You are browsing archives for
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to write transaction logs — that […]
Today’s guest post is from Kate Murray, Genevieve Havemeyer-King, Marcus Nappier, Liz Caringola and Liz Holdzkom of the Digital Collections Management & Services Division at the Library of Congress. This year we added two new staff to the Formats team, who have been assisting with format research, FDD updates, and other maintenance activities throughout the year. Welcome […]
In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “Wazawaka,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government […]
Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as .shop, .top, .xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees […]
In this week’s Princh Library Blog, recurring guest writer Nina Grant brings us a collection of peculiar, if unusual, libraries. Enjoy! To quote the wisdom of Albert Einstein: “The only thing you absolutely have to know is the location of the library”. Indeed, as libraries provide free access to history and information through books, they’re […]
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this person’s identity may not remain a secret for long: […]
In 2018, the Library launched the very popular Free To Use and Reuse Sets, where staff curate thematic sets of items from our digital collections that are either in the public domain, have no known copyright restrictions or have been cleared by the copyright owner for public use. The public is not only free to […]
Over on Maps Mania, Keir posted a couple of quick maps he built leveraging Bluesky’s firehose jetstream, including US State Social, which: scans Bluesky posts for mentions of the 50 US states. When it detects a mention, it adds a marker to the map and displays the associated message in the map’s sidebar. Once the […]
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio. A visual depiction of the attacks by the SMS phishing group known […]
Today’s blog post is an interview with Tori Culler of the Digital Services Directorate here at the Library of Congress. You can read other interviews with digital collections staff here. Carlyn: Hi Tori, could you tell us a bit about what you do in the Digital Services Directorate? How would you explain your job to […]
In this week’s Princh Library Blog post, recurring guest writer Sam L. Bowman covers how your library can improve the user experience on its webpage. From optimization basics to specific accessibility guidelines, Sam provides plenty of examples and useful tips. Enjoy! Libraries are making a comeback in the post-pandemic world. More people are using libraries […]
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen […]
Catalog records are key to storing and finding digital library materials. As the volume of digital materials continues to grow rapidly, the Library of Congress is exploring whether AI can help catalogers by automating the generation of metadata. AI could provide an opportunity to speed up description workflows. Yet there are numerous machine learning (ML) […]
In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he […]
Today’s guest post is from Kate Murray of the Digital Collections Management & Services Division and co-leader of the FADGI Audiovisual Working Group. The Federal Agencies Digital Guidelines Initiative (FADGI) Audiovisual Working Group has released a revised version of its popular resource, Significant Properties for Digital Video. FADGI’s Significant Properties for Digital Video (2024). Initially […]
Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today. The zero-day flaw tracked as CVE-2024-49039 is […]
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies. In an alert (PDF) published this week, the FBI […]
In this week’s Princh Library Blog, recurring guest writer Nina Grant discusses a basic, but nevertheless crucial digital security principle: secure password practices for libraries. Enjoy! In libraries, it’s essential to keep digital systems secure, which is why many have set up rules for changing passwords regularly—usually every three to six months—to protect their valuable […]
A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. Image: https://www.pomerium.com/blog/the-real-lessons-from-the-snowflake-breach On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first […]
A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the […]
