If you don’t control your keys, you don’t control your data
A recent Forbes investigation revealed that Microsoft has allegedly been handing over Bitlocker encryption recovery keys to law enforcement when served with warrants. Microsoft says…
Category: Cyberscoop
Cybercriminals and nation-state groups are exploiting a six-month old WinRAR defect
Google Threat Intelligence Group warned that a diverse and growing collection of attackers, including nation-state groups and financially motivated cybercriminals, are exploiting a path-traversal vulnerability…
WhatsApp’s new ‘Strict Account Settings’ Adds Lockdown-Style Protection Against Spyware |CyberScoop
WhatsApp unveiled a lockdown-style feature on Tuesday similar to those offered by other tech providers aimed at blocking sophisticated cyberattacks, with spyware in mind. The…
LevelBlue acquires Fortra’s Alert Logic managed services to scale its MDR
LevelBlue, a Dallas-based managed security services provider, announced Tuesday that it is expanding its managed detection and response business through a strategic partnership with cybersecurity…
CISA publishes a post-quantum shopping list for agencies. Security professionals aren’t sold
The Cybersecurity and Infrastructure Security Agency is hoping to guide federal agencies through the murky process of updating their technology stack with quantum-resistant encryption. On…
Real-Time phishing kits target Okta, Microsoft, Google
Threat hunters and researchers are racing to contain a wave of voice-phishing attacks targeting single sign-on tools, already leading to data theft and extortion attempts.…
Trump administration rescinds Biden OMB secure software memo
The Trump administration is rescinding a Biden-era memo that was intended to help agencies buy secure software, with the current Office of Management and Budget…
Malicious ChatGPT Chrome extensions are stealing account credentials
ChatGPT users beware: your browser extensions could be used to steal your accounts and identity. LayerX Research has identified at least 16 Chrome browser extensions…
Industry, government, nonprofits weigh voluntary rules for commercial hacking tools
An international effort to create voluntary standards for the commercial cyber intrusion industry is wrestling with questions like who they should apply to, how to…
Leader of ransomware crew pleads guilty to four-year crime spree
A Russian national pleaded guilty to leading a ransomware conspiracy that targeted at least 50 victims during a four-year period ending in August 2022. Ianis…
Watchdog group sues for TSA data sharing agreement with ICE
A nonprofit is suing the federal government for records surrounding a data sharing agreement between the Transportation Security Administration and Immigrations and Customs Enforcement that…
Researchers find Jordan government used Cellebrite phone-cracking tech against activists
Jordanian authorities used Cellebrite phone-cracking technology to access the devices of domestic activists and human rights defenders and then extract information from them, according to…