US and EU infosec authorities pen intel-sharing pact As Cyber Solidarity Act edges closer to full adoption in Europe Cyber-crime07 Dec 2023 | 2
A year on, CISA realizes debunked vuln actually a dud and removes it from must-patch list Apparently no one thought to check if this D-Link router 'issue' was actually exploitable Security06 Dec 2023 | 6
CISA details twin attacks on federal servers via unpatched ColdFusion flaw Tardy IT admins likely to get a chilly reception over the lack of updates Security05 Dec 2023 | 2
UK and US lead international efforts to raise AI security standards 17 countries agree to adopt vision for artificial intelligence security as fears mount over pace of development AI + ML27 Nov 2023 | 14
Ransomware royale: US confirms Royal, BlackSuit are linked Royal alone scored $275M in past year as FBI, other agencies hot on merging trail Cyber-crime14 Nov 2023 | 1
LockBit alleges it boarded Boeing, stole 'sensitive data' Security In Brief ALSO: CISA begs for a consistent budget, Las Vegas school breach; Nigeria arrests six cyber princes, the week's critical vulnerabilities Security30 Oct 2023 | 3
US cybercops urge admins to patch amid ongoing Confluence chaos Do it now, no ifs or buts, says advisory Patches17 Oct 2023 | 3
Regulator, insurers and customers all coming for Progress after MOVEit breach Infosec in brief Also, CISA cataloging new ransomware data points, 17k WP sites hijacked by malware in Sept., and more critical vulns Security16 Oct 2023 | 3
CISA reveals 'Admin123' as top security threat in cyber sloppiness chart Calls for wider adoption of security-by-design principles continue to ring loudly from Uncle Sam Security06 Oct 2023 | 8
CISA barred from coordinating with social media sites to police misinformation The 5th Circuit's re-ruling adds CISA to a list of alleged first-amendment violators. Next stop: Supreme Court Security04 Oct 2023 | 30
CISA boss says US alliance with Ukraine over past year is closer than Five Eyes Black Hat And maybe shore up that critical infrastructure some more, America Black Hat and DEF CON10 Aug 2023 | 14
Cyber-extortionists pillage Colorado education dept Hey, breacher, leave those kids alone Cyber-crime08 Aug 2023 | 7
Five Eyes nations detail dirty dozen most exploited vulnerabilities Infosec in brief PLUS: FBI admits buying NSO spyware; "IT" company busted for drugs 'n guns biz; this week's critical vulns Security07 Aug 2023 | 6
Prepare for plenty more pain from Ivanti's MDM flaws, warn cyber agencies Invaders already spent four or more months frolicking inside Norwegian government servers Patches03 Aug 2023 | 7
Millions of people's data stolen because web devs forget to check access perms IDORs of the storm CSO29 Jul 2023 | 40
Under CISA pressure collab, Microsoft makes cloud security logs available for free In hindsight, it's probably good practice to give clients access to cloud logs Cyber-crime20 Jul 2023 | 7
LockBit louts unload ransomware at Japan’s most prolific cargo port Nagoya Harbor hit the rocks yesterday but looks to be afloat once more Black Hat and DEF CON06 Jul 2023 | 1
It's 2023 and memory overwrite bugs are not just a thing, they're still number one Cough, cough, use Rust. Plus: Eight more exploited bugs added to CISA's must-patch list Research29 Jun 2023 | 71
US government hit by Russia's Clop in MOVEit mass attack CISA chief tells us exploitation 'largely opportunistic', not on same level of SolarWinds CSO15 Jun 2023 | 7
Online muggers make serious moves on unpatched Microsoft bugs Win32k and Visual Studio flaws are under attack Security09 Jun 2023 | 3
Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs Patches02 May 2023 | 1
Google adds account sync for Authenticator, without E2EE in brief Also: Your Salesforce Community site might be leaking; a new CPU side-channel; and this week's critical vunls Security01 May 2023 | 7
Menaced by miscreants, critical infrastructure needs a good ETHOS. Ah, here's one RSA Conference OT firms construct handy early-warning info-sharing system Spotlight on RSA25 Apr 2023 | 5
US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster It's not all doom and gloom because ML also amplifies defensive efforts, probably CSO12 Apr 2023 | 15
40% of IT security pros say they've been told not to report a data leak In Brief Plus: KFC, Pizza Hut owner spills more beans on ransomware hit... latest critical flaws... and more Cyber-crime11 Apr 2023 | 16
It's this easy to seize control of someone's Nexx 'smart' home plugs, garage doors Netizens urged to disconnect kit after 40,000-plus devices found riddled with dumb bugs Security07 Apr 2023 | 41
CISA unleashes Untitled Goose Tool to honk at danger in Microsoft's cloud Not a headline we expected to write today CSO24 Mar 2023 | 11
Critical infrastructure gear is full of flaws, but hey, at least it's certified Security researchers find bugs, big and small, in every industrial box probed CSO23 Mar 2023 | 20
CISA joins forces with Women in CyberSecurity to break up the boy's club in brief Also, the FBI just admitted to bypassing warrants by buying cellphone location data, and this week's actionable items Security13 Mar 2023 | 17
EPA orders US states to check cyber security of public water supplies Don’t let miscreants poison the wells Security06 Mar 2023 | 8
