lemmydev2

Feds warn gang still rampant and now cracked 300+ victims around the world A crook who distributes the Medusa ransomware tried to make a victim cough up three payments instead of the usual two, according to a government advisory on how to defend against the malware and the gangs who wield it.…

EFF is deeply saddened to learn of the passing of Mark Klein, a bona fide hero who risked civil liability and criminal prosecution to help expose a massive spying program that violated the rights of millions of Americans. Mark didn’t set out to change the world. For 22 years, he was a telecommunications technician for AT&T, most of that in San Francisco. But he always had a strong sense of right and wrong and a commitment to privacy. Mark not only saw how it works, he had the documents to prove it. When the New York Times reported in late 2005 that the NSA was engaging in spying inside the U.S., Mark realized that he had witnessed how it was happening. He also realized that the President was not telling Americans the truth about the program. And, though newly retired, he knew that he had to do something. He showed up at EFF’s front door in early 2006 with a simple question: “Do you folks care about privacy?”  We did. And what Mark told us changed everything. Through his work, Mark had learned that the National Security Agency (NSA) had installed a secret, secure room at AT&T’s central office in San Francisco, called Room 641A. Mark was assigned to connect circuits carrying Internet data to optical “splitters” that sat just outside of the secret NSA room but were hardwired into it. Those splitters—as well as similar ones in cities around the U.S.—made a copy of all data going through those circuits and delivered it into the secret room.

Mark[...]

Benoit Berthelot / Bloomberg: French publishers and authors sue Meta for allegedly training AI models on their books without consent, say they have evidence of “massive” copyright breaches  —  SNE, the trade association representing major French publishers including Hachette and Editis, along …

As a step towards a useful and ultra-secure quantum internet, researchers have created an operating system that coordinates connected quantum computers, no matter what hardware they use

A company founded by the Saudi Arabian Public Investment Fund just bought the most popular AR video game of all time.

Meanwhile, employees tend to be overconfident in their ability to detect scams.

Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild. Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. These enhanced features help this malware family steal and exfiltrate files and system and user information, such as digital wallet data and notes, among others. The post New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects appeared first on Microsoft Security Blog.

Non-password-protected, unencrypted 108GB database … what could possibly go wrong Exclusive  More than 86,000 records containing nurses' medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open misconfigured AWS S3 bucket for months — or possibly even longer — before it was closed it last week.…

Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks. [...]

Experts say that the way you handle things after the criminals break in can make things better or much, much worse Feature  Experiencing a ransomware infection or other security breach ranks among the worst days of anyone's life — but it can still get worse.…

Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it.…

CISOs face mounting pressure to spend wisely on security. Yet, many organizations remain vulnerable due to misplaced priorities and inefficient budgeting. This article explores common pitfalls and offers strategies to strengthen cybersecurity. Recent data highlights a paradox: while cybersecurity budgets rise, security incidents continue unabated. A survey by the Ponemon Institute revealed a 59% increase in cyber budgets year-over-year, yet 61% of organizations experienced a data breach or cybersecurity incident in the past two years. … More → The post Smart cybersecurity spending and how CISOs can invest where it matters appeared first on Help Net Security.