Attacks abuse Microsoft DHCP to spoof DNS records and steal secrets Akamai says it reported the flaws to Microsoft. Redmond shrugged Security07 Dec 2023 |
US and EU infosec authorities pen intel-sharing pact As Cyber Solidarity Act edges closer to full adoption in Europe Cyber-crime07 Dec 2023 | 1
Belgian man charged with smuggling sanctioned military tech to Russia and China Indictments allege plot to shift FPGAs, accelerometers, and spycams Security07 Dec 2023 | 13
Australia building 'top secret' cloud to catch up and link with US, UK intel orgs Plans to share 'vast amounts of data' – very carefully Security07 Dec 2023 | 11
Apple and some Linux distros are open to Bluetooth attack Issue has been around since at least 2012 Security06 Dec 2023 | 14
Locking down the edge Watch this webinar to find out how Zero Trust fits into the edge security ecosystem Sponsored Post
A year on, CISA realizes debunked vuln actually a dud and removes it from must-patch list Apparently no one thought to check if this D-Link router 'issue' was actually exploitable Security06 Dec 2023 | 6
Shielding the data that drives AI Why we need the confidence to deploy secure, compliant AI-powered applications and workloads Sponsored Feature
Atlassian security advisory reveals four fresh critical flaws – in mail with dead links Bitbucket, Confluence and Jira all in danger, again. Sigh Security06 Dec 2023 | 7
Microsoft issues deadline for end of Windows 10 support – it's pay to play for security Limited options will be available into 2028, for an undisclosed price Security06 Dec 2023 | 68
Cisco intros AI to find firewall flaws, warns this sort of thing can't be free Predicts cyber crims will find binary brainboxes harder to battle Security06 Dec 2023 | 14
Fancy Bear goes phishing in US, European high-value networks GRU-linked crew going after our code warns Microsoft - Outlook not good Security06 Dec 2023 | 4
CISA details twin attacks on federal servers via unpatched ColdFusion flaw Tardy IT admins likely to get a chilly reception over the lack of updates Security05 Dec 2023 | 2
DSPM deep dive: debunking data security myths To maintain a strong data security posture, you must protect the data where it lives Partner Content
BlackCat ransomware crims threaten to directly extort victim's customers Accounting software firm Tipalti says it’s investigating alleged break-in of its systems Cyber-crime05 Dec 2023 | 4
It's ba-ack... UK watchdog publishes age verification proposals Won't somebody think of the children? Security05 Dec 2023 | 120
UK government denies China/Russia nuke plant hack claim Report suggests Sellafield compromised since 2015, response seems worryingly ignorant of Stuxnet Security05 Dec 2023 | 25
US warns Iranian terrorist crew broke into 'multiple' US water facilities There's a war on and critical infrastructure operators are still using default passwords Security04 Dec 2023 | 17
Hershey phishes! Crooks snarf chocolate lovers' creds Stealing Kit Kat maker's data?! Give me a break Security04 Dec 2023 | 46
Two new versions of OpenZFS fix long-hidden corruption bug Version 2.2.2 and also 2.1.14, showing that this wasn't a new issue in the latest release Security04 Dec 2023 | 4
Microsoft issues deadline for end of Windows 10 support – it's pay to play for security Limited options will be available into 2028, for an undisclosed price
Dump C++ and in Rust you should trust, Five Eyes agencies urge Memory safety vulnerabilities need to be crushed with better code
Swedish Tesla strike goes international as Norwegian and Danish unions join in 'He can't just make his own rules,' Danish labor leader says of Musk
Iran launches 'biological capsule' to low Earth orbit Precursor to crewed flight can reportedly carry animals
Veteran editors Notepad++ and Geany hit milestone versions There are still good, modern, graphical text editors that are not Electron-based
Atlassian security advisory reveals four fresh critical flaws – in mail with dead links Bitbucket, Confluence and Jira all in danger, again. Sigh
Digital memories are disappearing and not even AI or Google can help Column Technology allows us to keep more of our stuff than previously possible – but what use is it if we can't find it?
