Mozilla patches critical Firefox vuln that attackers are already exploiting Firefixed: It's maintenance time for low-complexity, high-impact security flaw Cybersecurity Month10 Oct 2024 | 6
Dutch cops reveal takedown of 'world's largest dark web market' Two arrested after allegedly trying to make off with their ill-gotten gains Cybersecurity Month10 Oct 2024 | 10
OpenAI says Chinese gang tried to phish its staff Claims its models aren't making threat actors more sophisticated - but is helping debug their code Cybersecurity Month10 Oct 2024 | 1
Internet Archive leaks user info and succumbs to DDoS 31 million users' usernames, email addresses and salted-encrypted passwords are out there Cybersecurity Month10 Oct 2024 | 12
Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware USB sticks help, but it's unclear how tools that suck malware from them are delivered Cybersecurity Month09 Oct 2024 | 14
Smart TVs are spying on everyone Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change Cybersecurity Month09 Oct 2024 | 60
Marriott settles for a piddly $52M after series of breaches affecting millions Intruders stayed for free on the network between 2014 and 2020 Cyber-crime09 Oct 2024 | 7
Microsoft cleans up hot mess of Patch Tuesday preview Go forth and install your important security fixes Cybersecurity Month09 Oct 2024 | 4
Ransomware gang Trinity joins pile of scumbags targeting healthcare As if hospitals and clinics didn't have enough to worry about Cybersecurity Month09 Oct 2024 | 6
Asian crime gangs are growing – fast – thanks to AI and other tech UN report finds Telegram, cryptocurrency are tools of a growing 'criminal service economy' Cybersecurity Month09 Oct 2024 | 7
Microsoft issues 117 patches – some for flaws already under attack Patch Tuesday Plus: SAP re-patches a failed patch for critical-rated flaw Cybersecurity Month08 Oct 2024 | 4
Qualcomm urges device makers to push patches after 'targeted' exploitation Given Amnesty's involvement, it's a safe bet spyware is in play Patches08 Oct 2024 |
Google brings better bricking to Androids, to curtail crims Improved security features teased in May now appearing around the world Cybersecurity Month08 Oct 2024 | 23
Feds reach for sliver of crypto-cash nicked by North Korea's notorious Lazarus Group A couple million will do for a start … but Kim's crews are suspected of stealing much more Cybersecurity Month08 Oct 2024 | 2
American Water rinsed in cyberattack, turns off app It's still safe to drink, top provider tells us Cybersecurity Month07 Oct 2024 | 12
Chinese cyberspies reportedly breached Verizon, AT&T, Lumen Salt Typhoon may have accessed court-ordered wiretaps and US internet traffic Security07 Oct 2024 | 6
'Critical' CUPS vulnerability chain easy to use for massive DDoS attacks Infosec In Brief Also, rooting for Russian cybercriminals, a new DDoS record, sneaky Linux server malware and more Cybersecurity Month07 Oct 2024 | 5
UK's Sellafield nuke waste processing plant fined £333K for infosec blunders Radioactive hazards and cyber failings ... what could possibly go wrong? Cybersecurity Month05 Oct 2024 | 21
About a quarter million Comcast subscribers had their data stolen from debt collector Cable giant says ransomware involved, FBCS keeps schtum Cybersecurity Month04 Oct 2024 | 6
Apple fixes bug that let VoiceOver shout your passwords Not a great look when the iGiant just launched its first password manager Cybersecurity Month04 Oct 2024 | 6
Starlink was offered for free to those hit by Hurricane Helene. It is not entirely free Updated And now SpaceX clarifies special promotion
Switching customers from Linux to BSD because boring is good EuroBSDcon 2024 Stability? Predictability? Reliability? Where's the fun in that?
US lawmakers dig into FCC's $900M Starlink snub in wake of Hurricane Helene Nearly a billion dollars in rural broadband subsidies wouldn't go amiss
Missing Thunderbirds footage found in British garden shed Video 5, 4, 3, 2, 1, new Supermarionation is GO!
