Cybersecurity

Mysterious hacking group #Careto was run by the Spanish government, sources say

https://techcrunch.com/2025/05/23/mysterious-hacking-group-careto-was-run-by-the-spanish-government-sources-say/

#Spain #cybersecurity

""This latest technology helps ensure that we know who is boarding flights," said TSA’s Federal Security Director for Pennsylvania and Delaware Gerardo Spero in a news release last month. "Credential authentication plays an important role in passenger identity verification. It improves a TSA officer’s ability to validate a traveler’s photo identification while also identifying any inconsistencies associated with fraudulent travel documents."

However, there are rising concerns around the safety of biometric information storage, stemming from the lack of transparency around the database where the information is being stored.

"It's not about the integrity of your face or driver's license, it's about the database where you have no control," said India McKinney, director of federal affairs at the Electronic Frontier Foundation. There's the risk of misidentification, security breaches, plus human or technological error. The screening process also varies at different airports and even terminals, putting the burden on the traveler."

https://eu.usatoday.com/story/travel/news/2025/05/20/tsa-facial-recognition-safety/83726603007/

#USA #Surveillance #Biometrics #FacialRecognition #TSA #AirsportScreening #CyberSecurity

#TikTok videos now push #infostealer #malware in #ClickFix attacks

https://www.bleepingcomputer.com/news/security/tiktok-videos-now-push-infostealer-malware-in-clickfix-attacks/

#cybersecurity

Police takes down 300 servers in #ransomware supply-chain crackdown

https://www.bleepingcomputer.com/news/security/police-takes-down-300-servers-in-ransomware-supply-chain-crackdown/

#cybersecurity #cybercrime #OperationEndgame

TikTok videos now push infostealer malware in ClickFix attacks

"One of the videos claiming to provide instructions on how to "boost your Spotify experience instantly," has reached almost 500,000 views, with over 20,000 likes and more than 100 comments."

OMG. These are such naive people. Over 20,000 likes for a malware video! Disheartening. And I feel sorry for the real experience they've boosted.

https://www.bleepingcomputer.com/news/security/tiktok-videos-now-push-infostealer-malware-in-clickfix-attacks/

#Malware #CyberSecurity #Tiktok

Oversharing on social media can not only be embarrassing but could also put your privacy at risk, damage your personal or professional reputation, or present a target to scammers who may use the information you shared to steal your identity. Read more at @ZDNet. #SocialMedia #Cybersecurity #DataPrivacy #OnlineSafety #Tech #Technology https://flip.it/26XlAA

Destructive #malware available in #NPM repo went unnoticed for 2 years

https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/

#cybersecurity

Hackers use fake #Ledger apps to steal #Mac users’ seed phrases

https://www.bleepingcomputer.com/news/security/hackers-use-fake-ledger-apps-to-steal-mac-users-seed-phrases/

#crypto #cybersecurity

Feds Charge 16 Russians Allegedly Tied to Botnets Used in #Ransomware, Cyberattacks, and Spying

https://www.wired.com/story/us-charges-16-russians-danabot-malware/

#cybersecurity #botnet #DanaBot #cybercrime

US indicts leader of #Qakbot #botnet linked to #ransomware attacks

https://www.bleepingcomputer.com/news/security/us-indicts-leader-of-qakbot-botnet-linked-to-ransomware-attacks/

#cybersecurity #cybercrime

#FTC finalizes order requiring #GoDaddy to secure #hosting services

https://www.bleepingcomputer.com/news/security/ftc-finalizes-order-requiring-godaddy-to-secure-hosting-services/

#cybersecurity #WebHosting

Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials

https://www.wired.com/story/mysterious-database-logins-governments-social-media/

#cybersecurity #privacy #DataBreach

Hacker Conference #HOPE Says U.S. #Immigration Crackdown Caused Massive Crash in Ticket Sales

https://www.404media.co/hacker-conference-hope-says-fewer-people-buying-tickets-because-u-s-immigration-crackdown/

#cybersecurity #hacking

Unpatched critical bugs in #VersaConcerto lead to auth bypass, RCE

https://www.bleepingcomputer.com/news/security/unpatched-critical-bugs-in-versa-concerto-lead-to-auth-bypass-rce/