Boffins devise 'universal backdoor' for image models to cause AI hallucinations Data poisoning appears open to all
India's Moon mission pulled off another trick: an experimental orbital sequel Swift software development effort saw Chandrayaan-3 propulsion module make an unexpected return to Earth
Exposed Hugging Face API tokens offered full access to Meta's Llama 2 Updated With more than 1,500 tokens exposed, research highlights importance of securing supply chains in AI and ML Research04 Dec 2023 | 6
EU lawmakers finalize cyber security rules that panicked open source devs Infosec in brief PLUS: Montana TikTok ban ruled unconstitutional; Dollar Tree employee data stolen; critical vulnerabilities Security04 Dec 2023 | 17
New Relic's cyber-something revealed as attack on staging systems, some users Ongoing investigation found evidence of stolen employee creds and social engineering Cyber-crime04 Dec 2023 | 1
Scores of US credit unions offline after ransomware infects backend cloud outfit Supply chain attacks: The gift that keeps on giving Cyber-crime02 Dec 2023 | 16
Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks Two CVEs can be abused to steal sensitive info or execute code Patches01 Dec 2023 | 2
UEFI flaws allow bootkits to pwn potentially hundreds of devices using images Exploits bypass most secure boot solutions from the biggest chip vendors Research01 Dec 2023 | 31
US readies prison cell for another Russian Trickbot developer Hunt continues for the other elusive high-ranking members Cyber-crime01 Dec 2023 | 3
Regulator says stranger entered hospital, treated a patient, took a document ... then vanished Scottish health group to tweak security checks, access authorization to avoid a repeat Security01 Dec 2023 | 94
Interpol makes first border arrest using Biometric Hub to ID suspect Global database of faces and fingerprints proves its worth Cyber-crime01 Dec 2023 | 8
Today's 'China is misbehaving online' allegations come from Google, Meta Zuck boots propagandists, Big G finds surge of action directed at Taiwan Cyber-crime01 Dec 2023 | 9
Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes Plus: 3 critical CVEs in Zyxel NAS devices Security30 Nov 2023 | 2
Admin of $19M marketplace that sold social security numbers gets 8 years in jail 24 million Americans thought to have had their personal data stolen and sold for pennies Cyber-crime30 Nov 2023 | 12
Black Basta ransomware operation nets over $100M from victims in less than two years Assumed Conti offshoot averages 7 figures for each successful attack but may have issues with, er, 'closing deals' Cyber-crime30 Nov 2023 | 3
Locking down Industrial Control Systems SANS unveils online hub with valuable tools and information for cybersecurity professionals defending ICS Sponsored Post
Weak session keys let snoops take a byte out of your Bluetooth traffic BLUFFS spying flaw present in iPhones, ThinkPad, plenty of chipsets Research30 Nov 2023 | 12
US lawmakers have Chinese LiDAR on their threat-detection radar Amid fears Beijing could harvest spatial data, letter suggests Huawei-style bans may be needed Security30 Nov 2023 | 13
Rogue ex-Motorola techie admits cyberattack on former employer, passport fraud Pro tip: Don't use your new work email to phish your old firm Cyber-crime30 Nov 2023 | 5
Uncle Sam probes cyberattack on Pennsylvania water system by suspected Iranian crew CISA calls for stronger IT defenses as Texas district also hit by ransomware crew Cyber-crime29 Nov 2023 | 8
Okta data breach dilemma dwarfs earlier estimates All customer support users told their info was accessed after analysis oversight Security29 Nov 2023 | 14
British Library begins contacting customers as Rhysida leaks data dump CRM databases were accessed and library users are advised to change passwords Cyber-crime29 Nov 2023 | 5
UK government rings the death knell for SIM farms Acts under the guise of protecting the public from fraud, yet history suggests Home Office has other motives Security29 Nov 2023 | 77
Brit borough council apologizes for telling website users to disable HTTPS Planning portal back online with a more secure connection Security29 Nov 2023 | 53
Japan's space agency suffers cyber attack, points finger at Active Directory JAXA is having a tough time in cyberspace and outer space, the latter thanks to an electrical glitch Cyber-crime29 Nov 2023 | 4
Plex gives fans a privacy complex after sharing viewing habits with friends by default Updated Grandma is watching what?! Security28 Nov 2023 | 47
Helping companies defend what attackers want most - their data Varonis introduces Athena AI to transform data security and incident response Partner Content
Europol shutters ransomware operation with kingpin arrests A few low-level stragglers remain on the loose, but biggest fish have been hooked Cyber-crime28 Nov 2023 | 4