Eric Schmidt: Build more AI datacenters, we aren't going to 'hit climate goals anyway' Perhaps the power-draining tech is the solution after all, posits former Google CEO
National Public Data files for bankruptcy, admits 'hundreds of millions' potentially affected One-man-band faces a mountain of lawsuits but has few assets
Using iPhone Mirroring at work? You might have just overshared to your boss What does IT glimpse but a dating app on your wee little screen
Copilot's crudeness has left Microsoft chasing Google, again Opinion Surely Redmond knows that almost nobody has tamed unstructured data?
Microsoft issues 117 patches – some for flaws already under attack Patch Tuesday Plus: SAP re-patches a failed patch for critical-rated flaw
Qualcomm urges device makers to push patches after 'targeted' exploitation Given Amnesty's involvement, it's a safe bet spyware is in play
Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds 'You can build this in a few days – even as a very naïve developer' Cybersecurity Month04 Oct 2024 | 113
Big brands among thousands infected by payment-card-stealing CosmicSting crooks Updated Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says Cybersecurity Month04 Oct 2024 | 6
Sensitive data on 61K+ patients accessed in Alabama hospital cyberattack Intruder pored over medical records, insurance details, Social Security numbers in some cases Cybersecurity Month03 Oct 2024 |
DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks Winter is coming Cybersecurity Month03 Oct 2024 | 7
Average North American CISO pay now $565K, mainly thanks to one weird trick Best way to boost your package is to leave, or pretend to Cybersecurity Month03 Oct 2024 | 12
Two British-Nigerian men sentenced over multimillion-dollar business email scam Fraudsters targeted local government, colleges, and construction firms in Texas and North Carolina Cybersecurity Month03 Oct 2024 | 13
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant Exclusive Crooks 'like a sysadmin, with a malicious slant' Cybersecurity Month03 Oct 2024 | 3
Brits hate how big tech handles their data, but can't be bothered to do much about it Managing the endless stream of cookie banners leaves little energy for anything else Cybersecurity Month03 Oct 2024 | 37
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking With 14 serious security flaws found, what a gift for spies and crooks Cybersecurity Month02 Oct 2024 | 21
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing Poor use of PHP include() strikes again Cybersecurity Month02 Oct 2024 | 4
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline Cybersecurity Month02 Oct 2024 | 8
'Patch yesterday': Zimbra mail servers under siege through RCE vuln Attacks began the day after public disclosure Cybersecurity Month02 Oct 2024 | 5
Euro cops arrest 4 including suspected LockBit dev chilling on holiday And what looks like proof stolen data was never deleted even after ransom paid Cybersecurity Month01 Oct 2024 | 15
NCA unmasks man it suspects is both 'Evil Corp kingpin' and LockBit affiliate Aleksandr Ryzhenkov alleged to have extorted around $100M from victims, built 60 LockBit attacks Cybersecurity Month01 Oct 2024 |
Australian e-tailer digiDirect customers' info allegedly stolen and dumped online Full names, contact details, and company info – all the fixings for a phishing holiday Cybersecurity Month01 Oct 2024 |
Rackspace internal monitoring web servers hit by zero-day Exclusive Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Cybersecurity Month30 Sep 2024 | 10
Ransomware forces hospital to turn away ambulances Only level-one trauma unit in 400 miles crippled Cybersecurity Month30 Sep 2024 | 19
Red team hacker on how she 'breaks into buildings and pretends to be the bad guy' Interview Alethe Denis exposes tricks that made you fall for that return-to-office survey Cybersecurity Month29 Sep 2024 | 67
Canada to remove China’s top messaging app WeChat from government devices Kaspersky also on the way out due to ‘unacceptable level of risk to privacy and security' Cybersecurity Month31 Oct 2023 | 11
SolarWinds charged after SEC says biz knew IT was leaky ahead of SUNBURST attack Developer labels action 'unfounded' after company and CISO slapped with suit for misleading investors Cybersecurity Month31 Oct 2023 | 9
