Google raps Iran's APT42 for raining down spear-phishing attacks
US politicians and Israeli officials among the top targets for the IRGC’s cyber unit
Research15 Aug 2024 |
Security
Russian man who sold logins to nearly 3,000 accounts gets 40 months in jail
He’ll also have to pay back $1.2 million from fraudulent transactions he facilitated
Cyber-crime15 Aug 2024 |
Mad Liberator extortion crew emerges on the cyber-crook scene
Anydesk is its access tool of choice
Cyber-crime15 Aug 2024 | 1
Over 40 million Kakao Pay users' data somehow ended up with Alipay
Payment arm of Korean messaging app denies any illegal activity
Security15 Aug 2024 | 6
China-linked cyber-spies infect Russian govt, IT sector
No, no, go ahead, don't let us stop you, Xi
Research15 Aug 2024 | 10
Russian cyber snoops linked to massive credential-stealing campaign
Citizen Lab also spots a COLDWASTREL swimming in the Rivers of Phish
Cyber-crime14 Aug 2024 |
Texas sues GM for selling driver data to analytics, insurance companies
Lone Star State alleges GM cashed in with "millions in lump sum payments" from the sale
Security14 Aug 2024 | 22
Enzo Biochem ordered to cough up $4.5 million over lousy security that led to ransomware disaster
Three state attorneys general probed the company and found plenty to chastise
Cyber-crime14 Aug 2024 | 3
Palo Alto Networks execs apologize for 'hostesses' dressed as lamps at Black Hat booth
Biz admits turning human women into faceless, sexualized furniture was a 'tone deaf' marketing ploy
Security14 Aug 2024 | 115
Is Lenovo a blind spot in US anti-China security measures?
Opinion Questions raised as one of the world's largest PC makers joins America's critical defense team
Security14 Aug 2024 | 35
Indian telcos to cut off scammy, spammy, telemarketers for two whole years
There's a blockchain involved so it's totally going to stop you getting those calls
Public Sector14 Aug 2024 | 27
NIST finalizes trio of post-quantum encryption standards
Nicely ahead of that always-a-decade-away moment when all our info becomes an open book
Security14 Aug 2024 | 12
Microsoft patches scary wormable hijack-my-box-via-IPv6 security bug and others
Patch Tuesday Plus more pain for Intel which fixed 43 bugs, SAP and Adobe also in on the action
Patches14 Aug 2024 | 20
Six ransomware gangs behind over 50% of 2024 attacks
Plus many more newbies waiting in the wings
Cyber-crime13 Aug 2024 |
US accuses man of being 'elite' ransomware pioneer they've hunted for years
Authorities allege 'J.P. Morgan' practiced ‘extreme operational and online security’
Cyber-crime13 Aug 2024 | 5
Feds bust minor league Radar/Dispossessor ransomware gang
The takedown may be small but any ransomware gang sent to the shops is good news in our book
Cyber-crime13 Aug 2024 | 4
Orion SA says scammers conned company out of $60 million
Incident sounds like a BEC fraud targeting an unwitting staffer
Cyber-crime13 Aug 2024 | 6
Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls
Because apps talking like pirates and creating ASCII art never gets old
AI + ML13 Aug 2024 | 16
'Digital arrest' scams are big in India and may be spreading
Bad guys claim they're cops, keep you on hold for hours until you pay to make loved ones' crimes go away
Cyber-crime13 Aug 2024 | 5
AMD won’t patch Sinkclose security bug on older Zen CPUs
Kernel mode not good enough for you? Maybe you'll like SMM of this
Patches13 Aug 2024 | 10
Popular
Palo Alto Networks execs apologize for 'hostesses' dressed as lamps at Black Hat booth
Biz admits turning human women into faceless, sexualized furniture was a 'tone deaf' marketing ploy
Microsoft tweaks fine print to warn everyone not to take its AI seriously
Don't use LLMs for anything important and don't try to reverse engineer it
Microsoft patches scary wormable hijack-my-box-via-IPv6 security bug and others
Patch Tuesday Plus more pain for Intel which fixed 43 bugs, SAP and Adobe also in on the action
Is Lenovo a blind spot in US anti-China security measures?
Opinion Questions raised as one of the world's largest PC makers joins America's critical defense team
Google is a monopoly. The fix isn't obvious
Comment A business breakup may be coming – but what comes after may not be better
Microsoft pushing, pushing, pushing Edge in Defender slammed as a 'dark pattern'
Is it an ad? Or serious infosec advice?
