More than 133,000 Fortinet appliances still vulnerable to month-old critical bug A huge attack surface for a vulnerability with various PoCs available Patches18 Mar 2024 |
Cyberattack gifts esports pros with cheats, forcing Apex Legends to postpone tournament Updated Virtual gunslingers forcibly became cheaters via mystery means Cyber-crime18 Mar 2024 | 2
ChatGPT side-channel attack has easy fix: Token obfuscation Infosec in brief Also: Roblox-themed infostealer on the prowl, telco insider pleads guilty to swapping SIMs, and some crit vulns Security18 Mar 2024 | 2
US to probe Change Healthcare's data protection standards as lawsuits mount Services slowly coming back online but providers still struggling Cyber-crime14 Mar 2024 | 3
Nissan to let 100,000 Aussies and Kiwis know their data was stolen in cyberattack Akira ransomware crooks brag of swiping thousands of ID documents during break-in Cyber-crime14 Mar 2024 | 7
Stanford University failed to detect ransomware intruders for 4 months 27,000 individuals had data stolen, which for some included names and social security numbers Cyber-crime13 Mar 2024 | 4
JetBrains is still mad at Rapid7 for the ransomware attacks on its customers War of words wages on between vendors divided Patches12 Mar 2024 | 10
UK council yanks IT systems and phone lines offline following cyber ambush Targeting recovery this week, officials still trying to 'dentify the nature of the incident' Cyber-crime12 Mar 2024 | 45
British Library pushes the cloud button, says legacy IT estate cause of hefty rebuild Five months in and the mammoth post-ransomware recovery has barely begun Cyber-crime11 Mar 2024 | 42
Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability Infosec in brief PLUS: NSA shares cloud security tips; Infosec training for Jordanian women; Critical vulnerabilities Security11 Mar 2024 | 10
Font security 'still a Helvetica of a problem' says Australian graphics outfit Canva Who knew that unzipping a font archive could unleash a malicious file Security08 Mar 2024 | 38
We're not Meta support: State AGs tell Zuck to fix rampant account takeover problem 'We refuse to operate as customer service representatives' Security07 Mar 2024 | 16
Belgian ale legend Duvel's brewery borked as ransomware halts production Biz reassures quaffers it has enough beer, expects quick recovery before weekend Cyber-crime07 Mar 2024 | 40
Reminder: Infostealer malware is coming for your ChatGPT credentials Singaporean researchers note rising presence of OpenAI logins in infostealer malware logs Security07 Mar 2024 | 14
Apple's trademark tight lips extend to new iPhone, iPad zero-days Two flaws fixed, one knee bent to the EU, and a budding cybersecurity star feature in iOS 17.4 Patches06 Mar 2024 |
Capita says 2023 cyberattack costs a factor as it reports staggering £100M+ loss Additional cuts announced, sparking fears of further layoffs Cyber-crime06 Mar 2024 | 27
Japan orders local giants LINE and NAVER to disentangle their tech stacks Government mighty displeased about a shared Active Directory that led to a big data leak Security06 Mar 2024 | 2
IP address X-posure now a feature on Musk's social media thing Just a little FYI Personal Tech05 Mar 2024 | 33
Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure' Updated Exploits began within hours of the original disclosure, so patch now Patches05 Mar 2024 | 37
American Express admits card data exposed and blames third party Don't leave home without … IT security Security04 Mar 2024 | 9
Ransomware ban backers insist thugs must be cut off from payday Increasingly clear number of permanent solutions is narrowing Cyber-crime04 Mar 2024 | 22
LockBit's contested claim of fresh ransom payment suggests it's been well hobbled Infosec in brief ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn't need ADFS, and crit vulns Security04 Mar 2024 | 1
NIST updates Cybersecurity Framework after a decade of lessons The original was definitely getting a bit long in the tooth for modern challenges Security27 Feb 2024 | 5
Fox News 'hacker' turns out to be journalist whose lawyers say was doing his job Infosec in brief Also, another fake iOS app slips into the store, un-cybersafe EV chargers leave UK shelves, and critical vulns Security26 Feb 2024 | 31
Authorities dismantled LockBit before it could unleash revamped variant New features aimed to stamp out problems of the past Cyber-crime22 Feb 2024 | 2
Ukrainian police arrest father and son in suspected LockBit affiliate double act If they did it, it gives new meaning to quality family time. Meanwhile, key LockBit leaders remain at large Cyber-crime22 Feb 2024 | 5
Biden asks Coast Guard to create an infosec port in a stormy sea of cyber threats Oh hear us when we cry to thee for those in peril on the sea Public Sector21 Feb 2024 | 8
Exploiting the latest max-severity ConnectWise bug is 'embarrassingly easy' Urgent patching advised to protect attacks against setup wizards Security21 Feb 2024 | 6
Singapore's monetary authority advises banks to get busy protecting against quantum decryption No time like the present, says central bank Security21 Feb 2024 | 9
Wyze admits 13,000 users could have viewed strangers' camera feeds Customers report feeling violated following the security snafu Security20 Feb 2024 | 31
Insider steals 79,000 email addresses at work to promote own business After saying they're very sorry, they escape with a slap on the wrist Security20 Feb 2024 | 38
