US cybercops urge admins to patch amid ongoing Confluence chaos Do it now, no ifs or buts, says advisory Patches17 Oct 2023 | 3
British boffins say aircraft could fly on trash, cutting pollution debt by 80% Domestic jets can use 'municipal solid waste' to fly the friendly skies Research17 Oct 2023 | 90
Will you meet the directive? Sponsored Post Your guide to SEC, DoD 8140.3 and NIS2 changes with the SANS Cyber Compliance Countdown Sponsored Post
We're not in e-Kansas anymore: State courts reel from 'unauthorized incursion' Fax, post, and human messengers can still be used for filing vital evidence Cyber-crime16 Oct 2023 | 4
BLOODALCHEMY provides backdoor to southeast Asian nations' secrets Sophisticated malware devs believed to be behind latest addition to toolset of China-aligned attackers Research16 Oct 2023 | 1
Regulator, insurers and customers all coming for Progress after MOVEit breach Infosec in brief Also, CISA cataloging new ransomware data points, 17k WP sites hijacked by malware in Sept., and more critical vulns Security16 Oct 2023 | 3
530K people's info feared stolen from cloud PC gaming biz Shadow Will players press start to continue with this outfit? Cyber-crime13 Oct 2023 | 10
Thwarted ransomware raid targeting WS_FTP servers demanded just 0.018 BTC Early attempt to exploit latest Progress Software bug spotted in the wild Cyber-crime13 Oct 2023 | 7
Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit Two years on and Microsoft refuses to address the issue Research13 Oct 2023 | 11
Squid games: 35 security holes still unpatched in proxy after 2 years, now public We'd like to say don't panic … but maybe? Research13 Oct 2023 | 9
Everest cybercriminals offer corporate insiders cold, hard cash for remote access The ransomware gang changes identities more than Jason Bourne Research12 Oct 2023 | 9
Building cyber resilience with data vaults How continuous data protection and isolated cyber recovery vaults provide effective defense against ransomware Sponsored Feature
US construction giant unearths concrete evidence of cyberattack Simpson Manufacturing yanks systems offline, warns of ongoing disruption Cyber-crime12 Oct 2023 | 11
US Navy sailor admits selling secret military blueprints to China for $15K Worth it for 20 years behind bars? Cyber-crime11 Oct 2023 | 26
curl vulnerabilities ironed out with patches after week-long tease Updated The coordinated disclosure didn’t quite go to plan, though Patches11 Oct 2023 | 16
It's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems Patch Tuesday Happy Halloween! Security bugs under attack squashed, more flaws fixed Patches10 Oct 2023 | 16
SBF on trial: The Python code that allegedly let Alameda hedge fund spend people's FTX deposits And Caroline Ellison says she was told by Bankman-Fried to take $10B from customer accounts Cyber-crime10 Oct 2023 | 18
HTTP/2 'Rapid Reset' zero-day exploited in biggest DDoS deluge seen yet Botnet storm drowned last record with 398 million requests per second CSO10 Oct 2023 | 13
Mirai reloads exploit arsenal as botnet embarks on another expansion drive With 13 new payloads it's the biggest update to the botnet in months Research10 Oct 2023 |
Raspberry Pi 5: Hot takes and cooler mistakes How does the device fare as a daily driver, and is cooling really optional?
Windows 10's latest update issue isn't a bug but a feature – to test your patience Some attempted installations of KB5031356 were reportedly stuck on 30% after 24 hours
Cisco zero-day bug allows router hijacking and is being actively exploited We'd say 'Hurry up and patch' but it hasn't written one yet. While you wait, disable HTTP
British boffins say aircraft could fly on trash, cutting pollution debt by 80% Domestic jets can use 'municipal solid waste' to fly the friendly skies
Cloudflare exiles baseboard management controller from its server motherboards Puts Datacenter-ready Secure Control Modules to work in boxen built by Lenovo
LinkedIn lays off nearly 700 staff, engineers to suffer the most Time to update that resume on, er ... oh.
