A federal grand jury has indicted a 51-year-old church pastor on 26 counts of fraud, after allegedly using his position to deceive victims into investing in a cryptocurrency investment scam. That would seem unusual, but what is even more bizarre is that the pastor alleged to be behind the scheme claims that the inspiration for the project came to him in a dream. Francier Obando Pinillo, of Miami, Florida, is alleged to have exploited his position at a Spanish-language church in Pasco, Washingt
All Articles (2425)
Sort by
Silverfort has discovered that a misconfiguration can bypass an Active Directory Group Policy designed to disable NTLMv1, allowing NTLMv1 authentications to persist. Microsoft announced the full decommission of NTLMv1 from Windows 2025. Unified Identity Security company Silverfort has discovered a security vulnerability involving a misconfiguration in Active Directory. This vulnerability allows NTLMv1 authentication to persist despite attempts to disable it through Group Policy.
NTLMv1 is an o
A new phishing campaign relies on legitimate links to trick victims into logging in and giving attackers control of their PayPal accounts. The phishing emails inform the intended victim of a payment request, providing legitimate-looking details, such as an amount and transaction ID, and even contain warnings that one would typically find in an email from PayPal. The messages come from a genuine PayPal address and include a genuine URL, which allows them to pass security checks and makes them app
The US Commerce Department on 14 January 2025 announced a new rule that will ban certain Chinese and Russian connected car technology from being imported to the United States. Software and hardware built into Vehicle Connectivity Systems (VCS), such as telematics control units and cellular, satellite and Wi-fi functions, which are manufactured in China and Russia will be banned, along with any connected cars containing them.
Separately Russian and Chinese Automated Driving System (ADS) software
Microsoft's Digital Crimes Unit is pursuing legal action to disrupt cybercriminals who create malicious tools that evade the security guardrails and guidelines of generative AI (GenAI) services to create harmful content. According to a spokesman, it has observed a threat group seeking out vulnerable customer accounts using generative AI, then creating tools to abuse these services.[1]
See: https://redskyalliance.org/xindustry/microsoft-s-new-copilot-ai-agents
According to an unsealed complaint
French cybersecurity firms and law enforcement agents, together with partners from the United States, have successfully removed Chinese-built malware from thousands of infected PCs. In a press release shared on the US Justice Department (DOJ) website, it was said a Chinese state-sponsored threat actor called Twill Typhoon (AKA Mustang Panda) built a custom version of the PlugX malware which can “infect, control, and steal information from victim computers. Since at least 2014, Mustang Panda ha
What is the E-ZPass Smishing Scam? Recently, scammers have been targeting consumers with a "smishing" scam where they send a text or email claiming to be from the E-ZPass tolling agency. The message claims that a driver has an unpaid toll and they need to settle their bill using a link provided in the message before late fees are incurred.
InfraGard Rhode Island urges you to NEVER click on links from unknown senders, in both text messages and emails.
What should you do if you have received a
On 7 January 2025, the US government announced the launch of the US Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. "IoT products can be susceptible to a range of security vulnerabilities," the US Federal Communications Commission (FCC) said. "Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear a label including a new 'US Cyber Trust Mark.'"
As part of the effort, the logo will be accompanied
Spoofed email addresses in malspam campaigns continue to work for attackers who use them to bypass security mechanisms and trick victims into triggering the malware. Despite safeguards like DKIM, DMARC, and SPF designed to prevent attackers from spoofing well-known domains, attackers are getting around these by abusing neglected domains that lack DNS records, making them harder to detect.
Researchers have identified how these spam campaigns use disused domains to distribute phishing emails cont
In the 1970s and 1980s, Casio was best known for its electronic (including scientific) calculators, electronic musical instruments, and affordable digital watches incorporating innovative technology. All the cool kids had a Casio calculator (unfortunately, I was taught on a slide rule). Well, Casio is still around. Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. The affected individuals are primarily
The National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) says it has identified two major cyber espionage campaigns undertaken by the US cyber spies that hacked Chinese technology companies with the aim to steal trade secrets. In a statement, CNCERT/CC said that advanced materials design and research unit and a large-scale high-tech company focused on intelligent energy and digital information were "suspected of being attacked by a US intelligence
Businesses are more likely to face a costly cyber-crime attack than a robbery or fire this year as hackers continue to employ devious social-engineering skills to lure unsuspecting victims. This reality has been highlighted in several reports by global cybersecurity experts who have analyzed cybercrimes, such as ransomware (where hackers encrypt and steal data), smishing (SMS link scams) and phishing (email link/attachment scams) in recent years and have warned that Artificial Intelligence (AI)
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has taken decisive action against Integrity Technology Group, Incorporated (Integrity Tech), a Beijing-based cybersecurity company, for its alleged involvement in malicious cyber activities targeting U.S. critical infrastructure. Announced on January 3, 2025, this move represents a significant escalation in the U.S. government's efforts to combat state-sponsored cyber threats.
Integrity Tech is accused of providing inf
The National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity warned Japanese organizations of a sophisticated Chinese state-backed cyber-espionage effort called "MirrorFace" to steal technology and national security secrets. Japanese authorities said the advanced persistent threat group (APT) MirrorFace has been operating since 2019.
"By publicizing the modus operandi of 'MirrorFace' cyberattacks, the purpose of this alert is to make targeted organizat
The Green Bay Packers American football team notified fans that a threat actor hacked its official online retail store in October 2024 and injected a card skimmer script to steal customers' personal and payment information. The National Football League team says it immediately disabled all checkout and payment capabilities after discovering on 23 October 2024 that the packersproshop.com website was breached.
"On October 23, 2024, we were alerted to malicious code inserted on the Pro Shop website
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool to steal sensitive data from developer systems. "By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, and configuration details," the Socket research team said in an analysis.
Hardhat is a development environment for
Google has informed companies that use its advertising products that it will soon allow them to use fingerprinting techniques. This will allow them to track users across multiple devices including Smart TVs and game consoles.
The announcement has huge raised privacy concerns, and the move has been called “irresponsible” by Stephen Almond, the executive director of regulatory risk at the UK Information Commissioner’s Office (ICO). It is also a reversal of Google’s previous position on fingerprint
Taiwanese government networks experienced a daily average of 2.4 million cyber-attacks in 2024, most attributed to Chinese state-backed hackers. This represents double the daily average from 2023, which saw 1.2 million daily attacks targeting government networks, Taiwan’s National Security Bureau said in a new report. “Although many of those attacks have been effectively detected and blocked, the growing numbers of attacks pinpoint the increasingly severe nature of China’s hacking activities,” t
The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau (PIB) said in a statement released 05 January 2025. "Citizens are empowered with rights to demand data erasure, appoint digital nominees, and access user-friendly mechanisms to manage their data."
The rules,
From the boardroom to the cyber combat zone, the past 12 months will go down as a year that society came under attack from an unprecedented wave of digital threats. The new battlefield. Sophisticated ransomware, deepfake phishing scams and state-sponsored cyber-attacks highlighted just how pervasive the danger has become. At the same time, businesses and governments accelerated efforts to develop new defenses– actions which, while vital, sparked debates around privacy and the ethics of cyberse
