SecurityWeek

Kolade Akinwale Ojelade was sentenced to 26 years in prison in the US for compromising email accounts through phishing and stealing millions.

Google has showcased the capabilities of its Big Sleep LLM agent, which found a previously unknown exploitable memory safety issue in SQLite.

The FBI is asking for information on the Chinese threat actors targeting Sophos edge devices to compromise private and government entities.

The City of Columbus says the personal information of 500,000 people was stolen in a ransomware attack.

Siemens and Rockwell Automation are taking steps to improve cybersecurity in industrial organizations, but getting customers to install security systems and upgrade ICS can still be challenging. 

Barracuda has observed a large-scale OpenAI impersonation campaign whose goal is to phish for ChatGPT credentials.

Noma provides a platform to protect the data and lifecycle of emerging gen-AI applications, which introduces new threats not covered by existing security controls.

A stealthy network backdoor found on hacked Sophos XG firewall devices is programmed to work on a broader range of Linux-based devices.

GreyNoise Intelligence says an internal AI tool captured attempts to exploit critical vulnerabilities in commercial livestream IoT cameras.

Noteworthy stories that might have slipped under the radar: FBI conducted over 30 ransomware disruption operations this year, Windows Recall delayed until December, CrowdStrike responds to a Bloomberg article. 

The US and Israel have published an advisory describing the latest activities of Iranian cyber firm Emennet Pasargad, now called Aria Sepehr Ayandehsazan.

A former worker hacked servers at Walt Disney World in order to manipulate menus by changing prices, adding profanities and altering notifications.

LottieFiles has confirmed that Lottie-Player has been compromised in a supply chain attack whose goal is cryptocurrency theft.

Bugcrowd has secured $50 million in growth capital facility from Silicon Valley Bank for expansion and innovation.

British EDR vendor Sophos details a years-long “cat-and-mouse” tussle with sophisticated Chinese government-backed hackers.

Yahoo researchers found nearly a dozen vulnerabilities in OpenText’s NetIQ iManager and some could have been chained for unauthenticated RCE.

Sysdig researchers trace a bizarre S3 bucket misconfiguration to EmeraldWhale, exposing 1.5 terabytes of stolen credentials and script.

Mystic Valley Elder Services detected a security breach in April and now says files containing personal information may have been stolen.

CISOs must attempt to define a strategic approach to technology investment that will protect the business over the long term.

Willfully ignoring important security issues to make our lives easier is, unfortunately, something that does happen in the security field.