China requires any new domestic Wi-Fi kit to support IPv6 and run it by default Beijing set big targets for next-gen networks, but adoption stats suggest it's falling short
Tell me Huawei: Chinese giant wants to know what made EU label it high security risk Files official complaint as it battles to keep market share
Researcher bags two-for-one deal on Linux bugs while probing GNOME component One-click exploit could potentially affect most major distros Research10 Oct 2023 | 12
Fresh curl tomorrow will patch 'worst' security flaw in ages Updated It’s bad, folks. Pair of CVEs incoming on October 11 Patches10 Oct 2023 | 11
Ransomware attacks register record speeds thanks to success of infosec industry Dwell times drop to hours rather than days for the first time Research10 Oct 2023 | 3
Exercise Cyber Star tests Singapore response How SANS is helping boost the island’s defenses against whole-of-nation cyber attacks Sponsored
DoJ: Ex-soldier tried to pass secrets to China after seeking a 'subreddit about spy stuff' FBI agent claims sergeant with top clearance offered access to DoD tech systems Security09 Oct 2023 | 48
Hacktivist attacks erupt in Middle East following Hamas assault on Israel Groups range from known collectives to new outfits eager to raise their profile Security09 Oct 2023 | 126
Datacenter cabling biz Volex confirms digital break-in All sites operational, no 'material' financial impact expected but stock markets still worried Cyber-crime09 Oct 2023 |
Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign Infosec in brief PLUS: Sony admits to MoveITbreach; Blackbaud fined again, Qakbot's sorta back from the dead; and more Security09 Oct 2023 | 7
CISA reveals 'Admin123' as top security threat in cyber sloppiness chart Calls for wider adoption of security-by-design principles continue to ring loudly from Uncle Sam Security06 Oct 2023 | 8
MGM Resorts attackers hit personal data jackpot, but house lost $100M Racecars and cyber insurance will balance its books in no time, though Cyber-crime06 Oct 2023 | 2
CDW data to be leaked next week after negotiations with LockBit break down Ransomware spokesperson scoffs at IT reseller's offer of payment Cyber-crime06 Oct 2023 | 15
How to stop ransomware thieves WORMing their way into your data Stay immutable in the face of cyber crime adversity, says Object First Sponsored Feature
Google promises Germany to creep on users less after market power probe Regulation complements EU's Digital Markets Act to cover more services Security06 Oct 2023 | 6
GoldDigger Android trojan targets Vietnamese banking apps, code contains hints of wider targets More malware scum using acessibility features to steal personal info Security06 Oct 2023 |
Cisco warns of critical flaw in Emergency Responder code Hard-coded credentials strike again Security05 Oct 2023 | 11
Another security update, Apple? You're really keeping up with your tech rivals Zero day? More like every day, amirite? Patches05 Oct 2023 | 3
Lorenz ransomware crew bungles blackmail blueprint by leaking two years of contacts Data leakers become data leakees Cyber-crime05 Oct 2023 | 10
South Korea accuses North of Phish and Ships attack Kim Jong-un looks at industry's progress with green eyes, says South Korea's spy agency Cyber-crime05 Oct 2023 |
IT networks under attack via critical Confluence zero-day. Patch now 'Handful' of customers hit so far, public-facing instances at risk Patches04 Oct 2023 | 16
Make-me-root 'Looney Tunables' security hole on Linux needs your attention What's up, Doc? Try elevated permissions Patches04 Oct 2023 | 47
'Gay furry hackers' brag of second NATO break-in, steal and leak more data 'No impact on missions,' military powerhouse insists Cyber-crime04 Oct 2023 | 9
Red Cross lays down hacktivism law as Ukraine war rages on Rules apply to cyber vigilantes and their home nations, but experts cast doubt over potential benefits CSO04 Oct 2023 | 4
CISA barred from coordinating with social media sites to police misinformation The 5th Circuit's re-ruling adds CISA to a list of alleged first-amendment violators. Next stop: Supreme Court Security04 Oct 2023 | 30
Trio of TorchServe flaws means PyTorch users need an urgent upgrade Meta, the project's maintainer, shrugs: We fixed it, let's move on Security04 Oct 2023 | 2
US v Sam Bankman-Fried trial begins ... as imploded crypto-biz boss sues his insurer After people's funds go up in smoke, ex-CEO seeks cash to foot legal bills Cyber-crime03 Oct 2023 | 14
