Stolen university credentials up for sale by Russian crooks, FBI warns
Forget dark-web souks, thousands of these are already being traded on public bazaars
Cyber-crime27 May 2022 |
Security
Cloud security unicorn cuts 20% of staff after raising $1.3b
Time to play blame bingo: Markets? Profits? Too much growth? Russia? Space aliens?
CSO27 May 2022 | 10
Talos names eight deadly sins in widely used industrial software
Entire swaths of gear relies on vulnerability-laden Open Automation Software (OAS)
Patches27 May 2022 | 2
GitHub saved plaintext passwords of npm users in log files, post mortem reveals
Unrelated to the OAuth token attack, but still troubling as org reveals details of around 100,000 users were grabbed by the baddies
Security27 May 2022 | 12
This Windows malware uses PowerShell to inject malicious extension into Chrome
And that's a bit odd, says Red Canary
Research27 May 2022 | 9
Let's play everyone's favorite game: REvil? Or Not REvil?
Another day, another DDoS attack that tries to scare the victim into paying up with mention of dreaded gang
Cyber-crime27 May 2022 | 3
China offering ten nations help to run their cyber-defenses and networks
Sure, they’re small Pacific nations, but they’re in very strategic locations
Security27 May 2022 | 24
How to reprogram Apple AirTags, play custom sounds
Voltage glitch here, glitch there, now you can fiddle with location disc's firmware
Research27 May 2022 | 3
Ransomware encrypts files, demands three good deeds to restore data
Shut up and take ... poor kids to KFC?
Research26 May 2022 | 11
Cheers ransomware hits VMware ESXi systems
Now we can say extortionware has jumped the shark
Research26 May 2022 | 3
Campaigners warn of legal challenge against Privacy Shield enhancements
Schrems III on the cards unless negotiators protect better oversight of US data access requests
Security26 May 2022 | 17
Verizon: Ransomware sees biggest jump in five years
We're only here for DBIRs
Research26 May 2022 | 6
Suspected phishing email crime boss cuffed in Nigeria
Interpol, cops swoop with intel from cybersecurity bods
Cyber-crime26 May 2022 | 6
Ex-spymaster and fellow Brexiteers' emails leaked by suspected Russian op
A 'Very English Coop (sic) d'Etat'
Research26 May 2022 | 146
Ransomware grounds some flights at Indian budget airline SpiceJet
Incident comes a week after 'SAP glitch' kept some planes on the taxiway
Cyber-crime26 May 2022 | 5
Millions of people's info stolen from MGM Resorts dumped on Telegram for free
Meanwhile, Twitter coughs up $150m after using account security contact details for advertising
Cyber-crime25 May 2022 | 11
In record year for vulnerabilities, Microsoft actually had fewer
Occasional gaping hole and overprivileged users still blight the Beast of Redmond
Security25 May 2022 | 10
Vehicle owner data exposed in GM credential-stuffing attack
Car maker says miscreants used stolen logins to break into folks' accounts
Security25 May 2022 | 29
Beijing needs the ability to 'destroy' Starlink, say Chinese researchers
Paper authors warn Elon Musk's 2,400 machines could be used offensively
Security25 May 2022 | 127
Quad nations pledge deeper collaboration on infosec, data-sharing, and more
But think tank says its past attempts at working together haven't gone well
Security25 May 2022 | 8
Popular
Amazon investors nuke proposed ethics overhaul and say yes to $212m CEO pay
Workplace safety, labor organizing, sustainability and, um, wage 'fairness' all struck down in vote
When management went nuclear on an innocent software engineer
On Call It says 'Do Not Touch,' not 'Rip Out My Guts'
Broadcom to 'focus on rapid transition to subscriptions' for VMware
Offers comforting vision for core customers, products, channel – though warns efficiencies are coming
GitHub saved plaintext passwords of npm users in log files, post mortem reveals
Unrelated to the OAuth token attack, but still troubling as org reveals details of around 100,000 users were grabbed by the baddies
Ransomware encrypts files, demands three good deeds to restore data
Shut up and take ... poor kids to KFC?
Clonezilla 3: Copy and clone disk images to your heart's content
Even non-sysadmins may find this Linux live ISO handy
Windows Subsystem for Linux 2 splashes down on Win Server 2022
I don't think it's going to happen, I don't think it's going to happen... It happened
Cheers ransomware hits VMware ESXi systems
Now we can say extortionware has jumped the shark
Twitter founder Dorsey beats hasty retweet from the board
As shareholders sue the social network amid Elon Musk's takeover scramble
Confirmed: Broadcom, VMware agree to $61b merger
Unless anyone out there can make a better offer. Oh, Elon?
