Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost Plus a bonus hard-coded local API key Patches14 Nov 2024 |
Cybercriminal devoid of boundaries gets 10-year prison sentence Serial extortionist of medical facilities stooped to cavernous lows in search of small payouts Cyber-crime14 Nov 2024 | 3
Kids' shoemaker Start-Rite trips over security again, spilling customer card info Updated Full details exposed, putting shoppers at serious risk of fraud Cyber-crime14 Nov 2024 | 7
NatWest blocks bevy of apps in clampdown on unmonitorable comms From guidance to firm action... no more WhatsApp, Meta's Messenger, Signal, Telegram and more Security14 Nov 2024 | 16
Asda security chief replaced, retailer sheds jobs during Walmart tech divorce British grocer's workers called back to office as clock ticks for contractors On-Prem14 Nov 2024 | 12
Five Eyes infosec agencies list 2024's most exploited software flaws Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns CSO14 Nov 2024 | 21
Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds Research14 Nov 2024 | 5
ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue Plus: CISA's ScubaGear dives deep to fix M365 misconfigs CSO14 Nov 2024 | 3
Data broker amasses 100M+ records on people – then someone snatches, sells it We call this lead degeneration Cyber-crime13 Nov 2024 | 13
Ransomware fiends boast they've stolen 1.4TB from US pharmacy network American Associated Pharmacies yet to officially confirm infection Cyber-crime13 Nov 2024 | 1
Microsoft slips Task Manager and processor count fixes into Patch Tuesday Sore about cores no more Patches13 Nov 2024 | 7
Admins can give thanks this November for dollops of Microsoft patches Patch Tuesday Don't be a turkey – get these fixed Patches13 Nov 2024 | 21
China's Volt Typhoon crew and its botnet surge back with a vengeance Ohm, for flux sake Public Sector13 Nov 2024 | 4
Air National Guardsman gets 15 years after splashing classified docs on Discord 22-year-old talked of 'culling the weak minded' – hmm! Cyber-crime13 Nov 2024 | 84
Here's what we know about the suspected Snowflake data extortionists A Canadian and an American living in Turkey 'walk into' cloud storage environments… Cyber-crime12 Nov 2024 | 5
'Cybersecurity issue' at Food Lion parent blamed for US grocery mayhem Stores still open, but customers report delayed deliveries, invoicing issues, and more at Stop & Shop and others Cyber-crime12 Nov 2024 | 2
HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code 'Once again, we've lost a little more faith in the internet,' researcher says CSO12 Nov 2024 | 3
Managing third-party risks in complex IT environments Key steps to protect your organization’s data from unauthorized external access Webinar
Amazon confirms employee data exposed in leak linked to MOVEit vulnerability Over 5 million records from 25 organizations posted to black hat forum Cyber-crime12 Nov 2024 | 2
FBI issues warning as crooks ramp up emergency data request scams Just because it's .gov doesn't mean that email is trustworthy Cyber-crime11 Nov 2024 | 12
Apple drops soldered storage for 2024 Mac Mini Updated iFixit teardown finds a removable SSD. Time to party like its 2010?
