Pulse of Truth

Check Point lifts lid on a quartet of Teams vulns that made it possible to fake the boss, forge messages, and quietly rewrite history Microsoft Teams, one of the world's most widely used collaboration tools, contained serious, now-patched vulnerabilities that could have let attackers impersonate executives, rewrite chat history, and fake notifications or calls – all without users suspecting a thing.…

France-based victims hit especially hard, while UK named most-targeted country generally Researchers are seeing a "dramatic" increase in cybercrime involving physical violence across Europe, with at least 18 cases reported since the start of the year.…

Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million). According to a statement released by Eurojust today, the action took place between October 27 and 29 across Cyprus, Spain, and Germany, with the suspects arrested on charges of involvement in

The Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people. [...]

Flock said around 3% of its law enforcement customers do not use multi-factor authentication, potentially leaving dozens of law enforcement agency accounts open to compromise and improper access.

55 cuffed last week after court ruled sting operation was legal Australian police last week made 55 arrests using evidence gathered with a backdoored messaging app that authorities distributed in the criminal community.…

I’ve identified RondoDox v2, a significant evolution of the RondoDox botnet first documented by FortiGuard Labs in September 2024. This new variant demonstrates a dramatic expansion in capabilities,

Cornell University’s academic paper repository will no longer accept Computer Science papers still under review.

Comments

The Balancer Protocol announced that hackers had targeted its v2 pools, with losses reportedly estimated to be more than $128 million. [...]

This is not what people mean when they say: 'You should get a side hustle' A ransomware negotiator and an incident response manager at two separate cybersecurity firms have been indicted for allegedly carrying out ransomware attacks of their own against multiple US companies.…

Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods. [...]

But question marks remain over the tech’s biases London's Metropolitan Police Service (MPS) says the hundreds of live facial recognition (LFR) deployments across the Capital last year led to 962 arrests, according to a new report on the controversial tech's use.…

Caller ID spoofing has become one of Europe’s most persistent enablers of cyber fraud. A new position paper from Europol warns that manipulated phone identities now drive much of the continent’s financial and social engineering crime, making it difficult for law enforcement to track perpetrators. The agency estimates global losses at around EUR 850 million a year, with phone and text-based fraud accounting for roughly two thirds of reported scam cases. A network flooded with … More → The post Europe’s phone networks are drowning in fake calls appeared first on Help Net Security.

AI, SaaS, and personal devices are changing how people get work done, but the tools that protect company systems have not kept up, according to 1Password. Tools like SSO, MDM, and IAM no longer align with how employees and AI agents access data. The result is what researchers call the “access-trust gap,” a growing distance between what organizations think they can control and how employees and AI systems access company data. The survey tracks four … More → The post Employees keep finding new ways around company access controls appeared first on Help Net Security.

Sensors reporting firewall logs detected a significant increase in scans for port 8530/TCP and 8531/TCP over the course of last week. Some of these reports originate from Shadowserver, and likely other researchers, but there are also some that do not correspond to known research-related IP addresses.

Comments

A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned.

Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of Donetsk, Ukraine, was previously referenced in U.S. federal charging documents only by his online handle "MrICQ." According to a 13-year-old indictment filed by prosecutors in Nebraska, MrICQ was a developer for a cybercrime group known as "Jabber Zeus."

When courts ban people from accessing leaked data – as happened after the airline’s data breach – only hackers and scammers winFollow our Australia news live blog for latest updatesGet our breaking news email, free app or daily news podcastIt’s become the playbook for big Australian companies that have customer data stolen in a cyber-attack: call in the lawyers and get a court to block anyone from accessing it.Qantas ran it after suffering a major cybersecurity attack that accessed the frequent flyer details of 5 million customers. Continue reading...

The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted supply-chain attack. [...]

Comments

Photos captured by Mobile Fortify will be stored for 15 years, regardless of immigration or citizenship status, the document says.

Comments

AI researchers at Andon Labs embedded various LLMs in a vacuum robot to test how ready they were to be embodied. And hilarity ensued.

The agreement aims to help law enforcement prosecute cross-border cybercrime, but the final treaty could allow unchecked surveillance and human-rights abuses, critics say; and, it includes no protection for pen testers.