The Information Highway

Amazon has seized domains used by the Russian APT29 hacking group in targeted attacks against government and military organizations to steal Windows credentials and data using malicious Remote Desktop Protocol connection files.

The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875.

Henry Schein has finally disclosed a data breach following at least two back-to-back cyberattacks in 2023 by the BlackCat Ransomware gang, revealing that over 160,000 people had their personal information stolen.

Insurance administrative services company Landmark Admin warns that a data breach impacts over 800,000 people from a May cyberattack.

Microsoft has released the optional KB5044380 Preview cumulative update for Windows 11 23H2 and 22H2, which brings seventeen changes, including a new Gamepad keyboard and the ability to remap the Copilot keyboard key.

Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them.

Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached.

Nidec Corporation is informing that hackers behind a ransomware attack is suffered earlier this year stole data and leaked it on the dark web.

The latest generations of Intel processors, including Xeon chips, and AMD's older microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing 'Spectre' mitigations.

Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity.

Amazon has seen massive adoption of passkeys since the company quietly rolled them out a year ago, announcing today that over 175 million customers use the security feature.

The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys between different providers.

Google Play, the official store for Android, distributed over a period of one year more than 200 malicious applications, which cumulatively counted nearly eight million downloads.

Cisco has confirmed that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum.

Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security.

Casio now confirms it suffered a ransomware attack earlier this month, warning that the personal and confidential data of employees, job candidates, and some customers was also stolen.

Fidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August.

Payment platform MoneyGram says there is no evidence that ransomware is behind a recent cyberattack that led to a five-day outage in September. 

On Thursday, K-12 school district Highline Public Schools confirmed that a ransomware attack forced it to shut down all schools in early September. 

 Over the weekend, Google removed Kaspersky's Android security apps from the Google Play store and disabled the Russian company's developer accounts.