Academic papers yanked after authors found to have used unlicensed software Updated Dam, the consequences
EU irate about geo-locked Apple IDs Ever try to change your account's registered country? It's nigh impossible
Mozilla's Firefox browser turns 20. Does it still matter? A former exec believes in the non-profit's mission, says the battle lines have changed
Five Eyes infosec agencies list 2024's most exploited software flaws Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns
All bark, no bite? Musk's DOGE unlikely to have any real power Comment 'Department of Government Efficiency' expected to do little more than suggest changes, Congress will still decide
Asda security chief replaced, retailer sheds jobs during Walmart tech divorce British grocer's workers called back to office as clock ticks for contractors
Here's how a Trump presidency could change the tech industry Kettle Anything could happen in the next half ... decade
Ransomware fiends boast they've stolen 1.4TB from US pharmacy network American Associated Pharmacies yet to officially confirm infection
Dark web crypto laundering kingpin sentenced to 12.5 years in prison Prosecutors hand Russo-Swede a half-billion bill Cyber-crime11 Nov 2024 | 24
Alleged Snowflake attacker gets busted by Canadians – politely, we assume Infosec in brief Also: Crypto hacks will continue; CoD hacker gets thousands banned, and more Security11 Nov 2024 |
Scattered Spider, BlackCat claw their way back from criminal underground We all know by now that monsters never die, right? Cyber-crime08 Nov 2024 | 1
Winos4.0 abuses gaming apps to infect, control Windows machines 'Multiple' malware samples likely targeting education orgs Security08 Nov 2024 | 6
Don't open that 'copyright infringement' email attachment – it's an infostealer Curiosity gives crims access to wallets and passwords Research07 Nov 2024 | 21
Cisco scores a perfect CVSS 10 with critical flaw in its wireless system Ultra-Reliable Wireless Backhaul doesn't live up to its name Patches07 Nov 2024 | 16
Officials warn of Russia's tech-for-troops deal with North Korea amid Ukraine conflict 10,000 of Kim Jong Un's soldiers believed to be headed for front line Security07 Nov 2024 | 47
Cybercrooks are targeting Bengal cat lovers in Australia for some reason In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos Research06 Nov 2024 | 15
Operation Synergia II sees Interpol swoop on global cyber crims 22,000 IP addresses taken down, 59 servers seized, 41 arrests in 95 countries Cyber-crime06 Nov 2024 | 3
Cyberattackers stole Microlise staff data following DHL, Serco disruption Experts say incident has 'all the hallmarks of ransomware' Cyber-crime06 Nov 2024 | 5
China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks updated Alleged intrusion spotted in June Security06 Nov 2024 | 5
Scumbag puts 'stolen' Nokia source code, SSH and RSA keys, more up for sale Data pinched from pwned outside supplier, thief claims Cyber-crime06 Nov 2024 | 6
Schneider Electric ransomware crew demands $125k paid in baguettes Hellcat crew claimed to have gained access via the company's Atlassian Jira system Cyber-crime05 Nov 2024 | 46
A Kansas pig butchering: CEO who defrauded bank, church, friends gets 24 years FBI recovers just $8M after scam crashes Heartland Tri-State Bank Cyber-crime05 Nov 2024 | 17
Criminals open DocuSign's Envelope API to make BEC special delivery Why? Because that's where the money is Research05 Nov 2024 | 4
Ongoing typosquatting campaign impersonates hundreds of popular npm packages Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials Research05 Nov 2024 | 11
Washington courts grapple with statewide outage after 'unauthorized activity' Justice still being served, but many systems are down Security05 Nov 2024 | 1
Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed You snooze, you lose, er, win AI + ML05 Nov 2024 | 19
Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack Victims were placed in serious danger following highly sensitive data dump Cyber-crime04 Nov 2024 | 5
Why the long name? Okta discloses auth bypass bug affecting 52-character usernames Mondays are for checking months of logs, apparently, if MFA's not enabled Security04 Nov 2024 | 14
Public sector cyber break-ins: Our money, our lives, our right to know Opinion Is that a walrus in your server logs, or aren't you pleased to see me? Cyber-crime04 Nov 2024 | 24
Six IT contractors accused of swindling Uncle Sam out of millions Infosec in brief Also, ecommerce fraud ring disrupted, another Operation Power Off victory, Sino SOHO botnet spotted, and more Security03 Nov 2024 | 11
Financial institutions told to get their house in order before the next CrowdStrike strikes Calls for improvements will soon turn into demands when new rules come into force Security02 Nov 2024 | 34
