US lawmakers have Chinese LiDAR on their threat-detection radar
Amid fears Beijing could harvest spatial data, letter suggests Huawei-style bans may be needed
Security30 Nov 2023 |
Security
Rogue ex-Motorola techie admits cyberattack on former employer, passport fraud
Pro tip: Don't use your new work email to phish your old firm
Cyber-crime30 Nov 2023 | 2
Uncle Sam probes cyberattack on Pennsylvania water system by suspected Iranian crew
CISA calls for stronger IT defenses as Texas district also hit by ransomware crew
Cyber-crime29 Nov 2023 | 5
Okta data breach dilemma dwarfs earlier estimates
All customer support users told their info was accessed after analysis oversight
Security29 Nov 2023 | 8
British Library begins contacting customers as Rhysida leaks data dump
CRM databases were accessed and library users are advised to change passwords
Cyber-crime29 Nov 2023 | 2
UK government rings the death knell for SIM farms
Acts under the guise of protecting the public from fraud, yet history suggests Home Office has other motives
Security29 Nov 2023 | 55
Brit borough council apologizes for telling website users to disable HTTPS
Planning portal back online with a more secure connection
Security29 Nov 2023 | 21
Japan's space agency suffers cyber attack, points finger at Active Directory
JAXA is having a tough time in cyberspace and outer space, the latter thanks to an electrical glitch
Cyber-crime29 Nov 2023 | 3
Plex gives fans a privacy complex after sharing viewing habits with friends by default
Updated Grandma is watching what?!
Security28 Nov 2023 | 46
Helping companies defend what attackers want most - their data
Varonis introduces Athena AI to transform data security and incident response
Partner Content
Europol shutters ransomware operation with kingpin arrests
A few low-level stragglers remain on the loose, but biggest fish have been hooked
Cyber-crime28 Nov 2023 | 3
A bird’s eye view of your global attack surface
Get to know your external attack surface before the cyber criminals map it first
Sponsored Post
India's CERT given exemption from Right To Information requests
Activists worry investigations may stay secret, and then there's those odd incident reporting requirements
Security28 Nov 2023 | 4
'Serial cybercriminal and scammer' jailed for 8 years, told to pay back $1.2M
Crook did everything from SIM swaps to fake verified badge scams
Cyber-crime28 Nov 2023 | 3
Trio of major holes in ownCloud expose admin passwords, allow unauthenticated file mods
Mitigations require mix of updating libraries and manual customer action
Patches27 Nov 2023 | 8
Leader of pro-Russia DDoS crew Killnet 'unmasked' by Russian state media
Infosec in Brief Also: NXP China attack, Australia can't deliver on ransom payment ban (yet), and Justin Sun's very bad month
Security27 Nov 2023 | 10
Education is the foundation of modern cyber defence
How to enhance employee career development and retain skilled staff with SANS cyber training
Sponsored Post
Ransomware-hit British Library: Too open for business, or not open enough?
Opinion Unique institutions need unique security. Instead, they're fobbed off with the same old, same old
Cyber-crime27 Nov 2023 | 24
Crypto crasher Do Kwon's extradition approved, but destination is unclear
Hey Google, are the jails nicer in South Korea or the US?
Cyber-crime27 Nov 2023 | 4
Beijing fosters foreign influencers to spread its propaganda
They get access to both China's internet and global platforms, and cash in on both
Security27 Nov 2023 | 16
Popular
Microsoft opens sources ThreadX under MIT license
The 'Azure RTOS' used in millions of Raspberry Pis is now FOSS
Meta sued by privacy group over pay up or click OK model
Scrolling through endless humblebrags without targeted ads is a fundamental right, according to privacy expert
AI agents can copy humans to get closer to artificial general intelligence, DeepMind finds
Google’s AI offshoot finds copy-cat robots capable of aping living mentors
Plex gives fans a privacy complex after sharing viewing habits with friends by default
Updated Grandma is watching what?!