Bug bounty hunters load up to stalk AI and fancy bagging big bucks Google offers AI-specific rewards, HackerOne sees more specializations Cybersecurity Month27 Oct 2023 | 1
Telcos should compensate phished subscribers, suggests Singapore Regulator reckons letting scam texts through is a culpable act Cybersecurity Month26 Oct 2023 | 6
Seiko watches 60K personal data records tick away in BlackCat ransomware heist Investigations ongoing as full extent of July breach is questioned Cybersecurity Month25 Oct 2023 |
Spanish phisherfolk caught in cops' net in multi-million-euro catch Crooks swindled about €3 million from victims Cybersecurity Month25 Oct 2023 | 1
After six days and thousands of pwned users, Cisco poised to patch IOS XE flaw Security in brief ALSO: SolarWinds using plaintext passwords; North Korea attacks TeamCity; Critical vulns, and more Cybersecurity Month22 Oct 2023 | 3
International Criminal Court blames spies for 'targeted and sophisticated attack' Tell us it's Russia without telling us it's Russia Cybersecurity Month21 Oct 2023 | 13
Indian authorities raid fake tech support rings after tipoff from Amazon and Microsoft Also went after crypto-crooks who sought money to buy miners for fake token Cybersecurity Month20 Oct 2023 | 38
‘How not to hire a North Korean plant posing as a techie’ guide updated by US and South Korean authorities Advise turning off and never using remote desktop protocol, prohibiting private VPNs, not trusting recruiters’ due diligence Cybersecurity Month19 Oct 2023 | 51
San Francisco mayor suggests police drones and CCTV can cure city's crime woes Suggests bodycam footage should replace paperwork for simple arrests Cybersecurity Month19 Oct 2023 | 30
Paying for WinRAR in all the wrong ways - Russia and China hitting ancient app Incidentally, Windows 11 has native rar support now Cybersecurity Month18 Oct 2023 | 22
Critical Citrix bug exploited by data thieves weeks before being patched Updated Time to close those active sessions Cybersecurity Month18 Oct 2023 |
Governments resent their dependence on Big Tech Singapore summit hears how private sector's constant security sins create risk for sovereigns Cybersecurity Month18 Oct 2023 | 22
Five Eyes intel chiefs warn China's IP theft program now at 'unprecedented' levels Spies come in from the cold for their first public chinwag Cybersecurity Month18 Oct 2023 | 31
Malware crooks find an in with fake browser updates, in case real ones weren't bad enough Researchers say ransomware could be on the horizon if success continues Cybersecurity Month18 Oct 2023 | 2
X marks the bot: Musk thinks spammers won't pay $1 a year Annual fee won't be profitable, will require registration of phone number Cybersecurity Month18 Oct 2023 | 69
Cisco's critical zero-day bug gets even worse – 'thousands' of IOS XE devices pwned Good news: There's a free scanner to check your kit. Bad news: Still no fix Cybersecurity Month17 Oct 2023 | 15
Cisco zero-day bug allows router hijacking and is being actively exploited We'd say 'Hurry up and patch' but it hasn't written one yet. While you wait, disable HTTP Cybersecurity Month16 Oct 2023 | 12
Signal shoots down zero-day rumors, finds 'no evidence' of device takeover Looks to be related to critical libwebp bug found — and fixed — last month Cybersecurity Month16 Oct 2023 | 6
Australia threatens X with fine, warns Google, for failure to comply with child abuse handling report regs Elon Musk's social network provided no response – or junk – to official inquiries about its safety practices Cybersecurity Month16 Oct 2023 | 18
EPA flushes water supply cybersecurity rule after losing legal fight with industry, states What could possibly go wrong? Cybersecurity Month13 Oct 2023 | 38
Can open source be saved from the EU's Cyber Resilience Act? Opinion The road to Hell is paved with good intentions, and for open source this is a well meaning cluster fudge Cybersecurity Month13 Oct 2023 | 82
Equifax scores £11.1M slap on wrist over 2017 mega breach Not quite a pound for every one of the 13.8 million affected UK citizens, and it could have been more Cybersecurity Month13 Oct 2023 | 11
Chinese citizens feel their government is doing such a fine job with surveillance They know they're being watched and don't mind - maybe because Beijing says it improves safety Cybersecurity Month13 Oct 2023 | 38
