FAANGs failing on keeping user data safe from bug hunters Black Hat Time to call in the legal team Security12 Aug 2022 | 2
Higher risks and premiums are creating critical gap in cyber insurance Black Hat Most organizations don’t have the financial resources necessary to address ransomware and other cyberattacks, BlackBerry says Security11 Aug 2022 | 1
Security needs to learn from the aviation biz to avoid crashing Black Hat video 'Until someone has to go to jail for doing it wrong the teeth are not going to be the same' Security11 Aug 2022 | 13
Russian invasion has dangerously destabilized cyber security norms Black Hat The inside scoop on the Ukrainian IT army, and what could happen next Security11 Aug 2022 | 8
AWS and Splunk partner for faster cyberattack response Black Hat OCSF initiative will give enterprise security teams an open standard for moving and analyzing threat data Security11 Aug 2022 |
Ex-CIA security boss predicts coming crackdown on spyware Black Hat video Plus, spoiler alert: ransomware is gonna get a lot worse Security11 Aug 2022 | 1
Sonatype spots another PyPI package behaving badly Identity of a real person was used to lend credence to a package that dropped cryptominer in memory Cyber-crime11 Aug 2022 |
Don't be surprised if your organization suffers multiple cyberattacks Black Hat Failing to fix flaws, a crowded threat group scene, RaaS, and dependencies among crooks are fueling the trend Security11 Aug 2022 | 3
Making the cloud a safer place with SANS Get advice from experts on how to nail cloud native security in a multi-cloud world Sponsored Post
Cisco admits corporate network compromised by gang with links to Lapsus$ Voice-phished their way in, but Switchzilla claims no damage done Security11 Aug 2022 | 6
Meta privacy red team lead: Does your business know its privacy adversaries? Black Hat Ethical hackers, but for privacy programs Security11 Aug 2022 | 4
Boffins rate npm and PyPI package security and it's not good Guess what? Open source security still has gaps Security11 Aug 2022 | 14
Ex-CISA chief Krebs calls for US to get serious on security Black Hat Black Hat kicks off with call for single infosec agency with real clout and less confused crossover Security10 Aug 2022 | 9
As Black Hat kicks off, the US government is getting the message on hiring security talent Black Hat Katie Moussouris tells it like it is Security10 Aug 2022 | 9
Maui ransomware linked to North Korean group Andariel Attack origins point to April 2021 first strike on Japanese target Security10 Aug 2022 | 1
Google's bug bounty boss: Finding and patching vulns? 'Totally useless' Disclosing exploits, however, will earn you $100k Security10 Aug 2022 | 12
Cloudflare: Someone tried to pull the Twilio phishing tactic on us too Attack was foiled by content delivery network's hardware security keys Security10 Aug 2022 | 8
Businesses should dump Windows for the Linux desktop Opinion It makes perfect sense for enterprises as well as enthusiasts. Just ask GitLab Security10 Aug 2022 | 232
Patch Tuesday: Yet another Microsoft RCE bug under active exploit Oh, and that critical VMware auth bypass vuln? Miscreants found it, too Security09 Aug 2022 | 7
Businesses should dump Windows for the Linux desktop Opinion It makes perfect sense for enterprises as well as enthusiasts. Just ask GitLab
DoE digs up molten salt nuclear reactor tech, taps Los Alamos to lead the way back The collaborative effort pits supercomputers against the agency's corrosive reactor research
Microsoft asks staff to think twice before submitting expenses Business travel, outside training, and picnic overheads all under watchful gaze of Redmond's accountants
The sins of OneDrive as Microsoft's cloud storage service turns 15 Opinion SkyDrive? Placeholders? Outages? Yes, it's all gone swimmingly
Google tells Apple to 'fix text messaging' in bid to promote RCS protocol iMessage talks to Android users via outdated SMS/MMS, ad giant complains
Rescuezilla 2.4 is here: Grab it before you need it A fork of Redo Rescue that outdoes the original – and beats Clonezilla too
Cloudflare: Someone tried to pull the Twilio phishing tactic on us too Attack was foiled by content delivery network's hardware security keys
Google's bug bounty boss: Finding and patching vulns? 'Totally useless' Disclosing exploits, however, will earn you $100k
NetBSD 9.3: A 2022 OS that can run on late-1980s hardware Need a cold shower? This is xNix like Windows users imagine it still is