Ukraine cyber spies claim Putin's planes are in peril as sanctions bite
Aeroflot fleet still has a smoking section, but not for tobacco
UK government rings the death knell for SIM farms
Acts under the guise of protecting the public from fraud, yet history suggests Home Office has other motives
Good luck finding competent Copilot help, warns Microsoft MVP
Almost nobody has used it, or knows it well, so beware of consultants bearing cred
Brits turn off Twitter, although teens and tweens keen on generative AI
Bing grows but Google remains top dog, according to Ofcom report
Brit borough council apologizes for telling website users to disable HTTPS
Planning portal back online with a more secure connection
Logitech's Wave Keys tries to bend ergonomics without breaking tradition
Review Or your wallet
STORIES
OpenCart owner turns air blue after researcher discloses serious vuln
Web storefront maker fixed the flaw, but not before blasting infoseccer
Patches24 Nov 2023 | 48
BlackCat claims it is behind Fidelity National Financial ransomware shakedown
One of US's largest underwriters forced to shut down a number of key systems
Cyber-crime23 Nov 2023 | 1
Industry piles in on North Korea for sustained rampage on software supply chains
Kim’s cyber cronies becoming more active, sophisticated in attempts to pwn global orgs
Security23 Nov 2023 | 18
Attack on direct debit provider London & Zurich leaves customers with 6-figure backlogs
Customers complain of poor comms during huge outage that’s sparked payroll fears
Cyber-crime23 Nov 2023 | 14
Stop social engineering at the IT help desk
How Secure Service Desk thwarts social engineering attacks and secures user verification
Sponsored Post
Mirai malware infects routers and cameras for new botnet
Akamai sounds the alarm – won't name the manufacturers yet
Cyber-crime23 Nov 2023 | 1
New Relic warns customers it's experienced a cyber … something
Users told to hold tight and await instructions as investigation continues
Security23 Nov 2023 | 6
North Korea makes finding a gig even harder by attacking candidates and employers
That GitHub repo an interviewer wants you to work on could be malware
Cyber-crime23 Nov 2023 | 6
How to give Windows Hello the finger and login as someone on their stolen laptop
Not that we're encouraging anyone to defeat this fingerprint authentication
Research22 Nov 2023 | 90
US nuke reactor lab hit by 'gay furry hackers' demanding cat-human mutants
Staff records swiped, leaked by gang who probably read one too many comics, sorry, graphic novels
Cyber-crime22 Nov 2023 | 99
US cybercops take on 'pig butchering' org, return $9M in scammed crypto
Crims drain wallets of marks after letting them in on 'awesome crypto scheme secret'
Security22 Nov 2023 |
Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure?
Interview Katie Moussouris, who pioneered Redmond's program, says folks are focusing on the wrong thing
CSO22 Nov 2023 | 9
UK's cookie crumble: Data watchdog serves up tougher recipe for consent banners
30 days to get compliant with tracking rules or face enforcement action
Security22 Nov 2023 | 45
Binance and CEO admit financial crimes, billions coughed up to US govt
Chief quits, pays own penalty after helping crooks launder cash, aiding sanctions evaders
Cyber-crime22 Nov 2023 | 37
Sumo Logic wrestles with security breach, pins down customer data
Compromised AWS account led to fears that user info could have been exposed to cybercriminals
Cyber-crime21 Nov 2023 |
Third-party data breach affecting Canadian government could involve data from 1999
Any govt staffers who used relocation services over past 24 years could be at risk
Cyber-crime21 Nov 2023 | 5
Maintaining a state of readiness to deal with cyber attacks
Continuous training can help improve EMEA organisations’ ability to fend off the cyber criminals in 2024
Sponsored Post
MOVEit victim count latest: 2.6K+ orgs hit, 77M+ people's data stolen
Real-life impact of buggy software laid bare – plus: Avast tries to profit from being caught up in attacks
Cyber-crime20 Nov 2023 | 13
Former infosec COO pleads guilty to attacking hospitals to drum up business
Admits to taking phones used for 'code blue' emergencies offline and more
Cyber-crime20 Nov 2023 | 13
Rhysida ransomware gang: We attacked the British Library
Crims post passport scans and internal forms up for 'auction' to prove it
Cyber-crime20 Nov 2023 | 29
Your password hygiene remains atrocious, says NordPass
Infosec in brief ALSO: FCC cracks down on SIM-swap scams, old ZeroLogon targeted by new ransomware, and critical vulnerabilities
Security20 Nov 2023 | 57
LockBit redraws negotiation tactics after affiliates fail to squeeze victims
Cybercrime group worried over dwindling payments ... didn't they tell them to Always Be Closing?
Cyber-crime17 Nov 2023 | 32
SonicWall swallows Solutions Granted amid cybersecurity demand surge
CEO Bob VanKirk makes near-20-year partnership official, teases big things coming to EMEA
CSO17 Nov 2023 | 1
Samsung UK discloses year-long breach, leaked customer data
Updated Chaebol already the subject of suits for a pair of past indiscretions
Security17 Nov 2023 | 4
Look out, Scattered Spider. FBI pumps 'significant' resources into snaring data-theft crew
Absence of arrests doesn't mean nothing's happening, cyber-cops insist
Cyber-crime17 Nov 2023 | 4
How much to clean up a ransomware infection? For Rackspace, about $11M
And that's not counting the incoming lawsuits. Thank goodness for insurance, eh?
