"It may lead to tragic consequences for police officers and undercover agents"
Another illustration of why you should never recycle credentials
Ransomware attacks are ongoing: a recap of major recent incidents, including this week's hit on The Guardian
What just happened? Despite IT security efforts worldwide, ransomware attacks show no sign of slowing down. Various organizations like technology manufacturers, the media, and governments have suffered major incidents this year. The latest and potentially last major attack in 2022 has struck the 201-year-old British newspaper.
Vanuatu's government won't say whether it was ransomware
This'll put a smile on your face: We love hearing stories of bad actors getting their comeuppance. This one is great, though, because not only did a bunch of hacker wannabes get served (literally), several of them infected themselves with malware due to misconfiguring their own equipment.
A hot potato: Meta employees and contractors have had access to an internal system for recovering user accounts for a while now. The deployment of this tool grew dramatically over the last few years, giving even more users permissions. Now, the company appears to be cracking down on access. One reason may be misuse within Facebook's own customer service.
But would it cause more problems than it fixes?
There are almost 1,000 password-based attacks every second
Researchers say WiFi chip manufactures need to come up with new WiFi protocol to mitigate the vulnerability
Why it matters: A resurgence in vulnerable CLDAP servers is making DDoS attacks more powerful and dangerous. Windows network administrators should adopt strict security practices or take the server off the internet if there is no practical need for using the CLDAP protocol.
PSA: Apple has averaged about one zero-day vulnerability per month since January. The latest came with iOS 16, which hackers may have actively exploited over the last month. Apple issued iOS and iPadOS versions 16.1 and 16 earlier this week. Users with compatible devices should update them immediately.
What just happened? Researchers with Guardio Security uncovered a "vast campaign" of malicious data-collecting browser extensions. The analysts dubbed it "Dormant Colors" because of the malware's focus on color and style themes — Action Colors, Power Colors, Super Colors, and so on. Dormant Colors consists of 30 different extensions that millions of users have downloaded.
It only takes a few minutes
All Windows versions will be better protected against recurring login attempts
Why it matters: Hackers have a new attack vector they have been toying with over the last couple of years — drone penetration kits. Drones have become much more capable in the last several years, making them a viable option for covertly placing intrusion equipment near a network. Once just a field of theoretical security research, now hacking drones are being found in the wild.
Names, email addresses, console IDs, and gamertags were all accessed
Joe Sullivan faces eight years behind bars
Two novel 0-day flaws are being targeted by Chinese hackers, Microsoft is working on a patch
You can't make this stuff up
The publication has shut down its website
Well, that was quick: London Police believe they have apprehended the GTA VI leaker. Law enforcement made the bust Thursday evening, just days after the FBI got involved. Officials have not released the name of the teenage suspect, nor have they announced the charges he faces. More details should surface in the coming days.
Did Bungie hack the hackers?
The leakers are gonna have a five-star wanted level of their own