Don't be like these 900+ websites and expose millions of passwords via Firebase Warning: Poorly configured Google Cloud databases spill billing info, plaintext credentials CSO18 Mar 2024 | 4
Fujitsu reveals malware installed on internal systems, risk of customer data spill Sneaky software slips past shields, spurring scramble Security18 Mar 2024 | 3
More than 133,000 Fortinet appliances still vulnerable to month-old critical bug A huge attack surface for a vulnerability with various PoCs available Patches18 Mar 2024 |
Cyber baddies leak 70M+ files online, claim they're from AT&T Telco reckons data is old, isn't from its systems Security18 Mar 2024 | 1
Cyberattack gifts esports pros with cheats, forcing Apex Legends to postpone tournament Updated Virtual gunslingers forcibly became cheaters via mystery means Cyber-crime18 Mar 2024 | 2
Infosec teams must be allowed to fail, argues Gartner But failing to recover from incidents is unforgivable because 'adrenalin does not scale' Security18 Mar 2024 | 12
Filipino police free hundreds of slaves toiling in romance scam operation 875 workers liberated after falling for promises of lucrative work, nine arrested Cyber-crime18 Mar 2024 | 29
Protecting distributed branch office environments from ransomware As ransomware becomes more sophisticated, detection tools should be upgraded to cover every site and location Sponsored Feature
ChatGPT side-channel attack has easy fix: Token obfuscation Infosec in brief Also: Roblox-themed infostealer on the prowl, telco insider pleads guilty to swapping SIMs, and some crit vulns Security18 Mar 2024 | 2
In the rush to build AI apps, please, please don't leave security behind Feature Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more AI + ML17 Mar 2024 | 17
As if working at Helldesk weren't bad enough, IT helpers now targeted by cybercrims Wave of Okta attacks mark what researchers are calling the biggest security trend of the year Research15 Mar 2024 | 15
Cop shop rapped for 'completely avoidable' web form blunder Made public highly sensitive data on complaints about Metropolitan Police Service Security15 Mar 2024 | 14
Forget TikTok – Chinese spies want to steal IP by backdooring digital locks Updated Uncle Sam can use this snooping tool, too, but that's beside the point Security14 Mar 2024 | 21
FTC goes undercover to probe suspected antivirus scam, scores $26M settlement Imagine trying to trick folks into buying $500 of unnecessary repairs – and they turn out to be federal agents Cyber-crime14 Mar 2024 | 9
LockBit ransomware kingpin gets 4 years behind bars Canadian-Russian said to have turned to a life of cybercrime during pandemic, now must pay the price – literally Cyber-crime14 Mar 2024 | 11
Google gooses Safe Browsing with real-time protection that doesn't leak to ad giant Rare occasion when you do want Big Tech to make a hash of it Personal Tech14 Mar 2024 | 14
Record breach of French government exposes up to 43 million people's data Zut alors! Department for registering and helping unemployed people broken into Cyber-crime14 Mar 2024 | 28
International effort to disrupt cybercrime moves into operational phase Will the WEF experiment work? Cyber-crime14 Mar 2024 | 22
US to probe Change Healthcare's data protection standards as lawsuits mount Services slowly coming back online but providers still struggling Cyber-crime14 Mar 2024 | 3
US Congress goes bang, bang, on TikTok sale-or-ban plan Bill proposes to do to China what China already does to the US – make life hard for foreign social networks Public Sector14 Mar 2024 | 60
How to run an LLM on your PC, not in the cloud, in less than 10 minutes Hands On Cut through the hype, keep your data private, find out what all the fuss is about
TrueNAS CORE 13 is the end of the FreeBSD version Debian-based TrueNAS SCALE is the future primary focus
Filipino police free hundreds of slaves toiling in romance scam operation 875 workers liberated after falling for promises of lucrative work, nine arrested
Yes, I did just crash that critical app. And you should thank me for having done so Who, Me? Quick thinking turned poor judgement into genius proactivity
In the rush to build AI apps, please, please don't leave security behind Feature Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more
Microsoft promises Copilot will be a 'moneymaker' in the long term Exec tells investors to 'temper' expectations as mission to convince customers of price tag continues
Qualcomm unveils Snapdragon 8s Gen 3 with Eye-of-Sauron camera Wherever you go, whatever you do, your phone is watching
Infosec teams must be allowed to fail, argues Gartner But failing to recover from incidents is unforgivable because 'adrenalin does not scale'
