JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat Vendor takes hardline approach to patch disclosure to new levels Patches28 Mar 2024 | 5
FTX crypto-crook Sam Bankman-Fried gets 25 years in prison Could have been worse: Prosecutors wanted decades more Cyber-crime28 Mar 2024 | 62
Nvidia's newborn ChatRTX bot patched for security bugs Flaws enable privilege escalation and remote code execution Patches28 Mar 2024 |
US critical infrastructure cyberattack reporting rules inch closer to reality After all, it's only about keeping the essentials on – no rush Security28 Mar 2024 | 2
Canonical cracks down on crypto cons following Snap Store scam spree In happier news, Ubuntu Pro extended support now goes up to 12 years Security28 Mar 2024 | 7
INC Ransom claims responsibility for attack on NHS Scotland Sensitive documents dumped on leak site amid claims of 3 TB of data stolen in total Cyber-crime28 Mar 2024 | 7
These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb One might say this is a wurst case scenario Patches28 Mar 2024 | 33
AI hallucinates software packages and devs download them – even if potentially poisoned with malware In-depth Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that Security28 Mar 2024 | 57
Execs in Japan busted for winning dev bids then outsourcing to North Koreans Government issues stern warning over despot money-making scheme Cyber-crime28 Mar 2024 | 10
China encouraged armed offensive against Myanmar government to protest proliferation of online scams Report claims Beijing is most displaced by junta's failure to address slave labor scam settlements Cyber-crime28 Mar 2024 | 4
Apple fans deluged with phony password reset requests Beware support calls offering a fix Security27 Mar 2024 | 14
Majority of Americans now use ad blockers We're dreaming of a white list, because we're just like the ones you used to know Security27 Mar 2024 | 86
'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders CSO27 Mar 2024 | 11
Meta accused of snarfing people's Snapchat data via traffic decryption I ain't afraid of no ghosts, but in this case... Personal Tech27 Mar 2024 | 19
Miscreants are exploiting enterprise tech zero days more and more, Google warns Crooks know where the big bucks are Cyber-crime27 Mar 2024 | 3
Street newspaper appears to have Big Issue with Qilin ransomware gang The days of cybercriminals having something of a moral compass are over Cyber-crime27 Mar 2024 | 12
The easy road to pervasive DLP How Forcepoint Data Security Everywhere does what it says on the tin Sponsored Post
Uncle Sam's had it up to here with 'unforgivable' SQL injection flaws Software slackers urged to up their game Security26 Mar 2024 | 65
Ransomware can mean life or death at hospitals. DEF CON hackers to the rescue? Interview ARPA-H joins DARPA's AIxCC, adds $20M to cash rewards Cyber-crime26 Mar 2024 | 22
FreeBSD Foundation hands out Beacon gongs for safer software Multiple CHERI-related projects win money for important research that prizes safety over speed Security26 Mar 2024 | 12
AI hallucinates software packages and devs download them – even if potentially poisoned with malware In-depth Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that
Majority of Americans now use ad blockers We're dreaming of a white list, because we're just like the ones you used to know
Red Hat tries on a McKinsey cap in quest to streamline techies' jobs Some staff are worried – can't think why
What Nvidia's Blackwell efficiency gains mean for DC operators Analysis Air cooling's diminishing returns on full display with Nv's B-series silicon
In-app browsers are still a privacy, security, and choice problem Regulators reminded that longstanding concerns haven't been addressed
These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb One might say this is a wurst case scenario
Cloud server host Vultr rips user data ownership clause from ToS after web outrage We know the average customer doesn't have a law degree, CEO tells us
How a single buck bought bragging rights in the battle to port Windows 95 to NT It reached the desktop and then ...