US accuses man of being 'elite' ransomware pioneer they've hunted for years
Authorities allege 'J.P. Morgan' practiced ‘extreme operational and online security’
Indian telcos to cut off scammy, spammy, telemarketers for two whole years
There's a blockchain involved so it's totally going to stop you getting those calls
Intel, already adrift, now Armless too
Sells stake in rival chip designer, keeps its MariaDB shares
Still waiting for a Pi 500 and wondering what do this summer?
The team knows you want one, but in the meantime why not make one yourself?
STORIES
Attacker steals personal data of 200K+ people with links to Arizona tech school
Nearly 50 different data points were accessed by cybercrim
Cyber-crime12 Aug 2024 | 7
Mega money, unfathomable violence pervade thriving underground doxxing scene
Black Hat It also attracts exactly the type of unempathetic people you would think it does
Cyber-crime12 Aug 2024 | 9
Evolve your cloud security knowledge
Let SANS help you get to grips with the shifting landscape of cloud security
Sponsored Post
Trump campaign cites Iran election phish claim as evidence leaked docs were stolen
Dots have been joined, but hard evidence is not apparent
Security12 Aug 2024 | 73
The UN unanimously agrees that cybercrime is bad, mkay?
Infosec in brief Also: British nuke subs get code from Russia; and BlackSuit begs for $500M
Security12 Aug 2024 | 7
Raptor Lake microcode limits Intel chips to a mere 1.55 volts to prevent CPU destruction
Is that a lot? Depends on the context. GHz, no. Voltage, yes
Personal Tech09 Aug 2024 | 27
Understanding escalating cyber threats
Explore the latest trends in cybersecurity with expert insight from Cloudflare
Webinar
Pro-Iran groups lay groundwork for 'chaos and violence' as US election meddling attempts intensify
Political officials, advisors targeted in cyber attacks as fake news sites deliver lefty zingers
Security09 Aug 2024 | 23
It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0
Can't reach someone's private server on localhost from outside? No problem
Research09 Aug 2024 | 39
Hello? Are you talking on a Cisco SPA300 or SPA500 IP phone? Now's the time to junk 'em
Multiple critical flaws found and they won't be fixed
Security09 Aug 2024 | 31
Delta: CrowdStrike's offer to help in Falcon meltdown was too little, too late
Airline unimpressed with 'unhelpful and untimely' phone call from CEO, Falcon maker says claims untrue
CxO08 Aug 2024 | 32
US 'laptop farm' man accused of outsourcing his IT jobs to North Korea to fund weapons programs
American and Brit firms thought they were employing a Westerner, but not so, it's alleged
CSO08 Aug 2024 | 18
Using 1Password on Mac? Patch up if you don’t want your Vaults raided
Hundreds of thousands of users potentially vulnerable
Patches08 Aug 2024 | 23
US elections have never been more secure, says CISA chief
Black Hat Election tech is fine – it's all those idiots buying into the propaganda that's worrying Jen Easterly
Security08 Aug 2024 | 45
Report: Tech misconceptions plague the IT world
Just snapping the webcam shutter closed won't keep a user safe online
Personal Tech08 Aug 2024 | 74
Entrust faces years of groveling to regain browsers' trust, say rival chiefs
Sectigo bosses claim it's only a matter of time before Microsoft and Apple drop Big E from their root stores too
Security08 Aug 2024 | 4
Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware
Black Hat Why run your own evil infrastructure when Big Tech offers robust tools hosted at trusted URLs?
Black Hat and DEF CON08 Aug 2024 | 2
Samsung boosts bug bounty to a cool million for cracks of the Knox Vault subsystem
Good luck, crackers: It's an isolated processor and storage enclave, and top dollar only comes from a remote attack
Security08 Aug 2024 | 5
Faulty instructions in Alibaba's T-Head C910 RISC-V CPUs blow away all security
Black Hat Let's get physical, physical ... I don't wanna hear your MMU talk
Black Hat and DEF CON07 Aug 2024 | 48
Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net
A simple HTML change and the warning is gone!
