This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.

This document is marked TLP:CLEAR--Recipients may share this information without restriction. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.cisa.gov/tlp.

The Rhysida ransomware group says it's behind the highly disruptive October cyberattack on the British Library, leaking a snippet of stolen data in the process.

A low-res image shared to its leak site appears to show a handful of passport scans, along with other documents, some of which display the format of HMRC employment documents.

The attack on a medical transcription company is one of the worst healthcare-related data breaches in recent years, according to U.S. Department of Health and Human Services records.

The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.

Pour certains, 60 % des PME victimes de cyberattaque déposent le bilan 18 mois après l’attaque. Pour d’autres, ça va plus vite : 6 mois. D’autres encore parlèrent un temps de 70 % sous 3 ans. Enquête sur des chiffres plus que douteux.

Des experts en sécurité informatique ont enquêté sur un piratage, jusqu'alors inconnu, du groupe «Sandworm» sur le réseau électrique ukrainien.

Message to current and former public service employees and members of the Canadian Armed Forces and Royal Canadian Mounted Police

details about DIAL protocol vulnerabilities . Contribute to yunuscadirci/DIALStranger development by creating an account on GitHub.

Rail firm TransPennine Express has since removed QR codes from all of its station car parks.

Ransomware’s business model is a big part of what’s made it such a potent threat for so many years. However, we dug into multi-point ransomware attacks from 2023, and found another factor in ransomware’s staying power: a seemingly endless supply of new cyber crime groups starting ransomware operations.

Over on SuspectFile, Marco A. De Felice reports that the NoEscape ransomware gang is threatening to release 1.5 TB of data from PruittHealth Network. De Felice...

Hackers breached Booking.com, one of the world’s largest online accommodation reservation sites, by posing as hotel staff to steal credit card information from travelers making bookings.

China's biggest lender, the Industrial and Commercial Bank of China, paid a ransom after it was hacked last week, a Lockbit ransomware gang representative said on Monday in a statement which Reuters was unable to independently verify.

Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company.

What defines success for ransomware actors during an attack? Breaching a victim’s network, exfiltrating valuable data, and encrypting systems are crucial components. However, the ultimate measurement of success is the actor’s ability to extort a ransom payment, which determines if they achieve their financial goals. Navigating the ransom negotiation phase, whether conducted by the victims themselves or designated recovery firms, demands a high level of expertise and a deep understanding of the attackers involved. This includes studying of the threat actor’s profile, tactics, and evolving strategies. In this complex landscape, there is no one-size-fits-all playbook for successfully managing the negotiation phase, as each ransomware group exhibits distinct behaviors and adopts new tactics shaped by many factors.

In modern web development, while cookies are the go-to method for transmitting session IDs, the .NET Framework also provides an alternative: encoding the session ID directly in the URL. This method is useful to clients that do not support cookies.

Redline Dropped Through MSIX Package, Author&colon

TAG’s discovery of a 0-day exploit used to steal email data from international government organizations.

The European telecom standards body behind a widely used radio encryption system will soon open-source its encryption protocols. The European Telecommunications

Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials.