Telegram has exploded as a hub for cybercriminals looking to buy, sell, and share stolen data and hacking tools, new research shows, as the messaging app emerges as an alternative to the dark web. An investigation by cyber intelligence group Cyberint, together with the Financial Times, found a ballooning network of hackers sharing data leaks…
A prominent cybersecurity lawyer pleaded not guilty on Friday to a charge of lying to the F.B.I. during a meeting five years ago about possible links between Donald J. Trump and Russia. The lawyer, Michael A. Sussmann, appeared before a magistrate judge in Washington, where he was indicted a day earlier. After a brief hearing,…
Microsoft is rolling out passwordless login support over the coming weeks, allowing customers to sign in to Microsoft accounts without using a password. The company first allowed commercial customers to rollout passwordless authentication in their environments in March after a breakthrough year in 2020 when Microsoft reported that over 150 million users were logging into…
Image: Samueljjohn (CC BY-SA 4.0) The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are actively exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. Zoho’s customer list includes “three out of five Fortune 500 companies,” including Apple, Intel,…
Multiple cyber threat actors, including ransomware operators and nation state hackers, have been exploiting a recently patched Windows MSHTML vulnerability as part of initial access campaigns that deployed custom Cobalt Strike Beacon loaders, Microsoft Threat Intelligence Center (MSTIC) said in a new report detailing the attacks. The vulnerability in question is an improper input validation…
The vulnerability in question exists in the single sign-on and password management solution since early August 2021. Zoho Corporation is an Indian multinational technology company that creates web-based business tools, being known for its online office suite named Zoho. The vulnerability, tracked as CVE-2021-40539 was discovered in the Zoho ManageEngine ADSelfService Plus software. The vulnerability in question can allow attackers to take over vulnerable systems…
LOS ANGELES – An Illinois man was found guilty today by a federal jury for running websites that allowed paying users to launch powerful distributed denial of service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet. Matthew Gatrel, 32, of St. Charles,…
Photo: Drew Angerer (Getty Images) Former U.S. intelligence operatives are facing federal charges after allegedly having worked as cyber-mercenaries for the United Arab Emirates. The men, all of whom are ex-employees of the National Security Agency, are accused of helping the UAE government to break into computer systems all over the world, including some in…
Muhammad Fahd, a 35-year-old Pakistani national, has been sentenced to 12 years of prison in the United States for his role in a scheme that involved illegally unlocking AT&T phones and hacking into the telecoms giant’s systems. The scheme started in 2012, when Fahd and others recruited AT&T call center employees for help in unlocking…
Using OMI on Microsoft Azure? Drop everything and patch this critical vulnerability, snappily named OMIGOD. But wait! You probably don’t know whether you’re using OMI or not. Y’see, Open Management Infrastructure (OMI) is often silently installed on Azure—as a prerequisite. And, to make matters worse, Microsoft hasn’t rolled out the patch for you—despite publishing the…
