Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers Source blames BlackSuit infection – as separately ISP Frontier confirms cyberattack Cyber-crime18 Apr 2024 | 2
Crooks exploit OpenMetadata holes to mine crypto – and leave a sob story for victims 'I want to buy a car. That's all' Cyber-crime18 Apr 2024 |
House passes bill banning Uncle Sam from snooping on citizens via data brokers Vote met strong opposition from Biden's office Security18 Apr 2024 | 13
Korean researcher details scheme abusing Apple's third-party pickup policy Black Hat Asia Criminals make lucrative use of stolen credit cards Cyber-crime18 Apr 2024 | 1
185K people's sensitive data in the pits after ransomware raid on Cherry Health Extent of information seized will be a concern for those affected Cyber-crime18 Apr 2024 | 5
EU tells Meta it can't paywall privacy Platforms should not confront users with 'binary choice' over personal data use Security18 Apr 2024 | 33
Prolific phishing-made-easy emporium LabHost knocked offline in cyber-cop op Feature Police emit Spotify Wrapped-style videos to let crims know they're being hunted Security18 Apr 2024 | 9
Cisco creates architecture to improve security and sell you new switches Hypershield detects bad behavior and automagically reconfigures networks to snuff out threats Security18 Apr 2024 | 6
Singapore infosec boss warns China/West tech split will be bad for interoperability When you decide not to trust a big chunk of the supply chain, tech (and trade) get harder Cyber-crime18 Apr 2024 | 3
Taiwanese film studio snaps up Chinese surveillance camera specialist Dahua Stymied by sanctions, it had to go … but where? Security18 Apr 2024 |
Hugely expanded Section 702 surveillance powers set for US Senate vote Opponents warn almost anyone could be asked to share info with Uncle Sam Public Sector17 Apr 2024 | 16
Kremlin's Sandworm blamed for cyberattacks on US, European water utilities Water tank overflowed during one system malfunction, says Mandiant Research17 Apr 2024 | 10
Exploit code for Palo Alto Networks zero-day now public Race on to patch as researchers warn of mass exploitation of directory traversal bug Security17 Apr 2024 | 2
OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories While some other LLMs appear to flat-out suck AI + ML17 Apr 2024 | 6
Japanese government rejects Yahoo! infosec improvement plan Just doesn't believe it will sort out the mess that saw data leak from LINE messaging app Security17 Apr 2024 | 3
Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack Also warns of brute force attacks targeting its own VPNs, Check Point, Fortinet, SonicWall and more Security17 Apr 2024 | 6
MGM says FTC can't possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time What a twist! Cyber-crime16 Apr 2024 | 16
Alleged cryptojacker accused of stealing $3.5M from cloud to mine under $1M in crypto No prizes for guessing the victims Research16 Apr 2024 | 2
SIM swap crooks solicit T-Mobile US, Verizon staff via text to do their dirty work No breach responsible for employee contact info getting out, says T-Mo Cyber-crime16 Apr 2024 | 4
Open sourcerers say suspected xz-style attacks continue to target maintainers Social engineering patterns spotted across range of popular projects Security16 Apr 2024 | 29
ASML profits plunge 40% amid dip in chipmaking tool orders Except in China, where customers accounted for almost half of the photolithography giant's top line
NetBSD 10 proves old tech can still kick apps and take names three decades later FOSDEM 2024 Proper old-school Unix, not like those lazy, decadent Linux types
Crypto conferences liquidated after biblical flooding in Dubai There's something nice about seeing Web3 fanatics in ankle-deep water
Europe gives TikTok 24 hours to explain 'addictive and toxic' new app Commissioner Thierry Breton likens click-to-earn version to cigarettes
EU tells Meta it can't paywall privacy Platforms should not confront users with 'binary choice' over personal data use
OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories While some other LLMs appear to flat-out suck
Software glitch saw Aussie casino give away millions in cash Nobody cared enough to check why audits were out of whack
Exploit code for Palo Alto Networks zero-day now public Race on to patch as researchers warn of mass exploitation of directory traversal bug
