Gang gobbles 15K credentials from cloud and email providers' garbage Git configs Emeraldwhale looked sharp – until it made a common S3 bucket mistake Research31 Oct 2024 | 2
LottieFiles supply chain attack exposes users to malicious crypto wallet drainer A scary few Halloween hours for team behind hugely popular web plugin Cyber-crime31 Oct 2024 | 11
Chinese attackers accessed Canadian government networks – for five years India makes it onto list of likely threats for the first time Cybersecurity Month31 Oct 2024 | 15
Russian spies use remote desktop protocol files in unusual mass phishing drive The prolific Midnight Blizzard crew cast a much wider net in search of scrummy intel Cyber-crime30 Oct 2024 | 18
Cast a hex on ChatGPT to trick the AI into writing exploit code 'It was like watching a robot going rogue' says researcher Cybersecurity Month29 Oct 2024 | 28
Belgian cops cuff 2 suspected cybercrooks in Redline, Meta infostealer sting US also charges an alleged Redline dev, no mention of an arrest Cyber-crime29 Oct 2024 | 1
Admins better Spring into action over latest critical open source vuln Patch up: The Spring framework dominates the Java ecosystem Security29 Oct 2024 | 1
Five Eyes nations tell tech startups to take infosec seriously. Again Only took 'em a year to dish up some scary travel advice, and a Secure Innovation … Placemat? Cybersecurity Month29 Oct 2024 | 14
Brazen crims selling stolen credit cards on Meta's Threads Exclusive The platform 'continues to take action' against illegal posts, we're told Cyber-crime28 Oct 2024 | 20
Delta officially launches lawyers at $500M CrowdStrike problem Legal action comes months after alleging negligence by Falcon vendor Cybersecurity Month28 Oct 2024 | 23
Dutch cops pwn the Redline and Meta infostealers, leak 'VIP' aliases Legal proceedings underway with more details to follow Cybersecurity Month28 Oct 2024 | 5
AWS Cloud Development Kit flaw exposed accounts to full takeover Remember Bucket Monopoly? Yeah, it gets worse Cybersecurity Month24 Oct 2024 | 13
Ransomware's ripple effect felt across ERs as patient care suffers 389 US healthcare orgs infected this year alone Cybersecurity Month24 Oct 2024 | 1
Here's a NIS2 compliance checklist since no one cares about deadlines anymore Only two EU members have completed the transposition into domestic law Cybersecurity Month24 Oct 2024 | 11
Perfctl malware strikes again as crypto-crooks target Docker Remote API servers Attacks on unprotected servers reach 'critical level' Cybersecurity Month24 Oct 2024 | 1
FortiManager critical vulnerability under active attack Updated Security shop and CISA urge rapid action Cybersecurity Month23 Oct 2024 | 7
Millions of Android and iOS users at risk from hardcoded creds in popular apps Azure Blob Storage, AWS, and Twilio keys all up for grabs Cybersecurity Month23 Oct 2024 | 17
Akira ransomware is encrypting victims again following pure extortion fling Crooks revert to old ways for greater efficiency Cybersecurity Month22 Oct 2024 | 2
Pixel perfect Ghostpulse malware loader hides inside PNG image files Miscreants combine it with an equally tricky piece of social engineering Cybersecurity Month22 Oct 2024 | 34
macOS HM Surf vuln might already be under exploit by major malware family Like keeping your camera and microphone private? Patch up Cybersecurity Month21 Oct 2024 | 16
Mysteries in polar orbit – space's oldest working hardware still keeps its secrets Opinion It's never aliens, but it could be underground TV repair techs
Volunteer DEF CON hackers dive into America's leaky water infrastructure Six sites targeted for security clean-up, just 49,994 to go
China has utterly pwned 'thousands and thousands' of devices at US telcos Senate Intelligence Committee chair says his 'hair is on fire' as execs front the White House
Imagine a land in which Big Tech can't send you down online rabbit holes or use algorithms to overcharge you China is trying to become that land, with a government crackdown on the things that make the internet no fun
Network engineer chose humiliation over a night on the datacenter floor Who, Me? To avoid lock-in, it helps if you remember your keys
Microsoft shuttering dedicated licensing education, certification site Spreading the content around other places – and may also sprinkle some AI in because why not
We can clone you wholesale: Boffins build ML agents that respond like specific people Oh, AI wanna be like you, AI wanna walk like you, talk like you, too
Russian spies may have moved in next door to target your network Infosec in brief Plus: Microsoft seizes phishing domains; Helldown finds new targets; Illegal streaming with Jupyter, and more
QNAP NAS users locked out after firmware update snafu Affected customers gripe about storage biz's tech support
