BlackCat ransomware crims threaten to directly extort victim's customers
Accounting software firm Tipalti says it’s investigating alleged break-in of its systems
Cyber-crime05 Dec 2023 | 1
Connor is a cybersecurity journalist for The Register, reporting on what you need to know to keep your systems secure. Based in the UK, he has previously held positions ranging from news editor to staff writer.
Exposed Hugging Face API tokens offered full access to Meta's Llama 2
Updated With more than 1,500 tokens exposed, research highlights importance of securing supply chains in AI and ML
Research04 Dec 2023 | 6
UEFI flaws allow bootkits to pwn potentially hundreds of devices using images
Exploits bypass most secure boot solutions from the biggest chip vendors
Research01 Dec 2023 | 30
US readies prison cell for another Russian Trickbot developer
Hunt continues for the other elusive high-ranking members
Cyber-crime01 Dec 2023 | 3
Admin of $19M marketplace that sold social security numbers gets 8 years in jail
24 million Americans thought to have had their personal data stolen and sold for pennies
Cyber-crime30 Nov 2023 | 12
Black Basta ransomware operation nets over $100M from victims in less than two years
Assumed Conti offshoot averages 7 figures for each successful attack but may have issues with, er, 'closing deals'
Cyber-crime30 Nov 2023 | 3
Okta data breach dilemma dwarfs earlier estimates
All customer support users told their info was accessed after analysis oversight
Security29 Nov 2023 | 14
British Library begins contacting customers as Rhysida leaks data dump
CRM databases were accessed and library users are advised to change passwords
Cyber-crime29 Nov 2023 | 5
UK government rings the death knell for SIM farms
Acts under the guise of protecting the public from fraud, yet history suggests Home Office has other motives
Security29 Nov 2023 | 77
Brit borough council apologizes for telling website users to disable HTTPS
Planning portal back online with a more secure connection
Security29 Nov 2023 | 53
Europol shutters ransomware operation with kingpin arrests
A few low-level stragglers remain on the loose, but biggest fish have been hooked
Cyber-crime28 Nov 2023 | 4
Trio of major holes in ownCloud expose admin passwords, allow unauthenticated file mods
Mitigations require mix of updating libraries and manual customer action
Patches27 Nov 2023 | 8
UK and US lead international efforts to raise AI security standards
17 countries agree to adopt vision for artificial intelligence security as fears mount over pace of development
AI + ML27 Nov 2023 | 14
Leader of pro-Russia DDoS crew Killnet 'unmasked' by Russian state media
Infosec in Brief Also: NXP China attack, Australia can't deliver on ransom payment ban (yet), and Justin Sun's very bad month
Security27 Nov 2023 | 11
OpenCart owner turns air blue after researcher discloses serious vuln
Web storefront maker fixed the flaw, but not before blasting infoseccer
Patches24 Nov 2023 | 48
BlackCat claims it is behind Fidelity National Financial ransomware shakedown
One of US's largest underwriters forced to shut down a number of key systems
Cyber-crime23 Nov 2023 | 1
Industry piles in on North Korea for sustained rampage on software supply chains
Kim’s cyber cronies becoming more active, sophisticated in attempts to pwn global orgs
Security23 Nov 2023 | 18
Attack on direct debit provider London & Zurich leaves customers with 6-figure backlogs
Customers complain of poor comms during huge outage that’s sparked payroll fears
Cyber-crime23 Nov 2023 | 15
Cisco whips up modded switch to secure Ukraine grid against Russian cyberattacks
GPS-jamming tactics were doing much more than simply scrambling missile guidance systems
Networks22 Nov 2023 | 13
US cybercops take on 'pig butchering' org, return $9M in scammed crypto
Crims drain wallets of marks after letting them in on 'awesome crypto scheme secret'
Security22 Nov 2023 |
Sumo Logic wrestles with security breach, pins down customer data
Compromised AWS account led to fears that user info could have been exposed to cybercriminals
Cyber-crime21 Nov 2023 |
Third-party data breach affecting Canadian government could involve data from 1999
Any govt staffers who used relocation services over past 24 years could be at risk
Cyber-crime21 Nov 2023 | 5
Former infosec COO pleads guilty to attacking hospitals to drum up business
Admits to taking phones used for 'code blue' emergencies offline and more
Cyber-crime20 Nov 2023 | 13
Rhysida ransomware gang: We attacked the British Library
Crims post passport scans and internal forms up for 'auction' to prove it
Cyber-crime20 Nov 2023 | 29
LockBit redraws negotiation tactics after affiliates fail to squeeze victims
Cybercrime group worried over dwindling payments ... didn't they tell them to Always Be Closing?