STORIES
About half of popular websites tested found vulnerable to account pre-hijacking
In detail: Ocean's Eleven-grade ruse in which victims' profiles are rigged from the start
Research25 May 2022 | 11
Indian stock markets given ten day deadline to file infosec report, secure board signoff
Another rush job for busy Indian IT shops
Security25 May 2022 | 8
Predator spyware sold with Chrome, Android zero-day exploits to monitor targets
Or so says Google after tracking 30+ vendors peddling surveillance malware
Research24 May 2022 | 6
Patch now: Zoom chat messages can infect PCs, Macs, phones with malware
Google Project Zero blows lid off bug involving that old chestnut: XML parsing
Patches24 May 2022 | 3
Why do hackers keep coming back to attack you? Because they can
Here’s why relying on manual tooling is like putting your hands up
Webinar
Facebook opens political ad data vaults to researchers
Social network builds FORT to protect against onslaught of regulation, investigation
Security24 May 2022 |
It's 2022 and there are still malware-laden PDFs in emails exploiting bugs from 2017
Crafty file names, encrypted malicious code, Office flaws – ah, it's like the Before Times
Research24 May 2022 | 23
Screencastify fixes bug that would have let rogue websites spy on webcams
School-friendly Chrome extension still not fully protected, privacy guru warns
Patches24 May 2022 | 3
How to find NPM dependencies vulnerable to account hijacking
Security engineer outlines self-help strategy for keeping software supply chain safe
CSO23 May 2022 | 21
Microsoft sounds the alarm on – wait for it – a Linux botnet
Redmond claims the numbers are scary, but won't release them
Security23 May 2022 | 40
South Korean and US presidents gang up on North Korea's cyber-offensives
Less than two weeks into his new gig, Yoon cozies up to Biden as China and DPRK loom
Security23 May 2022 | 3
Conti: Russian-backed rulers of Costa Rican hacktocracy?
In brief Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors
Security21 May 2022 | 11
China-linked Twisted Panda caught spying on Russian defense R&D
Because Beijing isn't above covert ops to accomplish its five-year goals
Security20 May 2022 | 30
Microsoft patches the patch that broke Windows authentication
May 10 update addressed serious vulns but also had problems of its own
Security20 May 2022 | 17
Microsoft Bing censors politically sensitive Chinese terms
Updated Research claims it fails to autofill certain names in Han characters, Microsoft says it's technical error
Research20 May 2022 | 22
Protecting data now as the quantum era approaches
Analysis Startup QuSecure is the latest vendor to jump into the field with its as-a-service offering
Security20 May 2022 | 2
Canada bans Huawei and ZTE from 5G networks, citing national security risks
Ban on shopping from September, rip and replace order with 2024 deadline
Security20 May 2022 | 21
India slightly softens infosec incident reporting and data retention rules
But also makes it plain that offshore entities must comply
Security20 May 2022 |
US won’t prosecute ‘good faith’ security researchers under CFAA
Well, that clears things up? Maybe not
Security20 May 2022 | 38
US recovers a record $15m from the 3ve ad-fraud crew
Swiss banks cough up around half of the proceeds of crime
Security19 May 2022 | 12
Iran, China-linked gangs join Putin's disinformation war online
They're using the invasion 'to take aim at the usual adversaries,' Mandiant told The Reg
Security19 May 2022 | 14
Hot glare of the spotlight doesn’t slow BlackByte ransomware gang
Crew's raids continue worldwide, Talos team warns
Research19 May 2022 | 4
The cyber threat isn’t going anywhere, but the fight back starts in London
CyberThreat 22 returns this September
Sponsored Post
Your snoozing iOS 15 iPhone may actually be sleeping with one antenna open
No, you're not really gonna be hacked. But you may be surprised
Research19 May 2022 | 40
Patch your VMware gear now – or yank it out, Uncle Sam tells federal agencies
Critical authentication bypass revealed, older flaws under active attack
CSO19 May 2022 | 6
Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
Analysis Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D
Research18 May 2022 | 3
How these crooks backdoor online shops and siphon victims' credit card info
FBI and co blow lid off latest PHP tampering scam
Cyber-crime18 May 2022 | 6
Your data's auctioned off up to 987 times a day, NGO reports
Irish Council on Civil Liberties said this is first time the scope of real-time bidding is being measured
Security18 May 2022 | 31
Microsoft warns partners to revoke unused authorizations that drive your software