Facebook hands over chats to cops in post-Roe abortion case 'If your business model depends on more aggressive surveillance, maybe you need a new business model'
APIC fail: Intel 'Sunny Cove' chips with SGX spill secrets AMD Zen chips, meanwhile, are vulnerable to side-channel data scrying Security09 Aug 2022 | 1
Malicious deepfakes used in attacks up 13% from last year, VMware finds Plus: Crooks swimming around your network, looking for a way in, says Incident Response Threat Report Security09 Aug 2022 |
Microsoft's fix for 'data damage' risk hits PC performance 'AES-based operations might be two times slower' without latest updates Security09 Aug 2022 | 23
Chinese scammers target kids with promise of extra gaming hours Cyberspace regulator's fraud report finds all is not well behind the Great Firewall Cyber-crime09 Aug 2022 | 5
China-linked spies used six backdoors to steal info from defense, industrial enterprise orgs We're 'highly likely' to see similar attacks, Kaspersky warned Security09 Aug 2022 | 6
US treasury whips up sanctions for crypto mixer Tornado Cash Being the money launderer for North Korea’s Lazarus Group comes at a price Cyber-crime08 Aug 2022 | 20
Twilio customer data exposed after its staffers got phished Comms giant says several other firms targeted in 'sophisticated attack' Cyber-crime08 Aug 2022 | 13
Microsoft tightens Edge security for less visited websites We're pretty sure that doesn't mean it's safe to click on sketchy popups Security08 Aug 2022 | 13
Slack leaked hashed passwords from its servers for years Users who created shared invitation links for their workspace had login details slip out among encrypted traffic Security08 Aug 2022 | 11
Dark Utilities C2 service draws thousands of cyber criminals Nascent platform provides miscreants an easier and cheaper way to launch remote access, DDoS, and other attacks Security08 Aug 2022 | 1
DuckDuckGo says Hell, Hell, No to those Microsoft trackers after web revolt In brief Plus: That Twitter privacy leak, scammers send Ubers for victims, critical flaw in Cisco gear, and more Security06 Aug 2022 | 38
Hi, I'll be your ransomware negotiator today – but don't tell the crooks that Interview What it's like bargaining with criminals ... and advising clients suffering their worst day yet CSO06 Aug 2022 | 41
Nomad to crypto thieves: Please give us back 90%, keep 10% as a reward. Deal? The Feds may see things differently Cyber-crime05 Aug 2022 | 17
Warning! Critical flaws found in US Emergency Alert System DEF CON may be about to blow lid off security hole Patches05 Aug 2022 | 14
Critical flaws found in four Cisco SMB router ranges – for the second time this year At least Switchzilla thinks they're salvageable, unlike the boxes it ordered binned back in June Security05 Aug 2022 | 14
Bloke robbed of $800,000 in cryptocurrency by fake wallet app wants payback from Google I got played via the Play store Cyber-crime04 Aug 2022 | 57
Taiwanese military reports DDoS in wake of Pelosi visit Controversial visit to Taiwan continues to reverberate through cyberspace, the real world, and the semiconductor industry Security04 Aug 2022 | 36
India scraps data protection law in favor of better law coming … sometime Tech giants and digital rights groups didn't like it, but at least it was a law Security04 Aug 2022 | 5
Student crashes Cloudflare beta party, redirects email, bags a bug bounty Simple to exploit, enough to pocket $3,000 Research04 Aug 2022 | 8
UK Parliament bins its TikTok account over China surveillance fears Plan to educate the children turned out to be a 'won't someone think of the children?' moment Security04 Aug 2022 | 42
Solana, Phantom blame Slope after millions in crypto-coins stolen from 8,000 wallets SOL holders literally S.O.L. Cyber-crime04 Aug 2022 | 35
Microsoft widens enterprise access to its threat intelligence pool Organizations can be more proactive in tracking threats, finding holes in their protection Security03 Aug 2022 |
Ex-T-Mobile US store owner phished staff, raked in $25m from unlocking phones That's just the tip of the iceberg – and now he faces potentially years in the clink Cyber-crime03 Aug 2022 | 15
Sonatype shines light on typosquatting ransomware threat in PyPI It's all fun and games until somebody gets their files encrypted Security03 Aug 2022 | 7
You can’t choose when you’ll be hit by ransomware, but you can choose how you prepare Without a road to recovery, you’re just going to be roadkill Sponsored Feature
