When MFA fails, defense in depth is key
It started with a phish - never thought it would come to this
Sponsored feature
Security
Cryptocurrency-mining AWS Lambda-specific malware spotted
From serverless to server, yes!
Security07 Apr 2022 | 4
Hamas-linked cyber-spies 'target high-ranking Israelis'
Sensitive info swiped from Windows and Android devices, according to report
Security06 Apr 2022 | 6
Feds take down Kremlin-backed Cyclops Blink botnet
Control systems scrubbed, hijacked network devices need to be patched and cleaned
Security06 Apr 2022 | 3
Block claims ex-employee downloaded customer data after leaving firm
Leak highlights worker offboarding policies as SaaS use grows
Security06 Apr 2022 | 10
UK spy agencies sharing bulk personal data with foreign allies was legal, says court
Yes, that thing they've never publicly admitted they do
Security06 Apr 2022 | 22
Apple patched critical flaws in macOS Monterey but not in Big Sur nor Catalina
About 35-40% of iGiant's desktop OS installs potentially vulnerable, says Intego
Patches06 Apr 2022 | 70
Feds slay dark-web souk Hydra: Servers and $25m in crypto-coins seized
US also charges Russia-based web host owner regarding cyber-crime market
Security05 Apr 2022 | 20
US State Department opens cybersecurity policy bureau
Some in tech industry are ecstatic: 'A historic step forward' and timing 'couldn't be any better'
Security05 Apr 2022 | 3
GitHub tackles leaks by scanning for secrets in pushed code
Repo updates inspected for security blunders before some git can exploit them
Security05 Apr 2022 | 6
Cooler heads needed in heated E2EE debate, says think tank
RUSI argues for collaboration, while others note all 'scans' compromise secure encryption
Security05 Apr 2022 | 45
Testing, testing, testing: Why Red Teaming is a must for every CISO
Our Vectra Masked CISO series tackles some of the biggest issues in security and how to overcome them
Advertorial
Bank had no firewall license, intrusion or phishing protection – guess the rest
Crooks used RAT to hijack superusers at India's Mahesh Bank, stole millions
Security05 Apr 2022 | 96
Mailchimp: Crook stole cryptocurrency clients' mailing-list subscriber info
Staff socially engineered into handing over internal system credentials
Security05 Apr 2022 | 13
Mandiant shareholder sues to block $5.4b Google deal
Investors given 'materially incomplete and misleading' info, it is claimed
Security04 Apr 2022 | 3
Welcome to the Age of Zero Trust
Rules-based systems don't work, says Darktrace
Sponsored Feature
Borat RAT: Multiple threat of ransomware, DDoS and spyware
Thought Sacha Baron Cohen was a terrible threat actor? Get a load of this: encrypts/steals data, records audio/video and controls keyboard
Security04 Apr 2022 | 6
Emma Sleep Company admits checkout cyber attack
Customers wake to a nightmare as payment data pilfered from UK website
Security04 Apr 2022 | 33
Crooks use fake emergency data requests to get personal info out of Big Tech – report
In Brief Plus: Hive hits health-care org, law enforcement ransomware response is lacking, and orgs can't meet new disclosure rules
Security02 Apr 2022 | 20
GitLab issues critical update after hard-coding passwords into accounts
Fixed passphrases for OmniAuth users not such a great idea
Security01 Apr 2022 | 6
More charged in UK Lapsus$ investigation
Two teenagers arrested as part of police probe into extortion group
Security01 Apr 2022 | 8
Google: Russian credential thieves target NATO, Eastern European military
Also: Belarusian miscreants pivot to browser-in-the-browser attacks
Security01 Apr 2022 | 12
Modem-wiping malware caused Viasat satellite broadband outage in Europe
And software nasty may have a VPNFilter link, too
Security01 Apr 2022 | 29
National Security Agency employee indicted for 'leaking top secret info'
Managed to send material from his private email address, it is claimed
Security01 Apr 2022 | 31
Apple emits macOS, iOS, iPadOS patches for 'exploited' security bugs
Nothing like a little kernel-level memory snooping, code execution
Security31 Mar 2022 | 4
Patch now: RCE Spring4shell hits Java Spring framework
You didn't have any plans for the weekend anyway, did you?