June debut of zero trust GDAP tool should make it harder for crims to attack through MSPs and resellers
Security18 May 2022 | 7
State of internet crime in Q1 2022: Bot traffic on the rise, and more
According to this cybersecurity outfit that wants your business, anyway
Cyber-crime18 May 2022 | 6
Monero-mining botnet targets Windows, Linux web servers
Sysrv-K malware infects unpatched tin, Microsoft warns
Cyber-crime18 May 2022 | 10
FBI warns of North Korean cyberspies posing as foreign IT workers
Looking for tech talent? Kim Jong-un's friendly freelancers, at your service
CSO17 May 2022 | 10
Pentester pops open Tesla Model 3 using low-cost Bluetooth module
Anything that uses proximity-based BLE is vulnerable, claim researchers
Research17 May 2022 | 51
Google assuring open-source code to secure software supply chains
Java and Python packages are the first on the list
Security17 May 2022 | 3
Facebook rated least safe e-commerce option in government rankings
Singapore's safety scheme measures scam-combatting capability
Cyber-crime17 May 2022 | 2
Europe moves closer to stricter cybersecurity standards, reporting regs
More types of biz fall under expanded rules – and fines for those who fall short
CSO17 May 2022 | 9
Venezuelan cardiologist charged with 'designing and selling ransomware'
If his surgery was as bad as his opsec, this chap has caused a lot of trouble, allegedly
Cyber-crime17 May 2022 | 11
China reveals its top five sources of online fraud
'Brushing' tops the list, as quantity of forbidden content continue to rise
Cyber-crime17 May 2022 | 15
US brings first-of-its-kind criminal charges of Bitcoin-based sanctions-busting
Citizen allegedly moved $10m-plus in BTC into banned nation
Cyber-crime16 May 2022 | 5
San Francisco police use driverless cars for surveillance
In brief Plus: Tech giants commit $30m to open-source security, miscreants breach DEA portal, and US signs cybercrime treaty
Cyber-crime16 May 2022 | 18
Shopping for malware: $260 gets you a password stealer. $90 for a crypto-miner...
We take a look at low, low subscription prices – not that we want to give anyone any ideas
Research14 May 2022 | 6
Ukrainian crook jailed in US for selling thousands of stolen login credentials
Touting info on 6,700 compromised systems will get you four years behind bars
Cyber-crime13 May 2022 | 5
Another ex-eBay exec admits cyberstalking web souk critics
David Harville is seventh to cop to harassment campaign
Cyber-crime13 May 2022 | 10
Software patching must work like car safety recalls, says US cyber boss
Black Hat Asia Adds infosec regulation coming to more industries but with a light touch, more collaboration
CSO13 May 2022 | 30
Most organizations hit by ransomware would pay up if hit again
Nine out of ten organizations would do it all over again, keeping attackers in business
Research13 May 2022 | 34
'Peacetime in cyberspace is a chaotic environment' says senior US advisor
Black Hat Asia The internet is now the first battleground of any new war – before the shooting starts
Cyber-crime13 May 2022 | 2
Iran-linked Cobalt Mirage extracts money, info from US orgs – report
Khamenei, can you just not? Not right now, fam
Research13 May 2022 | 3
Researchers find 134 flaws in the way Word, PDFs, handle scripts
Black Hat Asia ‘Cooperative mutation’ spots problems that checking code alone will miss
Security13 May 2022 | 27
To predict the targets of Chinese malware, look at the target of Chinese laws
Black Hat Asia Around the time Beijing banned online gambling, RATs started targeting operators, say Taiwanese researchers
Security13 May 2022 | 3
Anatomy of a campaign to inject JavaScript into compromised WordPress sites
Reverse-engineered code redirects visitors to dodgy corners of the internet
Research13 May 2022 | 8
If you've got Intel inside, you probably need to get these security patches inside, too
So. Many. BIOS. Bugs
Patches12 May 2022 | 9
Ransomware the final nail in coffin for small university
Lincoln College shuttering after 157 years, ransomware attack from Iran final straw
Security12 May 2022 | 47
APT gang 'Sidewinder' goes on two-year attack spree across Asia
Black Hat Asia Launches almost 1,000 raids, plenty with upgraded malware
Security12 May 2022 |
It's time to kick China off social media, says tech governance expert
Black Hat Asia 'Mischief abroad' is the Middle Kingdom's goal – without the possibility of using Chinese sites to fight back
Security12 May 2022 | 36
Europe proposes tackling child abuse by killing privacy, strong encryption
If we're gonna go through this again, can we just literally go back in time?