A bird’s eye view of your global attack surface Get to know your external attack surface before the cyber criminals map it first Sponsored Post
India's CERT given exemption from Right To Information requests Activists worry investigations may stay secret, and then there's those odd incident reporting requirements Security28 Nov 2023 | 4
'Serial cybercriminal and scammer' jailed for 8 years, told to pay back $1.2M Crook did everything from SIM swaps to fake verified badge scams Cyber-crime28 Nov 2023 | 3
Trio of major holes in ownCloud expose admin passwords, allow unauthenticated file mods Mitigations require mix of updating libraries and manual customer action Patches27 Nov 2023 | 8
Leader of pro-Russia DDoS crew Killnet 'unmasked' by Russian state media Infosec in Brief Also: NXP China attack, Australia can't deliver on ransom payment ban (yet), and Justin Sun's very bad month Security27 Nov 2023 | 11
Education is the foundation of modern cyber defence How to enhance employee career development and retain skilled staff with SANS cyber training Sponsored Post
Ransomware-hit British Library: Too open for business, or not open enough? Opinion Unique institutions need unique security. Instead, they're fobbed off with the same old, same old Cyber-crime27 Nov 2023 | 26
Crypto crasher Do Kwon's extradition approved, but destination is unclear Hey Google, are the jails nicer in South Korea or the US? Cyber-crime27 Nov 2023 | 4
Beijing fosters foreign influencers to spread its propaganda They get access to both China's internet and global platforms, and cash in on both Security27 Nov 2023 | 16
OpenCart owner turns air blue after researcher discloses serious vuln Web storefront maker fixed the flaw, but not before blasting infoseccer Patches24 Nov 2023 | 48
BlackCat claims it is behind Fidelity National Financial ransomware shakedown One of US's largest underwriters forced to shut down a number of key systems Cyber-crime23 Nov 2023 | 1
Industry piles in on North Korea for sustained rampage on software supply chains Kim’s cyber cronies becoming more active, sophisticated in attempts to pwn global orgs Security23 Nov 2023 | 18
Attack on direct debit provider London & Zurich leaves customers with 6-figure backlogs Customers complain of poor comms during huge outage that’s sparked payroll fears Cyber-crime23 Nov 2023 | 15
Stop social engineering at the IT help desk How Secure Service Desk thwarts social engineering attacks and secures user verification Sponsored Post
Mirai malware infects routers and cameras for new botnet Akamai sounds the alarm – won't name the manufacturers yet Cyber-crime23 Nov 2023 | 1
New Relic warns customers it's experienced a cyber … something Users told to hold tight and await instructions as investigation continues Security23 Nov 2023 | 6
North Korea makes finding a gig even harder by attacking candidates and employers That GitHub repo an interviewer wants you to work on could be malware Cyber-crime23 Nov 2023 | 6
How to give Windows Hello the finger and login as someone on their stolen laptop Not that we're encouraging anyone to defeat this fingerprint authentication Research22 Nov 2023 | 90
US nuke reactor lab hit by 'gay furry hackers' demanding cat-human mutants Staff records swiped, leaked by gang who probably read one too many comics, sorry, graphic novels Cyber-crime22 Nov 2023 | 99
US cybercops take on 'pig butchering' org, return $9M in scammed crypto Crims drain wallets of marks after letting them in on 'awesome crypto scheme secret' Security22 Nov 2023 |
Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure? Interview Katie Moussouris, who pioneered Redmond's program, says folks are focusing on the wrong thing CSO22 Nov 2023 | 9
UK's cookie crumble: Data watchdog serves up tougher recipe for consent banners 30 days to get compliant with tracking rules or face enforcement action Security22 Nov 2023 | 45
Binance and CEO admit financial crimes, billions coughed up to US govt Chief quits, pays own penalty after helping crooks launder cash, aiding sanctions evaders Cyber-crime22 Nov 2023 | 37
Sumo Logic wrestles with security breach, pins down customer data Compromised AWS account led to fears that user info could have been exposed to cybercriminals Cyber-crime21 Nov 2023 |
Third-party data breach affecting Canadian government could involve data from 1999 Any govt staffers who used relocation services over past 24 years could be at risk Cyber-crime21 Nov 2023 | 5
Maintaining a state of readiness to deal with cyber attacks Continuous training can help improve EMEA organisations’ ability to fend off the cyber criminals in 2024 Sponsored Post
MOVEit victim count latest: 2.6K+ orgs hit, 77M+ people's data stolen Real-life impact of buggy software laid bare – plus: Avast tries to profit from being caught up in attacks Cyber-crime20 Nov 2023 | 13