Mega city council's Oracle ERP system still not legally safe, compliant... 2 years after rollout Fusion software misses another deadline, one external auditors for Birmingham City Council described as 'absolutely crucial'
Change Healthcare’s ransomware attack costs edge toward $1B so far First glimpse at attack financials reveals huge pain Cyber-crime16 Apr 2024 | 11
Google location tracking deal could be derailed by politics $62 million settlement plan challenged over payments to progressive nonprofits Security16 Apr 2024 | 17
CISA in a flap as Chirp smart door locks can be trivially unlocked remotely Hard-coded credentials last thing you want in home security app Security15 Apr 2024 | 49
Roku makes 2FA mandatory for all after nearly 600K accounts pwned Streamer says access came via credential stuffing Cyber-crime15 Apr 2024 | 14
Delinea Secret Server customers should apply latest patches Updated Attackers could nab an org's most sensitive keys if left unaddressed Patches15 Apr 2024 | 3
US senator wants to put the brakes on Chinese EVs Fears of low-cost invasion and data spies spark call for ban Security15 Apr 2024 | 39
US House approves FISA renewal – warrantless surveillance and all Infosec in brief PLUS: Chinese chipmaker Nexperia attacked; A Microsoft-signed backdoor; CISA starts scanning your malware; and more Security15 Apr 2024 | 11
Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways Out of the PAN-OS and into the firewall, a Python backdoor this way comes Cyber-crime12 Apr 2024 | 13
Google One VPN axed for everyone but Pixel loyalists ... for now Another one bytes the dust Personal Tech12 Apr 2024 | 7
Microsoft breach allowed Russian spies to steal emails from US government Affected federal agencies must comb through mails, reset API keys and passwords Cyber-crime12 Apr 2024 | 18
French issue alerte rouge after local governments knocked offline by cyber attack Embarrassing, as its officials are in the US to discuss Olympics cyber threats Security12 Apr 2024 | 9
Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware' Report claims India's government, which is accused of using Pegasus at home, was displeased Security12 Apr 2024 | 10
Space Force boss warns 'the US will lose' without help from Musk and Bezos China, Russia have muscled up, and whoever wins up there wins down here Security11 Apr 2024 | 41
96% of US hospital websites share visitor info with Meta, Google, data brokers Could have been worse – last time researchers checked it was 98.6% Research11 Apr 2024 | 13
Global taxi software vendor exposes details of nearly 300K across UK and Ireland Exclusive High-profile individuals including MPs said to be caught up in leak Research11 Apr 2024 | 5
It's 2024 and Intel silicon is still haunted by data-spilling Spectre Go, go InSpectre Gadget Research10 Apr 2024 | 23
Rust rustles up fix for 10/10 critical command injection bug on Windows in std lib BatBadBut hits Erlang, Go, Python, Ruby as well Patches10 Apr 2024 | 56
X fixes URL blunder that could enable convincing social media phishing campaigns Poorly implemented rule allowed miscreants to deceive users with trusted URLs CSO10 Apr 2024 | 25
Chrome Enterprise Premium promises extra security – for a fee Cloud Next Paying for browsers is no longer a memory from the 1990s Security10 Apr 2024 | 33
Microsoft squashes SmartScreen security bypass bug exploited in the wild Patch Tuesday Plus: Adobe, SAP, Fortinet, VMware, Cisco issue pressing updates Security10 Apr 2024 | 22
Got an unpatched LG 'smart' television? It could be watching you back Four fatal flaws allow TV takeover Security09 Apr 2024 | 42
UK businesses shockingly unaware of how to handle security threats Many decide to make no changes after detecting a breach Cyber-crime09 Apr 2024 | 23
US insurers use drone photos to deny home insurance policies Of course, it helps if you don't live in a potential disaster zone Security08 Apr 2024 | 136
Home Depot confirms worker data leak after miscreant dumps info online SaaS slip up leads to scumbags seeking sinecure Cyber-crime08 Apr 2024 | 3
Puppies, kittens, data at risk after 'cyber incident' at veterinary giant IT systems pulled offline for chance to paws and reflect Security08 Apr 2024 | 11
Change Healthcare faces second ransomware dilemma weeks after ALPHV attack Theories abound over who's truly responsible Security08 Apr 2024 | 23