UK councils bat away DDoS barrage from pro-Russia keyboard warriors Local authority websites downed in response to renewed support for Ukraine Cyber-crime01 Nov 2024 | 34
Hack Nintendo's alarm clock to show cat pics? Let's-a-go! How 'Gary' defeated Bowser broke into the interactive alarm clock Security01 Nov 2024 | 34
Gang gobbles 15K credentials from cloud and email providers' garbage Git configs Emeraldwhale looked sharp – until it made a common S3 bucket mistake Research31 Oct 2024 | 2
LottieFiles supply chain attack exposes users to malicious crypto wallet drainer A scary few Halloween hours for team behind hugely popular web plugin Cyber-crime31 Oct 2024 | 11
Tower PC case used as 'creative cavity' by drug importer Motherboard missing, leaving space for a million hits of meth Cyber-crime31 Oct 2024 | 58
Chinese attackers accessed Canadian government networks – for five years India makes it onto list of likely threats for the first time Cybersecurity Month31 Oct 2024 | 14
Windows Themes zero-day bug exposes users to NTLM credential theft Plus a free micropatch until Redmond fixes the flaw Security30 Oct 2024 | 6
Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info If you're gonna come at the mouse, you need to be better at hiding your tracks Security30 Oct 2024 | 58
Russian spies use remote desktop protocol files in unusual mass phishing drive The prolific Midnight Blizzard crew cast a much wider net in search of scrummy intel Cyber-crime30 Oct 2024 | 18
Beijing claims it's found 'underwater lighthouses' that its foes use for espionage Release the Kraken! Security30 Oct 2024 | 70
Uncle Sam outs a Russian accused of developing Redline infostealing malware Or: why using the same iCloud account for malware development and gaming is a bad idea Cyber-crime29 Oct 2024 | 4
Cast a hex on ChatGPT to trick the AI into writing exploit code 'It was like watching a robot going rogue' says researcher Cybersecurity Month29 Oct 2024 | 28
Belgian cops cuff 2 suspected cybercrooks in Redline, Meta infostealer sting US also charges an alleged Redline dev, no mention of an arrest Cyber-crime29 Oct 2024 | 1
The story behind the Health Infrastructure Security and Accountability Act Health care breaches lead to legislation Partner Content
Admins better Spring into action over latest critical open source vuln Patch up: The Spring framework dominates the Java ecosystem Security29 Oct 2024 | 1
Merde! Macron's bodyguards reveal his location by sharing Strava data It's not just the French president, Biden and Putin also reportedly trackable Security29 Oct 2024 | 24
Five Eyes nations tell tech startups to take infosec seriously. Again Only took 'em a year to dish up some scary travel advice, and a Secure Innovation … Placemat? Cybersecurity Month29 Oct 2024 | 14
Wanted. Top infosec pros willing to defend Britain on shabby salaries GCHQ job ads seek top talent with bottom-end pay packets Security29 Oct 2024 | 117
JPMorgan Chase sues scammers following viral 'infinite money glitch' ATMs paid customers thousands ... and now the bank wants its money back Security28 Oct 2024 | 47
Feds investigate China's Salt Typhoon amid campaign phone hacks 'They're taunting us,' investigator says and it looks like it's working Security28 Oct 2024 | 7
Brazen crims selling stolen credit cards on Meta's Threads Exclusive The platform 'continues to take action' against illegal posts, we're told Cyber-crime28 Oct 2024 | 20
Delta officially launches lawyers at $500M CrowdStrike problem Legal action comes months after alleging negligence by Falcon vendor Cybersecurity Month28 Oct 2024 | 23
Dutch cops pwn the Redline and Meta infostealers, leak 'VIP' aliases Legal proceedings underway with more details to follow Cybersecurity Month28 Oct 2024 | 5
WordPress forces user conf organizers to share social media credentials, arousing suspicions One told to take down posts that said nice things about WP Engine Software28 Oct 2024 | 40
Senator accuses sloppy domain registrars of aiding Russian disinfo campaigns Infosec in brief Also, Change Healthcare sets a record, cybercrime cop suspect indicted, a new Mallox decryptor, and more Security27 Oct 2024 | 34
Worker surveillance must comply with credit reporting rules US Consumer Financial Protection Bureau demands transparency, accountability from sellers of employee metrics Security26 Oct 2024 | 18
Just how private is Apple's Private Cloud Compute? You can test it to find out Also updates bug bounty program with $1M payout Security25 Oct 2024 | 15
Putin's pro-Trump trolls accuse Harris of poaching rhinos Plus: Iran's IRGC probes election-related websites in swing states Security25 Oct 2024 | 85