Security31 Mar 2022 | 8
Nvidia DGX systems prone to side channel, covert attacks
Reverse engineering yields sticky microarchitectural vulnerabilities
Security31 Mar 2022 |
Expect 'long tail of cyber retaliation' from Russia for sanctions, says ExtraHop CEO
'We have this small moment in time where we can make improvements in our defensive posture'
Security31 Mar 2022 | 12
Cryptomining groups fight fiercely for cloud resources
Oh look, someone else who thinks on-prem is old hat
Security31 Mar 2022 | 10
UK spy boss warns China hopes Russia will help it take over tech standards
Speech also alleges Russian troops in Ukraine have mutinied, shot down own plane
Security31 Mar 2022 | 68
Russia, Iran, Saudi Arabia are top sources of online misinformation
Think tank fears future studies of this sort may be harder as social networks withdraw data
Security31 Mar 2022 | 28
Yale finance director stole $40m in computers to resell on the sly
Ill-gotten gains bankrolled swish life of flash cars and real estate
Security31 Mar 2022 | 33
Zlib crash-an-app bug finally squashed, 17 years later
Patch actually released this time
Security30 Mar 2022 | 23
Ubiquiti sues Krebs on Security for defamation
Network equipment maker insists it acted responsibly following intrusion
Security30 Mar 2022 | 38
Viasat spills on the Russian attack, warns of continued risks
A misconfigured VPN appliance is to blame
Security30 Mar 2022 | 8
VMware Horizon platform pummeled by Log4j-fueled attacks
Miscreants deployed cryptominers, backdoors since late December, Sophos says
Security30 Mar 2022 | 4
Electric Vehicle DC charging tripped by a wireless hack
No EVs were damaged in the making of this report
Security30 Mar 2022 | 41
UK Cyber Security Centre advises review of risk posed by Russian tech
Suggests it's prudent to plan for Putin weaponizing Russian products
Security30 Mar 2022 | 13
Lapsus$ back? Researchers claim extortion gang attacked software consultancy Globant
Updated Meanwhile, Okta squirms as further details of slow hack response emerge
Security30 Mar 2022 | 6
Detailed: Critical hijacking bugs that took months to patch in Microsoft Azure Defender for IoT
SQL injection, race condition, bad cryptographic check pave way for infrastructure network takeovers
Security30 Mar 2022 | 4
Mutating Verblecon malware in illicit cryptomining ... so far
Symantec team warns ransomware and spying could be next
Security29 Mar 2022 |
Mnuchin's private equity firm buys security startup Zimperium for $525m
Mnuchin to be board chair of Softbank-backed security startup Zimperium
Security29 Mar 2022 |
Ukraine security agency shutters Russian disinformation bot farms
Operators used social media to distort status of fighting, instill panic in residents
Security29 Mar 2022 | 17
Cybercrooks target students with fake job opportunities
Legit employers don't normally send a check before you've started – or ask you to send money to a Bitcoin address
Security29 Mar 2022 | 21
IcedID malware, in the hijacked email thread, with the insecure Exchange servers
Windows backdoor shows off some interesting techniques
Security29 Mar 2022 | 3
Sophos fixes critical hijack flaw in firewall offering
Authentication bypass followed by remote-code execution at the network boundary
Security28 Mar 2022 |
Google Chrome, Microsoft Edge patched in race against exploitation
Another bug squashed in JavaScript engine
Security28 Mar 2022 | 5
China APT group using Russia invasion, COVID-19 in phishing attacks
Mustang Panda deploys variant of Korplug malware to target European officials and ISPs
Security28 Mar 2022 |
Triton malware still a threat to energy sector, FBI warns
In Brief Plus: Ransomware gangster sentenced, Dell patches more Log4j bugs, and cartoon apes gone bad
Security28 Mar 2022 | 1
The first step to data privacy is admitting you have a problem, Google
Opinion Android messaging heist isn't the action of a well company. Let us help
Security28 Mar 2022 | 106
Will Chinese giants defy US sanctions on Russia? We asked a ZTE whistleblower
Just look at Ericsson and ISIS, Ashley Yablon says
Security28 Mar 2022 | 47
Okta acknowledges 'mistake' in handling of Lapsus$ attack
Changes story again to say customers weren't in danger, admits it waited for incident report instead of asking tough questions
Security28 Mar 2022 | 11
Kaspersky, China Telecom, China Mobile named 'threats to US national security'
First Russian addition to FCC's Very Naughty List apparently unconnected to illegal invasion of Ukraine
Security28 Mar 2022 | 24
‘Precursor malware’ infection may be sign you're about to get ransomware, says startup
As more and more biz pays up to restore data, we're told
Security26 Mar 2022 | 15
Unit 42: Ransomware demands we're aware of averaged $2.2m last year
Conti, REvil declared most active criminal gangs
Security25 Mar 2022 | 3
Atlassian flags Bitbucket and Confluence Data Center flaws
Cluster tech vulnerability means either patching or port tinkering could be on the cards
Security25 Mar 2022 | 4
Hackers remotely start, unlock Honda Civics with $300 tech
Any models made between 2016 and 2020 can have key fob codes sniffed and re-transmitted
Security25 Mar 2022 | 111
How AI can fend off supply-chain attacks
Vendor email compromise is big risk, says Darktrace
Sponsored feature
US DoJ reveals Russian supply chain attack targeting energy sector
Poisoned SCADA apps could have disrupted power supply – perhaps even at nuclear plants
Security25 Mar 2022 | 9
Distributor dumps Kaspersky to show solidarity with Ukraine
Security software vendor saddened but says its channel is holding firm
Security25 Mar 2022 | 33