ALPHV gang claims it's the attacker that broke into Prudential Financial, LoanDepot Ransomware group continues to exploit US regulatory requirements to its advantage Cyber-crime19 Feb 2024 |
Feds post $15 million bounty for info on ALPHV/Blackcat ransomware crew infosec in brief ALSO: EncroChat crims still getting busted; ransomware takes down CO public defenders office; and crit vulns Security19 Feb 2024 |
Zeus, IcedID malware kingpin faces 40 years in slammer Nearly a decade on the FBI’s Cyber Most Wanted List after getting banks to empty vics' accounts Cyber-crime16 Feb 2024 | 1
Zoom stomps critical privilege escalation bug plus 6 other flaws All desktop and mobile apps vulnerable to at least one of the vulnerabilities Patches15 Feb 2024 |
OpenAI shuts down China, Russia, Iran, N Korea accounts caught doing naughty things You don't need us to craft phishing emails or write malware, super-lab sniffs AI + ML15 Feb 2024 | 5
Prudential Financial finds cybercrims lurking inside its IT systems Some company admin and customers data exposed, but bad guys were there for 'only' a day Cyber-crime14 Feb 2024 |
Romanian hospital ransomware crisis attributed to third-party breach Emergency impacting more than 100 facilities appears to be caused by incident at software provider Cyber-crime14 Feb 2024 | 1
Southern Water cyberattack expected to hit hundreds of thousands of customers Brit utility also curiously disappears from Black Basta leak site Cyber-crime14 Feb 2024 | 44
Bumblebee malware wakes from hibernation, forgets what year it is, attacks with macros Trying to break in with malicious Word documents? How very 2015 of you Cyber-crime14 Feb 2024 | 5
QNAP vulnerability disclosure ends up an utter shambles Two new flaws, one zero-day, countless different patches, but everything's fine! Patches13 Feb 2024 | 8
Crooks hook hundreds of exec accounts after phishing in Azure C-suite pond Plenty of successful attacks observed with dangerous follow-on activity Cyber-crime13 Feb 2024 | 6
FCC gets tough: Telcos must now tell you when your personal info is stolen Yep, cell carriers didn't have to do this before Security12 Feb 2024 | 8
Jet engine dealer to major airlines discloses 'unauthorized activity' Pulls part of system offline as Black Basta docs suggest the worst Cyber-crime12 Feb 2024 | 6
Europe's largest caravan club admits wide array of personal data potentially accessed Experts also put an end to social media security updates Cyber-crime12 Feb 2024 | 19
Mon Dieu! Nearly half the French population have data nabbed in massive breach Infosec In Brief PLUS: Juniper's support portal leaks customer info; Canada moves to ban Flipper Zero; Critical vulns Security12 Feb 2024 | 19
Ivanti discloses fifth vulnerability, doesn't credit researchers who found it Software company's claim of there being no active exploits also being questioned Security09 Feb 2024 | 5
Fortinet's week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim An orchestra of fails for the security vendor Cyber-crime09 Feb 2024 | 6
Crime gang targeted jobseekers across Asia, looted two million email addresses That listing for a gig that looked too good to be true may have been carrying SQL injection code Cyber-crime09 Feb 2024 | 1
Fake LastPass lookalike made it into Apple App Store No walled garden can keep out every weed, we suppose Cyber-crime08 Feb 2024 | 10
Raspberry Robin devs are buying exploits for faster attacks One of most important malware loaders to cybercrims who are jumping on vulnerabilities faster than ever Research08 Feb 2024 | 2
IT suppliers hacked off with Uncle Sam's demands in aftermath of cyberattacks Plan says to hand over keys to networks – and report intrusions within eight hours of discovery Public Sector08 Feb 2024 | 36
Iran's cyber operations in Israel a potential prelude to US election interference Tactics are more sophisticated and supported in greater numbers Security07 Feb 2024 | 25
JetBrains urges swift patching of latest critical TeamCity flaw Cloud version is safe, but no assurances offered about possible on-prem exploits Patches07 Feb 2024 |
Chinese Coathanger malware hung out to dry by Dutch defense department Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions CSO06 Feb 2024 | 13
EquiLend back in the saddle as ransom payment rumors swirl Still no word on how the intruders broke in or the full extent of any possible data compromise Cyber-crime06 Feb 2024 |
Double trouble for Fortinet as it issues critical FortiSIEM vulns Updated Please stand by 73 hours for vendor response...* Patches06 Feb 2024 | 3
New kids on the ransomware block in 2023: Akira and 8Base lead dozens of newbies How good are your takedowns when fresh gangs are linked to previous ops, though? Research06 Feb 2024 | 1
Lurie Children's Hospital back to pen and paper after cyberattack It's the second Chicago hospital to disclose a major incident in the same week Cyber-crime05 Feb 2024 | 9
SBF likely off the hook for misplaced FTX funds after cops bust SIM swap ring Infosec In Brief PLUS: more glibc vulns discovered; DraftKings hacker sentenced; and a hefty dose of critical vulnerabilities Security05 Feb 2024 | 4
Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs The closest thing we may ever get to a real-life Die Hard 2 scenario Research03 Feb 2024 | 17
Critical vulnerability in Mastodon is pounced upon by fast-acting admins Danger of remote account takeovers leaves lead devs scared of releasing many details Security02 Feb 2024 | 20