Former infosec COO pleads guilty to attacking hospitals to drum up business Admits to taking phones used for 'code blue' emergencies offline and more Cyber-crime20 Nov 2023 | 13
Rhysida ransomware gang: We attacked the British Library Crims post passport scans and internal forms up for 'auction' to prove it Cyber-crime20 Nov 2023 | 29
Your password hygiene remains atrocious, says NordPass Infosec in brief ALSO: FCC cracks down on SIM-swap scams, old ZeroLogon targeted by new ransomware, and critical vulnerabilities Security20 Nov 2023 | 57
LockBit redraws negotiation tactics after affiliates fail to squeeze victims Cybercrime group worried over dwindling payments ... didn't they tell them to Always Be Closing? Cyber-crime17 Nov 2023 | 32
SonicWall swallows Solutions Granted amid cybersecurity demand surge CEO Bob VanKirk makes near-20-year partnership official, teases big things coming to EMEA CSO17 Nov 2023 | 1
Samsung UK discloses year-long breach, leaked customer data Updated Chaebol already the subject of suits for a pair of past indiscretions Security17 Nov 2023 | 4
Look out, Scattered Spider. FBI pumps 'significant' resources into snaring data-theft crew Absence of arrests doesn't mean nothing's happening, cyber-cops insist Cyber-crime17 Nov 2023 | 4
How much to clean up a ransomware infection? For Rackspace, about $11M And that's not counting the incoming lawsuits. Thank goodness for insurance, eh? CSO16 Nov 2023 | 7
Windows Server 2022 update gave ESXi host VMs the blue screen blues Wild idea: Maybe Microsoft could introduce a Quality Copilot to stop pushing broken patches Patches16 Nov 2023 | 17
BlackCat plays with malvertising traps to lure corporate victims Updated Ads for Slack and Cisco AnyConnect actually downloaded Nitrogen malware Research16 Nov 2023 | 1
Royal Mail’s recovery from ransomware attack will cost business at least $12M First time hard figure given on recovery costs for January incident Cyber-crime16 Nov 2023 | 6
Hundreds of websites cloned to run ads for Chinese football gambling outfits Linked to org that UK authorities found once failed its anti-money-laundering obligations Security16 Nov 2023 | 1
Clorox CISO flushes self after multimillion-dollar cyberattack Plus: Ransomware crooks file SEC complaint against victim CSO16 Nov 2023 | 23
Google Workspace weaknesses allow plaintext password theft Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here Research15 Nov 2023 | 2
FBI Director: FISA Section 702 warrant requirement a 'de facto ban' War of words escalates as deadline draws near Security15 Nov 2023 | 56
How cyber training can help you beat the bad guys No matter what stage your security career is at, SANS has resources that will add to your knowledge Sponsored Post
Ransomware more efficient than ever, and baddies are still after your logs Trying times for incident responders who battle fastest-ever ransomware blitz as attackers keep scrubbing evidence clean Research15 Nov 2023 | 3
Another month, another bunch of fixes for Microsoft security bugs exploited in the wild Patch Tuesday Plus: VMware closes critical hole, Adobe fixes a whopping 76 flaws Patches15 Nov 2023 | 17
Russian national pleads guilty to building now-dismantled IPStorm proxy botnet 23K nodes earned operator more than $500K – and now perhaps jail time Cyber-crime14 Nov 2023 | 1
AMD SEV OMG: Trusted execution in VMs undone by bad hypervisors' cache meddling Let's do the CacheWarp again Research14 Nov 2023 | 7
Intel emits patch to squash chip bug that lets any guest VM crash host servers Sapphire Rapids, Alder Lake, Raptor Lake chip families treated for 'Redundant Prefix' Patches14 Nov 2023 | 1
Ransomware royale: US confirms Royal, BlackSuit are linked Royal alone scored $275M in past year as FBI, other agencies hot on merging trail Cyber-crime14 Nov 2023 | 1
Novel backdoor persists even after critical Confluence vulnerability is patched Got a Confluence server? Listen up. Malware said to have wide-ranging capabilities Cyber-crime14 Nov 2023 | 1
Bug hunters on your marks: TETRA radio encryption algorithms to enter public domain Emergency comms standard had five nasty flaws but will be opened to academic research Security14 Nov 2023 | 10
NCSC says cyber-readiness of UK’s critical infrastructure isn’t up to scratch And the world's getting more and more dangerous CSO14 Nov 2023 | 16
Beijing reportedly asked Hikvision to identify fasting students in Muslim-majority province University managment app also tracked library activity, holidays, and much more Security14 Nov 2023 | 27
Passive SSH server private key compromise is real ... for some vulnerable gear OpenSSL, LibreSSL, OpenSSH users, don't worry – you can sit this one out Research14 Nov 2023 | 12