Russia’s FSB ‘shuts down’ notorious REvil ransomware gang

The Russian Federal Security Service (FSB) announced on Friday that it has raided and shut down the operations of the notorious REvil ransomware gang. The unprecedented move — which will undoubtedly send a message to other ransomware groups operating out of the country — saw the Russian authorities conduct raids at 25 addresses across the […]

Apple releases iOS 15.2.1 to patch iPhones and iPads against HomeKit flaw

Apple has fixed a security vulnerability in iOS and iPadOS that could be exploited via HomeKit to launch persistent denial of service (DoS) attacks. The technology giant released iOS 15.2.1 and iPadOS 15.2.1 on Wednesday to patch the so-called “doorLock” flaw, which was disclosed earlier this month by security researcher Trevor Spiniolas. The bug affects iPhones […]

Finalsite ransomware attack forces 5,000 school websites offline

Finalsite, an internet software house that provides school districts with website design, hosting, and content management solutions, has been hit by a ransomware attack. Earlier this week, school districts whose websites are hosted by Finalsite discovered that they were no longer accessible or displayed errors. While at the time Finalsite blamed the issues on “performance difficulties” […]

The year the tide turned on ransomware

This year was rife with ransomware. 2021 witnessed the attack on IT software company Kaseya that knocked 1,500 organizations offline, the CD Projekt Red hack that saw threat actors make off with source code for games including Cyberpunk 2077 and The Witcher 3, and several high-profile attacks targeting big-name tech companies, from Olympus to Fujitsu and […]

A Bluetooth bug in a popular at-home COVID-19 test could falsify results

A security researcher found a Bluetooth vulnerability in a popular at-home COVID-19 test allowing him to modify its results. F-Secure researcher Ken Gannon identified the since-fixed flaw in the Ellume COVID-19 Home Test, a self-administered antigen test that individuals can use to check to see if they have been infected with the virus. Rather than […]

ZeroFox goes public in $1.4B SPAC deal

ZeroFox, an enterprise threat intelligence cybersecurity startup that helps companies detect risks found on social media, has announced plans to become a publicly traded company via a merger with blank-check company L&F Acquisition. As part of the transaction, Maryland-based ZeroFox — which has raised more than $154 million in funding since it was founded in […]

Ad exchange OpenX slapped with FTC fine for collecting location data on children

OpenX, an advertising tech company, will pay $2 million to the U.S. Federal Trade Commission to settle allegations that the company violated federal children’s privacy law. In a complaint filed in the U.S. District Court for the Central District of California, the FTC alleges that OpenX violated the Children’s Online Privacy Protection Act (COPPA) by […]

Apple quietly pulls references to its CSAM detection tech after privacy fears

Apple has quietly removed all references to its child sexual abuse scanning feature from its website, months after announcing that the new technology would be baked into iOS 15 and macOS Monterey. Back in August, Apple announced that it would introduce the feature to allow the company to detect and report known child sexual abuse […]

Apple iCloud, Twitter and Minecraft vulnerable to ‘ubiquitous’ zero-day exploit

A number of popular services, including Apple iCloud, Twitter, Cloudflare, Minecraft and Steam, are reportedly vulnerable to a zero-day exploit affecting a popular Java logging library. The vulnerability, dubbed “Log4Shell” by researchers at LunaSec and credited to Chen Zhaojun of Alibaba, has been found in Apache Log4j, an open source logging utility that’s used in […]

Microsoft seizes control of websites used by China-backed hackers

Microsoft has seized control of a number of websites that were being used by a Chinese government-backed hacking group to target organizations in 29 countries, including the U.S. Microsoft’s Digital Crimes Unit (DCI) said on Monday that a federal court in Virginia had granted an order allowing the company to take control of the websites […]