Linux kernel logic allowed Spectre attack on 'major cloud provider' Kernel 6.2 ditched a useful defense against ghostly chip design flaw Security14 Apr 2023 | 19
To improve security, consider how the aviation world stopped blaming pilots When admitting to an error isn't seen as a failure, improvement easy to achieve, says pilot-turned-CISO Security14 Apr 2023 | 69
Pentagon super-leak suspect cuffed: 21-year-old Air National Guardsman When bragging about your job on Discord gets just a little out of hand? Cyber-crime13 Apr 2023 | 96
How insecure is America's FirstNet emergency response system? Seriously, anyone know? Senator Wyden warns full probe needed into vital comms network Security12 Apr 2023 | 9
FBI: How fake Xi cops prey on Chinese nationals in the US 你好 [insert name], 我在 Ministry of Public Security 工作 [insert shakedown] Cyber-crime12 Apr 2023 | 17
3CX teases security-focused client update, plus password hashing As Mandiant finds more evidence it was North Korea wot done it Security12 Apr 2023 | 4
US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster It's not all doom and gloom because ML also amplifies defensive efforts, probably CSO12 Apr 2023 | 13
Another zero-click Apple spyware maker just popped up on the radar again Pegasus, pssh, you so 2000-and-late Research12 Apr 2023 | 8
April Patch Tuesday: Ransomware gangs already exploiting this Windows bug Plus Google, SAP, Adobe and Cisco emit fixes Patches11 Apr 2023 | 9
Azure admins warned to disable shared key access as backdoor attack detailed The default is that sharing is caring as Redmond admits: 'These permissions could be abused' CSO11 Apr 2023 | 10
40% of IT security pros say they've been told not to report a data leak In Brief Plus: KFC, Pizza Hut owner spills more beans on ransomware hit... latest critical flaws... and more Cyber-crime11 Apr 2023 | 16
How much to infect Android phones via Google Play store? How about $20k Or whatever you managed to haggle with these miscreants Cyber-crime10 Apr 2023 | 9
Inside FTX: Jokes about misplaced funds, diabolical IT, poor oversight, and worse How's the saying go? $50m here, $50m there, pretty soon you're talking real money Cyber-crime10 Apr 2023 | 22
Apple squashes iOS, macOS zero-day bugs already exploited by snoops Keep calm and install patches before abuse becomes widespread Patches10 Apr 2023 | 1
Google to kill Dropcam, Nest Secure hardware next year Great, more company for Stadia, Duo and pals in the graveyard Security10 Apr 2023 | 43
Microsoft, Fortra are this fed up with cyber-gangs abusing Cobalt Strike Oh, sure, let's play a game of legal and technical whack-a-mole Cyber-crime10 Apr 2023 | 8
When it comes to technology, securing your future means securing your present How to build cyber resiliency in the face of complexity Sponsored Feature
MSI hit in cyberattack, warns against installing knock-off firmware 1.5TB of databases, source code, BIOS tools said to be stolen Cyber-crime07 Apr 2023 | 8
Welcome to open source, Elon. Your Twitter code just got a CVE for shadow ban bug Plus: Substack shanked by bitter Twitter? Research07 Apr 2023 | 14
It's this easy to seize control of someone's Nexx 'smart' home plugs, garage doors Netizens urged to disconnect kit after 40,000-plus devices found riddled with dumb bugs Security07 Apr 2023 | 41
With ICMP magic, you can snoop on vulnerable HiSilicon, Qualcomm-powered Wi-Fi WPA stands for will-provide-access, if you can successfully exploit a target's setup Security07 Apr 2023 | 19
CAN do attitude: How thieves steal cars using network bus It starts with a headlamp and fake smart speaker, and ends in an injection attack and a vanished motor Research06 Apr 2023 | 198
Criminal records office yanks web portal offline amid 'cyber security incident' ACRO says payment data safe, other info may have been snaffled Cyber-crime06 Apr 2023 | 20
Cops cuff teenage 'Robin Hood hacker' suspected of peddling stolen info Luxury cars and designer duds don't seem very prince of thieves Cyber-crime06 Apr 2023 | 25
Cops put the squeeze on Genesis crime souk denizens, not just the admins this time Feds managed to image entire backend server with full details Cyber-crime05 Apr 2023 | 1
Microsoft tells admins to autoreview your Autopatch alerts or autolose the service And you wouldn't want that ... would you? Security05 Apr 2023 | 20
Notorious stolen credential warehouse Genesis Market seized by FBI Operation Cookie Monster crumbles stolen data-as-a-service vendor Cyber-crime05 Apr 2023 | 12
Feds seize $112m in cryptocurrency linked to 'pig-butchering' finance scams Thieves go nose-to-tail stripping cash from victims Cyber-crime04 Apr 2023 | 13
Can ChatGPT bash together some data-stealing code? With the right prompts, sure But nothing a keen beginner couldn't do, anyway Security04 Apr 2023 | 12
UK data watchdog fines TikTok £12.7M for failing to protect kids Some 1.4 million under-13s used the app in 2020 by the ICO's estimates Security04 Apr 2023 | 10
