More UK councils caught by Capita’s open AWS bucket blunder

The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an unsecured AWS bucket, and, separately, pension clients warning of possible data theft in March’s mega Read More …

Cyber Signals: Shifting tactics fuel surge in business email compromise

Today Microsoft released the fourth edition of Cyber Signals highlighting a surge in cybercriminal activity around business email compromise (BEC). Microsoft has observed a 38 percent increase in cybercrime as a service (CaaS) targeting business email between 2019 and 2022. Read More …

Apple warns of three WebKit vulns under active exploitation, dozens more CVEs across its range

Apple has issued a bushel of security updates and warned that three of the flaws it’s fixed are under active attack. The three are CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, all of which impact the WebKit browser engine that Apple champions and Read More …

Man jailed for running multimillion-pound criminal website iSpoof

The man responsible for running a multimillion-pound fraud website, used by scammers to trick people into handing over their bank details, has been jailed. Tejay Fletcher, 35, pleaded guilty to running iSpoof, a website that allowed criminals and fraudsters to Read More …

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems (ICS) advisories on May 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-138-01 Carlo Gavazzi Powersoft ICSA-23-138-02 Mitsubishi Electric MELSEC WS ICSA-23-138-03 Hitachi Energy MicroSCADA Pro/X Read More …

The distinctive rattle of APT SideWinder

In February 2023, Group-IB’s Threat Intelligence team released a technical report about previously unknown phishing attacks conducted by the APT group SideWinder: Old Snake, New Skin: Analysis of SideWinder APT activity between June and November 2021. As always, Group-IB customers Read More …

CISA and Partners Release BianLian Ransomware Cybersecurity Advisory

CISA, the Federal Bureau of Investigation (FBI), and the Australian Cyber Security Centre (ACSC) have released a joint Cybersecurity Advisory (CSA) with known BianLian ransomware and data extortion group technical details. Microsoft and Sophos contributed to the advisory. To reduce Read More …