Cybersecurity

Conti ransomware attack was aimed at destabilizing government transition, Costa Rican president says

Several systems operated by the government of Costa Rica were hit with a ransomware attack this week, according to the country’s president Carlos Alvarado Quesada. The Conti ransomware group added systems connected to several government agencies to its list of…

Chinese hackers behind most zero-day exploits during 2021

Threat analysts report that zero-day vulnerability exploitation is on the rise, with Chinese hackers using most of them in attacks last year. Zero-day vulnerabilities are security weaknesses in software products that are either unknown or have not been fixed at the time…

Experts warn of need to patch critical cryptographic Java bug

Cybersecurity experts urged administrators to push through a patch for CVE-2022-21449 – a vulnerability affecting those using the Elliptic Curve Digital Signature Algorithm (ECDSA) signatures in Java 15, Java 16, Java 17, or Java 18. This new Java vulnerability originates in…

T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats…

FBI Warns Ransomware Attacks on Agriculture Co-ops Could Upend Food Supply Chain

Ransomware operators are eyeing attacks on large networks of farmers, called agriculture cooperatives, during make-or-break planting and harvest seasons, when they are likely most desperate to pay, according to the Federal Bureau of Investigation. A new advisory details…

Bob's Red Mill Reports Data Breach

The company behind a popular American brand of whole-grain foods has notified its online customers that their personal data may have been exposed in a recent cyber-attack. Bob's Red Mill Natural Foods issued a data breach notice on April 15 after learning that it had fallen…

Several Critical Vulnerabilities Affect SmartPTT, SmartICS Industrial Products

A security researcher has discovered several vulnerabilities, including ones rated critical- and high-severity, in industrial products made by Elcomplus, a Russian company specializing in professional radio communications and industrial automation. Researcher Michael Heinzl…

'Hack DHS' bug hunters find 122 security flaws in DHS systems

The Department of Homeland Security (DHS) today revealed that bug bounty hunters enrolled in its 'Hack DHS' bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity. DHS awarded a total of $125,600 to over 450…

Hackers hammer SpringShell vulnerability in attempt to install cryptominers

Malicious hackers have been hammering servers with attacks that exploit the recently discovered SpringShell vulnerability in an attempt to install cryptomining malware, researchers said. SpringShell came to light late last month when a researcher demonstrated…

QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities

Network-attached storage (NAS) appliance maker QNAP on Thursday said it's investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month. The critical flaws, tracked as CVE-2022-22721 and…