OpenSea phishing threat after rogue insider leaks customer email addresses
Worse, imagine someone finding out you bought one of its NFTs
Cyber-crime30 Jun 2022 | 1
Security
Jenkins warns of security holes in these 25 plugins
Relax, most of the vulnerabilities so far have, er, no fix
CSO30 Jun 2022 | 1
California state's gun control websites expose 10 years of personal data
And some of it may have been leaked on social media
Security30 Jun 2022 | 4
Google battles bots, puts Workspace admins on alert
No security alert fatigue here
Security30 Jun 2022 | 1
Israel plans ‘Cyber-Dome’ to defeat digital attacks from Iran and others
Already has 'Iron Dome' – does it need another hero?
Security30 Jun 2022 | 14
Start using Modern Auth now for Exchange Online
Before Microsoft shutters basic logins in a few months
CSO29 Jun 2022 | 24
'Prolific' NetWalker extortionist pleads guilty to ransomware charges
Canadian stole $21.5m from dozens of companies worldwide
Cyber-crime29 Jun 2022 | 3
FBI warning: Crooks are using deepfake videos in interviews for remote gigs
Yes. Of course I human. Why asking? Also, when you give passwords to database?
Cyber-crime29 Jun 2022 | 23
Trio accused of selling $88m of pirated Avaya licenses
Rogue insider generated keys, resold them to blow the cash on gold, crypto, and more, prosecutors say
Cyber-crime29 Jun 2022 | 7
Walmart accused of turning blind eye to transfer fraud totaling millions of dollars
Store giant brands watchdog's lawsuit 'factually misguided, legally flawed'
Cyber-crime29 Jun 2022 | 34
Customized malware coded to target OT systems
Protection starts with having the right network design, says Rockwell Automation
Sponsored Feature
AMD targeted by RansomHouse, attackers claim to have '450Gb' in stolen data
Relative cybercrime newbies not clear on whether they're alleging to have gigabits or gigabytes of chip biz files
Cyber-crime28 Jun 2022 | 6
Have you modelled the attack paths into your organization? Because an attacker already has
Join this webinar to find out how to block them
Webinar
Tencent admits to poisoned QR code attack on QQ chat platform
Could it be Beijing was right about games being bad for China?
Security28 Jun 2022 | 7
Carnival Cruises torpedoed by US states, agrees to pay $6m after wave of cyberattacks
Now those are some phishing boats
Cyber-crime28 Jun 2022 | 17
India extends deadline for compliance with infosec logging rules by 90 days
Updated Helpfully announced extension on deadline day
CSO28 Jun 2022 | 9
OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw
Though severity up for debate, and limited chips affected, broken tests hold back previous patch from distribution
Patches27 Jun 2022 | 10
LGBTQ+ folks warned of dating app extortion scams
Uncle Sam tells of crooks exploiting Pride Month
Cyber-crime27 Jun 2022 | 6
Contractor loses entire Japanese city's personal data in USB fail
In brief Also, Chrome add-ons are great for fingerprinting, and hacked hot tubs splurge details
CSO27 Jun 2022 | 14
Beijing probes security at academic journal database
It's easy to see why – the question is, why now?
Security27 Jun 2022 | 6
Popular
NanoAvionics satellite pulls out GoPro to take stunning selfie over Earth
Consumer-grade camera was refitted with custom housing and software to survive in the vacuum
City-killing asteroid won't hit Earth in 2052 after all
ESA ruins our day with some bad news
PowerShell pusher to log off from Microsoft: Write-Host "Bye bye, Jeffrey Snover"
'If you ever were rooting for somebody, please do him a favor and go tell him'
FBI warning: Crooks are using deepfake videos in interviews for remote gigs
Yes. Of course I human. Why asking? Also, when you give passwords to database?