Head of Israeli cyber spy unit exposed ... by his own privacy mistake Infosec in brief Plus: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns Security08 Apr 2024 | 19
What can be done to protect open source devs from next xz backdoor drama? Kettle What happened, how it was found, and what your vultures have made of it all Research06 Apr 2024 | 91
US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products Analysis In what other sphere does a bad supplier not feel pain for its foulups? Cyber-crime05 Apr 2024 | 21
Hotel check-in terminal bug spews out access codes for guest rooms Attacks could be completed in seconds, compromising customer safety Research05 Apr 2024 | 31
Academics probe Apple's privacy settings and get lost and confused Just disabling Siri requires visits to five submenus Security05 Apr 2024 | 30
World's second-largest eyeglass lens-maker blinded by infosec incident Japan's Hoya also makes components for chips, displays, and hard disks, and has spent four days groping for a fix Security05 Apr 2024 | 5
Feds probe alleged classified US govt data theft and leak Updated State Dept keeps schtum 'for security reasons' Security04 Apr 2024 | 11
Ivanti commits to secure-by-design overhaul after vulnerability nightmare CEO addresses whirlwind start to 2024 and how it plans to prevent a repeat Security04 Apr 2024 | 19
Ransomware gang did steal residents' confidential data, UK city council admits INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs Cyber-crime04 Apr 2024 | 17
When AI attacks Watch this webinar for a hair raising journey into the darkest depths of GenAI enabled cyber crime Sponsored Post
Nearly 1M medical records feared stolen from City of Hope cancer centers Is there no cure for this cyber-plague? Cyber-crime03 Apr 2024 | 7
Cyberattack hits Omni Hotels systems, taking out bookings, payments, door locks Updated As WhatsApp, Facebook Messenger, other Meta bits plus Apple stuff fall offline today Security03 Apr 2024 | 18
Security pioneer Ross Anderson dies at 67 Obituary A man with a list of accolades long enough for several lifetimes, friends remember his brilliance Research03 Apr 2024 | 34
Google bakes new cookie strategy that will leave crooks with a bad taste Device Bound Session Credentials said to render cookie theft useless Security03 Apr 2024 | 27
Meet clickjacking's slicker cousin, 'gesture jacking,' aka 'cross window forgery' Web devs advised to do their part to limit UI redress attacks Security03 Apr 2024 | 9
Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online CISA calls for 'fundamental, security-focused reforms' to happen ASAP, delaying work on other software Security03 Apr 2024 | 37
Feds finally decide to do something about years-old SS7 spy holes in phone networks And Diameter, too, for good measure Networks02 Apr 2024 | 22
OWASP server blunder exposes decade of resumes Irony alerts: Open Web Application Security Project Foundation suffers lapse Security02 Apr 2024 | 5
Pandabuy confirms crooks nabbed data on 1.3M punters Nothing says 'sorry' like 10 percent off shipping for a month Cyber-crime02 Apr 2024 |
Microsoft warns deepfake election subversion is disturbingly easy Simple stuff like slapping on a logo fools more folks and travels further Public Sector02 Apr 2024 | 10
Rubrik files to go public following alliance with Microsoft Cloud cyber resilience model could raise $700M despite $278M losses Security02 Apr 2024 |
Polish officials may face criminal charges in Pegasus spyware probe Victims of the powerful surveillance tool will soon find out the truth Security02 Apr 2024 | 13
INC Ransom claims to be behind 'cyber incident' at UK city council This follows attack on NHS services in Scotland last week Cyber-crime02 Apr 2024 | 10
Happy 20th birthday Gmail, you're mostly grown up – now fix the spam Senders of more than 5K messages a day are in the crosshairs Personal Tech02 Apr 2024 | 52
Apple's GoFetch silicon security fail was down to an obsession with speed Opinion Ye cannae change the laws of physics, but you can change your mind Security02 Apr 2024 | 23
Six banks share customer info to help Singapore fight money laundering Asia in brief Plus: Google Cloud ANZ boss departs; Japan revives airliner ambitions; China-linked attackers target Asian entities Cyber-crime02 Apr 2024 | 4
