Ransomware attack on UK water company clouded by confusion
Clop gang thought it hit Thames Water – but real victim was elsewhere
Cyber-crime18 Aug 2022 | 2
Security
Deluge of of entries to Spamhaus blocklists includes 'various household names'
Nastymail tracking service blames sloppy sending practices for swelling lists of dangerous mailers
Security18 Aug 2022 | 1
Janet Jackson music video declared a cybersecurity vulnerability
Another reason not to play 1989's 'Rhythm Nation' – it messes with hard disk drives
Security18 Aug 2022 | 11
Google, Apple squash exploitable browser bugs
Chrome flaw has public exploit, WebKit hole actively abused along with kernel escalation
Patches17 Aug 2022 | 1
Software developer cracks Hyundai car security with Google search
Top tip: Your RSA private key should not be copied from a public code tutorial
Research17 Aug 2022 | 19
After 7 years, long-term threat DarkTortilla crypter is still evolving
.NET-based malware can push wide range of malicious payloads, and evades detection, Secureworks says
CSO17 Aug 2022 | 1
How to stop the evil lurking in the shadows
Webinar
TikTok wants your trust around US midterm elections data
Misinformation's a concern, but Chinese media giant's own data privacy practices also have people worried
CSO17 Aug 2022 | 2
Mozilla finds 18 of 25 popular reproductive health apps share your data
Scary in post-Roe America, and Poland, and far too many other places
Research17 Aug 2022 | 24
Russian military uses Chinese drones and bots in combat, over manufacturers' protests
Testimonials from Russian generals not welcomed by DJI or Unitree Robotics
Security17 Aug 2022 | 38
RubyGems now requires multi-factor auth for top package maintainers
Sign-on you crazy diamond
Security16 Aug 2022 | 1
SEC says brokerage accounts hijacked for $1.3m pump-and-dump scam
18 people and businesses charged, one giant web of connections
Cyber-crime16 Aug 2022 | 3
PC store told it can't claim full cyber-crime insurance after social-engineering attack
Two different kinds of fraud, says judge while throwing out lawsuit against insurer
CSO16 Aug 2022 | 3
Do you know what’s happening on your users’ devices?
Head this way to find if your strategy’s on (end) point
Sponsored Post
Microsoft's macOS Tamper Protection hits general availability
A boon for administrators having to deal with Apple hardware while also keeping everything secure
CSO16 Aug 2022 | 5
1,900 Signal users exposed: Twilio attacker 'explicitly' looked for certain numbers
Updated Bad guy also got SMS verification codes, and re-registered one of the numbers they searched for
Cyber-crime16 Aug 2022 | 39
Reckon Russian spies are lurking in your inbox? Check for these IOCs, Microsoft says
Seaborgium targeted dozens of orgs this year alone
CSO16 Aug 2022 | 6
Digital Ocean dumps Mailchimp after attack leaked customer email addresses
Somebody went after crypto-centric companies’ outsourced email but the damage was felt in the cloud
Cyber-crime16 Aug 2022 | 18
It's 2022 and there are still thousands of public systems using password-less VNC
Let alone the ones with 123456 to login. How sophisticated do attackers really need to be?
CSO16 Aug 2022 | 7
Oh Deere: Farm hardware jailbroken to run Doom
Corn-y demo heralded as right-to-repair win
Research16 Aug 2022 | 49
Popular
This tiny Intel Xeon-toting PC board can take your Raspberry Pi any day
Did someone say ECC on an SBC?
Dinobabies latest: IBM settles with widow of exec who killed himself after layoff
Big Blue certainly seems blue about letting any of these claims go to trial
1,900 Signal users exposed: Twilio attacker 'explicitly' looked for certain numbers
Updated Bad guy also got SMS verification codes, and re-registered one of the numbers they searched for
Ryugu asteroid: It came from the outer solar system, say scientists
Japanese Hayabusa-2 probe samples reveal coarse-grained phyllosilicates that may have served as 'cradles' for organics and water
PC store told it can't claim full cyber-crime insurance after social-engineering attack
Two different kinds of fraud, says judge while throwing out lawsuit against insurer
The trade ban that wasn't: US allows 94% of restricted tech exports to China anyway
谢谢 美国!
