Microsoft primes 71 fixes for May Patch Tuesday

Proposed order will prohibit GoDaddy from misleading customers about its security protections and require it to establish a robust information security program January 15, 2025 The Federal Trade Commission will require web hosting company GoDaddy to implement a robust information security program to settle charges that the company failed to secure its website-hosting services against…

Bill Toulas reports: Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its Financial Services systems and steal insurance claim documents. Scania told BleepingComputer that the attackers emailed several Scania employees, threatening to leak the data online unless their demands were met. … Late last week, threat…

Categories: Sophos Insights Tags: Sophos AI, Gen AI, Year in Review

There’s an update to breach previously reported here in 2023.  Brian Krebs reports: In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in…

Russian national pled guilty in federal court today to a charge connected to a ransomware conspiracy. Evgenii Ptitsyn, 43, administered the sale, distribution, and operation of Phobos ransomware. Phobos ransomware, through its affiliates, victimized more than 1,000 public and private entities in the United States and around the world, and extorted ransom payments worth more than……

Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to address gaps in existing approaches.  Applying this at scale by…