Hackers leak full EA data after failed extortion attempt

Hackers leak 751GB of compressed EA data containing FIFA 21 source code. Data dump comes from a hack that took place in June 2021. EA says no player data was included in the stolen data, confirmed by the data leaked this week.

The Record by Recorded Future

Pegasus spyware found on journalists' phones, French intelligence confirms

French intelligence investigators have confirmed that Pegasus spyware has been found on the phones of three journalists, including a senior member of staff at the country's international television station France 24. It is the first time an independent and official authority has corroborated the findings of an international investigation by the Pegasus project - a consortium of 17 media outlets, including the Guardian.

the Guardian

Popular technology that hospitals use to send lab samples is vulnerable, researchers found - CyberScoop

A key technology that hospitals use to deliver medications, blood and other vital lab samples is at significant risk of hacking, new findings suggest. Researchers from the security vendor Armis found nine critical vulnerabilities in the control panel that powers the Translogic pneumatic tube systems from logistics automation company Swisslog Healthcare.


How to go from stolen PC to network intrusion in 30 minutes

Let's say you're a large company that has just shipped an employee a brand-new replacement laptop. And let's say it comes preconfigured to use all the latest best security practices, including full-disk encryption using a trusted platform module, password-protected BIOS settings, UEFI SecureBoot, and virtually all other recommendations from the National Security Agency and NIST for locking down federal computer systems. And let's say an attacker manages to intercept the machine.

Ars Technica

NSA, CISA release Kubernetes Hardening Guidance

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, " Kubernetes Hardening Guidance," today. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk. Kubernetes is an open source system that automates the deployment, scaling, and management of applications run in containers.

National Security Agency Central Security Service

Microsoft at Black Hat 2021: Sessions, bug bounty updates, product news, and more | Microsoft Security Blog

Black Hat USA 2021 is about understanding the needs of security professionals and meeting you where you are. With last year's pandemic-related firefighting still fresh in our minds, this year's event will provide a welcome respite to learn about cutting-edge security solutions, build our skillsets, and network with peers.

Microsoft Security Blog

How American Law Lets Feds Spy On WhatsApp Without Needing To Say Why

Pen registers let governments keep tabs on when and with whom WhatsApp users are talking and which IP addresses they're using, and they don't have to give judges a full explanation as to why. The same goes for surveillance on any communications technologies, from Facebook to car Wi-Fi.


When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks | Microsoft Security Blog

LemonDuck is an actively updated and robust malware primarily known for its botnet and cryptocurrency mining objectives. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.

Microsoft Security Blog

The B Is for Business - Alyssa Miller - PSW #704 - Security Weekly

Alyssa will discuss the growing trend of organizations implementing Business Information Security Officers. We'll talk about how the BISO builds bridges between the security and business organizations that DevSecOps shared-responsibility culture. We'll dive into Alyssa's career progression and the lessons she learned along the way the prepared her for this high level leadership role.

Security Weekly

How to ensure your vendors are cybersecure to protect you from supply chain attacks

Right now supply-chain vendors are a prime target for cybercriminals. One expert offers ways to remove the bullseye from supply vendors. There aren't many sure things in life, and, sadly, one of them is how criminals-cyber or otherwise-always leverage the victim's weakest link to ensure their success.