Research07 Aug 2024 | 13
Police take just 2 days to recover $40M stolen in business email scam
Timor-Leste is a known cybercrime hotspot
Cyber-crime07 Aug 2024 | 9
EQT buys majority share in Swiss cybersecurity biz Acronis
Went at equivalent of $3.5B+ valuation for entire firm, though portion sold not specified
Security07 Aug 2024 | 3
UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack
Nearly 83,000 people had their data stolen amid chaos that struck NHS healthcare
Cyber-crime07 Aug 2024 | 10
SharpRhino malware targets IT admins – Hunters International gang suspected
Fake Angry IP Scanner will make you furious - or maybe remind you of how the Hive gang went about its banal business
Security07 Aug 2024 |
Georgia's voter portal gets a crash course in client versus backend input validation
Trying to cancel a citizen's registration would be caught by humans no matter what the page said, officials say
Research07 Aug 2024 | 35
Microsoft punches back at Delta Air Lines and its legal threats
SatNad himself offered CrowdStrike recovery help, Redmond says, before suggesting airline's IT is in a mess
CxO07 Aug 2024 | 39
CrowdStrike hires outside security outfits to review troubled Falcon code
And reveals more and more about small mistake that bricked 8.5M Windows boxes
Security07 Aug 2024 | 54
Google splats device-hijacking exploited-in-the-wild Android kernel bug among others
And Qualcomm addresses 'permanent denial of service' flaw in its stuff
Patches06 Aug 2024 | 7
Sonic Automotive says ransomware-linked CDK software outage cost it $30M
Misery loves company – all of its competitors were also negatively impacted
Cyber-crime06 Aug 2024 | 2
Bad apps bypass Windows security alerts for six years using newly unveiled trick
Windows SmartScreen and Smart App Control both have weaknesses of which to be wary
Research06 Aug 2024 | 15
Users call on Microsoft to update Outlook's friendly name feature
That one weird thing in Outlook that gives phishers and scammers an in to an inbox
Security06 Aug 2024 | 75
Billion-dollar bust as international op shutters Cryptonator wallet
Chap named 'Roman Boss' accused of being just that at a cryptocash laundering outfit
Cyber-crime06 Aug 2024 | 13
MDM vendor Mobile Guardian attacked, leading to remote wiping of 13,000 devices
Singapore Ministry of Education orders software removed after string of snafus
Security06 Aug 2024 | 9
Illinois relaxes biometric privacy law so snafus won't cost businesses billions
Some scowl, some smile, as fines no longer apply every time your mugshot or fingerprint is shared
Security06 Aug 2024 | 3
NFL to begin using face scanning tech across all of its stadiums
Smile for the camera to get in, or buy a beer without lining up
Security06 Aug 2024 | 7
That cyber-heist of 2.9B personal records? There's a class-action lawsuit looming for that
Updated Background check biz accused of negligence
Cyber-crime05 Aug 2024 | 11
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets
Malware logs users' keystrokes, pilfers credentials, exfiltrates data
Research05 Aug 2024 | 15
CrowdStrike unhappy about Delta's 'litigation threat,' claims airline refused 'free on-site help'
Vendor plans to aggressively defend its case before listing catalog of shortcomings at the airline
Security05 Aug 2024 | 67
China starts testing national cyber-ID before consultation on the idea closes
Eighty-one apps signed up to pilot facial recognition and real name ID system
Public Sector05 Aug 2024 | 12
Google gamed into advertising a malicious version of Authenticator
Infosec in brief Plus: CISA's AI hire; and claimed Canuck SIM swappers busted
Security05 Aug 2024 | 13
DARPA suggests turning old C code automatically into Rust – using AI, of course
Who wants to make a TRACTOR pull request?
Research03 Aug 2024 | 146
Israeli hacktivist group brags it took down Iran's internet
WeRedEvils alleges successful attack on infrastructure, including data theft
Cyber-crime02 Aug 2024 | 8
Fortune 50 biz coughed up record-breaking $75M ransom to halt leak of stolen data
They say crime doesn't pay. They're right – it's the victims doing the paying
Cyber-crime02 Aug 2024 | 12
UK plans to revamp national cyber defense tools are already in motion
Work aims to build on the success of NCSC's 2016 initiative – and private sector will play a part
Cyber-crime02 Aug 2024 | 8
UK crimebusters shut down global call-spoofing outfit that claimed 170K-plus victims
Suspected devs behind Russian Coms cuffed – now to find the users of the nastyware
Cyber-crime02 Aug 2024 | 11
Japan mandates app to ensure national ID cards aren't forged
First delays, then data leaks – now fraud detection needed at point of use
Security02 Aug 2024 | 36
India contemplates compulsory dynamic 2FA for digital payments
SMS OTPs are overused, so bring on the tokens and biometrics
Security02 Aug 2024 | 4
US sends cybercriminals back to Russia in prisoner swap that freed WSJ journo, others
Techno-crooks greeted by grinning Putin after landing
Cyber-crime02 Aug 2024 | 37
Too late now for canary test updates, says pension fund suing CrowdStrike
That horse has not just bolted, it's trampled all over kernel space
CSO01 Aug 2024 | 114