Miscreants are exploiting enterprise tech zero days more and more, Google warns Crooks know where the big bucks are
UK elections are unaffected by China's cyber-interference, says deputy PM Sanctions galore for APT31, which has been blamed for two major attacks on democracy Cyber-crime26 Mar 2024 | 16
Row breaks out over true severity of two DNSSEC flaws Updated Some of us would be happy being rated 7.5 out of 10, just sayin' CSO26 Mar 2024 | 11
New Zealand to world: China attacked us, too! Reveals 2021 incident that saw parliamentary agencies briefly probed Public Sector26 Mar 2024 | 3
US charges Chinese nationals with cyber-spying on pretty much everyone for Beijing Plus: Alleged front sanctioned, UK blames PRC for Electoral Commission theft, and does America need a Cyber Force? Cyber-crime25 Mar 2024 | 6
Over 170K users caught up in poisoned Python package ruse Supply chain attack targeted GitHub community of Top.gg Discord server Cyber-crime25 Mar 2024 | 42
Tech trade union confirms cyberattack behind IT, email outage Exclusive Systems have been pulled offline as a precaution Cyber-crime25 Mar 2024 | 11
Mozilla fixes $100,000 Firefox zero-days following two-day hackathon Users may have to upgrade twice to protect their browsers Security25 Mar 2024 | 9
GoFetch security exploit can't be disabled on M1 and M2 Apple chips For now, cryptographic work should be run on slower Icestorm cores Research25 Mar 2024 | 14
Time to examine the anatomy of the British Library ransomware nightmare Opinion Mistakes years in the making tell a universal story that must not be ignored Cyber-crime25 Mar 2024 | 91
That Asian meal you eat on holidays could launder money for North Korea United Nations finds IT contract and crypto scams are just two of DPRK's illicit menu items Security25 Mar 2024 | 17
Microsoft confirms memory leak in March Windows Server security update Infosec in brief ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns Security25 Mar 2024 | 11
Some 300,000 IPs vulnerable to this Loop DoS attack Easy to exploit, not yet exploited, not widely patched – pick three Research24 Mar 2024 | 22
Vans claims cyber crooks didn't run off with its customers' financial info Just 35.5M names, addresses, emails, phone numbers … no biggie Cyber-crime24 Mar 2024 | 8
Russia's Cozy Bear caught phishing German politicos with phony dinner invites Forget the Riesling, bring on the WINELOADER Cyber-crime23 Mar 2024 | 8
Chinese snoops use F5, ConnectWise bugs to sell access into top US, UK networks Crew may well be working under contract for Beijing Cyber-crime22 Mar 2024 | 5
3 million doors open to uninvited guests in keycard exploit As months go by without fixes, hotels take the scenic route to securing rooms Research22 Mar 2024 | 49
Hardware-level Apple Silicon vulnerability can leak cryptographic keys Short of redesigning CPUs, the fix will seriously degrade performance Research22 Mar 2024 | 22
NVD slowdown leaves thousands of vulnerabilities without analysis data Opinion Security world reacts as NIST does a lot less of oft criticized, 'almost always thankless' work Security22 Mar 2024 | 5
Truck-to-truck worm could infect – and disrupt – entire US commercial fleet The device that makes it possible is required in all American big rigs, and has poor security Security22 Mar 2024 | 74
FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert You better watch out, you better not cry, better not pout, they're telling you why Security21 Mar 2024 | 4
Microsoft faces bipartisan criticism for alleged censorship on Bing in China Redmond says it does what it's told, but still thinks users are better off Security21 Mar 2024 | 4
Congress votes unanimously to ban brokers selling American data to enemies At least we can all agree on something Security21 Mar 2024 | 19
Yacht dealer to the stars attacked by Rhysida ransomware gang MarineMax may be in choppy waters after 'stolen data' given million-dollar price tag Cyber-crime21 Mar 2024 | 9
UK council won't say whether two-week 'cyber incident' impacted resident data Security experts insist ransomware is involved but Leicester zips its lips Cyber-crime21 Mar 2024 | 22
Exposed: Chinese smartphone farms that run thousands of barebones mobes to do crime Operators pack twenty phones into a chassis – then rack 'em and stack 'em ready to do evil Cyber-crime21 Mar 2024 | 34