Security12 May 2022 | 130
Ukraine war a sorting hat for cyber-governance loyalties: Black Hat founder Jeff Moss
Black Hat Asia Private orgs that flex with Russian bans may do more harm – to themselves – than good
Security12 May 2022 | 19
Five Eyes turn spotlight on MSPs: Potential weak links in IT supply-chain security
We can think of one thing the S stands for in some unfortunate cases
CSO11 May 2022 | 8
Fresh ransomware samples indicate REvil is back
Secureworks' investigation only the latest evidence Kaseya and JBS attackers are on the move again
Security11 May 2022 | 1
Yahoo Japan strives for universal passwordless authentication
30! million! users! already! moved! to! TXT! and/or! FIDO! Attacks! and! support! requests! both! down!
Security11 May 2022 | 13
Microsoft closes Windows LSA hole under active attack
Plus many more flaws. And Adobe, Android, SAP join the bug-squashing frenzy
Patches11 May 2022 | 7
Email domain for NPM lib with 6m downloads a week grabbed by expert to make a point
Special report Campaign to coax GitHub-owned outfit to improve security starts showing results
CSO10 May 2022 | 47
US, Europe formally blame Russia for data wiper attacks against Ukraine, Viasat
Thank goodness someone cleared that one up
CSO10 May 2022 | 9
Malware goes regional as attackers change tactics
SEO techniques employed to increase visibility of poisoned documents claims Netskope
Security10 May 2022 | 1
Industry pushes back against India's data security breach reporting requirements
Filling in a form at 4am improves infosec or privacy how, exactly?
CSO10 May 2022 | 13
Biden signs cybercrime tracking bill into law
All part of a larger push by the Feds to improve cybersecurity reporting
Cyber-crime09 May 2022 | 9
It costs just $7 to rent DCRat to backdoor your network
Budget-friendly tool breaks the you-get-what-you-pay-for rule
Research09 May 2022 | 10
US offers $15m reward for information about Conti ransomware gang
The State Department notice comes in wake of the cybercrims’ attack on Costa Rican government
Security09 May 2022 | 1
Ransomware plows through farm machinery giant AGCO
John Deere rival says it may be days or 'potentially longer' before some production facilities are back in action
Security09 May 2022 | 18
Microsoft Security Experts: Humans and automation to fight off cyber threats
"We live this fight ourselves everyday," Microsoft says of enterprise attacks
Security09 May 2022 | 9
Colonial Pipeline faces nearly $1m fine one year after ransomware attack
In Brief Plus: Unpatched DNS bug puts IoT devices at risk, SolarWinds hackers set up new digs, and a CEO faces hard time for massive mining fraud
Security09 May 2022 | 8
China wants its youth to stop giving livestreamers money
Internet regulator puts a few practices in place – including viewing curfews and bans on tips
Security09 May 2022 | 29
India's ongoing outrage over Pegasus malware tells a bigger story about privacy law problems
Analysis Stalled law satisfies few and has even been identifed as likely to damage growth
Security08 May 2022 | 16
False-flag cyberattacks a red line for nation-states, says Mandiant boss
NSA director says he doesn't know of a 'big one' that was successful
CSO07 May 2022 | 27
Cryptocurrency laundromat Blender shredded by US Treasury in sanctions first
Helping North Korea? Uncle Sam would like a word
Cyber-crime06 May 2022 | 31
Walking away from ransomware unscathed. Can you? Really?
Hear how from Wendi Whitmore and more at Rubrik’s FORWARD conference
Sponsored Post
Bank for International Settlements calls for reform of data governance
Wants Big Tech to butt out, and return control to individuals
Security06 May 2022 | 10
F5, Cisco admins: Stop what you're doing and check if you need to install these patches
Updated BIG-IP iControl authentication bypass, NFV VM escape, and more
Patches06 May 2022 | 6
FBI: Cyber-scams cost victims $6.9b-plus worldwide in 2021
Another banner year for criminals. For everyone else, not so much
Cyber-crime05 May 2022 | 8
Microsoft, Apple, Google accelerate push to eliminate passwords
Analysis Passphrases PIP'd, FIDO and W3C projects promoted
CSO05 May 2022 | 76
Google chases sovereignty market with EU Workspace Data product
Woos European firms who don't want their data caught in the US Cloud Act dragnet
Security05 May 2022 |
