Meta comms chief handed six-year Russian prison sentence for 'justifying terrorism' Memo to Andy Stone: Don't go to Moscow for your holidays Public Sector23 Apr 2024 | 27
Old Windows print spooler bug is latest target of Russia's Fancy Bear gang Putin's pals use 'GooseEgg' malware to launch attacks you can defeat with patches or deletion Security23 Apr 2024 | 6
Ex-CEO of 'unicorn' app startup HeadSpin heads to jail after BS'ing investors Lachwani faked it but didn't make it Applications22 Apr 2024 | 7
US House passes fresh TikTok ban proposal to Senate Sadly no push to end stupid TikTok dances, but ByteDance would have year to offload app stateside Security22 Apr 2024 | 23
Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers Updated Source blames BlackSuit infection – as separately ISP Frontier confirms cyberattack Cyber-crime18 Apr 2024 | 9
Crooks exploit OpenMetadata holes to mine crypto – and leave a sob story for victims 'I want to buy a car. That's all' Cyber-crime18 Apr 2024 | 6
Cisco creates architecture to improve security and sell you new switches Hypershield detects bad behavior and automagically reconfigures networks to snuff out threats Security18 Apr 2024 | 11
HPE sues China's Inspur Group over server patents Middle Kingdom biz accused of IP theft and changing names to evade sanctions Systems18 Apr 2024 | 1
Kremlin's Sandworm blamed for cyberattacks on US, European water utilities Water tank overflowed during one system malfunction, says Mandiant Research17 Apr 2024 | 10
OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories While some other LLMs appear to flat-out suck AI + ML17 Apr 2024 | 6
Japanese government rejects Yahoo! infosec improvement plan Just doesn't believe it will sort out the mess that saw data leak from LINE messaging app Security17 Apr 2024 | 3
Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack Also warns of brute force attacks targeting its own VPNs, Check Point, Fortinet, SonicWall and more Security17 Apr 2024 | 6
Gentoo Linux tells AI-generated code contributions to fork off A good PR move opines community member OSes16 Apr 2024 | 21
Feline firewall woke developer to declaw DDoS disaster System alerts were pinging but cat had no way of knowing what was happening Offbeat15 Apr 2024 | 19
Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways Out of the PAN-OS and into the firewall, a Python backdoor this way comes Cyber-crime12 Apr 2024 | 13
French issue alerte rouge after local governments knocked offline by cyber attack Embarrassing, as its officials are in the US to discuss Olympics cyber threats Security12 Apr 2024 | 9
It's 2024 and Intel silicon is still haunted by data-spilling Spectre Go, go InSpectre Gadget Research10 Apr 2024 | 23
Microsoft squashes SmartScreen security bypass bug exploited in the wild Patch Tuesday Plus: Adobe, SAP, Fortinet, VMware, Cisco issue pressing updates Security10 Apr 2024 | 22
H-1B visa fraud alive and well amid efforts to crack down on abuse In depth It's the gold ticket favored by foreign techies – and IT giants suspected of gaming the system Public Sector09 Apr 2024 | 46
Got an unpatched LG 'smart' television? It could be watching you back Four fatal flaws allow TV takeover Security09 Apr 2024 | 42
Home Depot confirms worker data leak after miscreant dumps info online SaaS slip up leads to scumbags seeking sinecure Cyber-crime08 Apr 2024 | 3
What can be done to protect open source devs from next xz backdoor drama? Kettle What happened, how it was found, and what your vultures have made of it all Research06 Apr 2024 | 92
US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products Analysis In what other sphere does a bad supplier not feel pain for its foulups? Cyber-crime05 Apr 2024 | 21
World's second-largest eyeglass lens-maker blinded by infosec incident Japan's Hoya also makes components for chips, displays, and hard disks, and has spent four days groping for a fix Security05 Apr 2024 | 5
Feds probe alleged classified US govt data theft and leak Updated State Dept keeps schtum 'for security reasons' Security04 Apr 2024 | 11
Sleuths who cracked Zodiac Killer's cipher thank the crowd Fifty-one years of community contributions, software, and clever cryptanalysis contributed Bootnotes04 Apr 2024 | 38
Nearly 1M medical records feared stolen from City of Hope cancer centers Is there no cure for this cyber-plague? Cyber-crime03 Apr 2024 | 7
Meet clickjacking's slicker cousin, 'gesture jacking,' aka 'cross window forgery' Web devs advised to do their part to limit UI redress attacks Security03 Apr 2024 | 9
Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online CISA calls for 'fundamental, security-focused reforms' to happen ASAP, delaying work on other software Security03 Apr 2024 | 39
Feds finally decide to do something about years-old SS7 spy holes in phone networks And Diameter, too, for good measure Networks02 Apr 2024 | 22
OWASP server blunder exposes decade of resumes Irony alerts: Open Web Application Security Project Foundation suffers lapse Security02 Apr 2024 | 5