UK government lines up billions to refresh legacy tech in 600-system tax dept
Let's hope DALAS procurement is a tad more sensible than its soap opera namesake
Microsoft's macOS Tamper Protection hits general availability
A boon for administrators having to deal with Apple hardware while also keeping everything secure
Reckon Russian spies are lurking in your inbox? Check for these IOCs, Microsoft says
Seaborgium targeted dozens of orgs this year alone
Mozilla finds 18 of 25 popular reproductive health apps share your data
Scary in post-Roe America, and Poland, and far too many other places
STORIES
CIA accused of illegally spying on Americans visiting Assange in embassy
Lawyers, journalists sue super-snoop agency and Spanish security biz
Security15 Aug 2022 | 20
Dutch authorities arrest 29-year-old dev with suspected ties to Tornado Cash
The arrest comes days after US Treasury levies sanctions against the crypto mixing service
Cyber-crime15 Aug 2022 | 20
Indian military ready to put long-range quantum key distribution on the line
Local startup can make it happen over 150km
Security15 Aug 2022 | 2
Black Hat and DEF CON visitors differ on physical risk management
Black Hat COVID, flood surfing, crowds – what to pick?
Security15 Aug 2022 | 17
Elon Musk wrote article for China's internet regulator, hinted at aged care robots
Asia in Brief PLUS Vietnam's massive infosec push; Philippines telco fight; Australia dumps COVID app; and more
Security14 Aug 2022 | 33
Ukraine's cyber chief comes to Black Hat in surprise visit
Black Hat In Brief TL;DR: The news isn't good
Security13 Aug 2022 | 6
Let there be ambient light sensing, without fear of data theft
Six years on web devs finally settle on sensor privacy defenses
Security13 Aug 2022 | 22
Palo Alto bug used for DDoS attacks and there's no fix yet
There goes the weekend...
Security12 Aug 2022 | 4
Starlink satellite dish cracked on stage at Black Hat
Black Hat Once the modchip plans are live, you can, too
Security12 Aug 2022 | 19
US reveals 'Target' pic of Conti man with $10m reward offer
Fashion Police chipping in on the bounty related to costliest strain of ransomware on record
Security12 Aug 2022 | 5
Microsoft trumps Google for 2021-22 bug bounty payouts
Another $13.7m handed out to researchers, but then again it does have an awful lot of attack surfaces
Security12 Aug 2022 | 5
Intel ups protection against physical chip attacks in Alder Lake
Black Hat Repurposes logic originally used for spotting variations in voltage, timing in older circuits to help performance
Security12 Aug 2022 | 4
Emergency services call-handling provider: Ransomware forced it to pull servers offline
Advanced's infrastructure still down and out, recovery to take weeks or more
Security12 Aug 2022 | 21
FAANGs failing on keeping user data safe from bug hunters
Black Hat Time to call in the legal team
Security12 Aug 2022 | 3
Higher risks and premiums are creating critical gap in cyber insurance
Black Hat Most organizations don’t have the financial resources necessary to address ransomware and other cyberattacks, BlackBerry says
Security11 Aug 2022 | 4
Security needs to learn from the aviation biz to avoid crashing
Black Hat video 'Until someone has to go to jail for doing it wrong the teeth are not going to be the same'
Security11 Aug 2022 | 88
Russian invasion has dangerously destabilized cyber security norms
Black Hat The inside scoop on the Ukrainian IT army, and what could happen next
Security11 Aug 2022 | 33
AWS and Splunk partner for faster cyberattack response
Black Hat OCSF initiative will give enterprise security teams an open standard for moving and analyzing threat data
Security11 Aug 2022 |
Ex-CIA security boss predicts coming crackdown on spyware
Black Hat video Plus, spoiler alert: ransomware is gonna get a lot worse
Security11 Aug 2022 | 3
Sonatype spots another PyPI package behaving badly
Identity of a real person was used to lend credence to a package that dropped cryptominer in memory
Cyber-crime11 Aug 2022 |
Keeping the enemy at the gate
Stop ransomware with Zero Trust security networks in place
Webinar
Don't be surprised if your organization suffers multiple cyberattacks
Black Hat Failing to fix flaws, a crowded threat group scene, RaaS, and dependencies among crooks are fueling the trend
Security11 Aug 2022 | 5
Making the cloud a safer place with SANS
Get advice from experts on how to nail cloud native security in a multi-cloud world
Sponsored Post
Cisco admits corporate network compromised by gang with links to Lapsus$
Voice-phished their way in, but Switchzilla claims no damage done
Security11 Aug 2022 | 7
Meta privacy red team lead: Does your business know its privacy adversaries?