NortonLifeLock and Avast $8.6b deal gets provisional yes from UK regulator Plus: Even market authorities can't seem to keep up with Microsoft's Defender branding Security03 Aug 2022 | 6
Post-quantum crypto cracked in an hour with one core of an ancient Xeon NIST's nifty new algorithm looks like it's in trouble Research03 Aug 2022 | 82
Nancy Pelosi ties Chinese cyber-attacks to need for Taiwan visit And as if to confirm the link, a DDoS takes out Taiwan's presidential website ahead of senior politico's arrival Security03 Aug 2022 | 113
VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws Meanwhile, a security update for rsync Patches03 Aug 2022 | 1
How a crypto bridge bug led to a $200m 'decentralized crowd looting' Flash mob exploits Nomad's validation code blunder Security02 Aug 2022 | 24
Robinhood's crypto unit hit with $30m fine over security, anti-crime misses Updated And just lays off about a quarter of staff CSO02 Aug 2022 | 4
How cybercrims embrace messaging apps to spread malware, communicate Underground forums are so last year. Telegram, Discord offer better privacy, functionality to criminals, says Intel 471 Security02 Aug 2022 | 5
Bot army risk as 3,000+ apps found spilling Twitter API keys Please stop leaving credentials where miscreants can find them Security02 Aug 2022 | 18
Miscreants aim to cause Discord discord with malicious npm packages LofyLife campaign comes amid GitHub security lockdown Research02 Aug 2022 | 2
Charges filed over $300m 'textbook pyramid and Ponzi scheme' crypto startup Financial watchdog accuses 11 of playing role in alleged scam Cyber-crime02 Aug 2022 | 17
Defence against the dark arts of ransomware Locking in safeguards against incursion with Rubrik Zero Trust Security Webinar
Akamai: We stopped record DDoS attack in Europe A 'sophisticated, global botnet' held an Eastern European biz under siege over 30 days Cyber-crime01 Aug 2022 | 12
Spyware developer charged by Australian Police after 14,500 sales Asia In Brief PLUS: India open to space tourism; China/Indonesia infosec pact; Paytm denies breach; Infosys dodges government again; and more Security01 Aug 2022 | 2
Tim Hortons offers free coffee and donut to settle data privacy invasion claims In brief Also, malicious VBA macros are out and container files are in, Robin Banks helps criminals rob banks, and more Security30 Jul 2022 | 36
This is what to expect when a managed service provider gets popped MSP should just stand for My Server's Pwned! Cyber-crime30 Jul 2022 | 11
Feds put $10m bounty on Putin pal accused of bankrolling US election troll farm Just in time for the midterms Cyber-crime29 Jul 2022 | 54
Decentralized IPFS networks forming the 'hotbed of phishing' P2P file system makes it more difficult to detect and take down malicious content Security29 Jul 2022 | 23
BreachForums booms on the back of billion-record Chinese data leak Plenty of recent users appear to be from China, and hoping for more leaks of local data Security29 Jul 2022 |
Businesses confess: We pass cyberattack costs onto customers Cover an average of $4.4 million per raid ourselves? No chance, mate Security29 Jul 2022 | 21
US court system suffered 'incredibly significant attack' – sealed files at risk Effects still being felt today across US government Security29 Jul 2022 | 15
JPMorgan, UBS among trio accused of shoddy ID theft protection SEC extracts pocket change from bankers, wags finger, sends them on their way Cyber-crime28 Jul 2022 | 2
Suspected radiation alert saboteurs cuffed by cops after sensors disabled You might say the police were in their element Security28 Jul 2022 | 22
Google brings Street View back to India following 2016 ban This time local companies provide the images and there's no mention of national security worries Security28 Jul 2022 | 10
FileWave fixes bugs that left 1,000+ orgs open to ransomware, data theft Internet-connected MDM instances, each with an 'unrestricted number' of managed devices, were vulnerable Security27 Jul 2022 | 5
We're likely only seeing 'the tip of the iceberg' of Pegasus spyware use against the US House intel chair raises snoop tool concerns as Google and others call for greater crack down Security27 Jul 2022 | 19
US puts $10 million bounty on North Korean cyber-crews Kim will be shaking in his shoes Security27 Jul 2022 | 7
Apple network traffic takes mysterious detour through Russia Land of Putin capable of attacking routes in cyberspace as well as real world Security27 Jul 2022 | 30