ChatGPT side-channel attack has easy fix: Token obfuscation Infosec in brief Also: Roblox-themed infostealer on the prowl, telco insider pleads guilty to swapping SIMs, and some crit vulns
India quickly unwinds requirement for government approval of AIs Asia in brief Also: US woos Thailand, Philippines, for tech trade; China's Fukushima rage glows; Alibaba targets South Korea
Nissan to let 100,000 Aussies and Kiwis know their data was stolen in cyberattack Akira ransomware crooks brag of swiping thousands of ID documents during break-in Cyber-crime14 Mar 2024 | 7
Poking holes in Google tech bagged bug hunters $10M A $2M drop from previous year. So … things are more secure? Security13 Mar 2024 | 4
Cryptocurrency laundryman gets hung out to dry Bitcoin Fog washed hundreds of millions for criminals Cyber-crime13 Mar 2024 | 27
Microsoft Copilot for Security prepares for April liftoff Automated AI helper intended to make security more manageable Security13 Mar 2024 | 22
Stanford University failed to detect ransomware intruders for 4 months 27,000 individuals had data stolen, which for some included names and social security numbers Cyber-crime13 Mar 2024 | 4
Reducing the cloud security overhead Why creating a layered defensive strategy that includes security by design can help address cloud challenges Sponsored Feature
Whizkids jimmy OpenAI, Google's closed models Infosec folk aren’t thrilled that if you poke APIs enough, you learn AI's secrets AI + ML13 Mar 2024 | 42
March Patch Tuesday sees Hyper-V join the guest-host escape club Patch Tuesday Critical bugs galore among 61 Microsoft fixes, 56 from Adobe, a dozen from SAP, and a fistful from Fortinet Patches13 Mar 2024 | 8
Meta sues ex infra VP for allegedly stealing top-secret datacenter blueprints Exec accused of using own work PC to swipe confidential AI and staffing docs for stealth cloud startup PaaS + IaaS12 Mar 2024 | 4
Biden's budget proposal boosts CISA funding to $3B Plus almost $1.5b for health-care cybersecurity Security12 Mar 2024 | 5
JetBrains is still mad at Rapid7 for the ransomware attacks on its customers War of words wages on between vendors divided Patches12 Mar 2024 | 10
UK council yanks IT systems and phone lines offline following cyber ambush Targeting recovery this week, officials still trying to 'dentify the nature of the incident' Cyber-crime12 Mar 2024 | 45
French government sites disrupted by très grande DDoS Russia and Sudan top the list of suspects Public Sector12 Mar 2024 | 7
White House and lawmakers increase pressure on UnitedHealth to ease providers' pain US senator calls cyber attack 'inexcusable,' calls for mandatory security rules Security12 Mar 2024 | 2
Kremlin accuses America of plotting cyberattack on Russian voting systems Don't worry, we have a strong suspicion Putin's still gonna win Security11 Mar 2024 | 48
British Library pushes the cloud button, says legacy IT estate cause of hefty rebuild Five months in and the mammoth post-ransomware recovery has barely begun Cyber-crime11 Mar 2024 | 42
How do you lot feel about Pay or say OK to ads model, asks ICO And does it count as consent? Security11 Mar 2024 | 82
Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability Infosec in brief PLUS: NSA shares cloud security tips; Infosec training for Jordanian women; Critical vulnerabilities Security11 Mar 2024 | 10
Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes Plus: CISA pulls plug on couple of systems feared compromised Cyber-crime08 Mar 2024 | 2
Microsoft confirms Russian spies stole source code, accessed internal systems Still 'no evidence' of any compromised customer-facing systems, we're told Cyber-crime08 Mar 2024 | 50
Change Healthcare registers pulse after crippling ransomware attack Remaining services are expected to return in the coming weeks after $22M ALPHV ransom Cyber-crime08 Mar 2024 | 2
Swiss cheese security? Play ransomware gang milks government of 65,000 files Classified docs, readable passwords, and thousands of personal information nabbed in Xplain breach Cyber-crime08 Mar 2024 | 11
Font security 'still a Helvetica of a problem' says Australian graphics outfit Canva Who knew that unzipping a font archive could unleash a malicious file Security08 Mar 2024 | 38
Securing open source software: Whose job is it, anyway? CISA announces more help, and calls on app makers to step up CSO08 Mar 2024 | 21
We're not Meta support: State AGs tell Zuck to fix rampant account takeover problem 'We refuse to operate as customer service representatives' Security07 Mar 2024 | 16
Chrome users – get an alert when extensions are in danger of falling into wrong hands Under New Management is an early-warning system for potential poisoning of add-ons with malware Applications07 Mar 2024 | 22
