Cybersecurity

Google Cloud shores up log permissions for builder bot

Infosec in brief ALSO: Amazon's child-sized COPPA fine, smart tech security labels coming to the US, and this week's critical vulns

Security24 Jul 2023 | 2

Under CISA pressure collab, Microsoft makes cloud security logs available for free

In hindsight, it's probably good practice to give clients access to cloud logs

Cyber-crime20 Jul 2023 | 7

Tech support scammers go analog, ask victims to mail bundles of cash

The approach is the same, but never mind the crypto or gift cards

Security19 Jul 2023 | 28

Typo watch: 'Millions of emails' for US military sent to .ml addresses in error

Good thing Mali isn't best pals with Russia right no– oh, shoot

Sysadmin Month18 Jul 2023 | 155

Beijing wants to make the Great Firewall of China even greater

Also more fiery, with vague but firm orders to create a 'security barrier'

Security17 Jul 2023 | 8

Boris Johnson pleads ignorance, which just might work

Infosec in brief Also: More high-profile MOVEit victims; CVSS 4.0 coming soon; and a long list of critical vulnerabilities

Security17 Jul 2023 | 79

Infosec watchers: TeamTNT crew may blast holes in Azure, Google Cloud users

Why limit yourself to only stealing AWS credentials?

Cyber-crime15 Jul 2023 |

Microsoft admits unauthorized access to Exchange Online, blames Chinese gang

Storm-0558 had access to customer accounts and mail – maybe even for senior US officials

Sysadmin Month13 Jul 2023 | 37

Miscreants exploit five Microsoft bugs as Windows giant addresses 130 flaws

Patch Tuesday Plus: Apple bungles another rapid security response; important ICS updates land; and more

Patches11 Jul 2023 | 14

Liberté, Égalité, Spyware: France okays cops snooping on phones

Infosec in brief ALSO: Shell fails to learn from past leaks; hundreds of solar plants found open to Mirai; and this week's crit vulns

Security10 Jul 2023 | 45

Russian military satellite comms provider offline after hack

Infosec in brief ALSO: Ransomware hit on Mancunian Uni spills NHS patient deets, USPTO leaks inventor info, and this week's crit vulns

Systems03 Jul 2023 | 6

Ex-FBI employee jailed for taking classified material home

Infosec in brief Also: a PII harvest at Dole's server farm, military members mailed mystery smartwatches, and this week's critical vulns

CSO26 Jun 2023 | 55

Over 100,000 compromised ChatGPT accounts found for sale on dark web

UPDATED Cybercrooks hoping users have whispered employer secrets to chatbot

Cyber-crime20 Jun 2023 | 26

Data leak at major law firm sets Australia's government and elites scrambling

BlackCat attack sparks injunction preventing coverage of purloined docs

Security20 Jun 2023 | 24

US government extends software security deadline because vendors aren't ready

This from the Administration that made infosec a priority

Software13 Jun 2023 | 4

China's cyber now aimed at infrastructure, warns CISA boss

Resilience against threats needs a boost

Security13 Jun 2023 | 2

Microsoft stole our stolen dark web data, says security outfit

Suit claims Redmond took far more than allowed from Hold's 360M-credential database

Security12 Jun 2023 | 8

Hold it – another vulnerability found in MOVEit file transfer software

Infosec in brief Also, the FBI's $180k investment in AN0M keeps paying off, and this week's critical vulnerabilities

Cyber-crime12 Jun 2023 | 7

Darkweb credit card marts in decline across Asia, researchers claim

India tops the charts for document theft

Security09 Jun 2023 | 1

Microsoft says share the wealth with cyber-info for business

It's better to take action than wait for attacks

Security08 Jun 2023 | 9

Australian cyber-op attacked ISIL with the terrifying power of Rickrolling

Commanders in the field persuaded to give up, let their guard down, run around and desert their posts

Security05 Jun 2023 | 10

Toyota admits to yet another cloud leak

infosec in brief Also, hackers publish RaidForum user data, Google's $180k Chrome bug bounty, and this week's vulnerabilities

Security05 Jun 2023 | 6

Meet TeamT5, the Taiwanese infosec outfit taking on Beijing and defeating its smears

Living in the eye of the geopolitical storm is not easy, but is good for business

Security05 Jun 2023 | 2

1. This crypto-coin is called Jimbo. 2. $8m was stolen from its devs in flash loan attack

3. It's asked for 90% of the digital dosh back, or else it'll beg the cops for help

Cyber-crime30 May 2023 | 46

New York county still dealing with ransomware eight months after attack

security in brief Also: iSpoof no more, Edmodo fined more than it can pay, UK is #1 (in CC theft), and the week's critical vulns

Security29 May 2023 | 8

It's 2023 and Sri Lanka doesn't have a cyber security authority

All should change this year as the country passes its Cyber Security Bill

Security26 May 2023 | 2

Five Eyes and Microsoft accuse China of attacking US infrastructure again

Defeating Volt Typhoon will be hard, because the attacks look like legit Windows admin activity