Black Hat Video Ethical hackers, but for privacy programs
Security11 Aug 2022 | 4
Boffins rate npm and PyPI package security and it's not good
Guess what? Open source security still has gaps
Security11 Aug 2022 | 15
Ex-CISA chief Krebs calls for US to get serious on security
Black Hat Black Hat kicks off with call for single infosec agency with real clout and less confused crossover
Security10 Aug 2022 | 10
As Black Hat kicks off, the US government is getting the message on hiring security talent
Black Hat Video Katie Moussouris tells it like it is
Security10 Aug 2022 | 11
Maui ransomware linked to North Korean group Andariel
Attack origins point to April 2021 first strike on Japanese target
Security10 Aug 2022 | 1
Google's bug bounty boss: Finding and patching vulns? 'Totally useless'
Disclosing exploits, however, will earn you $100k
Security10 Aug 2022 | 14
Cloudflare: Someone tried to pull the Twilio phishing tactic on us too
Attack was foiled by content delivery network's hardware security keys
Security10 Aug 2022 | 10
Businesses should dump Windows for the Linux desktop
Opinion It makes perfect sense for enterprises as well as enthusiasts. Just ask GitLab
Security10 Aug 2022 | 253
Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Oh, and that critical VMware auth bypass vuln? Miscreants found it, too
Security09 Aug 2022 | 7
APIC fail: Intel 'Sunny Cove' chips with SGX spill secrets
AMD Zen chips, meanwhile, are vulnerable to side-channel data scrying
Security09 Aug 2022 | 1
Malicious deepfakes used in attacks up 13% from last year, VMware finds
Plus: Crooks swimming around your network, looking for a way in, says Incident Response Threat Report
Security09 Aug 2022 |
Microsoft's fix for 'data damage' risk hits PC performance
'AES-based operations might be two times slower' without latest updates
Security09 Aug 2022 | 23
Chinese scammers target kids with promise of extra gaming hours
Cyberspace regulator's fraud report finds all is not well behind the Great Firewall
Cyber-crime09 Aug 2022 | 5
China-linked spies used six backdoors to steal info from defense, industrial enterprise orgs
We're 'highly likely' to see similar attacks, Kaspersky warned
Security09 Aug 2022 | 6
US treasury whips up sanctions for crypto mixer Tornado Cash
Being the money launderer for North Korea’s Lazarus Group comes at a price
Cyber-crime08 Aug 2022 | 21
Twilio customer data exposed after its staffers got phished
Comms giant says several other firms targeted in 'sophisticated attack'
Cyber-crime08 Aug 2022 | 13
Microsoft tightens Edge security for less visited websites
We're pretty sure that doesn't mean it's safe to click on sketchy popups
Security08 Aug 2022 | 13
Slack leaked hashed passwords from its servers for years
Users who created shared invitation links for their workspace had login details slip out among encrypted traffic
Security08 Aug 2022 | 11
Dark Utilities C2 service draws thousands of cyber criminals
Nascent platform provides miscreants an easier and cheaper way to launch remote access, DDoS, and other attacks
Security08 Aug 2022 | 1
DuckDuckGo says Hell, Hell, No to those Microsoft trackers after web revolt
In brief Plus: That Twitter privacy leak, scammers send Ubers for victims, critical flaw in Cisco gear, and more
Security06 Aug 2022 | 38
Hi, I'll be your ransomware negotiator today – but don't tell the crooks that
Interview What it's like bargaining with criminals ... and advising clients suffering their worst day yet
CSO06 Aug 2022 | 41
Nomad to crypto thieves: Please give us back 90%, keep 10% as a reward. Deal?
The Feds may see things differently
Cyber-crime05 Aug 2022 | 17
Warning! Critical flaws found in US Emergency Alert System
DEF CON may be about to blow lid off security hole
Patches05 Aug 2022 | 14
Critical flaws found in four Cisco SMB router ranges – for the second time this year
At least Switchzilla thinks they're salvageable, unlike the boxes it ordered binned back in June
Security05 Aug 2022 | 14
Bloke robbed of $800,000 in cryptocurrency by fake wallet app wants payback from Google
I got played via the Play store
Cyber-crime04 Aug 2022 | 57
Taiwanese military reports DDoS in wake of Pelosi visit
Controversial visit to Taiwan continues to reverberate through cyberspace, the real world, and the semiconductor industry
Security04 Aug 2022 | 36
India scraps data protection law in favor of better law coming … sometime
Tech giants and digital rights groups didn't like it, but at least it was a law
Security04 Aug 2022 | 5
Student crashes Cloudflare beta party, redirects email, bags a bug bounty
Simple to exploit, enough to pocket $3,000
Research04 Aug 2022 | 8
UK Parliament bins its TikTok account over China surveillance fears
Plan to educate the children turned out to be a 'won't someone think of the children?' moment
Security04 Aug 2022 | 43
Solana, Phantom blame Slope after millions in crypto-coins stolen from 8,000 wallets
SOL holders literally S.O.L.