UK and US to jointly develop AI test suites to tackle risks Memorandum of Understanding penned to put models, systems, and agents through their paces AI + ML02 Apr 2024 | 4
Microsoft warns deepfake election subversion is disturbingly easy Simple stuff like slapping on a logo fools more folks and travels further Public Sector02 Apr 2024 | 10
Rubrik files to go public following alliance with Microsoft Cloud cyber resilience model could raise $700M despite $278M losses Security02 Apr 2024 |
Polish officials may face criminal charges in Pegasus spyware probe Victims of the powerful surveillance tool will soon find out the truth Security02 Apr 2024 | 13
Apple's GoFetch silicon security fail was down to an obsession with speed Opinion Ye cannae change the laws of physics, but you can change your mind Security02 Apr 2024 | 23
Google will delete data collected from 'private' browsing Declares victory in settlement of class action lawsuit, but individual claims remain possible Personal Tech01 Apr 2024 | 30
Malicious xz backdoor reveals fragility of open source Analysis This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy Devops01 Apr 2024 | 98
Rust developers at Google are twice as productive as C++ teams Code shines up nicely in production, says Chocolate Factory's Bergstrom Devops31 Mar 2024 | 134
Malicious SSH backdoor sneaks into xz, Linux world's data compression library STOP USAGE OF FEDORA RAWHIDE, says Red Hat while Debian Unstable and others also affected CSO29 Mar 2024 | 123
Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching CVE-2024-1086 turns the page tables on system admins Patches29 Mar 2024 | 26
Microsoft rolls out safety tools for Azure AI. Hint: More models Defenses against prompt injection, hallucination arrive as Feds eye ML risks AI + ML29 Mar 2024 | 10
Hillary Clinton: 2024 will be 'ground zero' for AI election manipulation 2016 meddling was 'primitive' compared to what's ahead AI + ML29 Mar 2024 | 238
Nvidia's newborn ChatRTX bot patched for security bugs Flaws enable privilege escalation and remote code execution Patches28 Mar 2024 | 1
US critical infrastructure cyberattack reporting rules inch closer to reality After all, it's only about keeping the essentials on – no rush Security28 Mar 2024 | 4
AI hallucinates software packages and devs download them – even if potentially poisoned with malware In-depth Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that Security28 Mar 2024 | 84
Majority of Americans now use ad blockers We're dreaming of a white list, because we're just like the ones you used to know Security27 Mar 2024 | 114
'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders CSO27 Mar 2024 | 14
Amazon finishes pumping $4B into AI darling Anthropic Adds $2.75B to the ML sweepstakes ante and is counting on Claude AI + ML27 Mar 2024 | 3
Miscreants are exploiting enterprise tech zero days more and more, Google warns Crooks know where the big bucks are Cyber-crime27 Mar 2024 | 5
In-app browsers are still a privacy, security, and choice problem Regulators reminded that longstanding concerns haven't been addressed Applications27 Mar 2024 | 26
Ransomware can mean life or death at hospitals. DEF CON hackers to the rescue? Interview ARPA-H joins DARPA's AIxCC, adds $20M to cash rewards Cyber-crime26 Mar 2024 | 22
FreeBSD Foundation hands out Beacon gongs for safer software Multiple CHERI-related projects win money for important research that prizes safety over speed Security26 Mar 2024 | 13
Row breaks out over true severity of two DNSSEC flaws Updated Some of us would be happy being rated 7.5 out of 10, just sayin' CSO26 Mar 2024 | 11
US charges Chinese nationals with cyber-spying on pretty much everyone for Beijing Plus: Alleged front sanctioned, UK blames PRC for Electoral Commission theft, and does America need a Cyber Force? Cyber-crime25 Mar 2024 | 6
Over 170K users caught up in poisoned Python package ruse Supply chain attack targeted GitHub community of Top.gg Discord server Cyber-crime25 Mar 2024 | 44
ZenHammer comes down on AMD Zen 2 and 3 systems Updated Boffins demonstrate Rowhammer memory meddling on AMD DDR4 hardware Software25 Mar 2024 | 9
Vans claims cyber crooks didn't run off with its customers' financial info Just 35.5M names, addresses, emails, phone numbers … no biggie Cyber-crime24 Mar 2024 | 8
Russia's Cozy Bear caught phishing German politicos with phony dinner invites Forget the Riesling, bring on the WINELOADER Cyber-crime23 Mar 2024 | 8
Chinese snoops use F5, ConnectWise bugs to sell access into top US, UK networks Crew may well be working under contract for Beijing Cyber-crime22 Mar 2024 | 5
Truck-to-truck worm could infect – and disrupt – entire US commercial fleet The device that makes it possible is required in all American big rigs, and has poor security Security22 Mar 2024 | 74
FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert You better watch out, you better not cry, better not pout, they're telling you why Security21 Mar 2024 | 4