CISA adds latest Chrome zero-day to Known Exploited Vulnerabilities Catalog Chrome’s second zero-day of the month puts fed security at 'significant risk' Security03 Oct 2023 |
Co-founder of collapsed crypto biz Three Arrows cuffed at airport Asia in brief Plus: Philippine state health insurance knocked offline by ransomware, China relaxes data export laws, and more Security03 Oct 2023 | 3
Security researchers believe mass exploitation attempts against WS_FTP have begun Updated Early signs emerge after Progress Software said there were no active attempts last week Cyber-crime02 Oct 2023 | 14
AWS stirs the MadPot – busting bot baddies and eastern espionage Interview Security exec Mark Ryland spills the tea on hush-hush threat intel tool Cyber-crime02 Oct 2023 | 5
Yes, Singapore immigration plans to scan your face instead of your passport No, that does not mean you can leave it at home just yet Security02 Oct 2023 | 16
Now MOVEit maker Progress patches holes in WS_FTP Infosec in brief Plus: Johnson Controls hit by IT 'incident', Exim and Chrome security updates, and more Patches01 Oct 2023 | 9
Microsoft Bing Chat pushes malware via bad ads From AI to just plain aaaiiiee! Cyber-crime29 Sep 2023 | 16
PhD student guilty of 3D-printing 'kamikaze' drone for Islamic State terrorists 'Research purposes' excuse didn't fly Cyber-crime29 Sep 2023 | 49
Norway wants Facebook behavioral advertising banned across Europe But Meta was just about to start asking people for their permission! Security29 Sep 2023 | 23
Chinese snoops stole 60K State Department emails in that Microsoft email heist No classified systems involved apparently, but internal diplomatic notes, travel details, staff SSNs, etc CSO28 Sep 2023 | 4
Feds' privacy panel backs renewing Feds' S. 702 spying powers — but with limits FBI agents ought to get spy court approval before reviewing US persons' chats, board reckons Security28 Sep 2023 | 2
DARPA takes its long-duration Manta undersea drone for a test-dip Autonomous sub should recharge and resupply in perfect stealth, hopefully Security28 Sep 2023 | 3
After failing at privacy, again, Google is working to keep Bard chats out of Search The URLs needed to share chat histories have been indexed. Of course Security28 Sep 2023 | 10
China's national security minister rates fake news among most pressing cyber threats He's also worried about alliances that freeze out Chinese tech Security28 Sep 2023 | 8
NYC rights groups say no to grocery store spycams and snooping landlords Letter to City Council supports measures to ban biometric tech from public spaces Security27 Sep 2023 | 13
ROBOT crypto attack on RSA is back as Marvin arrives More precise timing tests find many implementations vulnerable Research26 Sep 2023 | 9
MOVEit breach delivers bundle of 3.4 million baby records Progress Software vulnerability ID'd in enormous burglary at Ontario's BORN Cyber-crime26 Sep 2023 | 7
Ukraine accuses Russian spies of hunting for war-crime info on its servers Russian have shifted tactics in the first half of 2023, with mixed results Cybersecurity Month26 Sep 2023 | 21
Mixin suspends deposits and withdrawals after $200m cryptocurrency heist Cloud provider blamed for loss of 20% of exchange's capital Cybersecurity Month25 Sep 2023 | 37
T-Mobile US exposes some customer data – but don't call it a breach Infosec in brief PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Security25 Sep 2023 | 9
Apple squashes security bugs after iPhone flaws exploited by Predator spyware Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab Cybersecurity Month22 Sep 2023 | 6
ESA gets the job of building Europe's secure satcomms network IRIS2 oversight deal signed as constellation’s schedule slips, and Ariane 6 hits another snag Cybersecurity Month22 Sep 2023 | 4
US govt IT help desk techie 'leaked top secrets' to foreign nation National defense files can earn you $55K … and espionage charges Cybersecurity Month21 Sep 2023 | 15
TransUnion reckons big dump of stolen customer data came from someone else Updated Prolific info-thief strikes again Cyber-crime21 Sep 2023 | 6
Cisco spends $28B on data cruncher Splunk in cybersecurity push $157/share cash deal is the largest acquisition in networking titan's history Security21 Sep 2023 | 5
Menacing marketeers fined by ICO for 1.9M cold calls Five businesses facing half a million in collective penalties for illegally phoning folk registered with TPS Security21 Sep 2023 | 30
India's biggest tech centers named as cyber crime hotspots Global tech companies' Bharat offices attract the wrong sort of interest Security21 Sep 2023 | 2