China says it has photographed all of Mars from orbit
Enjoy the slideshow from Tianwen's orbital adventures
Microsoft postpones shift to New Commerce Experience subscriptions
The whiff of rebellion among Cloud Solution Providers is getting stronger
Trio accused of selling $88m of pirated Avaya licenses
Rogue insider generated keys, resold them to blow the cash on gold, crypto, and more, prosecutors say
Intel to sell Massachusetts R&D site, once home to its only New England fab
End of another era as former DEC facility faces demolition
IBM’s first cloudy mainframes scheduled to launch this week
It’s not IaaS, it's reserved for test and dev – and will feed the golden goose that is the z/OS ecosystem
Arrogant, subtle, entitled: 'Toxic' open source GitHub discussions examined
Analysis Developer interactions sometimes contain their own kind of poison
STORIES
Singapore promises 'brutal and unrelentingly hard' action on dodgy crypto players
But welcomes fast cross-border payments in central bank digital currencies
Cyber-crime27 Jun 2022 | 3
We're now truly in the era of ransomware as pure extortion without the encryption
Feature Why screw around with cryptography and keys when just stealing the info is good enough
Research25 Jun 2022 | 22
More than $100m in cryptocurrency stolen from blockchain biz
'A humbling and unfortunate reminder' that monsters lurk under bridges
Cyber-crime24 Jun 2022 | 34
Google: How we tackled this iPhone, Android spyware
Watching people's every move and collecting their info – not on our watch, says web ads giant
Research24 Jun 2022 | 25
Beijing-backed attackers use ransomware as a decoy while they conduct espionage
They're not lying when they say 'We stole your data' – the lie is about which data they lifted
Cyber-crime24 Jun 2022 | 2
NSO claims 'more than 5' EU states use Pegasus spyware
And it's like, what ... 12, 13,000 total targets a year max, exec says
Security24 Jun 2022 | 41
$6b mega contract electronics vendor Sanmina jumps into zero trust
Company was an early adopter of Google Cloud, which led to a search for a new security architecture
CSO23 Jun 2022 | 1
Halfords suffers a puncture in the customer details department
I like driving in my car, hope my data's not gone far
Security23 Jun 2022 | 57
Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ
Use it sensibly instead – which means turning on the useful bits Microsoft doesn't enable by default
Security23 Jun 2022 | 18
Europol arrests nine suspected of stealing 'several million' euros via phishing
Victims lured into handing over online banking logins, police say
Cyber-crime23 Jun 2022 | 7
Mega's unbreakable encryption proves to be anything but
Boffins devise five attacks to expose private files
Research22 Jun 2022 | 39
Cisco warns of security holes in its security appliances
Bugs potentially useful for rogue insiders, admin account hijackers
Patches22 Jun 2022 | 11
Israeli air raid sirens triggered in possible cyberattack
Source remains unclear, plenty suspect Iran
Cyber-crime22 Jun 2022 | 2
DARPA study challenges assumptions about distributed ledger (and Bitcoin) security
Blockchain not as decentralised as many assume, finds Pentagon sponsored research
Security22 Jun 2022 | 12
Yodel becomes the latest victim of a cyber 'incident'
British parcel delivery firm 'working around the clock' to get systems back and running
Security22 Jun 2022 | 37
Okta says Lapsus$ incident was actually a brilliant zero trust demonstration
Once former supplier Sitel coughed up its logs, it became apparent the attacker was hemmed in
Security22 Jun 2022 | 4
Info on 1.5m people stolen from US bank in cyberattack
Time to rethink that cybersecurity strategy?
Cyber-crime21 Jun 2022 | 24
Don’t react, prevent
The art of cyber warfare needs more than just defence
Webinar
1Password's Insights tool to help admins monitor users' security practices
Find the clown who chose 'password' as a password and make things right
Security21 Jun 2022 | 5
A great day for non-robots: iOS 16 will bypass CAPTCHAs
A bot says what? Apple relies on IETF standards to remove annoyance, citing privacy and accessibility
Security21 Jun 2022 | 29
How refactoring code in Safari's WebKit resurrected 'zombie' security bug
Fixed in 2013, reinstated in 2016, exploited in the wild this year
Research21 Jun 2022 | 14
CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
Updated Nearly 60 holes found affecting 'more than 30,000' machines worldwide
Research21 Jun 2022 | 23
Voicemail phishing emails steal Microsoft credentials
As always, check that O365 login page is actually O365
CSO21 Jun 2022 | 19
Capital One: Convicted techie got in via 'misconfigured' AWS buckets
Updated Assistant US attorney: 'She wanted data, she wanted money, and she wanted to brag'
Security20 Jun 2022 | 35
There are 24.6 billion pairs of credentials for sale on dark web
In brief Plus: Citrix ASM has some really bad bugs, and more
Security20 Jun 2022 | 3
You don’t need another hero … you need an automated incident response process
Head here to find out how to get one
Webinar
Indian government issues confidential infosec guidance to staff – who leak it
Bans VPNs, Dropbox, and more
Security20 Jun 2022 | 13
DeadBolt ransomware takes another shot at QNAP storage
Keep boxes updated and protected to avoid a NAS-ty shock
Cyber-crime18 Jun 2022 | 14
Inverse Finance stung for $1.2 million via flash loan attack
Just cryptocurrency things
Cyber-crime17 Jun 2022 | 31
Abortion rights: US senators seek ban on sale of health location data
With Supreme Court set to overturn Roe v Wade, privacy is key
Research17 Jun 2022 | 32
International operation takes down Russian RSOCKS botnet
$200 a day buys you 90,000 victims
Cyber-crime17 Jun 2022 | 4
Microsoft Defender goes cross-platform for the masses
Redmond's security brand extended to multiple devices without stomping on other solutions
Security17 Jun 2022 | 16
Cookie consent crumbles under fresh UK data law proposals
Campaigners fear erosion of rights as narrowing of law proposed as well as political control over independent watchdog
Security17 Jun 2022 | 121
Password recovery from beyond the grave
On Call Does your disaster recovery plan include a mysterious missive at a funeral?