AWS ups security for Elastic Block Store, Kubernetes service Stretching its security software a bit further Security27 Jul 2022 |
Knotweed Euro cyber mercenaries attacking private sector, says Microsoft Reports seeing 'offensive actor' flinging SubZero malware Security27 Jul 2022 | 4
Time from vulnerability disclosures to exploits is shrinking Palo Alto Networks Unit 42 incident response team warns of patch speedups Security27 Jul 2022 |
Weak data protection helped China attack US Federal Reserve, report says Details of adversarial tradecraft detailed, includes many email accounts Cyber-crime27 Jul 2022 | 2
IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe Big Blue says it helped developed the algos, so knows what it's doing Security27 Jul 2022 | 10
Vietnamese attacker circumvents Facebook security with ‘DUCKTAIL’ malware Session cookies and 2FA subversion allow takeover of biz and ad accounts, lead to unauthorized ad buys Research27 Jul 2022 | 8
Charter told to pay $7.3b in damages after cable installer murders grandmother Broadband giant says it will appeal jury verdict in negligence case Cyber-crime27 Jul 2022 | 83
Crypto exchange Kraken reportedly hunted by the Feds for alleged sanctions busting Plus: Coinbase said to face SEC wrath, blockchain scam CEO admits using victims' millions to fund Hawaiian condo Cyber-crime26 Jul 2022 | 10
Culture shock: Ransomware gang sacks arts orgs' email lists Don't worry, the crooks totally deleted the data and promised not to use it for evil Cyber-crime26 Jul 2022 | 4
Luca Stealer malware spreads rapidly after code handily appears on GitHub Cool, another Rust project ... Oh Security26 Jul 2022 | 3
With ransomware, the road to recovery starts well before you’re attacked Learn how to orchestrate your survival strategy here Webinar
Ransomware less popular this year, but malware up: SonicWall cyber threat report Be ready for a rebound, and protect yourself with patching and segmentation Security26 Jul 2022 | 1
Cyber security training to fit your summer plans A flexible approach to cyber security training and certification from SANS & GIAC Sponsored Post
LockBit ransomware gang claims it ransacked Italy’s tax agency Miscreants boast of 78GB haul, officials say everything's fine Security26 Jul 2022 | 7
Node.js prototype pollution is bad for your app environment Boffins find common code constructs that may be exploitable to achieve remote code execution Research25 Jul 2022 | 5
T-Mobile US to cough up $550m after info stolen on 77m customers Oops, did the Un-carrier under-count by 29m punters? CSO25 Jul 2022 | 8
Twitter launches probe after miscreants claim to have swiped 5.4m users' details And yes, Musk is back in the headlines, denying another affair Cyber-crime25 Jul 2022 | 7
Cyber-mercenaries for hire represent shifting criminal business model Emerging threat group offers a broad range of attack services Security25 Jul 2022 | 9
DoJ approves Google's acquisition of Mandiant In Brief Plus: Ukrainian fake news and Uber admits covering up data breach Security25 Jul 2022 | 2
Infosec not your job but your responsibility? How to be smarter than the average bear Opinion Many of last week's security stories tell the same tale Security25 Jul 2022 | 20
Realizing your software has a vulnerability is bad. Realizing you’ve shipped it to thousands of customers… How bad can it be? Find out with this webinar Webinar
My Big Coin founder is – you guessed it – a $6m crypto-fraudster Con man blew victims' cash on antiques, artwork, other riches Cyber-crime22 Jul 2022 | 54
Microsoft closes off two avenues of attack: Office macros, RDP brute-forcing Blockade against VBA scripts in downloaded files is back on by default CSO22 Jul 2022 | 15
Don't dive head first into that crypto pool, FBI warns Liquidity scams cost victims more than $70m, agents say Cyber-crime22 Jul 2022 | 18
At the edge, nobody can hear your IoT devices scream … Red Hat’s approach to locking down remote industrial networks and data processing facilities Sponsored Feature
British intelligence recycles old argument for thwarting strong encryption: Think of the children! Comment Levy and Robinson are at it again Security22 Jul 2022 | 185
Russia, Iran discuss tech manufacturing, infosec and e-governance collaboration Proposed working group would see Moscow's miltech conglomerate Rostec operate in Tehran Security22 Jul 2022 | 20
Ex-Coinbase manager charged in first-ever crypto insider trading case Exec, his brother, and a pal raked in $1.5m in illicit gains, Feds claim Cyber-crime21 Jul 2022 | 21