Possible China link to Change Healthcare ransomware attack Alleged crim bought SmartScreen Killer, Cobalt Strike on dark-web markets Cyber-crime07 Mar 2024 | 3
JetBrains TeamCity under attack by ransomware thugs after disclosure mess More than 1,000 servers remain unpatched and vulnerable Cyber-crime07 Mar 2024 | 11
Belgian ale legend Duvel's brewery borked as ransomware halts production Biz reassures quaffers it has enough beer, expects quick recovery before weekend Cyber-crime07 Mar 2024 | 40
VMware urges emergency action to blunt hypervisor flaws Critical vulns in USB under ESXi and desktop hypervisors found by Chinese researchers at cracking contest Virtualization07 Mar 2024 | 16
Reminder: Infostealer malware is coming for your ChatGPT credentials Singaporean researchers note rising presence of OpenAI logins in infostealer malware logs Security07 Mar 2024 | 14
US politicians want ByteDance to sell off TikTok or face ban The American mind must not be at the mercy of Chinese algorithms Personal Tech07 Mar 2024 | 18
Lawsuit claims gift card fraud is the gift that keeps on giving, to Google Play Store commissions are a nice little earner, wherever they come from Cyber-crime07 Mar 2024 | 18
Chinese chap charged with stealing Google’s AI datacenter secrets Moonlighted for PRC companies after side-stepping Big G's security, allegedly On-Prem07 Mar 2024 | 13
FBI: Critical infrastructure suffers spike in ransomware attacks Jump in overall cybercrime reports, $60M-plus reportedly lost to extortionists alone, Feds reckon CSO06 Mar 2024 | 4
Apple's trademark tight lips extend to new iPhone, iPad zero-days Two flaws fixed, one knee bent to the EU, and a budding cybersecurity star feature in iOS 17.4 Patches06 Mar 2024 |
Capita says 2023 cyberattack costs a factor as it reports staggering £100M+ loss Additional cuts announced, sparking fears of further layoffs Cyber-crime06 Mar 2024 | 27
Chip lobby group SEMI to EU: Export restrictions should only be used in self-defense Please don't scare away foreign investors - who do you think pays for this stuff? Public Sector06 Mar 2024 | 5
Japan orders local giants LINE and NAVER to disentangle their tech stacks Government mighty displeased about a shared Active Directory that led to a big data leak Security06 Mar 2024 | 2
Uncle Sam intervenes as Change Healthcare ransomware fiasco creates mayhem As the crooks behind the attack - probably ALPHV/BlackCat - fake their own demise Cyber-crime06 Mar 2024 | 6
Fidelity customers' financial info feared stolen in suspected ransomware attack Insurance giant blames Infosys, LockBit claims credit Cyber-crime05 Mar 2024 | 13
US accuses Army vet cyber-Casanova of sharing Russia-Ukraine war secrets Where better to expose confidential data than on a dating app? Security05 Mar 2024 | 17
IP address X-posure now a feature on Musk's social media thing Just a little FYI Personal Tech05 Mar 2024 | 33
Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure' Updated Exploits began within hours of the original disclosure, so patch now Patches05 Mar 2024 | 37
Spam crusade lands charity in hot water with data watchdog Penny Appeal sent more than 460,000 texts asking for money to help war-torn countries, no opt out Security05 Mar 2024 | 72
Cloudflare wants to put a firewall in front of your LLM Claims to protect against DDoS, sensitive data leakage Security05 Mar 2024 | 2
American Express admits card data exposed and blames third party Don't leave home without … IT security Security04 Mar 2024 | 9
Change Healthcare attack latest: ALPHV bags $22M in Bitcoin amid affiliate drama No honor among thieves? Cyber-crime04 Mar 2024 | 7
Seoul accuses North Korea of stealing southern chipmakers' designs Kim Jong Un's all in for home-built silicon says warning Cyber-crime04 Mar 2024 | 1
German defense chat overheard by Russian eavesdroppers on Cisco's WebEx Officials can't tell whether the tape was edited, but fear Kremlin has more juicy bits to release in the future Security04 Mar 2024 | 116
Ransomware ban backers insist thugs must be cut off from payday Increasingly clear number of permanent solutions is narrowing Cyber-crime04 Mar 2024 | 22
The federal bureau of trolling hits LockBit, but the joke's on us Opinion When you can't lock 'em up, lock 'em out Cyber-crime04 Mar 2024 | 27
LockBit's contested claim of fresh ransom payment suggests it's been well hobbled Infosec in brief ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn't need ADFS, and crit vulns Security04 Mar 2024 | 1
Ahead of Super Tuesday, US elections face existential and homegrown threats Feature Misinformation is rife, AI makes it easier to create, and 42 percent of the planet’s inhabitants get to vote this year Security04 Mar 2024 | 68