US House of Reps tells staff: No Microsoft Copilot for you! At least not until Redmond's government edition is ready to roll Public Sector01 Apr 2024 | 10
Malicious xz backdoor reveals fragility of open source Analysis This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy Devops01 Apr 2024 | 98
Nearly 3M people hit in Harvard Pilgrim healthcare data theft Infosec in brief Also, TheMoon botnet back for EoL SOHO routers, Sellafield to be prosecuted for 'infosec failures', plus critical vulns Security01 Apr 2024 | 3
Ex-White House CIO tells The Reg: TikTok ban may be diplomatic disaster Interview Theresa Payton on why US needs a national privacy law Public Sector01 Apr 2024 | 63
AT&T admits massive 70M+ mid-March customer data dump is real though old Still claims the personal info wasn't stolen from its systems Security01 Apr 2024 | 10
Rust developers at Google are twice as productive as C++ teams Code shines up nicely in production, says Chocolate Factory's Bergstrom Devops31 Mar 2024 | 134
Malicious SSH backdoor sneaks into xz, Linux world's data compression library STOP USAGE OF FEDORA RAWHIDE, says Red Hat while Debian Unstable and others also affected CSO29 Mar 2024 | 123
Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching CVE-2024-1086 turns the page tables on system admins Patches29 Mar 2024 | 26
JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat Updated Vendor takes hardline approach to patch disclosure to new levels Patches28 Mar 2024 | 14
FTX crypto-crook Sam Bankman-Fried gets 25 years in prison Could have been worse: Prosecutors wanted decades more Cyber-crime28 Mar 2024 | 107
Nvidia's newborn ChatRTX bot patched for security bugs Flaws enable privilege escalation and remote code execution Patches28 Mar 2024 | 1
US critical infrastructure cyberattack reporting rules inch closer to reality After all, it's only about keeping the essentials on – no rush Security28 Mar 2024 | 4
Canonical cracks down on crypto cons following Snap Store scam spree In happier news, Ubuntu Pro extended support now goes up to 12 years Security28 Mar 2024 | 18
INC Ransom claims responsibility for attack on NHS Scotland Sensitive documents dumped on leak site amid claims of 3 TB of data stolen in total Cyber-crime28 Mar 2024 | 14
These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb One might say this is a wurst case scenario Patches28 Mar 2024 | 44
AI hallucinates software packages and devs download them – even if potentially poisoned with malware In-depth Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that Security28 Mar 2024 | 84
Execs in Japan busted for winning dev bids then outsourcing to North Koreans Government issues stern warning over despot money-making scheme Cyber-crime28 Mar 2024 | 11
China encouraged armed offensive against Myanmar government to protest proliferation of online scams Report claims Beijing is most displeased by junta's failure to address slave labor scam settlements Cyber-crime28 Mar 2024 | 5
Apple fans deluged with phony password reset requests Beware support calls offering a fix Security27 Mar 2024 | 18
Majority of Americans now use ad blockers We're dreaming of a white list, because we're just like the ones you used to know Security27 Mar 2024 | 114
'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders CSO27 Mar 2024 | 14
Meta accused of snarfing people's Snapchat data via traffic decryption I ain't afraid of no ghosts, but in this case... Personal Tech27 Mar 2024 | 20
Miscreants are exploiting enterprise tech zero days more and more, Google warns Crooks know where the big bucks are Cyber-crime27 Mar 2024 | 5
Street newspaper appears to have Big Issue with Qilin ransomware gang The days of cybercriminals having something of a moral compass are over Cyber-crime27 Mar 2024 | 12
The easy road to pervasive DLP How Forcepoint Data Security Everywhere does what it says on the tin Sponsored Post
Uncle Sam's had it up to here with 'unforgivable' SQL injection flaws Software slackers urged to up their game Security26 Mar 2024 | 66
Ransomware can mean life or death at hospitals. DEF CON hackers to the rescue? Interview ARPA-H joins DARPA's AIxCC, adds $20M to cash rewards Cyber-crime26 Mar 2024 | 22
FreeBSD Foundation hands out Beacon gongs for safer software Multiple CHERI-related projects win money for important research that prizes safety over speed Security26 Mar 2024 | 13