Smile! UK cops spend tens of millions on live facial recognition tech Labour government keen, though critics paint it as a severe threat to privacy
Jetpack fixes 8-year-old flaw affecting millions of WordPress sites In Brief - Updated Also, new EU cyber reporting rules are live, exploiters hit the gas pedal, free PDNS for UK schools, and more Security18 Oct 2024 | 5
Spectre flaws continue to haunt Intel and AMD as researchers find fresh attack method The indirect branch predictor barrier is less of a barrier than hoped Cybersecurity Month18 Oct 2024 | 28
Alleged Bitcoin crook faces 5 years after SEC's X account pwned SIM swappers strike again, warping cryptocurrency prices Cybersecurity Month18 Oct 2024 | 14
ESET denies it was compromised as Israeli orgs targeted with 'ESET-branded' wipers Says 'limited' incident isolated to 'partner company' Cybersecurity Month18 Oct 2024 | 3
Biz hired, and fired, a fake North Korean IT worker – then the ransom demands began 'My webcam isn't working today' is the new 'The dog ate my network' Cybersecurity Month18 Oct 2024 | 41
Someone's tried sneaking semiconductor secrets out of South Korea's patent office Government hardens up infosec to stop this - as you would when Samsung and SK hynix are massive parts of your economy Cybersecurity Month18 Oct 2024 | 5
Healthcare Services Group discloses 'cybersecurity incident' in SEC filing Laundry and dining provider still investigating cause and scope Cybersecurity Month18 Oct 2024 | 5
Brazilian police claim they've cuffed serial cybercrook behind FBI and Airbus attacks Early stage opsec failures lead to landmark arrest of suspected serial data thief Cybersecurity Month17 Oct 2024 | 3
WeChat devs introduced security flaws when they modded TLS, say researchers No attacks possible, but enough issues to cause concern Cybersecurity Month17 Oct 2024 | 15
Anonymous Sudan isn't any more: Two alleged operators named, charged Gang said to have developed its evilware on GitHub – then DDoSed GitHub Cybersecurity Month17 Oct 2024 | 5
US contractor pays $300K to settle accusation it didn't properly look after Medicare users' data Resolves allegations it improperly stored screenshots containing PII that were later snaffled Cybersecurity Month16 Oct 2024 | 7
Internet Archive wobbles back online, with limited functionality DDoS detectives deduce Mirai used to do the deed, using home entertainment boxes in Korea, China, and Brazil Cybersecurity Month16 Oct 2024 | 14
Google's memory safety plan includes rehab for unsafe languages Large C and C++ codebases will be around for the 'foreseeable future' Cybersecurity Month16 Oct 2024 | 30
Pentagon stumped by mystery drone swarm flying over Langley Air Force Base Not that there's anything important there – just F-22s and stuff Cybersecurity Month15 Oct 2024 | 85
China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it Enough with the racist-sounding 'dragons' and 'pandas', Beijing complains – then points the finger at koalas Cybersecurity Month15 Oct 2024 | 17
US healthcare org admits up to 400,000 people's personal info was snatched It waited till just before Columbus Day weekend to make mandated filing, but don't worry, we saw it Cybersecurity Month14 Oct 2024 | 3
Would banning ransomware insurance stop the scourge? White House official makes case for ending extortion reimbursements Cybersecurity Month14 Oct 2024 | 87
Trump campaign arms up with 'unhackable' phones after Iranian intrusion Florida man gets his hands on 'the best ever' Cybersecurity Month14 Oct 2024 | 144
Thousands of Fortinet instances vulnerable to actively exploited flaw No excuses for not patching this nine-month-old issue Cybersecurity Month14 Oct 2024 | 8
Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption With an off-the-shelf D-Wave machine, but only against very short keys Cybersecurity Month14 Oct 2024 | 23
Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between Reading, writing, and cyber mayhem, amirite? Cybersecurity Month13 Oct 2024 | 32
INC ransomware rebrands to Lynx – same code, new name, still up to no good Researchers point to evidence that scumbags visited the strategy boutique Cybersecurity Month11 Oct 2024 | 10
Ukraine cyber cops collar man who allegedly hooked citizens up to Russian internet 'Self-taught hacker' facing a possible 15 years in the slammer Cybersecurity Month11 Oct 2024 | 10
FBI created a cryptocurrency so it could watch it being abused It worked – alleged pump and dump schemers arrested in UK, US and Portugal this week Cybersecurity Month11 Oct 2024 | 54
Fore-get about privacy, golf tech biz leaves 32M data records on the fairway Researcher spots 110 TB of sensitive info sitting in unprotected database Cybersecurity Month10 Oct 2024 | 36
CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame Usual three-week window to address significant risks to federal agencies applies Cybersecurity Month10 Oct 2024 |
Mozilla patches critical Firefox vuln that attackers are already exploiting Firefixed: It's maintenance time for low-complexity, high-impact security flaw Cybersecurity Month10 Oct 2024 | 26
Dutch cops reveal takedown of 'world's largest dark web market' Two arrested after allegedly trying to make off with their ill-gotten gains Cybersecurity Month10 Oct 2024 | 16
OpenAI says Chinese gang tried to phish its staff Claims its models aren't making threat actors more sophisticated - but is helping debug their code Cybersecurity Month10 Oct 2024 | 4
Internet Archive user info stolen in cyberattack, succumbs to DDoS 31M folks' usernames, email addresses, salted-encrypted passwords now out there Cybersecurity Month10 Oct 2024 | 22
Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware USB sticks help, but it's unclear how tools that suck malware from them are delivered Cybersecurity Month09 Oct 2024 | 24
Smart TVs are spying on everyone Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change Cybersecurity Month09 Oct 2024 | 127
Marriott settles for a piddly $52M after series of breaches affecting millions Intruders stayed for free on the network between 2014 and 2020 Cyber-crime09 Oct 2024 | 9
Microsoft cleans up hot mess of Patch Tuesday preview Go forth and install your important security fixes Cybersecurity Month09 Oct 2024 | 5
Ransomware gang Trinity joins pile of scumbags targeting healthcare As if hospitals and clinics didn't have enough to worry about Cybersecurity Month09 Oct 2024 | 6
Asian crime gangs are growing – fast – thanks to AI and other tech UN report finds Telegram, cryptocurrency are tools of a growing 'criminal service economy' Cybersecurity Month09 Oct 2024 | 7
Microsoft issues 117 patches – some for flaws already under attack Patch Tuesday Plus: SAP re-patches a failed patch for critical-rated flaw Cybersecurity Month08 Oct 2024 | 6
Qualcomm urges device makers to push patches after 'targeted' exploitation Given Amnesty's involvement, it's a safe bet spyware is in play Patches08 Oct 2024 |
Google brings better bricking to Androids, to curtail crims Improved security features teased in May now appearing around the world Cybersecurity Month08 Oct 2024 | 24
Feds reach for sliver of crypto-cash nicked by North Korea's notorious Lazarus Group A couple million will do for a start … but Kim's crews are suspected of stealing much more Cybersecurity Month08 Oct 2024 | 2
American Water rinsed in cyber attack, turns off app Updated It's still safe to drink, top provider tells us Cybersecurity Month07 Oct 2024 | 12
Chinese cyberspies reportedly breached Verizon, AT&T, Lumen Salt Typhoon may have accessed court-ordered wiretaps and US internet traffic Security07 Oct 2024 | 6
'Critical' CUPS vulnerability chain easy to use for massive DDoS attacks Infosec In Brief Also, rooting for Russian cybercriminals, a new DDoS record, sneaky Linux server malware and more Cybersecurity Month07 Oct 2024 | 5
UK's Sellafield nuke waste processing plant fined £333K for infosec blunders Radioactive hazards and cyber failings ... what could possibly go wrong? Cybersecurity Month05 Oct 2024 | 21
About a quarter million Comcast subscribers had their data stolen from debt collector Cable giant says ransomware involved, FBCS keeps schtum Cybersecurity Month04 Oct 2024 | 6
Apple fixes bug that let VoiceOver shout your passwords Not a great look when the iGiant just launched its first password manager Cybersecurity Month04 Oct 2024 | 6
Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds 'You can build this in a few days – even as a very naïve developer' Cybersecurity Month04 Oct 2024 | 115
Big brands among thousands infected by payment-card-stealing CosmicSting crooks Updated Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says Cybersecurity Month04 Oct 2024 | 6
Sensitive data on 61K+ patients accessed in Alabama hospital cyberattack Intruder pored over medical records, insurance details, Social Security numbers in some cases Cybersecurity Month03 Oct 2024 |
DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks Winter is coming Cybersecurity Month03 Oct 2024 | 7
Average North American CISO pay now $565K, mainly thanks to one weird trick Best way to boost your package is to leave, or pretend to Cybersecurity Month03 Oct 2024 | 12
Two British-Nigerian men sentenced over multimillion-dollar business email scam Fraudsters targeted local government, colleges, and construction firms in Texas and North Carolina Cybersecurity Month03 Oct 2024 | 13
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant Exclusive Crooks 'like a sysadmin, with a malicious slant' Cybersecurity Month03 Oct 2024 | 3