Cyber-crime17 Nov 2023 | 32
SonicWall swallows Solutions Granted amid cybersecurity demand surge
CEO Bob VanKirk makes near-20-year partnership official, teases big things coming to EMEA
CSO17 Nov 2023 | 1
Watchdog bites back against blockage of $9M fine on US selfie-scraper Clearview AI
Updated Britain's ICO claims tribunal misinterpreted law, wants case revisited
Personal Tech17 Nov 2023 | 11
BlackCat plays with malvertising traps to lure corporate victims
Updated Ads for Slack and Cisco AnyConnect actually downloaded Nitrogen malware
Research16 Nov 2023 | 1
Royal Mail’s recovery from ransomware attack will cost business at least $12M
First time hard figure given on recovery costs for January incident
Cyber-crime16 Nov 2023 | 6
Google Workspace weaknesses allow plaintext password theft
Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here
Research15 Nov 2023 | 2
Ransomware more efficient than ever, and baddies are still after your logs
Trying times for incident responders who battle fastest-ever ransomware blitz as attackers keep scrubbing evidence clean
Research15 Nov 2023 | 3
Ransomware royale: US confirms Royal, BlackSuit are linked
Royal alone scored $275M in past year as FBI, other agencies hot on merging trail
Cyber-crime14 Nov 2023 | 1
Novel backdoor persists even after critical Confluence vulnerability is patched
Got a Confluence server? Listen up. Malware said to have wide-ranging capabilities
Cyber-crime14 Nov 2023 | 1
NCSC says cyber-readiness of UK’s critical infrastructure isn’t up to scratch
And the world's getting more and more dangerous
CSO14 Nov 2023 | 16
Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks
Zyxel zero days and nation-state actors (maybe) had a hand in the sector’s worst cybersecurity event on record
Cyber-crime13 Nov 2023 | 38
Poloniex crypto-exchange offers 5% cut to thieves if they return that $120M they nicked
White hat bounty looks more like a beg bounty
Cyber-crime10 Nov 2023 | 18
Strangely enough, no one wants to buy a ransomware group that has cops' attention
Ransomed.vc shuts after 20% discount fails to entice bids
Cyber-crime10 Nov 2023 | 5
SolarWinds says SEC sucks: Watchdog 'lacks competence' to regulate cybersecurity
IT software slinger publishes fierce response to lawsuit brought last month
Cyber-crime09 Nov 2023 | 17
MOVEit cybercriminals unearth fresh zero-day to exploit on-prem SysAid hosts
Second novel zero-day exploited by Lace Tempest this year offers notable demonstration of skill, especially for a ransomware affiliate
Cyber-crime09 Nov 2023 |
Atlassian cranks up the threat meter to max for Confluence authorization flaw
Attackers secure admin rights after vendor said they could only steal data
Cyber-crime08 Nov 2023 | 10
Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach
It's the latest in a string of unusual wallet-draining attacks that began in April
Cyber-crime08 Nov 2023 | 14
Microsoft likens MFA to 1960s seatbelts, buckles admins in yet keeps eject button
Admins have 90 days to opt out before MFA is deployed automatically
Security07 Nov 2023 | 29
Fresh find shines new light on North Korea’s latest macOS malware
Months of work reveals how this tricky malware family targets... the financial services sector
Research07 Nov 2023 | 4
US slaps sanctions on accused fave go-to money launderer of Russia's rich
And that includes ransomware crims, claims US of alleged sanctions-buster
Cyber-crime06 Nov 2023 | 9
Home of the world's longest pleasure pier joins public sector leak club
Southend-on-Sea Council unwittingly exposed sensitive records of more than 2,000 staff for five months
Public Sector06 Nov 2023 | 26
Ex-GCHQ software dev jailed for stabbing NSA staffer
Terrorist ideology suspected to be motivation
Security03 Nov 2023 | 43
Microsoft pins hopes on AI once again – this time to patch up Swiss cheese security
Secure Future Initiative needed in wake of tech evolution and unrelenting ransomware criminality
Security03 Nov 2023 | 18
Infosec pros can secure IT, but have harder time securing job satisfaction
Industry facing burnout scare as workplace issues snowball
Security02 Nov 2023 | 2
Critical Apache ActiveMQ flaw under attack by 'clumsy' ransomware crims
Over a week later and barely any patches for the 10/10 vulnerability have been applied
Cyber-crime02 Nov 2023 | 4
Critical vulnerability in F5 BIG-IP under active exploitation
Full extent of attacks unknown but telecoms thought to be especially exposed
Cyber-crime01 Nov 2023 |
Cybercrooks amp up attacks via macro-enabled XLL files
Neither Excel nor PowerPoint safe as baddies continue to find ways around protections
Research01 Nov 2023 | 6
Get your very own ransomware empire on the cheap, while stocks last
RansomedVC owner takes to Telegram to flog criminal enterprise
Cyber-crime01 Nov 2023 | 5
Finance orgs have 30 days to confess cyber sins under incoming FTC rules
Follows similar efforts from the SEC and DHS in recent months
Cyber-crime31 Oct 2023 |
Cybersecurity snafu sends British Library back to the Dark Ages
Internet, phone lines, websites, and more went down on Saturday morning
Cyber-crime31 Oct 2023 | 15
Cryptojackers steal AWS credentials from GitHub in 5 minutes
Researchers just scratching surface of their understanding of campaign dating back to 2020
Research30 Oct 2023 | 3
Stanford schooled in cybersecurity after Akira claims ransomware attack
This marks the third criminal intrusion at the institution in as many years
Cyber-crime30 Oct 2023 | 3
F5 hurriedly squashes BIG-IP remote code execution bug
Fixes came earlier than scheduled as vulnerability became known to outsiders
Research27 Oct 2023 | 3
Microsoft unveils shady shenanigans of Octo Tempest and their cyber-trickery toolkit
Gang thought to be behind attack on MGM Resorts has a skillset larger than most cybercrime groups in existence
Research27 Oct 2023 | 1
Side channel attacks take bite out of Apple silicon with iLeakage exploit
Nearly six years on from Spectre and Meltdown, novel method steals passwords, emails, texts
Research26 Oct 2023 | 10
ServiceNow quietly addresses unauthenticated data exposure flaw from 2015
Researcher who publicized issue brands company’s communication 'appalling'
Research26 Oct 2023 | 3
Biting the hand that feeds IT
