommends that the customer […]
CISA shares guidance for Microsoft expanded logging capabilities
CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. As the cybersecurity agency explained, these newly introduced Microsoft Purview Audit (Standard) logging capabilities support enterprise cybersecurity operations by providing access to information on critical events such as mail […]
MikroTik botnet uses misconfigured SPF DNS records to spread malware
A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. The threat actor takes advantage of an improperly configured DNS record for the sender policy framework (SPF) used for listing all the servers authorized to send emails […]
Label giant Avery says website hacked to steal credit cards
Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers’ credit cards and personal information. Avery is an American company that produces and sells self-adhesive labels, apparel branding elements, and printing services. In a data breach notification sent to impacted customers, Avery discovered they were attacked on […]