#cybersecurity #Versa

Signal Messenger is warning the users of its Windows Desktop version that the privacy of their messages is under threat by Recall, the AI tool rolling out in Windows 11 that will screenshot, index, and store almost everything a user does every three seconds. Via @arstechnica@mastodon.social. #Signal #Cybersecurity #Windows #Recall #AI #Tech #Technology https://flip.it/bztLbn

"If you attempt to take a screenshot of Signal Desktop when screen security is enabled, nothing will appear. This limitation can be frustrating, but it might look familiar to you if you’ve ever had the audacity to try and take a screenshot of a movie or TV show on Windows. According to Microsoft’s official developer documentation, setting the correct Digital Rights Management (DRM) flag on the application window will ensure that “content won’t show up in Recall or any other screenshot application.” So that’s exactly what Signal Desktop is now doing on Windows 11 by default.

A stylized close-up crop of a movie screenplay that says "INT. COPILOT+ PC MANUFACTURING FACILITY - NIGHT - METALLIC SHELVES in endless rows stretch into the darkness. Two figures crouch in the shadows. ALICE: DRM technology has been consistently used against us. BOB: It won't be the first time we've turned the tables. ALICE: My life has always felt like a movie."

Apps like Signal have essentially no control over what content Recall is able to capture, and implementing “DRM” that works for you (not against you) is the best choice that we had. It’s like a scene in a movie where the villain has switched sides, and you can’t screenshot this one by default either."

https://signal.org/blog/signal-doesnt-recall/

#CyberSecurity #Privacy #DataProtection #Microsoft #Windows #WindowsRecall #Signal #Messaging

Russian hackers breach orgs to track #aid routes to #Ukraine

https://www.bleepingcomputer.com/news/security/russian-hackers-breach-orgs-to-track-aid-routes-to-ukraine/

#Russia #cybersecurity #politics

Happy Families: new certificates for faster and easier relay management

https://blog.torproject.org/happy-families/

#Tor #cybersecurity #anonymity #privacy #FOSS

Critical #Samlify #SSO flaw lets attackers log in as admin

https://www.bleepingcomputer.com/news/security/critical-samlify-sso-flaw-lets-attackers-log-in-as-admin/

#cybersecurity

Data-stealing #Chrome extensions impersonate #Fortinet, #YouTube, VPNs

https://www.bleepingcomputer.com/news/security/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/

#VPN #cybersecurity

#3AM #ransomware uses spoofed #IT calls, #email bombing to breach networks

https://www.bleepingcomputer.com/news/security/3am-ransomware-uses-spoofed-it-calls-email-bombing-to-breach-networks/

#cybersecurity #SocialEngineering

Trojanized #RVTools push #Bumblebee #malware in #SEO poisoning campaign

https://www.bleepingcomputer.com/news/security/trojanized-rvtools-push-bumblebee-malware-in-seo-poisoning-campaign/

#cybersecurity

#KetteringHealth hit by system-wide outage after #ransomware attack

https://www.bleepingcomputer.com/news/security/kettering-health-hit-by-system-wide-outage-after-ransomware-attack/

#healthcare #cybersecurity

"The Trump administration will not seek the removal of Israeli tech firm NSO Group from a Commerce Department trade blacklist that has significantly dented the company’s financial fortunes, U.S. officials said this week.

Nor is the White House planning to rescind a Biden-era executive order that effectively bars the company from selling its controversial Pegasus spyware to the U.S. government, said the officials, who like others spoke on the condition of anonymity to discuss a sensitive matter.

The administration’s plans are a rebuff to NSO Group, which is in Washington this week on a rehabilitation tour, in hopes of being removed from the Commerce Department’s Entity List, which bars it from receiving U.S. technology. The list is sort of a scarlet letter in the business world because of the reputational harm it confers. Since the 2021 listing, NSO Group has faced significant financial hardship.

The statements to The Washington Post come amid speculation that the Trump administration might rescind or modify the executive order. President Donald Trump has revoked dozens of President Joe Biden’s orders and has others under review."

https://www.washingtonpost.com/national-security/2025/05/20/nso-group-pegasus-trump-eo/
#CyberSecurity #NSOGroup #NSO #Pegasus #Spyware #Surveillance #USA #Trump

Marks & Spencer faces $402 million profit hit after #cyberattack

https://www.bleepingcomputer.com/news/security/marks-and-spencer-faces-402-million-profit-hit-after-cyberattack/

#MarksAndSpencer #UK #retail #cybersecurity #DataBreach #privacy