Cybersecurity

Zoom patches make-me-root security flaw, patches patch

In brief Plus: See if in-app browsers are monitoring you, a novel industrial network attack technique, and more

Security22 Aug 2022 | 21

Ransomware attack on UK water company clouded by confusion

Clop gang thought it hit Thames Water – but real victim was elsewhere

Cyber-crime18 Aug 2022 | 44

PC store told it can't claim full cyber-crime insurance after social-engineering attack

Two different kinds of fraud, says judge while throwing out lawsuit against insurer

CSO16 Aug 2022 | 4

Ukraine's cyber chief comes to Black Hat in surprise visit

Black Hat In Brief TL;DR: The news isn't good

Security13 Aug 2022 | 6

Higher risks and premiums are creating critical gap in cyber insurance

Black Hat Most organizations don’t have the financial resources necessary to address ransomware and other cyberattacks, BlackBerry says

Security11 Aug 2022 | 4

AWS and Splunk partner for faster cyberattack response

Black Hat OCSF initiative will give enterprise security teams an open standard for moving and analyzing threat data

Security11 Aug 2022 |

Don't be surprised if your organization suffers multiple cyberattacks

Black Hat Failing to fix flaws, a crowded threat group scene, RaaS, and dependencies among crooks are fueling the trend

Security11 Aug 2022 | 5

Malicious deepfakes used in attacks up 13% from last year, VMware finds

Plus: Crooks swimming around your network, looking for a way in, says Incident Response Threat Report

Security09 Aug 2022 |

US treasury whips up sanctions for crypto mixer Tornado Cash

Being the money launderer for North Korea’s Lazarus Group comes at a price

Cyber-crime08 Aug 2022 | 21

DuckDuckGo says Hell, Hell, No to those Microsoft trackers after web revolt

In brief Plus: That Twitter privacy leak, scammers send Ubers for victims, critical flaw in Cisco gear, and more

Security06 Aug 2022 | 38

Warning! Critical flaws found in US Emergency Alert System

DEF CON may be about to blow lid off security hole

Patches05 Aug 2022 | 14

Microsoft widens enterprise access to its threat intelligence pool

Organizations can be more proactive in tracking threats, finding holes in their protection

Security03 Aug 2022 |

Akamai: We stopped record DDoS attack in Europe

A 'sophisticated, global botnet' held an Eastern European biz under siege over 30 days

Cyber-crime01 Aug 2022 | 12

Tim Hortons offers free coffee and donut to settle data privacy invasion claims

In brief Also, malicious VBA macros are out and container files are in, Robin Banks helps criminals rob banks, and more

Security30 Jul 2022 | 36

Decentralized IPFS networks forming the 'hotbed of phishing'

P2P file system makes it more difficult to detect and take down malicious content

Security29 Jul 2022 | 23

Businesses confess: We pass cyberattack costs onto customers

Cover an average of $4.4 million per raid ourselves? No chance, mate

Security29 Jul 2022 | 21

LockBit ransomware gang claims it ransacked Italy’s tax agency

Miscreants boast of 78GB haul, officials say everything's fine

Security26 Jul 2022 | 7

DoJ approves Google's acquisition of Mandiant

In Brief Plus: Ukrainian fake news and Uber admits covering up data breach

Security25 Jul 2022 | 2

DataDome looks to CAPTCHA the moment with test of humanity that doesn't hurt

As the verification technology weathers ongoing criticism from users, one anti-bot security vendor rolls out its own tool

Security21 Jul 2022 | 15

Botnet malware disguises itself as password cracker for industrial controllers

Can't get into that machine? No problem, just trust this completely sketchy looking tool

Research18 Jul 2022 | 8

Albanian government websites go dark after cyberattack

Updated Citizen services only moved online in May. What could possibly go wrong?

Security18 Jul 2022 | 3

North Koreans spotted harassing SMBs with malware

In brief Also: Lawyers told to dissuade clients from paying off ransomware crooks, and more

Security16 Jul 2022 | 16

How data on a billion people may have leaked from a Chinese police dashboard

Record-breaking dump thanks to password-less Kibana endpoint?

Research10 Jul 2022 | 24

FBI and MI5 bosses: China cheats and steals at massive scale

Other US spooks chime in with similar warnings

Security07 Jul 2022 | 82

Apple's latest security feature could literally save lives

Cupertino is so sure of Lockdown Mode it's offering $2m to bug hunters to break it

Personal Tech06 Jul 2022 | 57

Billion-record stolen Chinese database for sale on breach forum

Appears to have leaked from a cloud thanks to sloppy coding

Cyber-crime05 Jul 2022 | 15

Google location tracking to forget you were ever at that medical clinic

In brief Plus: Cyber-mercenaries said to target legal world, backdoor found on web servers, and more

Security02 Jul 2022 | 75

Cyberattack shuts down unemployment, labor websites across the US

Software maker GSI took systems offline, affecting thousands of people in as many as 40 states

Cyber-crime01 Jul 2022 | 8

Israel plans ‘Cyber-Dome’ to defeat digital attacks from Iran and others

Already has 'Iron Dome' – does it need another hero?

