Safety Detectives Cyber News

A new ransomware campaign is targeting Amazon Web Services (AWS) S3 buckets, encrypting data in a way that makes recovery impossible without paying the ransom. Dubbed “Codefinger,” the attack leverages AWS’s own Server-Side Encryption with Customer-Provided Keys (SSE-C) to lock sensitive files. Security researchers have confirmed that the attack isn’t due to an AWS vulnerability.

President Joe Biden issued an executive order aimed at bolstering cybersecurity across federal agencies and their contractors, marking one of his last major policy actions before leaving office. This move follows a series of high-profile cyber attacks, often linked to China, that have revealed critical vulnerabilities in government systems and private-sector networks. Over the last

New York is freezing more than $2.2 million in cryptocurrency that was stolen as the result of a remote job scam. It is an unprecedented move spearheaded by New York Attorney General Letitia James, who filed a lawsuit to seize and redistribute the stolen funds back to scam victims around New York. The scammers sent

A European hotel chain faced a severe data breach that leaked the personal data of millions of customers. The personal records of more than 25 million hotel customers were found. While it’s impossible to tell exactly which hotel this was, the stolen info indiciates that it was stolen from the French hospitality firm, Honotel Group.

The Supreme Court dealt a major setback to TikTok on Friday, upholding a law requiring China-based owner ByteDance to sell the platform by Sunday or face a potential ban in the US. The unsigned decision, with no dissents, rejected TikTok’s claim that the law violates free speech rights. The law, passed over concerns about national

The European non-profit, noyb, filed six complaints against a range of Chinese companies, accusing them of misusing customer data. These companies, TikTok, Temu, SHEIN, Aliexpress, WeChat, and Xiaomi are being accused of transfering user data back to China or other countries, which is strictly prohibited by GDPR law outside of specific circumstances. Four of these

The UK government is considering a total ban on ransomware payments across the public sector as part of a new consultation to tackle the growing trend of hackers motivated by financial gain. The consultation will explore expanding the current ransom payment ban from central government departments to include all public services, such as hospitals, schools, local

The Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that it has identified a serious security flaw, known as a command injection vulnerability, in BeyondTrust’s Remote Support and Privileged Access products. This type of vulnerability can allow hackers to execute unauthorized commands on a system, potentially giving them control. CISA has added this issue

A sophisticated investment scam, dubbed the “Elon Musk Golden Badges” scheme, is preying on individuals with false promises of astronomical returns and fake endorsements from high-profile figures. Victims are lured into purchasing “golden badges,” marketed as rare collectible coins, claiming that an initial $290 investment could yield $2 million. Fraudsters falsely attribute endorsements to Tesla

The US government is introducing a new program to label internet-connected devices like baby monitors, fitness trackers, and security cameras that meet a basic cybersecurity standard. Known as the US Cyber Trust Mark, the initiative aims to help consumers identify safer products and encourage manufacturers to prioritize security. Anne Neuberger, U.S. Deputy National Security Advisor