CSO16 Nov 2023 | 7
Windows Server 2022 update gave ESXi host VMs the blue screen blues
Wild idea: Maybe Microsoft could introduce a Quality Copilot to stop pushing broken patches
Patches16 Nov 2023 | 17
BlackCat plays with malvertising traps to lure corporate victims
Updated Ads for Slack and Cisco AnyConnect actually downloaded Nitrogen malware
Research16 Nov 2023 | 1
Royal Mail’s recovery from ransomware attack will cost business at least $12M
First time hard figure given on recovery costs for January incident
Cyber-crime16 Nov 2023 | 6
Hundreds of websites cloned to run ads for Chinese football gambling outfits
Linked to org that UK authorities found once failed its anti-money-laundering obligations
Security16 Nov 2023 | 1
Clorox CISO flushes self after multimillion-dollar cyberattack
Plus: Ransomware crooks file SEC complaint against victim
CSO16 Nov 2023 | 21
Google Workspace weaknesses allow plaintext password theft
Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here
Research15 Nov 2023 | 2
FBI Director: FISA Section 702 warrant requirement a 'de facto ban'
War of words escalates as deadline draws near
Security15 Nov 2023 | 56
How cyber training can help you beat the bad guys
No matter what stage your security career is at, SANS has resources that will add to your knowledge
Sponsored Post
Ransomware more efficient than ever, and baddies are still after your logs
Trying times for incident responders who battle fastest-ever ransomware blitz as attackers keep scrubbing evidence clean
Research15 Nov 2023 | 3
Another month, another bunch of fixes for Microsoft security bugs exploited in the wild
Patch Tuesday Plus: VMware closes critical hole, Adobe fixes a whopping 76 flaws
Patches15 Nov 2023 | 17
Russian national pleads guilty to building now-dismantled IPStorm proxy botnet
23K nodes earned operator more than $500K – and now perhaps jail time
Cyber-crime14 Nov 2023 | 1
AMD SEV OMG: Trusted execution in VMs undone by bad hypervisors' cache meddling
Let's do the CacheWarp again
Research14 Nov 2023 | 7
Intel emits patch to squash chip bug that lets any guest VM crash host servers
Sapphire Rapids, Alder Lake, Raptor Lake chip families treated for 'Redundant Prefix'
Patches14 Nov 2023 | 1
Ransomware royale: US confirms Royal, BlackSuit are linked
Royal alone scored $275M in past year as FBI, other agencies hot on merging trail
Cyber-crime14 Nov 2023 | 1
Novel backdoor persists even after critical Confluence vulnerability is patched
Got a Confluence server? Listen up. Malware said to have wide-ranging capabilities
Cyber-crime14 Nov 2023 | 1
Bug hunters on your marks: TETRA radio encryption algorithms to enter public domain
Emergency comms standard had five nasty flaws but will be opened to academic research
Security14 Nov 2023 | 10
NCSC says cyber-readiness of UK’s critical infrastructure isn’t up to scratch
And the world's getting more and more dangerous
CSO14 Nov 2023 | 16
Beijing reportedly asked Hikvision to identify fasting students in Muslim-majority province
University managment app also tracked library activity, holidays, and much more
Security14 Nov 2023 | 27
Passive SSH server private key compromise is real ... for some vulnerable gear
OpenSSL, LibreSSL, OpenSSH users, don't worry – you can sit this one out
Research14 Nov 2023 | 12
Google sues scammers peddling fake malware-riddled Bard chatbot download
Updated Plus: Chocolate Factory launches second lawsuit against false DMCA takedowns
Cyber-crime14 Nov 2023 | 13
Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks
Zyxel zero days and nation-state actors (maybe) had a hand in the sector’s worst cybersecurity event on record
Cyber-crime13 Nov 2023 | 38
Introducing the tech that keeps the lights on
Opinion Genuinely new ideas are rare in IT – this superhero is ready to make a real difference
Security13 Nov 2023 | 21
Royal Mail cybersecurity still a bit of a mess, infosec bods claim
Infosec in brief Also: Most Mainers are MOVEit victims, NY radiology firm fined for not updating kit, and some critical vulnerabilities
Security13 Nov 2023 | 8
Australia declares 'nationally significant cyber incident' after port attack
Asia in brief PLUS: Citrix quits China; Cambodia deports Japanese scammers; Chinese tech CEO disappears; and more
Security13 Nov 2023 | 3
Impatient LockBit says it's leaked 50GB of stolen Boeing files after ransom fails to land
Aerospace titan pores over data to see if dump is legit
Cyber-crime10 Nov 2023 | 29
Poloniex crypto-exchange offers 5% cut to thieves if they return that $120M they nicked
White hat bounty looks more like a beg bounty
Cyber-crime10 Nov 2023 | 18
Strangely enough, no one wants to buy a ransomware group that has cops' attention
Ransomed.vc shuts after 20% discount fails to entice bids
Cyber-crime10 Nov 2023 | 5
