Jet engine dealer to major airlines discloses 'unauthorized activity' Pulls part of system offline as Black Basta docs suggest the worst Cyber-crime12 Feb 2024 | 6
Europe's largest caravan club admits wide array of personal data potentially accessed Experts also put an end to social media security updates Cyber-crime12 Feb 2024 | 19
Mon Dieu! Nearly half the French population have data nabbed in massive breach Infosec In Brief PLUS: Juniper's support portal leaks customer info; Canada moves to ban Flipper Zero; Critical vulns Security12 Feb 2024 | 19
Ivanti discloses fifth vulnerability, doesn't credit researchers who found it Software company's claim of there being no active exploits also being questioned Security09 Feb 2024 | 5
Fortinet's week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim An orchestra of fails for the security vendor Cyber-crime09 Feb 2024 | 6
Crime gang targeted jobseekers across Asia, looted two million email addresses That listing for a gig that looked too good to be true may have been carrying SQL injection code Cyber-crime09 Feb 2024 | 1
Fake LastPass lookalike made it into Apple App Store No walled garden can keep out every weed, we suppose Cyber-crime08 Feb 2024 | 10
Raspberry Robin devs are buying exploits for faster attacks One of most important malware loaders to cybercrims who are jumping on vulnerabilities faster than ever Research08 Feb 2024 | 2
IT suppliers hacked off with Uncle Sam's demands in aftermath of cyberattacks Plan says to hand over keys to networks – and report intrusions within eight hours of discovery Public Sector08 Feb 2024 | 36
Iran's cyber operations in Israel a potential prelude to US election interference Tactics are more sophisticated and supported in greater numbers Security07 Feb 2024 | 25
JetBrains urges swift patching of latest critical TeamCity flaw Cloud version is safe, but no assurances offered about possible on-prem exploits Patches07 Feb 2024 |
Chinese Coathanger malware hung out to dry by Dutch defense department Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions CSO06 Feb 2024 | 13
EquiLend back in the saddle as ransom payment rumors swirl Still no word on how the intruders broke in or the full extent of any possible data compromise Cyber-crime06 Feb 2024 |
Double trouble for Fortinet as it issues critical FortiSIEM vulns Updated Please stand by 73 hours for vendor response...* Patches06 Feb 2024 | 3
New kids on the ransomware block in 2023: Akira and 8Base lead dozens of newbies How good are your takedowns when fresh gangs are linked to previous ops, though? Research06 Feb 2024 | 1
Lurie Children's Hospital back to pen and paper after cyberattack It's the second Chicago hospital to disclose a major incident in the same week Cyber-crime05 Feb 2024 | 9
SBF likely off the hook for misplaced FTX funds after cops bust SIM swap ring Infosec In Brief PLUS: more glibc vulns discovered; DraftKings hacker sentenced; and a hefty dose of critical vulnerabilities Security05 Feb 2024 | 4
Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs The closest thing we may ever get to a real-life Die Hard 2 scenario Research03 Feb 2024 | 17
Critical vulnerability in Mastodon is pounced upon by fast-acting admins Danger of remote account takeovers leaves lead devs scared of releasing many details Security02 Feb 2024 | 20
LockBit shows no remorse for ransomware attack on children's hospital It even had the gall to set the ransom demand at $800K … for a nonprofit Cyber-crime01 Feb 2024 | 42
Ransomware payment rates drop to new low – now 'only 29% of victims' fork over cash It's almost like years of false assurances have made people realize payments are pointless Security31 Jan 2024 | 23
Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks Evidence mounts of an exploit gatekept within Russia's borders Research31 Jan 2024 |
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns Many versions still without fixes while sophisticated attackers bypass mitigations Patches31 Jan 2024 | 8
Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after patch released Multiple publicly available exploits have since been published for the critical flaw Security30 Jan 2024 | 2
Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process Vendor gets tangled in its own web of undisclosed vulnerabilities Patches30 Jan 2024 |
UK biometrics boss bows out, bemoaning bureaucratic blunders Questionable institutional change and myriad IT issues pervade the governance landscape Security30 Jan 2024 | 9
Tesla hacks make big bank at Pwn2Own's first automotive-focused event Infosec in brief ALSO: SEC admits to X account negligence; New macOS malware family appears; and some critical vulns Security29 Jan 2024 | 9
Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months Breach filings show Reddit post led to the discovery rather than any sophisticated cyber defenses Cyber-crime26 Jan 2024 | 36
Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist Updated Cosmetics brand goes from Jackson Pollocking your bathwater to cleaning up serious a digital mess Cyber-crime26 Jan 2024 | 35
EquiLend drags systems offline after admitting attacker broke in Securities lender processes trillions of dollars worth of Wall Street transactions every day Cyber-crime25 Jan 2024 | 1
Major IT outage at Europe's largest caravan and RV club makes for not-so-happy campers Updated 1 million members still searching for answers as IT issues floor primary digital services Security24 Jan 2024 | 21
Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug Ancient path traversal exploit offers remote attackers admin access Patches24 Jan 2024 | 1
COVID-19 test lab accused of exposing 1.3 million patient records to open internet Now that's a Dutch crunch Research24 Jan 2024 | 2
GCHQ's NCSC warns of 'realistic possibility' AI will help state-backed malware evade detection That means Brit spies want the ability to do exactly that, huh? Cyber-crime24 Jan 2024 | 25
UK water giant admits attackers broke into system as gang holds it to ransom Comes mere months after Western intelligence agencies warned of attacks on water providers Cyber-crime23 Jan 2024 | 35
Ivanti and Juniper Networks accused of bending the rules with CVE assignments Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE Patches22 Jan 2024 | 7
BreachForums admin 'Pompourin' sentenced to 20 years of supervised release Infosec in brief Also: Another UEFI flaw found; Kaspersky discovers iOS log files actually work; and a few critical vulnerabilities Security22 Jan 2024 | 16
Thieves steal 35.5M customers’ data from Vans sneakers maker But what kind of info was actually compromised? None of your business Cyber-crime19 Jan 2024 | 8
JPMorgan exec claims bank repels '45 billion' cyberattack attempts per day Updated Assets boss also reckons she has more engineers than Amazon CSO18 Jan 2024 | 20
Future of America's Cyber Safety Review Board hangs in balance amid calls for rethink Politics-busting, uber-transparent incident reviews require independence, less internal conflict Security18 Jan 2024 |
Ransomware attacks hospitalizing security pros, as one admits suicidal feelings Untold harms of holding the corporate perimeter revealed in extensive series of interviews Cyber-crime18 Jan 2024 | 23
More than 178,000 SonicWall firewalls are exposed to old denial of service bugs Updated Majority of public-facing devices still unpatched against critical vulns from as far back as 2022 Research16 Jan 2024 | 8
Ivanti zero-day exploits explode as bevy of attackers get in on the act Customers still patchless and mitigation only goes so far Cyber-crime16 Jan 2024 | 6
Thousands of Juniper Networks devices vulnerable to critical RCE bug Yet more support for the argument to adopt memory-safe languages Patches15 Jan 2024 | 13
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers The bug with a perfect 10 severity score has been ripe for exploitation since May Patches15 Jan 2024 | 21
FTC secures first databroker settlement banning sale of sensitive location data Infosec in brief Also, iOS spyware abused Apple's own ECC, breach victim says it can't figure out what hackers took, and some critical vulns Security15 Jan 2024 | 3
Cybercrooks play dress-up as 'helpful' researchers in latest ransomware ruse Posing as cyber samaritans, scumbags are kicking folks when they're down Cyber-crime10 Jan 2024 | 2
ShinyHunters chief phisherman gets 3 years, must cough up $5M Sebastien Raoult developed various credential-harvesting websites over more than 2 years Cyber-crime10 Jan 2024 | 5
British Library: Finances remain healthy as ransomware recovery continues Authors continue to lose out on owed payments as rebuild of digital services drags on Cyber-crime08 Jan 2024 | 16
Facebook, Instagram now mine web links you visit to fuel targeted ads Infosec in brief Also: Twitter hijackings, BEC arrest, and critical vulnerabilities Patches08 Jan 2024 | 20
Uncle Sam will pay for your big ideas to end AI voice-cloning fraud The advent of generative AI has made the attack far more pervasive AI + ML05 Jan 2024 | 35
BreachForums boss busted for bond blunders – including using a VPN Fitzpatrick faces potentially decades in prison later this month, so may as well get some foreign Netflix in beforehand Cyber-crime05 Jan 2024 | 2
Infosec experts divided over 23andMe's 'victim-blaming' stance on data breach Users apparently at fault after reusing credentials the company didn't check were already compromised Cyber-crime04 Jan 2024 | 29
Infostealer malware, weak password leaves Orange Spain RIPE for plucking Updated No 2FA or special characters to prevent database takeover and BGP hijack Cyber-crime04 Jan 2024 | 6
Atos confirms talks with Airbus over cybersecurity wing sale IT service company's latest move to clear its maturing debts Security03 Jan 2024 | 2
Copy that? Xerox confirms 'security incident' at subsidiary Company’s removal from ransomware gang’s leak blog could mean negotiations underway Cyber-crime03 Jan 2024 |
X reverses course on headlines in article links, kinda Updated Meanwhile: Fidelity downgrades social network's valuation by 71%, so far Personal Tech03 Jan 2024 | 67
Google password resets not enough to stop these info-stealing malware strains Updated Now every miscreant is jumping on Big G's OAuth account security hole Research02 Jan 2024 | 12
Court hearings become ransomware concern after justice system breach From legal proceedings to potential YouTube fodder Cyber-crime02 Jan 2024 | 6
SSH shaken, not stirred by Terrapin vulnerability No need to panic, but grab those updates or mitigations anyway just to be safe Patches20 Dec 2023 | 14
Singapore wants datacenters, clouds, regulated like critical infrastructure Even systems located outside city-state could be considered 'foundational' and face performance demands Off-Prem20 Dec 2023 | 3
National Grid latest UK org to zap Chinese kit from critical infrastructure Move reportedly made after consulting with National Cyber Security Centre Security18 Dec 2023 | 39