Cyber-crime25 May 2023 | 10

US Dept of Transport security breach exposes info on a quarter-million people

Not the first time Uncle Sam has had the wheels come off its IT systems

Security16 May 2023 | 4

Arm acknowledges side-channel attack but denies Cortex-M is crocked

Black Hat Asia Spectre-esque exploit figures out when interesting info might be in memory

Security15 May 2023 | 7

T-Mobile US suffers second data theft within months

in brief Also, Capita's buckets are leaking, ransomware attackers deliver demands via emergency alert, and this week's critical vulns

Security08 May 2023 | 6

China labels USA 'Empire of hacking' based on old Wikileaks dumps

Pot, meet kettle, both containing weak sauce

Security05 May 2023 | 38

Plugging the infosec holes before the bad guys can sneak in

RSA Conference Security posture management gets its due at RSA

Spotlight on RSA01 May 2023 | 2

Google adds account sync for Authenticator, without E2EE

in brief Also: Your Salesforce Community site might be leaking; a new CPU side-channel; and this week's critical vunls

Security01 May 2023 | 7

You don't have to wait for quantum computing to prepare for it

RSA Conference Rapid7 CSO Jaya Baloo on how to tackle this potential looming tech

Spotlight on RSA29 Apr 2023 |

Menaced by miscreants, critical infrastructure needs a good ETHOS. Ah, here's one

RSA Conference OT firms construct handy early-warning info-sharing system

Spotlight on RSA25 Apr 2023 | 5

SentinelOne sticks generative AI into its stuff because 2023 gotta 2023

RSA Conference Look, anyone can build these things

Spotlight on RSA24 Apr 2023 | 5

Department of Homeland Security bets on AI to help handle China

Secretary worries about critical infrastructure being held to ransom

AI + ML24 Apr 2023 | 8

Microsoft goes meteorological in defining cybercrook groups

Now here's Bill with the weather

Offbeat19 Apr 2023 | 9

Microsoft opens up Defender threat intel library with file hash, URL search

Surprised there's no ChatGPT angle and that it's not called MalwareTotal

Security18 Apr 2023 | 1

Update now: Google emits emergency fix for zero-day Chrome vulnerability

In brief Also: Tech players spin up white hat protection, this week's critical bugs, and more

Security17 Apr 2023 | 2

To improve security, consider how the aviation world stopped blaming pilots

When admitting to an error isn't seen as a failure, improvement easy to achieve, says pilot-turned-CISO

Security14 Apr 2023 | 69

40% of IT security pros say they've been told not to report a data leak

In Brief Plus: KFC, Pizza Hut owner spills more beans on ransomware hit... latest critical flaws... and more

Cyber-crime11 Apr 2023 | 16

MSI hit in cyberattack, warns against installing knock-off firmware

1.5TB of databases, source code, BIOS tools said to be stolen

Cyber-crime07 Apr 2023 | 8

In wars of the future, national security won't end at space

Efforts under way to keep satellites and other craft safe from military threats

Defense Tech Week06 Apr 2023 | 4

US defense tech veterans call for a separate Cyber Force

Analysis A seventh branch of the military is needed to address rising threats

Defense Tech Week06 Apr 2023 | 21

As defense tech goes commercial, does national security miss out?

Investors and educators called on to think more broadly at think tank event

Defense Tech Week05 Apr 2023 | 14

3CX thought supply chain attack was a false positive

Updated 'It's not unusual for VoIP apps' says CEO

Cyber-crime03 Apr 2023 | 23

School principal resigns after writing $100,000 check to Elon Musk impersonator

In Brief ALSO: DJI forgets the 'B' in 'BCC,' and this week's critical known exploits

Security03 Apr 2023 | 90

Airbus pulls up hard, no longer buying 29.9% stake in Atos-owned Evidian

Under pressure from activist investor, top brass agree to plot new course

Systems30 Mar 2023 | 2

Oh, really? Microsoft worries multicloud complicates security and identity

Coincidentally lays off techies in its identity team

Spotlight on RSA29 Mar 2023 | 8

Apple patches all the iThings, including iOS 15 hole under attack right now

Issue identified in February but owners of older kit weren't warned

Patches28 Mar 2023 | 11

Microsoft enlarges its cockpit of Copilots to include security

It starts with chat bots inventing D&D campaigns and ends with AI all over your Excel and network logs

AI + ML28 Mar 2023 | 9

Attackers hit Bitcoin ATMs to steal $1.5 million in crypto cash

Terminal maker General Bytes shutters its cloud business after second breach in seven months

Security23 Mar 2023 | 30

Privacy fail: Pictures cropped, redacted by Google Pixel phones can be recovered

Updated aCropalypse Now, starring any 2018-or-later device

Security20 Mar 2023 | 36

BianLian ransomware crew goes 100% extortion after free decryptor lands

No good deed goes unpunished, or something like that

Cyber-crime19 Mar 2023 | 7

Zoll Medical says intruders had 1M+ patient, staff records at their fingertips

Names, addresses, SSNs all up for grabs

Security13 Mar 2023 | 3