Microsoft Still Uses RC4
September 16 2025Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft over its continued use of the RC4 encryption algorithm. The letter talks about a hacker technique called...
Read moreA new Australian law requires larger companies to declare any ransomware payments they have made.
Read moreCISA Under Trump
January 28 2025Jen Easterly is out as the Director of CISA. Read her final interview:
There’s a lot of unfinished business. We have made an impact through our ransomware vulnerability warning...
Read more
Criminal Complaint against LockBit Ransomware Writer
December 24 2024The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware.
Read moreWeird Zimbra Vulnerability
October 3 2024Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit reliably.
In an email sent Wednesday...
Read more
Security Researcher Sued for Disproving Government Statements
September 4 2024This story seems straightforward. A city is the victim of a ransomware attack. They repeatedly lie to the media about the severity of the breach. A security researcher repeatedly...
Read moreThe State of Ransomware
August 19 2024Palo Alto Networks published its semi-annual report on ransomware. From the Executive Summary:
Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We...
Read more
FBI Seizes BreachForums Website
May 17 2024The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data.
If law enforcement has gained access to the hacking forum’s backend data, as...
Read more
You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but.
Read moreRansomware Gang Files SEC Complaint
November 18 2023A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days.
This is over...
Read more
Recent Comments