US cybersecurity chief: Software makers shouldn't lawyer their way out of security responsibilities SCSW Who apart from Microsoft is happy with the ship now, oh just fix it later approach? Security28 Feb 2023 | 32
ESXiArgs ransomware fights off Team America's data recovery script Want a clue to what you’re dealing with? Check the ransom note Security16 Feb 2023 | 1
Among the thousands of ESXiArgs ransomware victims? FBI and CISA to the rescue Evil code hits more than 3,800 servers globally, according to the Feds Security08 Feb 2023 | 1
CISA sends schools back to the classroom on security Oy, teacher, protect those kids online Government Tech Week25 Jan 2023 | 1
Homeland Security, CISA builds AI-based cybersecurity analytics sandbox High-spec system is crucial to defending against the latest threats Government Tech Week10 Jan 2023 | 5
FBI warns about Cuba, no, not that one — the ransomware gang Critical infrastructure attacks ramping up Security02 Dec 2022 | 1
US military goes zero-trust on software and government gets busy CISA updates security framework, tech industry calls it 'confusing' Software23 Nov 2022 | 13
LockBit suspect cuffed after ransomware forces emergency services to use pen and paper In Brief Plus: CISA has a flowchart for patching, privacy campaign goes after face search engine Cyber-crime12 Nov 2022 | 13
Biden now wants to toughen up chemical sector's cybersecurity Control panels facing the internet? Data stolen? You gotta keep an ion this stuff CSO27 Oct 2022 | 6
Alert: This ransomware preys on healthcare orgs via weak-ass VPN servers FBI, CISA warn of Daixin gang after OakBend Medical Center hit Cyber-crime24 Oct 2022 | 1
CISA warns of security holes in industrial Advantech, Hitachi kit When we concede that everything has bugs, we wish it wasn't quite everything Patches20 Oct 2022 | 2
It’s 2022 and netizens are only now getting serious about cybersecurity US folks start to get the message about protecting themselves online Security10 Oct 2022 | 12
Foreign spies hijacking US mid-terms? FBI, CISA are cool as cucumbers about it I think we can handle one little Russia. We sent two units, they're bringing any attempts down now Security06 Oct 2022 | 40
Cyber-snoops broke into US military contractor, stole data, hid for months Tell us it’s Russia without telling us it’s Russia Security05 Oct 2022 | 14
Uncle Sam orders federal agencies to step up scans for govt IT security holes Good time to be selling automation tools Security04 Oct 2022 | 2
Atlassian, Microsoft bugs on CISA’s must-patch list after exploitation spree Some days, security just feels like a total illusion. OK, most days... Patches04 Oct 2022 | 7
National Cybersecurity Awareness program 18 years on: Don't click that Technology is addressing many of the cyberthreats, but the human element will always be a factor Security03 Oct 2022 | 3
US school year opens with reading, writing, and ransomware FBI warns that Vice Society threat group is ramping up attacks on the education sector Cyber-crime07 Sep 2022 | 8
Microsoft: The deadline to get off Basic Auth is approaching Exchange Online face Halloween deadline OSes05 Sep 2022 | 50
80,000 internet-connected cameras still vulnerable after critical patch offered Just more IoT conscripts for the botnet armies Patches24 Aug 2022 | 15
If you haven't patched Zimbra holes by now, assume you're toast Here's how to detect an intrusion via vulnerable email systems Patches23 Aug 2022 |
US reveals 'Target' pic of Conti man with $10m reward offer Fashion Police chipping in on the bounty related to costliest strain of ransomware on record Security12 Aug 2022 | 6
Maui ransomware linked to North Korean group Andariel Attack origins point to April 2021 first strike on Japanese target Security10 Aug 2022 | 1
DuckDuckGo says Hell, Hell, No to those Microsoft trackers after web revolt In brief Plus: That Twitter privacy leak, scammers send Ubers for victims, critical flaw in Cisco gear, and more Security06 Aug 2022 | 38
US puts $10 million bounty on North Korean cyber-crews Kim will be shaking in his shoes Security27 Jul 2022 | 7
Security flaws in GPS trackers can be abused to cut off fuel to vehicles, CISA warns About '1.5 million' folks and organizations use these gadgets Security19 Jul 2022 | 29
Start using Modern Auth now for Exchange Online Before Microsoft shutters basic logins in a few months CSO29 Jun 2022 | 28
Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ Use it sensibly instead – which means turning on the useful bits Microsoft doesn't enable by default Security23 Jun 2022 | 20
OpenInfra Foundation talks about Directed Funding model for open source projects OpenInfra Berlin Notes rise of 'pay to play' where companies try to buy way into governance – and says this is not that PaaS + IaaS14 Jun 2022 |
Beijing-backed baddies target unpatched networking kit to attack telcos NSA, FBI and CISA issue joint advisory that suggests China hardly has to work for this – flaws revealed in 2017 are among their entry points Security08 Jun 2022 | 3
US cyber chiefs: Moving to Shields Down isn't gonna happen RSA Conference Promises new alert notices but warn 'we can sometimes predict thunderstorms but not lightning strikes' CSO08 Jun 2022 | 6
FBI, CISA: Don't get caught in Karakurt's extortion web Is this gang some sort of Conti side hustle? The answer may be yes CSO03 Jun 2022 | 7