Security17 Jun 2022 | 120
Interpol anti-fraud operation busts call centers behind business email scams
1,770 premises raided, 2,000 arrested, $50m seized
Security17 Jun 2022 | 25
RSAC branded a 'super spreader event' as attendees share COVID-19 test results
RSA Conference That, and Black Hat, are about to reveal risk assessment skills of our cyber-risk experts
CSO16 Jun 2022 | 26
Elasticsearch server with no password or encryption leaks a million records
POS and online ordering vendor StoreHub offered free Asian info takeaways
Security16 Jun 2022 | 22
Heineken says there’s no free beer, warns of phishing scam
WhatsApp messages possibly the worst Father's Day present in the world
Security15 Jun 2022 | 27
Microsoft continues cyber security spending spree with Miburo buy
Brains to be added to the Customer Security and Trust in defense against 'foreign adversaries'
Security15 Jun 2022 | 2
Malaysia-linked DragonForce hacktivists attack Indian targets
Just what we needed: a threat to rival Anonymous
Research15 Jun 2022 | 5
Unpatched Exchange server, stolen RDP logins... How miscreants get BlackCat ransomware on your network
Microsoft details this ransomware-as-a-service
Research15 Jun 2022 | 1
Microsoft fixes under-attack Windows zero-day Follina
Patch Tuesday Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs
Patches15 Jun 2022 | 4
Former US state agency CIO, IT exec plead guilty to bribery and extortion scheme
Pair's multimillion-dollar contract caper unraveled
CSO15 Jun 2022 | 5
Cloudflare says it thwarted record-breaking HTTPS DDoS flood
26m requests a second? Not legit traffic, not even Bill Gates doing $1m giveaways could manage that
CSO14 Jun 2022 | 2
Man gets two years in prison for selling 200,000 DDoS hits
Over 2,000 customers with malice on their minds
Security14 Jun 2022 | 3
Azure issues not adequately fixed for months, complain bug hunters
Updated Redmond kicks off Patch Tuesday with a months-old flaw fix
Security14 Jun 2022 | 6
UK health privacy watchdog still in talks over who is accessing country's COVID data store
Over a year after discussions began, National Data Guardian continues to pursue transparency in health data use
Security14 Jun 2022 | 6
Inside the RSAC expo: Buzzword bingo and the bear in the room
RSA Conference We mingle with the vendors so you don't have to
CSO14 Jun 2022 | 2
Chinese-sponsored gang Gallium upgrades to sneaky PingPull RAT
Broadens targets from telecoms to finance and government orgs
Research14 Jun 2022 | 2
HelloXD ransomware bulked up with better encryption, nastier payload
Russian-based group doubles the extortion by exfiltrating the corporate data before encrypting it.
