French cybersecurity officials have identified today for the first time a ransomware “affiliate group” that is responsible for a long list of attacks against French companies over the past two years. Identified as Lockean, the group’s activities and modus operandi were detailed today in a comprehensive report published by France’s Computer Emergency Response Team (CERT-FR), a division of […]

The US government has sanctioned today four companies that develop and sell spyware and other hacking tools, the US Department of Commerce announced today. The four companies include Israel’s NSO Group and Candiru, Russian security firm Positive Technologies, and Singapore-based Computer Security Initiative Consultancy. US officials said the four companies engaged in “activities that are contrary to the national security […]

The US Cybersecurity and Infrastructure Security Agency has established today a public catalog of vulnerabilities known to be exploited in the wild and has issued a binding operational directive ordering US federal agencies to patch affected systems within specific timeframes and deadlines. The catalog —available online here— currently lists 306 vulnerabilities, with some as old as […]

Threat actors are exploiting a security flaw in GitLab self-hosted servers to assemble botnets and launch gigantic distributed denial of service (DDoS) attacks, with some in excess of 1 terabit per second (Tbps). The DDoS attacks, disclosed today by Damian Menscher, a Security Reliability Engineer at Google Cloud responsible for Google’s DDoS defenses, are exploiting CVE-2021-22205, […]