Europe mulls open sourcing TETRA emergency services' encryption algorithms Turns out secrecy doesn't breed security Cybersecurity Month12 Oct 2023 | 26
Casino giant Caesars tells thousands: Yup, ransomware crooks stole your data House always wins, er, wait ... Cybersecurity Month12 Oct 2023 | 13
Microsoft takes another run at closing Exchange brute-force security hole Meanwhile, Exchange Online is on the fritz Cybersecurity Month11 Oct 2023 | 13
CISOs' salary growth slows – with pay gap widening We still doubt any infosec leaders will be going without heating this winter Cybersecurity Month11 Oct 2023 | 2
From chaos to cadence: Celebrating two decades of Microsoft's Patch Tuesday Feature IT folks look back on 20 years of what is now infosec tradition Cybersecurity Month11 Oct 2023 | 17
Ransomwared health insurer wasn't using antivirus software PhilHealth blames government procurement rules for license expiry and issues phishing warnings Cybersecurity Month11 Oct 2023 | 15
Vietnam accused of Predator spyware attack on EU and US politicians Awkward, seeing as the US and Vietnam just announced a refreshed relationship Cybersecurity Month10 Oct 2023 | 1
FTC: Please stop falling for social media scams, you've given crooks at least $650M so far this year Internet considered harmful Cybersecurity Month07 Oct 2023 | 68
Online tracking is alive and well in link decoration Analysis The pending death of third-party cookies won't do much for other privacy intrusions Cybersecurity Month06 Oct 2023 | 17
China uses Alibaba's Euro logistic hub to spy on stuff, Belgian intelligence fears Cloud and e-commerce giant mussels up, says allegations are waffle Cybersecurity Month06 Oct 2023 | 12
Improving defense of US space assets isn't rocket science. Oh wait Can Booz Allen Hamilton get systems engineered with $630M and 7 years? Cybersecurity Month05 Oct 2023 | 4
Pacific telco backed by Australia, Japan, US bins Huawei Nokia looks a more diplomatic choice at Digicel Cybersecurity Month05 Oct 2023 | 2
FEMA to test emergency alert system US-wide today Updated Americans are used to drills :( Cybersecurity Month04 Oct 2023 | 62
North Korea's Lazarus Group upgrades its main malware LightningCan evades infosec tools in new and interesting ways Cybersecurity Month04 Oct 2023 | 4
Russia to ban all VPNs – again – says senator Putin Zuck out of business is one goal of this repeat effort to close off internet tunnels Cybersecurity Month04 Oct 2023 | 39
Arm patches GPU driver bug exploited by spyware to snoop on targets As Qualcomm warns of similar fixes coming for its chips Cybersecurity Month03 Oct 2023 | 5
Microsoft Defender 'finally' stops flagging Tor Browser as malware Just because you're paranoid… Cybersecurity Month03 Oct 2023 | 8
Japan drives for infosec self-sufficiency – at least in one layer of deep defenses CYNEX Alliance brings industry, government, and academia together to share info and devise tools Cybersecurity Month03 Oct 2023 |
US State Dept has no idea if its IT security actually works, say auditors Updated End-of-life systems still in use, poor inventory control, and China's hunting Cybersecurity Month02 Oct 2023 | 9
Feds hopelessly behind the times on ransomware trends in alert to industry Better late than never, we guess Cybersecurity Month02 Oct 2023 | 6
Ukraine accuses Russian spies of hunting for war-crime info on its servers Russian have shifted tactics in the first half of 2023, with mixed results Cybersecurity Month26 Sep 2023 | 21
Mixin suspends deposits and withdrawals after $200m cryptocurrency heist Cloud provider blamed for loss of 20% of exchange's capital Cybersecurity Month25 Sep 2023 | 37
Apple squashes security bugs after iPhone flaws exploited by Predator spyware Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab Cybersecurity Month22 Sep 2023 | 6
ESA gets the job of building Europe's secure satcomms network IRIS2 oversight deal signed as constellation’s schedule slips, and Ariane 6 hits another snag Cybersecurity Month22 Sep 2023 | 4
US govt IT help desk techie 'leaked top secrets' to foreign nation National defense files can earn you $55K … and espionage charges Cybersecurity Month21 Sep 2023 | 15