Security13 Jun 2022 | 5
OMIGOD: Cloud providers still using secret middleware
RSA Conference in brief All the news you may have missed from RSA this week
Security11 Jun 2022 | 18
World Economic Forum wants a global map of online crime
RSA Conference Will cyber crimes shrug off Atlas Initiative? Objectively, yes
Cyber-crime10 Jun 2022 | 7
Threat and risk specialists signal post-COVID conference season is back on
RSA Conference Well, we'll see in a week or so
Security10 Jun 2022 | 2
Symbiote Linux malware spotted – and infections are 'very hard to detect'
Performing live forensics on hijacked machine may not turn anything up, warn researchers
Research10 Jun 2022 | 21
Apple M1 chip contains hardware vulnerability that bypasses memory defense
MIT CSAIL boffins devise PACMAN attack to let existing exploits avoid pointer authentication
Research10 Jun 2022 | 9
Emotet malware gang re-emerges with Chrome-based credit card heistware
Crimeware groups are re-inventing themselves
Research10 Jun 2022 | 5
Chinese 'Aoqin Dragon' gang runs undetected ten-year espionage spree
Researcher spots it targeting Asian government and telco targets, probably with Beijing's approval
Research10 Jun 2022 | 12
Hardware flaws give Bluetooth chipsets unique fingerprints that can be tracked
While this poses a privacy and security threat, an attacker's ability to exploit it may come down to luck
Research10 Jun 2022 | 6
Russia, China warn US its cyber support of Ukraine has consequences
Countries that accept US infosec help told they could pay a price too
Security10 Jun 2022 | 17
What keeps Mandiant Intelligence EVP Sandra Joyce up at night? The coming storm
RSA Conference The next wave of security maturity is measuring effectiveness, she told The Register
Security09 Jun 2022 | 4
Cloud services proving handy for cybercriminals, SANS Institute warns
RSA Conference Flying horses, gonna pwn me away...
Security09 Jun 2022 | 3
Facebook phishing campaign nets millions in IDs and cash
Hundreds of millions of stolen credentials and a cool $59 million
Cyber-crime09 Jun 2022 | 8
Symantec: More malware operators moving in to exploit Follina
Meanwhile Microsoft still hasn't patched the fatal flaw
Security09 Jun 2022 | 11
Five Eyes alliance’s top cop says techies are the future of law enforcement
Crims have weaponized tech and certain States let them launder the proceeds
Cyber-crime09 Jun 2022 | 15
Supply chain attacks will get worse: Microsoft Security Response Center boss
RSA Conference Do you know all of your software dependencies? Spoiler alert: hardly anybody is on top of it
Security09 Jun 2022 | 10
Now Windows Follina zero-day exploited to infect PCs with Qbot
Data-stealing malware also paired with Black Basta ransomware gang
Research09 Jun 2022 | 4
Google has more reasons why it doesn't like antitrust law that affects Google
It'll ruin Gmail, claims web ads giant
Security08 Jun 2022 | 13
Feds raid dark web market selling data on 24 million Americans
SSNDOB sold email addresses, passwords, credit card numbers, SSNs and more
Cyber-crime08 Jun 2022 | 9
Intel offers 'server on a card' reference design for network security
RSA Conference OEMs thrown a NetSec Accelerator that plugs into server PCIe slots
Security08 Jun 2022 | 2
Beijing-backed baddies target unpatched networking kit to attack telcos
NSA, FBI and CISA issue joint advisory that suggests China hardly has to work for this – flaws revealed in 2017 are among their entry points
Security08 Jun 2022 | 3
US cyber chiefs: Moving to Shields Down isn't gonna happen
RSA Conference Promises new alert notices but warn 'we can sometimes predict thunderstorms but not lightning strikes'
CSO08 Jun 2022 | 6
Ukraine's secret cyber-defense that blunts Russian attacks: Excellent backups
RSA Conference This is why Viasat attack – rated one of the biggest ever of its kind – had relatively little impact
Security08 Jun 2022 | 20
IBM buys Randori to address multicloud security messes
RSA Conference Big Blue joins the hot market for infosec investment
Security07 Jun 2022 | 3
Microsoft seizes 41 domains tied to 'Iranian phishing ring'
Windows giant gets court order to take over dot-coms and more
Cyber-crime07 Jun 2022 | 4
Cisco EVP: We need to lift everyone above the cybersecurity poverty line
RSA Conference Exclusive It's going to become a human-rights issue, Jeetu Patel tells The Register
CSO06 Jun 2022 | 9
Costa Rican government held up by ransomware … again
In brief Also US warns of voting machine flaws and Google pays out $100 million to Illinois
Security06 Jun 2022 | 9
Yandex CEO Arkady Volozh resigns after being added to EU sanctions list
Updated Russia's top tech CEO accused of material support to Moscow
Security06 Jun 2022 | 39
Feeling highly stressed about your job? You must be a CISO
'The attack surface has expanded exponentially' during the work-from-home pandemic, says one
CSO04 Jun 2022 | 22
Even Russia's Evil Corp now favors software-as-a-service
Albeit to avoid US sanctions hitting it in the wallet
Cyber-crime03 Jun 2022 | 7
To cut off all nearby phones with these Chinese chips, this is the bug to exploit
Android patches incoming for NAS-ty memory overwrite flaw
Research03 Jun 2022 | 28
