Password vaults stolen from LastPass at the end of 2022 were cracked and used to steal cryptocurrency as recently as this year, with the stolen funds being laundered through Russia-based cryptocurrency exchanges

TRM Traces Stolen Crypto from 2022 LastPass Breach — On-chain Indicators Suggest Russian Cybercriminal Involvement | TRM Blog

TRM traced LastPass-linked Bitcoin laundering through mixers to high-risk Russian exchanges, showing how demixing exposes infrastructure reuse and ...

Christmas Eve miracle: Fortinet admits new exploitation of a 2020 bug https://www.fortinet.com/blog/psirt-blogs/product-security-advisory-and-analysis-observed-abuse-of-fg-ir-19-283

The IBM X-Force Exchange, the company's in-house vulnerability database that was founded even before the CVE program, appears to have been abandoned

Rest In Peace IBM X-Force Vulnerability Database – Rants of a deranged squirrel.

David Stern, the CISA official behind the agency's Pre-Ransomware Notification Initiative (PRNI), has quit the agency after he was forced to relocate to FEMA's Boston office by the new DHS leadership https://www.cybersecuritydive.com/news/cisa-ransomware-warning-program-key-employee-left/808589/

Intrinsec believes a threat actor known as Fly is likely the administrator of Russian Market, an underground portal for selling credentials stolen via infostealers

INTRINSEC

Mapping “Fly”, a threat actor with links to Russian Market’s infrastructure

Explorez les implications du groupe 'Fly' dans les forums cybercriminels et son association avec le marché russe.

The US DOJ has seized web3adspanels[.]org, a website that served as a backend database for collecting phished credentials. The site primarily stored banking logins collected through phishing pages promoted via malicious search ads

Justice Department Announces Seizure of Stolen-Password Database Used in Bank Account Takeover Fraud

The Justice Department today announced the seizure of a web domain and database used in furtherance of a scheme to target and defraud Americans thr...

The South Korean government is running a trial and has mandated that all individuals undergo a mandatory facial recognition scan before receiving a new mobile phone number

Korea begins trial of mandatory face recognition for new mobile numbers

Korea on Tuesday launched a trial period for a new policy requiring people to undergo real-time face recognition when registering a new mobile phon...

The White House has formally nominated Army Lt. Gen. Joshua Rudd as the next head of Cyber Command and the US National Security Agency. Gen. Rudd is currently serving as deputy chief of US Indo-Pacific Command

Nextgov.com

Trump formally taps Joshua Rudd to lead NSA, Cyber Command

The nomination marks a turning point for the electronic surveillance and hacking teams that have been without a permanent leader for eight months.