Security30 Jun 2022 | 20

Start using Modern Auth now for Exchange Online

Before Microsoft shutters basic logins in a few months

CSO29 Jun 2022 | 28

Carnival Cruises torpedoed by US states, agrees to pay $6m after wave of cyberattacks

Now those are some phishing boats

Cyber-crime28 Jun 2022 | 17

Contractor loses entire Japanese city's personal data in USB fail

In brief Also, Chrome add-ons are great for fingerprinting, and hacked hot tubs splurge details

CSO27 Jun 2022 | 14

$6b mega contract electronics vendor Sanmina jumps into zero trust

Company was an early adopter of Google Cloud, which led to a search for a new security architecture

CSO23 Jun 2022 | 1

Israeli air raid sirens triggered in possible cyberattack

Source remains unclear, plenty suspect Iran

Cyber-crime22 Jun 2022 | 2

There are 24.6 billion pairs of credentials for sale on dark web

In brief Plus: Citrix ASM has some really bad bugs, and more

Security20 Jun 2022 | 3

OMIGOD: Cloud providers still using secret middleware

RSA Conference in brief All the news you may have missed from RSA this week

Security11 Jun 2022 | 18

Symbiote Linux malware spotted – and infections are 'very hard to detect'

Performing live forensics on hijacked machine may not turn anything up, warn researchers

Research10 Jun 2022 | 21

Russia, China warn US its cyber support of Ukraine has consequences

Countries that accept US infosec help told they could pay a price too

Security10 Jun 2022 | 17

Facebook phishing campaign nets millions in IDs and cash

Hundreds of millions of stolen credentials and a cool $59 million

Cyber-crime09 Jun 2022 | 8

Google has more reasons why it doesn't like antitrust law that affects Google

It'll ruin Gmail, claims web ads giant

Security08 Jun 2022 | 13

Feds raid dark web market selling data on 24 million Americans

SSNDOB sold email addresses, passwords, credit card numbers, SSNs and more

Cyber-crime08 Jun 2022 | 9

IBM buys Randori to address multicloud security messes

RSA Conference Big Blue joins the hot market for infosec investment

Security07 Jun 2022 | 3

Costa Rican government held up by ransomware … again

In brief Also US warns of voting machine flaws and Google pays out $100 million to Illinois

Security06 Jun 2022 | 8

Healthcare organizations face rising ransomware attacks – and are paying up

Via their insurance companies, natch

Research03 Jun 2022 | 10

Ransomware attack sends US county back to 1977

In brief Also: Uni details its malware-catching AI, signs of China poking the Russian cyber-bear, and more

Patches29 May 2022 | 8

This Windows malware uses PowerShell to inject malicious extension into Chrome

And that's a bit odd, says Red Canary

Research27 May 2022 | 13

Verizon: Ransomware sees biggest jump in five years

We're only here for DBIRs

Research26 May 2022 | 6

Ex-spymaster and fellow Brexiteers' emails leaked by suspected Russian op

A 'Very English Coop (sic) d'Etat'

Research26 May 2022 | 166

Vehicle owner data exposed in GM credential-stuffing attack

Car maker says miscreants used stolen logins to break into folks' accounts

Security25 May 2022 | 29

Quad nations pledge deeper collaboration on infosec, data-sharing, and more

But think tank says its past attempts at working together haven't gone well

Security25 May 2022 | 8

381,000-plus Kubernetes API servers 'exposed to internet'

Firewall isn't a made-up word from the Hackers movie, people

Devops23 May 2022 | 17

Protecting data now as the quantum era approaches

Analysis Startup QuSecure is the latest vendor to jump into the field with its as-a-service offering

Security20 May 2022 | 2

Hot glare of the spotlight doesn’t slow BlackByte ransomware gang

Crew's raids continue worldwide, Talos team warns

Research19 May 2022 | 4

Monero-mining botnet targets Windows, Linux web servers

Sysrv-K malware infects unpatched tin, Microsoft warns

Cyber-crime18 May 2022 | 10

Shopping for malware: $260 gets you a password stealer. $90 for a crypto-miner...

We take a look at low, low subscription prices – not that we want to give anyone any ideas

Research14 May 2022 | 6

'Peacetime in cyberspace is a chaotic environment' says senior US advisor

Black Hat Asia The internet is now the first battleground of any new war – before the shooting starts

Cyber-crime13 May 2022 | 2