Bank rewrote ads for infosec jobs to stop scaring away women Blokes happily bluffed; women played it by the book, leaving the bank struggling to hire Security04 Apr 2023 | 111
Hey Siri, use this ultrasound attack to disarm a smart-home system We speak to the boffins behind latest trick to fool Google Assistant, Cortana, Alexa Security04 Apr 2023 | 61
Uber driver info stolen yet again: This time from law firm Never mind software supply chain attacks, lawyers are the new soft target? Cyber-crime03 Apr 2023 | 14
April brings tulips, taxes ... and phisherfolk scammers Tactical#Octopus: Don't let users click on that zip file Research03 Apr 2023 | 6
Western Digital confirms digital burglary, calls the cops Thinks info from internal systems 'obtained' by miscreant, unsure of nature or scope data Cyber-crime03 Apr 2023 | 10
3CX thought supply chain attack was a false positive Updated 'It's not unusual for VoIP apps' says CEO Cyber-crime03 Apr 2023 | 23
Vietnam threatens to cut off two million mobile subscribers To scupper scams, account-holders must hand over personal info or else Security03 Apr 2023 | 7
School principal resigns after writing $100,000 check to Elon Musk impersonator In Brief ALSO: DJI forgets the 'B' in 'BCC,' and this week's critical known exploits Security03 Apr 2023 | 90
Ukrainian cops nab suspects accused of stealing $4.3m from victims across Europe If the price looks too good to be true, it probably is Cyber-crime01 Apr 2023 | 13
NYPD blues: Cops ignored 93 percent of surveillance law rules Who watches the watchmen? The Office of the Inspector General Security31 Mar 2023 | 17
Psst! Infosec bigwigs: Wanna be head of security at HM Treasury for £50k? Juicy private sector job vs … money off a season travel ticket Security31 Mar 2023 | 77
NHS Highland 'reprimanded' by data watchdog for BCC blunder with HIV patients 'Serious breach of trust' says ICO, 'stakes too high' for mistakes in cases like this Security31 Mar 2023 | 26
Pro-Russia cyber gang Winter Vivern puts US, Euro lawmakers in line of fire Winter is coming for NATO countries Security31 Mar 2023 | 9
Leaked IT contractor files detail Kremlin's stockpile of cyber-weapons Snowden-esque 'Vulkan' dossier links Moscow firm to FSB, GRU, SRV Defense Tech Week31 Mar 2023 | 28
Azure blunder left Bing results editable, MS 365 accounts potentially exposed 'BingBang' boo-boo affected other internal Microsoft apps, too Security30 Mar 2023 | 12
AlienFox malware caught in the cloud hen house Malicious toolkit targets misconfigured hosts in AWS and Office 365 Security30 Mar 2023 |
Do you use comms software from 3CX? What to do next after biz hit in supply chain attack Miscreants hit downstream customers with infostealers Cyber-crime30 Mar 2023 | 25
Microsoft uses carrot and stick with Exchange Online admins If you need extra time to dump RPS, OK, but email from unsupported Exchange servers is blocked till they’re up to date Spotlight on RSA30 Mar 2023 | 16
Warning: Your wireless networks may leak data thanks to Wi-Fi spec ambiguity How someone can nab buffered info, by hook or by kr00k Spotlight on RSA30 Mar 2023 | 15
Another year, another North Korean malware-spreading, crypto-stealing gang named Mandiant identifies 'moderately sophisticated' but 'prolific' APT43 as global menace Spotlight on RSA30 Mar 2023 | 2
Smugglers busted sneaking tech into China 'Intel inside' a suspiciously baggy t-shirt gave the game away – as did a truckload of parts Security30 Mar 2023 | 27
Malware disguised as Tor browser steals $400k in cryptocash Beware of third party downloads Security30 Mar 2023 |
Microsoft Defender shoots down legit URLs as malicious Updated Those hoping to use nefarious websites like, er, Zoom are overrun by alerts. Redmond 'investigating' Security29 Mar 2023 | 25
EU mandated messaging platform love-in is easier said than done: Cambridge boffins Digital Market Act interoperability requirement a social challenge as well as a technical one Security29 Mar 2023 | 56
FTX cryptovillain Sam Bankman-Fried charged with bribing Chinese officials Court gives him new rules: Use one laptop, while living with the 'rents. Cyber-crime29 Mar 2023 | 52
DDoS DNS attacks are old-school, unsophisticated … and they’re back So why would you handle them on your own? Sponsored Feature
China urges Apple to improve security and privacy It's a juicy market that welcomes foreign investment, National development boss reminds Tim Cook Security29 Mar 2023 | 7
Apple patches all the iThings, including iOS 15 hole under attack right now Issue identified in February but owners of older kit weren't warned Patches28 Mar 2023 | 11
Google again accused of willfully destroying evidence in Android antitrust battle Updated Starting to see a pattern here? Judge seems to think so Security28 Mar 2023 | 35
President Biden kind of mostly bans commercial spyware from US govt Executive order has loopholes for Uncle Sam's snoop tools and American-made code Cyber-crime28 Mar 2023 | 15