China's top bank ICBC hit by ransomware, derailing global trades
CitrixBleed patch has been available for around a month
Security10 Nov 2023 | 7
Downfall fallout: Intel knew AVX chips were insecure and did nothing, lawsuit claims
Billions of data-leaking processors sold despite warnings and patch just made them slower, punters complain
Research09 Nov 2023 | 27
SolarWinds says SEC sucks: Watchdog 'lacks competence' to regulate cybersecurity
IT software slinger publishes fierce response to lawsuit brought last month
Cyber-crime09 Nov 2023 | 17
MOVEit cybercriminals unearth fresh zero-day to exploit on-prem SysAid hosts
Second novel zero-day exploited by Lace Tempest this year offers notable demonstration of skill, especially for a ransomware affiliate
Cyber-crime09 Nov 2023 |
Russia's Sandworm – not just missile strikes – to blame for Ukrainian power blackouts
Online attack coincided with major military action, Mandiant says
Security09 Nov 2023 | 38
What to do with a cloud intrusion toolkit in 2023? Slap a chat assistant on it, duh
Don't worry, this half-baked Python script is for educational purposes onl-hahaha
Cyber-crime09 Nov 2023 | 3
Microsoft, Meta detail plans to fight election disinformation in 2024
Strategies differ, though both have gaps that could hurt efficacy
Security08 Nov 2023 | 10
Atlassian cranks up the threat meter to max for Confluence authorization flaw
Attackers secure admin rights after vendor said they could only steal data
Cyber-crime08 Nov 2023 | 10
Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach
It's the latest in a string of unusual wallet-draining attacks that began in April
Cyber-crime08 Nov 2023 | 14
Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections
EFF warns incoming rules may return web 'to the dark ages of 2011'
Security08 Nov 2023 | 121
Microsoft likens MFA to 1960s seatbelts, buckles admins in yet keeps eject button
Admins have 90 days to opt out before MFA is deployed automatically
Security07 Nov 2023 | 29
Fresh find shines new light on North Korea’s latest macOS malware
Months of work reveals how this tricky malware family targets... the financial services sector
Research07 Nov 2023 | 4
Woman jailed after RentaHitman.com assassin turned out to be – surprise – FBI
18 months in the slammer no laughing matter, but the rest... maybe
Cyber-crime07 Nov 2023 | 112
US slaps sanctions on accused fave go-to money launderer of Russia's rich
And that includes ransomware crims, claims US of alleged sanctions-buster
Cyber-crime06 Nov 2023 | 9
Okta October breach affected 134 orgs, biz admits
Infosec in brief Plus: CVSS 4.0 is here, this week's critical vulns, and 'incident' hit loan broker promises no late fees. Generous
Security06 Nov 2023 | 6
'Corrupt' cop jailed for tipping off pal to EncroChat dragnet
Taking selfie with 'official sensitive' doc wasn't smartest idea, either
Cyber-crime04 Nov 2023 | 62
81K people's sensitive info feared stolen from Hilb after email inboxes ransacked
Credit card numbers, security codes, SSNs, passwords, PINs? Yikes!
Cyber-crime03 Nov 2023 | 3
Ex-GCHQ software dev jailed for stabbing NSA staffer
Terrorist ideology suspected to be motivation
Security03 Nov 2023 | 42
Microsoft pins hopes on AI once again – this time to patch up Swiss cheese security
Secure Future Initiative needed in wake of tech evolution and unrelenting ransomware criminality
Security03 Nov 2023 | 18
UK data watchdog fines three text spammers for flouting electronic marketing rules
'High-pressure' sales tactics targeted people registered with Telephone Preference Service
Security03 Nov 2023 | 13
FTX crypto-villain Sam Bankman-Fried convicted on all charges
Jury took just four hours to reach guilty verdicts
Cyber-crime03 Nov 2023 | 112
Infosec pros can secure IT, but have harder time securing job satisfaction
Industry facing burnout scare as workplace issues snowball
Security02 Nov 2023 | 2
Critical Apache ActiveMQ flaw under attack by 'clumsy' ransomware crims
Over a week later and barely any patches for the 10/10 vulnerability have been applied
Cyber-crime02 Nov 2023 | 4
Okta tells 5,000 of its own staff that their data was accessed in third-party breach
Updated The hits keep on coming for troubled ID management biz
Cyber-crime02 Nov 2023 | 28
Boeing acknowledges cyberattack on parts and distribution biz
Won't say if it's LockBit, but LockBit appears to have claimed credit. Maybe payment, too
Cyber-crime02 Nov 2023 | 7
Dirty dancing grabs the attention of China's cyberspace regulators
Alibaba service fined as Beijing calls for online platforms to name major creators and deploy kid-mode services
Security02 Nov 2023 | 6
FBI boss: Taking away our Section 702 spying powers could be 'devastating'
Of course, he would say that, wouldn't he?
Security02 Nov 2023 | 48
Biting the hand that feeds IT