Brits hate how big tech handles their data, but can't be bothered to do much about it Managing the endless stream of cookie banners leaves little energy for anything else Cybersecurity Month03 Oct 2024 | 38
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking With 14 serious security flaws found, what a gift for spies and crooks Cybersecurity Month02 Oct 2024 | 21
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing Poor use of PHP include() strikes again Cybersecurity Month02 Oct 2024 | 4
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline Cybersecurity Month02 Oct 2024 | 8
'Patch yesterday': Zimbra mail servers under siege through RCE vuln Attacks began the day after public disclosure Cybersecurity Month02 Oct 2024 | 5
Euro cops arrest 4 including suspected LockBit dev chilling on holiday And what looks like proof stolen data was never deleted even after ransom paid Cybersecurity Month01 Oct 2024 | 15
NCA unmasks man it suspects is both 'Evil Corp kingpin' and LockBit affiliate Aleksandr Ryzhenkov alleged to have extorted around $100M from victims, built 60 LockBit attacks Cybersecurity Month01 Oct 2024 |
Australian e-tailer digiDirect customers' info allegedly stolen and dumped online Full names, contact details, and company info – all the fixings for a phishing holiday Cybersecurity Month01 Oct 2024 | 1
Rackspace internal monitoring web servers hit by zero-day Exclusive Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Cybersecurity Month30 Sep 2024 | 10
Ransomware forces hospital to turn away ambulances Only level-one trauma unit in 400 miles crippled Cybersecurity Month30 Sep 2024 | 19
Red team hacker on how she 'breaks into buildings and pretends to be the bad guy' Interview Alethe Denis exposes tricks that made you fall for that return-to-office survey Cybersecurity Month29 Sep 2024 | 68
Canada to remove China’s top messaging app WeChat from government devices Kaspersky also on the way out due to ‘unacceptable level of risk to privacy and security' Cybersecurity Month31 Oct 2023 | 11
SolarWinds charged after SEC says biz knew IT was leaky ahead of SUNBURST attack Developer labels action 'unfounded' after company and CISO slapped with suit for misleading investors Cybersecurity Month31 Oct 2023 | 9
Bug bounty hunters load up to stalk AI and fancy bagging big bucks Google offers AI-specific rewards, HackerOne sees more specializations Cybersecurity Month27 Oct 2023 | 1
Telcos should compensate phished subscribers, suggests Singapore Regulator reckons letting scam texts through is a culpable act Cybersecurity Month26 Oct 2023 | 6
Seiko watches 60K personal data records tick away in BlackCat ransomware heist Investigations ongoing as full extent of July breach is questioned Cybersecurity Month25 Oct 2023 |
Spanish phisherfolk caught in cops' net in multi-million-euro catch Crooks swindled about €3 million from victims Cybersecurity Month25 Oct 2023 | 1
After six days and thousands of pwned users, Cisco poised to patch IOS XE flaw Security in brief ALSO: SolarWinds using plaintext passwords; North Korea attacks TeamCity; Critical vulns, and more Cybersecurity Month22 Oct 2023 | 3
International Criminal Court blames spies for 'targeted and sophisticated attack' Tell us it's Russia without telling us it's Russia Cybersecurity Month21 Oct 2023 | 13
Indian authorities raid fake tech support rings after tipoff from Amazon and Microsoft Also went after crypto-crooks who sought money to buy miners for fake token Cybersecurity Month20 Oct 2023 | 38
‘How not to hire a North Korean plant posing as a techie’ guide updated by US and South Korean authorities Advise turning off and never using remote desktop protocol, prohibiting private VPNs, not trusting recruiters’ due diligence Cybersecurity Month19 Oct 2023 | 51
San Francisco mayor suggests police drones and CCTV can cure city's crime woes Suggests bodycam footage should replace paperwork for simple arrests Cybersecurity Month19 Oct 2023 | 30
Paying for WinRAR in all the wrong ways - Russia and China hitting ancient app Incidentally, Windows 11 has native rar support now Cybersecurity Month18 Oct 2023 | 22
Critical Citrix bug exploited by data thieves weeks before being patched Updated Time to close those active sessions Cybersecurity Month18 Oct 2023 |
Governments resent their dependence on Big Tech Singapore summit hears how private sector's constant security sins create risk for sovereigns Cybersecurity Month18 Oct 2023 | 22
Five Eyes intel chiefs warn China's IP theft program now at 'unprecedented' levels Spies come in from the cold for their first public chinwag Cybersecurity Month18 Oct 2023 | 31
Malware crooks find an in with fake browser updates, in case real ones weren't bad enough Researchers say ransomware could be on the horizon if success continues Cybersecurity Month18 Oct 2023 | 2