Why #Take9 Won’t Improve #Cybersecurity

https://www.schneier.com/blog/archives/2025/05/why-take9-wont-improve-cybersecurity.html

Australia - the first country in the world to make it mandatory for organisations to declare to the government if a ransomware payment is made on their behalf to cyber extortionists

Reports will have to be made to the ASD within 72 hours

What do you think? Good idea? Would you like a similar mandatory approach in your country?

More details on which businesses the law applies to, and penalties, can be found at https://therecord.media/australia-ransomware-victims-must-report-payments

#cybersecurity #ransomware

#ConnectWise breached in cyberattack linked to nation-state hackers

https://www.bleepingcomputer.com/news/security/connectwise-breached-in-cyberattack-linked-to-nation-state-hackers/

#cybersecurity #privacy #DataBrach

Damascened Peacock: Russian hackers targeted UK Ministry of Defence by posing as journalists.

Read more in my article on the Bitdefender blog: https://www.bitdefender.com/en-us/blog/hotforsecurity/damascened-peacock-russian-hackers-targeted-uk-ministry-of-defence

#cybersecurity #malware

Threat actors abuse #GoogleAppsScript in evasive #phishing attacks

https://www.bleepingcomputer.com/news/security/threat-actors-abuse-google-apps-script-in-evasive-phishing-attacks/

#Google #cybersecurity #cybercrime

Japanese online brokerage accounts are being taken over by hackers who use the portfolios to buy shares of companies in which they are invested. https://www.japantimes.co.jp/business/2025/05/30/trading-account-hijacking/?utm_medium=Social&utm_source=mastodon #business #cybersecurity #brokerages #hacking

#Apple #Safari exposes users to fullscreen browser-in-the-middle attacks

https://www.bleepingcomputer.com/news/security/apple-safari-exposes-users-to-fullscreen-browser-in-the-middle-attacks/

#cybersecurity

US sanctions firm linked to cyber #scams behind $200 million in losses

https://www.bleepingcomputer.com/news/security/us-sanctions-company-linked-to-hundreds-of-thousands-of-cyber-scam-sites/

#cybersecurity #politics

Cybercriminals exploit #AI hype to spread #ransomware, #malware

https://www.bleepingcomputer.com/news/security/cybercriminals-exploit-ai-hype-to-spread-ransomware-malware/

#cybersecurity

"We don’t just want payment; we want accountability." The malicious hackers behind the Interlock ransomware try to justify their attacks.

Learn more about what you need to know about Interlock in my article on the Tripwire blog.

https://www.tripwire.com/state-of-security/interlock-ransomware-what-you-need-know

#cybersecurity #ransomware #clickfix

#X hits pause on its encrypted DMs feature

https://techcrunch.com/2025/05/29/x-hits-pause-on-its-encrypted-dms-feature/

#cybersecurity #Twitter

#Microsoft is opening #WindowsUpdate to third-party apps

https://www.theregister.com/2025/05/28/microsoft_update_backup/

#cybersecurity #Windows

#VictoriasSecret hit by outages as it battles security incident

https://techcrunch.com/2025/05/28/victorias-secret-hit-by-outages-as-it-battles-security-incident/

#cybersecurity

New #PumaBot #botnet brute forces #SSH credentials to breach devices

https://www.bleepingcomputer.com/news/security/new-pumabot-botnet-brute-forces-ssh-credentials-to-breach-devices/

#cybersecurity

#Pakistan Arrests 21 in ‘#Heartsender’ #Malware Service

https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/

#cybercrime #cybersecurity

#Interlock #ransomware gang deploys new #NodeSnake #RAT on universities

https://www.bleepingcomputer.com/news/security/interlock-ransomware-gang-deploys-new-nodesnake-rat-on-universities/

#cybersecurity #education

#Botnet hacks 9,000+ #ASUS routers to add persistent #SSH #backdoor

https://www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/

#cybersecurity

#Cyberattack Surge Creates Opportunity for Insurers, Prompts Rethink on Premiums

https://www.bloomberg.com/news/articles/2025-05-28/cyberattack-surge-creates-opportunity-for-insurers-prompts-rethink-on-premiums

#cybersecurity

#DragonForce #ransomware abuses #SimpleHelp in #MSP #SupplyChain attack

https://www.bleepingcomputer.com/news/security/dragonforce-ransomware-abuses-simplehelp-in-msp-supply-chain-attack/

#cybersecurity #cybercrime

1. Hacker News, a #CyberSecurity newsletter, is sent from a domain where DMARC policy is p=none, which tells email providers, like gmail, to deliver all email that is screaming, "I am a Hacker News spoof email sent by a POS scammer" to the intended recipient anyway. p=none means take no action, even if you know it's a scam. Spam folder optional. Email services and clients will oblige. WTF Hacker News?

2. Hacker News is also using an insecure signature algorithm for signing their newsletter.

3. An extremely well-known Cybersecurity expert is sending the newsletter from a domain that has no DMARC record at all, so all spoof emails claiming to be from them will be delivered. And likely this is being constantly exploited. A DMARC policy of p="reject" would have those spoof emails trashed and not delivered. But no DMARC policy means "whatever, and I don't want to know". So, spoof emails go through unstopped and no reports of abuse are being sent to this person either. And it's their job to tell us how to stay secure and not be fooled by spoof emails. WTF?

Sometimes I don't understand how things work in the world.

#HackerNews #spoofing #EmailSecurity

Iranian pleads guilty to #RobbinHood #ransomware attacks, faces 30 years

https://www.bleepingcomputer.com/news/security/iranian-pleads-guilty-to-robbinhood-ransomware-attacks-faces-30-years/

#Iran #cybersecurity #cybercrime

#CISA loses nearly all top officials as purge continues

https://www.cybersecuritydive.com/news/cisa-senior-official-departures/748992/

#cybersecurity #politics

#MATLAB dev confirms #ransomware attack behind service outage

https://www.bleepingcomputer.com/news/security/mathworks-blames-ransomware-attack-for-ongoing-outages/

#MathWorks #cybersecurity

Russian #LaundryBear cyberspies linked to #Dutch Police hack

https://www.bleepingcomputer.com/news/security/russian-void-blizzard-cyberspies-linked-to-dutch-police-breach/

#cybersecurity #Russia #politics #Netherlands #VoidBlizzard

How a #Spyware App Compromised #Assad’s Army

https://newlinesmag.com/reportage/how-a-spyware-app-compromised-assads-army/

#Syria #cybersecurity #politics