Data breach reveals distressing info: People who order pineapple on pizza Pizza Hut Australia says 190,000 customers' info – including order history – has been accessed Security21 Sep 2023 | 98
Feds raise alarm over Snatch ransomware as extortion crew brags of Veterans Affairs hit Invasion of the data snatchers Cyber-crime20 Sep 2023 | 3
Signal adopts new alphabet jumble to protect chats from quantum computers X3DH readied for retirement as PQXDH is rolled out Security20 Sep 2023 | 18
International Criminal Court hit in cyber-attack amid Russia war crimes probe Right as judges issued warrants against Putin Cyber-crime20 Sep 2023 | 22
Pot calls the kettle hack as China claims Uncle Sam did digital sneak peek first Beijing accuses US of breaking into Huawei servers in 2009 Cyber-crime20 Sep 2023 | 14
Robocall scammers sentenced in US after netting $1.2M via India-based call centers Part of network of crims who used 'trickery and threats' to target elderly Cyber-crime20 Sep 2023 | 14
Sysadmin and spouse admit to part in 'massive' pirated Avaya licenses scam Could spend 20 years in prison after selling $88M in ADI software keys Cyber-crime20 Sep 2023 | 21
Broaden your cyber security knowhow at CyberThreat 2023 November’s two day conference sees experts from the cyber security community share their insight and knowledge Sponsored Post
Singapore may split liability for phishing losses between banks and victims Won't someone please think of the banks? Cyber-crime20 Sep 2023 | 14
Marvell disputes claim Cavium backdoored chips for Uncle Sam Allegations date back a decade to leaked Snowden docs Research19 Sep 2023 | 8
Russian allegedly smuggled US weapons electronics to Moscow Feds claim sniper scope displays sold in sanctions-busting move Cyber-crime19 Sep 2023 | 23
The Clorox Company admits cyberattack causing 'widescale disruption' Back to 'manual' order processing for $7B household cleaning biz, financial impact will be 'material' Cyber-crime19 Sep 2023 | 8
Australia to build six 'cyber shields' to defend its shores Local corporate regulator warns boards that cyber is totally a directorial duty Security19 Sep 2023 | 26
Thousands of Juniper Junos firewalls still open to hijacks, exploit code available to all Unauthenticated and remote code execution possible without dropping a file on disk Security18 Sep 2023 | 6
Former CIO accuses Penn State of faking cybersecurity compliance Now-NASA boffin not impressed Security18 Sep 2023 | 5
Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder Included secrets, private keys, passwords, 30,000+ internal Teams messages Security18 Sep 2023 | 21
California passes bill to set up one-stop data deletion shop Infosec in brief Also, LockBit gets a new second stringer, AirTag owners find yet another illicit use, and this week's critical vulns Security18 Sep 2023 | 13
Cryptojackers spread their nets to capture more than just EC2 AMBERSQUID operation takes AWS's paths less travelled in search of compute Research18 Sep 2023 | 3
Probe reveals previously secret Israeli spyware that infects targets via ads Oh s#!t, Sherlock Research16 Sep 2023 | 73
Scattered Spider traps 100+ victims in its web as it moves into ransomware Mandiant warns casino raiders are doubling down on 'monetization strategies' Cyber-crime15 Sep 2023 | 7
Google throws California $93M to make location tracking lawsuit disappear Half a percent of last quarter's net income? That'll teach 'em Security15 Sep 2023 | 20
Greater Manchester Police ransomware attack another classic demo of supply chain challenges Are you the weakest link? Cyber-crime15 Sep 2023 | 14
US-Canada water org confirms 'cybersecurity incident' after ransomware crew threatens leak NoEscape promises 'colossal wave of problems' if IJC doesn't pay up Cyber-crime15 Sep 2023 | 5
Caesars says cyber-crooks stole customer data as MGM casino outage drags on Updated Zero-days are so 2022. Why not just social engineer the help desk? Cyber-crime14 Sep 2023 | 7
Rollbar might be good at tracking bugs, uninvited guests not so much Company noticed data warehouse break-in via compromised account a month later Cyber-crime14 Sep 2023 | 2
Watchdog urges change of HART: Late, expensive US biometric ID under fire Homeland Security told to mind costs, fix up privacy controls Security13 Sep 2023 | 3
Uncle Sam warns deepfakes are coming for your brand and bank account No, your CEO is not on Teams asking you to transfer money Security13 Sep 2023 | 9
Airbus suffers data leak turbulence to cybercrooks' delight Ransomware group nicked info from employee of airline, say researchers Cyber-crime13 Sep 2023 | 1