Cybersecurity

There's no official word on what the problem is, but Ingram Micro's website has been down since Thursday morning. They claim to be "currently experiencing technical difficulties..."

Are you thinking what I’m thinking? I really hope I'm wrong, but it's not at all unusual for a cyber attack to be timed to coincide with a long holiday weekend...

#cybersecurity #ransomware

#ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies

https://www.theregister.com/2025/07/03/ai_phishing_websites/

#phishing #AI #cybersecurity

"Billions of people worldwide use private messaging platforms like Signal, WhatsApp, and iMessage to communicate securely. This is possible thanks to end-to-end encryption (E2EE), which ensures that only the sender and the intended recipient(s) can view the contents of a message, with no access possible for any third party, not even the service provider itself. Despite the widespread adoption of E2EE apps, including by government officials, and the role of encryption in safeguarding human rights, encryption, which can be lifesaving, is under attack around the world. These attacks most often come in the form of client-side scanning (CSS), which is already being pushed in the EU, UK, U.S., and Australia.

CSS involves scanning the photos, videos, and messages on an individual’s device against a database of known objectionable material, before the content is then sent onwards via an encrypted messaging platform. Before an individual uploads a file to an encrypted messaging window, it would be converted into a digital fingerprint, or “hash,” and compared against a database of digital fingerprints of prohibited material. Such a database could be housed on a person’s device, or at the server level.

Proponents of CSS argue that it is a privacy-respecting method of checking content in the interests of online safety, but as we explain in this FAQ piece, CSS undermines the privacy and security enabled by E2EE platforms. It is at odds with the principles of necessity and proportionality, and its implementation would erode the trustworthiness of E2EE channels; the most crucial tool we have for communicating securely and privately in a digital ecosystem dominated by trigger-happy surveillance."

https://www.accessnow.org/why-client-side-scanning-is-lose-lose-proposition/

#CyberSecurity #Encryption #ClientSideScanning #E2EE #Privacy #DataProtection #Surveillance

Local Privilege Escalation via chroot option

https://www.sudo.ws/security/advisories/chroot_bug/

#sudo #cybersecurity #Linux #FOSS

Could the aviation industry be the next big target for hacking groups like Scattered Spider? And if so, why?

That was the question I got from Lauren Baulch and the team at ITV News yesterday. See what I had to say here: https://www.itv.com/news/2025-07-03/could-airlines-be-the-new-target-for-hacking-group-scattered-spider

#cybersecurity #ransomware

#Grafana releases critical security update for #ImageRenderer plugin

https://www.bleepingcomputer.com/news/security/grafana-releases-critical-security-update-for-image-renderer-plugin/

#cybersecurity

#LetsEncrypt rolls out free security certs for IP addresses

https://www.theregister.com/2025/07/03/lets_encrypt_rolls_out_free/

#cybersecurity

#IdeaLab confirms data stolen in #ransomware attack last year

https://www.bleepingcomputer.com/news/security/idealab-confirms-data-stolen-in-ransomware-attack-last-year/

#cybersecurity #privacy #DataBreach

#HuntersInternational #ransomware shuts down, releases free decryptors

https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-shuts-down-after-world-leaks-rebrand/

#cybercrime #cybersecurity

Hacker with ‘political agenda’ stole data from #Columbia, university says

https://therecord.media/hacker-political-agenda-columbia-cyberattack

#cybersecurity #DataBreach #privacy #politics

A Group of Young Cybercriminals Poses the ‘Most Imminent Threat’ of Cyberattacks Right Now

https://www.wired.com/story/scattered-spider-most-imminent-threat/

#ScatteredSpider #cybercrime #ransomware #cybersecurity

#NimDoor #crypto-theft #macOS #malware revives itself when killed

https://www.bleepingcomputer.com/news/security/nimdoor-crypto-theft-macos-malware-revives-itself-when-killed/

#cybersecurity

#Cisco warns that #UnifiedCM has hardcoded root #SSH credentials

https://www.bleepingcomputer.com/news/security/cisco-removes-unified-cm-callManager-backdoor-root-account/

#cybersecurity

#Citrix warns of login issues after #NetScaler auth bypass patch

https://www.bleepingcomputer.com/news/security/citrix-warns-of-login-issues-after-netscaler-auth-bypass-patch/

#cybersecurity

#Forminator plugin flaw exposes #WordPress sites to takeover attacks

https://www.bleepingcomputer.com/news/security/forminator-plugin-flaw-exposes-wordpress-sites-to-takeover-attacks/

#cybersecurity

#DataBreach reveals #Catwatchful ‘#stalkerware’ is spying on thousands of phones

https://techcrunch.com/2025/07/02/data-breach-reveals-catwatchful-stalkerware-spying-on-thousands-android-phones/

#spyware #cybersecurity #privacy

#Microsoft:# DNS issue blocks delivery of #Exchange Online #OTP codes

https://www.bleepingcomputer.com/news/microsoft/microsoft-links-dns-issue-to-exchange-online-otp-delivery-failures/

#cybersecurity #2FA

#Qantas hack results in theft of 6 million passengers’ personal data

https://techcrunch.com/2025/07/02/qantas-hack-results-in-theft-of-6-million-passengers-personal-data/

#Australia #travel #cybersecurity #privacy #DataBreach #airlines

#Ubuntu Disables #Spectre/#Meltdown Protections

https://www.schneier.com/blog/archives/2025/07/ubuntu-disables-spectre-meltdown-protections.html

#Linux #FOSS #cybersecurity

#Qantas discloses #cyberattack amid #ScatteredSpider #aviation breaches

https://www.bleepingcomputer.com/news/security/qantas-discloses-cyberattack-amid-scattered-spider-aviation-breaches/

#cybersecurity #travel

#ATT rolls out "Wireless Lock" feature to block #SIMswap attacks

https://www.bleepingcomputer.com/news/security/atandt-rolls-out-wireless-lock-feature-to-block-sim-swap-attacks/

#cybersecurity

#AezaGroup sanctioned for hosting #ransomware, #infostealer servers

https://www.bleepingcomputer.com/news/security/aeza-group-sanctioned-for-hosting-ransomware-infostealer-servers/

#Russia #malware #cybersecurity #politics

#Google fixes fourth actively exploited #Chrome zero-day of 2025

https://www.bleepingcomputer.com/news/security/google-fixes-fourth-actively-exploited-chrome-zero-day-of-2025/

#cybersecurity

Senator Chides #FBI for Weak Advice on Mobile Security

https://krebsonsecurity.com/2025/06/senator-chides-fbi-for-weak-advice-on-mobile-security/

#cybersecurity

#MicrosoftDefender for #Office365 now blocks #EmailBombing attacks

https://www.bleepingcomputer.com/news/security/microsoft-defender-for-office-365-now-blocks-email-bombing-attacks/

#cybersecurity #Defender #Microsoft