Cybersecurity

MediaTek rings in the new year with a parade of chipset vulns

Manufacturers should have had ample time to apply the fixes

Security06 Jan 2025 | 5

Telemetry data from 800K VW Group EVs exposed online

Infosec in Brief PLUS: DoJ bans data sale to enemy nations; Do Kwon extradited to US; Tenable CEO passes away; and more

Security06 Jan 2025 | 45

UK ICO not happy with Google's plans to allow device fingerprinting

Infosec in brief Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more

Security23 Dec 2024 | 75

Infosec experts divided on AI's potential to assist red teams

CANALYS FORUMS APAC Yes, LLMs can do the heavy lifting. But good luck getting one to give evidence

Security20 Dec 2024 | 10

Trump administration wants to go on cyber offensive against China

The US has never attacked Chinese critical infrastructure before, right?

Cyber-crime16 Dec 2024 | 25

Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat'

Personal and financial data probably stolen

Cyber-crime16 Dec 2024 | 2

Are your Prometheus servers and exporters secure? Probably not

Infosec in brief Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more

Security15 Dec 2024 | 1

Apache issues patches for critical Struts 2 RCE bug

More details released after devs allowed weeks to apply fixes

Patches12 Dec 2024 |

Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push

Holiday cheer comes in the form of three arrests and 27 shuttered domains

Cyber-crime12 Dec 2024 | 5

Three more vulns spotted in Ivanti CSA, all critical, one 10/10

Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker

Patches11 Dec 2024 | 2

Fully patched Cleo products under renewed 'zero-day-ish' mass attack

Thousands of servers targeted while customers wait for patches

Research10 Dec 2024 |

OpenWrt orders router firmware updates after supply chain attack scare

A couple of bugs lead to a potentially bad time

CSO09 Dec 2024 | 6

Blue Yonder ransomware termites claim credit

Infosec in brief Also: Mystery US firm compromised by Chinese hackers for months; Safe links that aren't; Polish spy boss arrested, and more

Security09 Dec 2024 | 3

Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware

Threatened with life in prison, Kyiv charity worker gives middle finger to state spies

Security06 Dec 2024 | 62

Ransomware hangover, Putin grudge blamed for vodka maker's bankruptcy

Stoli Group on the rocks in the US

Security05 Dec 2024 | 35

Perfect 10 directory traversal vuln hits SailPoint's IAM solution

Updated 20-year-old info disclosure class bug still pervades security software

Patches03 Dec 2024 | 6

Severity of the risk facing the UK is widely underestimated, NCSC annual review warns

National cyber emergencies increased threefold this year

Cyber-crime03 Dec 2024 | 18

Interpol nabs thousands, seizes millions in global cybercrime-busting op

Infosec in brief Also, script kiddies still a threat, Tornado Cash is back, UK firms lose billions to avoidable attacks, and more

Security01 Dec 2024 | 8

RansomHub claims to net data hat-trick against Bologna FC

Crooks say they have stolen sensitive files on managers and players

Cyber-crime30 Nov 2024 | 2

Zabbix urges upgrades after critical SQL injection bug disclosure

US agencies blasted 'unforgivable' SQLi flaws earlier this year

Patches29 Nov 2024 | 7

NHS major 'cyber incident' forces hospitals to use pen and paper

Systems are isolated and pulled offline, while scheduled procedures are canceled

Cyber-crime28 Nov 2024 | 56

First-ever UEFI bootkit for Linux in the works, experts say

Bootkitty doesn’t bite… yet

Research27 Nov 2024 | 14

Man accused of hilariously bad opsec as alleged cybercrime spree detailed

Complaint claims he trespassed, gave himself discounts, and sorted CCTV access…

Cyber-crime26 Nov 2024 | 24

Another 'major cyber incident' at a UK hospital, outpatients asked to stay away

Third time this year an NHS unit's IT systems have come under attack

Cyber-crime26 Nov 2024 | 53

QNAP and Veritas dump 30-plus vulns over the weekend

Updated Just what you want to find when you start a new week

Patches26 Nov 2024 | 2

China has utterly pwned 'thousands and thousands' of devices at US telcos

Senate Intelligence Committee chair says his 'hair is on fire' as execs front the White House

Cyber-crime25 Nov 2024 | 51

Russian spies may have moved in next door to target your network

Infosec in brief Plus: Microsoft seizes phishing domains; Helldown finds new targets; Illegal streaming with Jupyter, and more

Security25 Nov 2024 | 22

'Alarming' security bugs lay low in Linux's needrestart utility for 10 years

Update now: Qualys says flaws give root to local users, 'easily exploitable', default in Ubuntu Server