AWS Cloud Development Kit flaw exposed accounts to full takeover Remember Bucket Monopoly? Yeah, it gets worse Cybersecurity Month24 Oct 2024 | 13
Emergency patch: Cisco fixes bug under exploit in brute-force attacks Who doesn't love abusing buggy appliances, really? Software24 Oct 2024 | 3
Bitwarden's FOSS halo slips as new SDK requirement locks down freedoms Arguments continue but change suggests it's not Free Software anymore Applications24 Oct 2024 | 16
Ransomware's ripple effect felt across ERs as patient care suffers 389 US healthcare orgs infected this year alone Cybersecurity Month24 Oct 2024 | 1
Voice-enabled AI agents can automate everything, even your phone scams All for the low, low price of a mere dollar Security24 Oct 2024 | 28
China's top messaging app WeChat banned from Hong Kong government computers Google and WhatsApp also binned, which is far easier to explain than canning a local hero Security24 Oct 2024 | 14
Anthropic's latest Claude model can interact with computers – what could go wrong? For starters, it could launch a prompt injection attack on itself... AI + ML24 Oct 2024 | 8
Perfctl malware strikes again as crypto-crooks target Docker Remote API servers Attacks on unprotected servers reach 'critical level' Cybersecurity Month24 Oct 2024 | 1
Samsung phone users under attack, Google warns Don't ignore this nasty zero day exploit says TAG Cyber-crime24 Oct 2024 | 10
Penn State pays DoJ $1.25M to settle cybersecurity compliance case Fight On, State? Not this time Security23 Oct 2024 | 3
FortiManager critical vulnerability under active attack Updated Security shop and CISA urge rapid action Cybersecurity Month23 Oct 2024 | 7
'Satanic' data thief claims to have slipped into 350M Hot Topic shoppers info We know where you got your skinny jeans - big deal Cyber-crime23 Oct 2024 | 2
Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch Plus, a POC to make it extra easy for attackers Security23 Oct 2024 |
Millions of Android and iOS users at risk from hardcoded creds in popular apps Azure Blob Storage, AWS, and Twilio keys all up for grabs Cybersecurity Month23 Oct 2024 | 17
US lawmakers push DoJ to prosecute tax prep firms for leaking taxpayer data to big tech TaxSlayer, H&R Block, TaxAct, and Ramsey Solutions accused of sharing info with Meta and Google Security22 Oct 2024 | 6
TSMC blows whistle on potential sanctions-busting shenanigans from Huawei Chip giant tells Uncle Sam someone could be making orders on the sly Systems22 Oct 2024 | 13
VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time If the first patches don't work, try, try again Patches22 Oct 2024 | 2
Tech firms to pay millions in SEC penalties for misleading SolarWinds disclosures Unisys, Avaya, Check Point, and Mimecast settled with the agency without admitting or denying wrongdoing Software22 Oct 2024 | 7
Akira ransomware is encrypting victims again following pure extortion fling Crooks revert to old ways for greater efficiency Cybersecurity Month22 Oct 2024 | 2
Pixel perfect Ghostpulse malware loader hides inside PNG image files Miscreants combine it with an equally tricky piece of social engineering Cybersecurity Month22 Oct 2024 | 34
China’s Spamouflage cranks up trolling of US Senator Rubio as election day looms Note to Xi: Marco and Ted Cruz aren't the same person Security21 Oct 2024 | 8
Sophos to snatch Secureworks in $859M buyout: Why fight when you can just buy? Private equity giant Thoma Bravo adds another trophy to its growing collection Security21 Oct 2024 | 2
The billionaire behind Trump's 'unhackable' phone is on a mission to fight Tesla's FSD Interview Dan O'Dowd tells El Reg about the OS secrets and ongoing clash with Musk Security21 Oct 2024 | 113
macOS HM Surf vuln might already be under exploit by major malware family Like keeping your camera and microphone private? Patch up Cybersecurity Month21 Oct 2024 | 16
Tesla, Intel, deny they're the foreign company China just accused of making maps that threaten national security As TSMC defends itself against report it may have helped Huawei Security21 Oct 2024 | 13
Internet Archive exposed again – this time through Zendesk Org turns its woes into a fundraising opportunity Security21 Oct 2024 | 9
Open source LLM tool primed to sniff out Python zero-days The static analyzer uses Claude AI to identify vulns and suggest exploit code Security20 Oct 2024 | 9
Jetpack fixes 8-year-old flaw affecting millions of WordPress sites In Brief - Updated Also, new EU cyber reporting rules are live, exploiters hit the gas pedal, free PDNS for UK schools, and more Security18 Oct 2024 | 5
Alleged Bitcoin crook faces 5 years after SEC's X account pwned SIM swappers strike again, warping cryptocurrency prices Cybersecurity Month18 Oct 2024 | 14