FBI, CISA remind US voters that DDoS attacks can't touch election systems
PSA comes amid multiple IT services crises in recent days
Cyber-crime01 Aug 2024 | 16
Firefox's Mozilla follows Google in losing trust in Entrust's TLS certificates
Compliance failures and unsatisfactory responses mount from the long-time certificate authority
CSO01 Aug 2024 | 15
Germany names China as source of attack on government geospatial agency
Meanwhile, US apparently considers further AI hardware sanctions
Cyber-crime01 Aug 2024 | 10
Ransomware infection cuts off blood supply to 250+ hospitals
Scumbags go for the jugular
Cyber-crime31 Jul 2024 | 39
More than 83K certs from nearly 7K DigiCert customers must be swapped out now
Small stay of execution in 'exceptional circumstances' promised – amid legal action to pause digital bonfire
CSO31 Jul 2024 | 18
Russia takes aim at Sitting Ducks domains, bags 30,000+
Eight-year-old domain hijacking technique still claiming victims
Research31 Jul 2024 |
Chrome adopts app-bound encryption to stymie cookie-stealing malware
Windows users now get macOS-grade secret security
CSO31 Jul 2024 | 4
'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage
A playbook full of strategies and someone fumbles the implementation
CSO31 Jul 2024 | 18
UK Electoral Commission slapped for basic cybersecurity fails
It took 13 months to notice 40 million voters' data was compromised
CSO31 Jul 2024 | 25
DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder
For the want of an underscore
CSO31 Jul 2024 | 27
Delta Air Lines dials up Microsoft's legal nemesis over CrowdStrike losses
Oh, Boies, here we go again
CSO30 Jul 2024 | 17
'LockBit of phishing' EvilProxy used in more than a million attacks every month
Insight Leaves a trail of ransomware infections, data theft, business email compromise in its wake
Malware Month30 Jul 2024 | 7
Ransomware gangs are loving this dumb but deadly make-me-admin ESXi vulnerability
Get those patches applied – all the big dogs are abusing it
Patches30 Jul 2024 | 18
Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others
They DKIM here, they DKIM there
Research30 Jul 2024 | 33
Malaysia is working on an internet 'kill switch', says minister
Follows requirement for social media and messaging platforms to get a license
Public Sector30 Jul 2024 | 21
Meta's AI safety system defeated by the space bar
'Ignore previous instructions' thwarts Prompt-Guard model if you just add some good ol' ASCII code 32
AI + ML29 Jul 2024 | 57
US border cops really must get a warrant in NY before searching your phones, devices
Do we really want to bother SCOTUS with this, friends? Surely they're way too busy to take a look
Public Sector29 Jul 2024 | 38
Intruders at HealthEquity rifled through storage, stole 4.3M people's data
No mention of malware or ransomware – somewhat of a rarity these days
Cyber-crime29 Jul 2024 | 5
Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update
Happy Sysadmin Day
CSO29 Jul 2024 | 13
Post-CrowdStrike, Microsoft to discourage use of kernel drivers by security tools
Updated Now there's an idea – parsing config data in user mode
OSes29 Jul 2024 | 48
China ponders creating a national 'cyberspace ID'
Because clearly it's better for Beijing to know who you are than for every ISP and social service to keep its own records
Public Sector29 Jul 2024 | 18
Secure Boot useless on hundreds of PCs from major vendors after key leak
Infosec in brief Plus: More stalkerware exposure; a $16M TracFone fine; Ransomware victims don't use MFA, and more
Security29 Jul 2024 | 36
CrowdStrike meets Murphy's Law: Anything that can go wrong will
Opinion And boy, did last Friday's Windows fiasco ever prove that yet again
Patches26 Jul 2024 | 98
Progress discloses second critical flaw in Telerik Report Server in as many months
These are the kinds of bugs APTs thrive on, just ask the Feds
Patches26 Jul 2024 | 1
North Korean chap charged for attacks on US hospitals, military, NASA – and even China
Microsoft, Mandiant, weigh in with info about methods used by Andariel gang alleged to have made many, many, heists
Security26 Jul 2024 | 4
Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank
May even have targeted other malware gangs, and infosec researchers
Cyber-crime26 Jul 2024 | 9
CrowdStrike update blunder may cost world billions – and insurance ain't covering it all
We offer this formula instead: RND(100.0)*(10^9)
CSO26 Jul 2024 | 60
Beware of fake CrowdStrike domains pumping out Lumma infostealing malware
PSA: Only accept updates via official channels ... ironically enough
Malware Month25 Jul 2024 | 3
FYI: Data from deleted GitHub repos may not actually be deleted
And the forking Microsoft-owned code warehouse doesn't see this as much of a problem
CSO25 Jul 2024 | 49
Uncle Sam accuses telco IT pro of decade-long spying campaign for China
Beijing has a long history of recruiting US residents to carry out various espionage activities
Cyber-crime25 Jul 2024 | 9
You should probably fix this 5-year-old critical Docker vuln fairly sharpish
For some unknown reason, initial patch was omitted from later versions
Patches25 Jul 2024 |
Biting the hand that feeds IT
