Security News

A 32-year-old Ukrainian man who stole millions of credit card details using SQL Injection and then sold them on the Internet has been sentenced in the United States to 69 months in prison, the same amount of time he has already served. He must also pay one affected victim $1.8 million in compensation. According to […]

The Irish privacy regulator DPC imposed a fine of 251 million euros on Meta due to a major data breach with Facebook in 2018. By abusing user tokens, unauthorized third parties managed to obtain data from 29 million users, including three million European users. This included full name, email address, telephone number, location, work location,

Federal US government agencies have been given six months to secure their Microsoft 365 environments according to specific guidelines, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has announced. CISA has the option to oblige federal government agencies to take certain actions via a “Binding Operational Directive” in order to protect

Attackers are actively exploiting a critical vulnerability in Apache Struts 2, the Internet Storm Center (ISC) reports. The vulnerability (CVE-2024-53677) allows remote code execution. Struts is a very popular open source framework for developing Java web applications and websites. The vulnerability allows a remote attacker to modify file upload parameters, allowing path traversal and in

CrowdStrike has asked a US judge to drop the lawsuit filed by Delta Air Lines. The cybersecurity company points to the contract conditions. Delta Air Lines has sued CrowdStrike over the major outage caused by an update from the company earlier this year. The American airline claims that the disruption caused damage of more than

Interpol wants an end to the use of the term ‘Pig Butchering’ because it is said to be offensive to victims. Last month, the Dutch Banking Association (NVB) warned about pig butchering, which is a combination of dating fraud and investment fraud. Scammers first build a relationship of trust with victims and then entice them

Privacy organization noyb has filed a complaint about Ryanair with the Italian privacy regulator because of the facial scan that new customers must undergo. All customers who want to book a flight via the Ryanair website or app must create an account. This is a permanent account, says noyb. “This often involves combining and retaining

The Japanese crypto exchange DMM was robbed of $308 million in bitcoin earlier this year via a rogue recruiter on LinkedIn, the FBI and Japanese police report (pdf). An employee of Ginco, the company to which crypto exchange DMM had entrusted the wallet management system, was approached via LinkedIn by someone posing as a recruiter.

The American cyber agency CISA today advised to only communicate end-to-end encrypted, as well as to stop using SMS-based multi-factor authentication (MFA) and personal VPN services. The advice is contained in a document on best practices for mobile communications and is suitable for everyone, but especially for ‘highly targeted’ individuals, according to the description (pdf).

The US government’s proposals to break Google’s search monopoly will affect Firefox and other smaller, independent browsers, and will only strengthen the position of a handful of strong players, Mozilla said. The US Department of Justice recently asked a federal court to take several measures to break Google’s monopoly on the search engine market. For