Research21 Nov 2024 | 15

D-Link tells users to trash old VPN routers over bug too dangerous to identify

Vendor offers 20% discount on new model, but not patches

CSO20 Nov 2024 | 59

America's drinking water systems have a hard-to-swallow cybersecurity problem

More than 100M rely on gear rife with vulnerabilities, says EPA OIG

Public Sector19 Nov 2024 | 20

Palo Alto Networks tackles firewall-busting zero-days with critical patches

Amazing that these two bugs got into a production appliance, say researchers

Patches19 Nov 2024 | 4

Crook breaks into AI biz, points $250K wire payment at their own account

Fastidious attacker then tidied up email trail behind them

Cyber-crime19 Nov 2024 | 12

Sweden's 'Doomsday Prep for Dummies' guide hits mailboxes today

First in six years is nearly three times the size of the older, pre-NATO version

Security18 Nov 2024 | 43

Teen serial swatter-for-hire busted, pleads guilty, could face 20 years

Infosec in brief PLUS: Cost of Halliburton hack disclosed; Time to dump old D-Link NAS; More UN cybercrime convention concerns; and more

Security18 Nov 2024 | 18

Cybercriminal devoid of boundaries gets 10-year prison sentence

Serial extortionist of medical facilities stooped to cavernous lows in search of small payouts

Cyber-crime14 Nov 2024 | 6

Kids' shoemaker Start-Rite trips over security again, spilling customer card info

Updated Full details exposed, putting shoppers at serious risk of fraud

Cyber-crime14 Nov 2024 | 14

NatWest blocks bevy of apps in clampdown on unmonitorable comms

From guidance to firm action... no more WhatsApp, Meta's Messenger, Signal, Telegram and more

Security14 Nov 2024 | 25

Ransomware fiends boast they've stolen 1.4TB from US pharmacy network

American Associated Pharmacies yet to officially confirm infection

Cyber-crime13 Nov 2024 | 1

'Cybersecurity issue' at Food Lion parent blamed for US grocery mayhem

Stores still open, but customers report delayed deliveries, invoicing issues, and more at Stop & Shop and others

Cyber-crime12 Nov 2024 | 2

HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code

'Once again, we've lost a little more faith in the internet,' researcher says

CSO12 Nov 2024 | 3

FBI issues warning as crooks ramp up emergency data request scams

Just because it's .gov doesn't mean that email is trustworthy

Cyber-crime11 Nov 2024 | 12

Dark web crypto laundering kingpin sentenced to 12.5 years in prison

Prosecutors hand Russo-Swede a half-billion bill

Cyber-crime11 Nov 2024 | 23

Alleged Snowflake attacker gets busted by Canadians – politely, we assume

Infosec in brief Also: Crypto hacks will continue; CoD hacker gets thousands banned, and more

Security11 Nov 2024 |

Don't open that 'copyright infringement' email attachment – it's an infostealer

Curiosity gives crims access to wallets and passwords

Research07 Nov 2024 | 21

Cybercrooks are targeting Bengal cat lovers in Australia for some reason

In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos

Research06 Nov 2024 | 15

Cyberattackers stole Microlise staff data following DHL, Serco disruption

Experts say incident has 'all the hallmarks of ransomware'

Cyber-crime06 Nov 2024 | 5

A new city springs from the rainforest to become Indonesia's tech hub

Jakarta who? Indonesia's new capital, Nusantara, is packed with tech

On-Prem06 Nov 2024 | 17

Don't have MFA on a Google Cloud account? You'll have to from Jan

Lock it up. Lock it up

PaaS + IaaS05 Nov 2024 | 6

Washington courts grapple with statewide outage after 'unauthorized activity'

Justice still being served, but many systems are down

Security05 Nov 2024 | 1

Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack

Victims were placed in serious danger following highly sensitive data dump

Cyber-crime04 Nov 2024 | 5

Why the long name? Okta discloses auth bypass bug affecting 52-character usernames

Mondays are for checking months of logs, apparently, if MFA's not enabled

Security04 Nov 2024 | 14

Public sector cyber break-ins: Our money, our lives, our right to know

Opinion Is that a walrus in your server logs, or aren't you pleased to see me?

Cyber-crime04 Nov 2024 | 24

Six IT contractors accused of swindling Uncle Sam out of millions

Infosec in brief Also, ecommerce fraud ring disrupted, another Operation Power Off victory, Sino SOHO botnet spotted, and more

Security03 Nov 2024 | 11

Financial institutions told to get their house in order before the next CrowdStrike strikes

Calls for improvements will soon turn into demands when new rules come into force

Security02 Nov 2024 | 29

UK councils bat away DDoS barrage from pro-Russia keyboard warriors

Local authority websites downed in response to renewed support for Ukraine

Cyber-crime01 Nov 2024 | 34

Amazon adds MFA to its enterprise email service ... eight years after launch

No rush, guys

On-Prem31 Oct 2024 | 1