Air National Guardsman Teixeira to admit he was Pentagon files leaker Updated Turns out bragging on Discord has unfortunate consequences Security01 Mar 2024 | 48
Judge orders NSO to cough up Pegasus super-spyware source code /* Hope no one ever reads these functions lmao */ Security01 Mar 2024 | 62
Iranian charged over attacks against US defense contractors, government agencies $10M bounty for anyone with info leading to Alireza Shafie Nasab's identification or location Security01 Mar 2024 | 3
Cops visit school of 'wrong person's child,' mix up victims and suspects in epic data fail Data watchdog reprimands police force for confusing 2 people with same name and birthday to disastrous results Security01 Mar 2024 | 118
NTT boss takes early retirement to atone for data leak No mere mea culpa would suffice after 9.2 million records leaked over a decade, warnings were ignored, and lies were told Security01 Mar 2024 | 8
GitHub struggles to keep up with automated malicious forks Cloned then compromised, bad repos are forked faster than they can be removed Security01 Mar 2024 | 26
Turns out cops are super interested in subpoenaing suspects' push notifications Those little popups may reveal location, device details, IP address, and more Public Sector29 Feb 2024 | 10
White House goes to court, not Congress, to renew warrantless spy powers Choose your own FISA Section 702 adventure: End-run around lawmakers or business as usual? Public Sector29 Feb 2024 | 14
Chinese 'connected' cars are a national security threat, says Biden China's automakers don't sell in America, but the Feds are still going to investigate whether they're a threat Security29 Feb 2024 | 113
Ransomware gangs are paying attention to infostealers, so why aren't you? Analysts warn of big leap in cred-harvesting malware activity last year Cyber-crime29 Feb 2024 | 2
Meta's pay-or-consent model hides 'massive illegal data processing ops': lawsuit GDPR claim alleges Facebook parent's 'commercial surveillance practices are fundamentally illegal' Security29 Feb 2024 | 38
Chinese PC-maker Acemagic customized its own machines to get infected with malware Tried to speed boot times, maybe by messing with 'Windows source code', ended up building a viral on-ramp Security29 Feb 2024 | 24
Australian spy chief fears sabotage of critical infrastructure And accuses a former Australian politician of having 'sold out their country' Cyber-crime29 Feb 2024 | 17
ALPHV/BlackCat claims responsibility for Change Healthcare attack Updated Brags it lifted 6TB of data, but let's remember these people are criminals and not worthy of much trust Cyber-crime29 Feb 2024 | 4
BEAST AI needs just a minute of GPU time to make an LLM fly off the rails Talk about gone in 60 seconds AI + ML28 Feb 2024 | 10
Palo Alto investor sues over 28% share tumble Updated Lawsuit alleges it misled investors with claims new AI products were 'facilitating greater platformization' and more Security28 Feb 2024 | 23
Uncle Sam tells nosy nations to keep their hands off Americans' personal data Biden readies executive order targeting China, Russia, and pals Security28 Feb 2024 | 32
That home router botnet the Feds took down? Moscow's probably going to try again Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs Security28 Feb 2024 | 36
Sandvine put on America's export no-fly list after Egypt used network tech for spying Canadian network box maker floats in denial CSO27 Feb 2024 | 11
NIST updates Cybersecurity Framework after a decade of lessons The original was definitely getting a bit long in the tooth for modern challenges Security27 Feb 2024 | 5
Cybercrims: When we hit IT, they sometimes pay, but when we hit OT... jackpot Analysis Or so says opsec firm, which confirms 70% of all industrial org ransomware in 2023 targeted manufacturers Cyber-crime27 Feb 2024 | 19
Broadcom builds a SASE out of VMware VeloCloud and Symantec First integration across properties, as end user compute division readies to leave home Security27 Feb 2024 | 8
China warns of fake digital currency wallets fleecing netizens Scammers' tactics are tiresomely familiar: get-rich-quick schemes and data harvesting Security27 Feb 2024 | 5
Nevada sues to deny kids access to Meta's Messenger encryption State government says it's thinking of the children Security26 Feb 2024 | 37
ALPHV/BlackCat responsible for Change Healthcare cyberattack Updated US government's bounty hasn't borne fruit as whack-a-mole game goes on Security26 Feb 2024 | 2
Back from the dead: LockBit taunts cops, threatens to leak Trump docs Updated Officials have until March 2 to cough up or stolen data gets leaked Security26 Feb 2024 | 11