Cyber-crime04 Aug 2022 | 35
Microsoft widens enterprise access to its threat intelligence pool
Organizations can be more proactive in tracking threats, finding holes in their protection
Security03 Aug 2022 |
Ex-T-Mobile US store owner phished staff, raked in $25m from unlocking phones
That's just the tip of the iceberg – and now he faces potentially years in the clink
Cyber-crime03 Aug 2022 | 15
Sonatype shines light on typosquatting ransomware threat in PyPI
It's all fun and games until somebody gets their files encrypted
Security03 Aug 2022 | 7
You can’t choose when you’ll be hit by ransomware, but you can choose how you prepare
Without a road to recovery, you’re just going to be roadkill
Sponsored Feature
NortonLifeLock and Avast $8.6b deal gets provisional yes from UK regulator
Plus: Even market authorities can't seem to keep up with Microsoft's Defender branding
Security03 Aug 2022 | 6
Post-quantum crypto cracked in an hour with one core of an ancient Xeon
NIST's nifty new algorithm looks like it's in trouble
Research03 Aug 2022 | 82
Nancy Pelosi ties Chinese cyber-attacks to need for Taiwan visit
And as if to confirm the link, a DDoS takes out Taiwan's presidential website ahead of senior politico's arrival
Security03 Aug 2022 | 113
VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws
Meanwhile, a security update for rsync
Patches03 Aug 2022 | 1
How a crypto bridge bug led to a $200m 'decentralized crowd looting'
Flash mob exploits Nomad's validation code blunder
Security02 Aug 2022 | 24
Robinhood's crypto unit hit with $30m fine over security, anti-crime misses
Updated And just lays off about a quarter of staff
CSO02 Aug 2022 | 4
How cybercrims embrace messaging apps to spread malware, communicate
Underground forums are so last year. Telegram, Discord offer better privacy, functionality to criminals, says Intel 471
Security02 Aug 2022 | 5
Bot army risk as 3,000+ apps found spilling Twitter API keys
Please stop leaving credentials where miscreants can find them
Security02 Aug 2022 | 18
Miscreants aim to cause Discord discord with malicious npm packages
LofyLife campaign comes amid GitHub security lockdown
Research02 Aug 2022 | 2
Charges filed over $300m 'textbook pyramid and Ponzi scheme' crypto startup
Financial watchdog accuses 11 of playing role in alleged scam
Cyber-crime02 Aug 2022 | 17
Defence against the dark arts of ransomware
Locking in safeguards against incursion with Rubrik Zero Trust Security
Webinar
Akamai: We stopped record DDoS attack in Europe
A 'sophisticated, global botnet' held an Eastern European biz under siege over 30 days
Cyber-crime01 Aug 2022 | 12
Spyware developer charged by Australian Police after 14,500 sales
Asia In Brief PLUS: India open to space tourism; China/Indonesia infosec pact; Paytm denies breach; Infosys dodges government again; and more
Security01 Aug 2022 | 2
Tim Hortons offers free coffee and donut to settle data privacy invasion claims
In brief Also, malicious VBA macros are out and container files are in, Robin Banks helps criminals rob banks, and more
Security30 Jul 2022 | 36
This is what to expect when a managed service provider gets popped
MSP should just stand for My Server's Pwned!
Cyber-crime30 Jul 2022 | 11
Feds put $10m bounty on Putin pal accused of bankrolling US election troll farm
Just in time for the midterms
Cyber-crime29 Jul 2022 | 54
Decentralized IPFS networks forming the 'hotbed of phishing'
P2P file system makes it more difficult to detect and take down malicious content
Security29 Jul 2022 | 23
BreachForums booms on the back of billion-record Chinese data leak
Plenty of recent users appear to be from China, and hoping for more leaks of local data
Security29 Jul 2022 |
Businesses confess: We pass cyberattack costs onto customers
Cover an average of $4.4 million per raid ourselves? No chance, mate
Security29 Jul 2022 | 21
US court system suffered 'incredibly significant attack' – sealed files at risk
Effects still being felt today across US government
Security29 Jul 2022 | 15
JPMorgan, UBS among trio accused of shoddy ID theft protection
SEC extracts pocket change from bankers, wags finger, sends them on their way
Cyber-crime28 Jul 2022 | 2
Suspected radiation alert saboteurs cuffed by cops after sensors disabled
You might say the police were in their element
Security28 Jul 2022 | 22