It's 2024 and North Korea's Kimsuky gang is exploiting Windows Help files New infostealer may indicate a shift in tactics – and maybe targets too, beyond Asia Research21 Mar 2024 | 5
It's tax season, and scammers are a step ahead of filers, Microsoft says Phishing season started early with crims intent on the hooking early filers Security20 Mar 2024 | 7
US task force aims to plug security leaks in water sector From a trickle to a flood, threats now seen as too great to ignore Cyber-crime20 Mar 2024 | 13
London Clinic probes claim staffer tried to peek at Princess Kate's records First: Not being able buy a meat pie with a credit card. Now this Security20 Mar 2024 | 74
Serial extortionist of medical facilities pleads guilty to cybercrime charges Robert Purbeck even went as far as threatening a dentist with the sale of his child’s data Cyber-crime20 Mar 2024 | 6
Stalkerware usage surging, despite data privacy concerns At least 31,031 people affected last year Security20 Mar 2024 | 1
Five Eyes tell critical infra orgs: Take these actions now to protect against China's Volt Typhoon Unless you want to be the next Change Healthcare, that is Security20 Mar 2024 | 8
Australian techie jailed for accessing museum's accounting system and buying himself stuff Also down under, researchers find security-cleared workers leaking details of their gigs Cyber-crime20 Mar 2024 | 26
Beijing-backed cyberspies attacked 70+ orgs across 23 countries Plus potential links to I-Soon, researchers say Security19 Mar 2024 | 11
Crypto scams more costly to the US than ransomware, Feds say Latest figures paint grim picture of how viciously the elderly are targeted Cyber-crime19 Mar 2024 | 9
Crypto wallet providers urged to rethink security as criminals drain them of millions Innovative Ethereum feature exploited as victims say goodbye to assets Cyber-crime19 Mar 2024 | 13
Atos says Airbus flew off, no longer interested in infosec and big data biz Ailing tech integrator takes a hard hit... share price down by up to 20% this morning Security19 Mar 2024 | 13
Don't be like these 900+ websites and expose millions of passwords via Firebase Warning: Poorly configured Google Cloud databases spill billing info, plaintext credentials CSO18 Mar 2024 | 11
Fujitsu: Miscreants infected our systems with malware, may have stolen customer info Sneaky software slips past shields, spurring scramble Security18 Mar 2024 | 5
More than 133,000 Fortinet appliances still vulnerable to month-old critical bug A huge attack surface for a vulnerability with various PoCs available Patches18 Mar 2024 | 2
Cyber baddies leak 70M+ files online, claim they're from AT&T Telco reckons data is old, isn't from its systems Security18 Mar 2024 | 1
Cyberattack gifts esports pros with cheats, forcing Apex Legends to postpone tournament Updated Virtual gunslingers forcibly became cheaters via mystery means Cyber-crime18 Mar 2024 | 6
Infosec teams must be allowed to fail, argues Gartner But failing to recover from incidents is unforgivable because 'adrenalin does not scale' Security18 Mar 2024 | 16
Filipino police free hundreds of slaves toiling in romance scam operation 875 workers liberated after falling for promises of lucrative work, nine arrested Cyber-crime18 Mar 2024 | 45
Protecting distributed branch office environments from ransomware As ransomware becomes more sophisticated, detection tools should be upgraded to cover every site and location Sponsored Feature
ChatGPT side-channel attack has easy fix: Token obfuscation Infosec in brief Also: Roblox-themed infostealer on the prowl, telco insider pleads guilty to swapping SIMs, and some crit vulns Security18 Mar 2024 | 2
In the rush to build AI apps, please, please don't leave security behind Feature Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more AI + ML17 Mar 2024 | 20
As if working at Helldesk weren't bad enough, IT helpers now targeted by cybercrims Wave of Okta attacks mark what researchers are calling the biggest security trend of the year Research15 Mar 2024 | 15
Cop shop rapped for 'completely avoidable' web form blunder Made public highly sensitive data on complaints about Metropolitan Police Service Security15 Mar 2024 | 14
Forget TikTok – Chinese spies want to steal IP by backdooring digital locks Updated Uncle Sam can use this snooping tool, too, but that's beside the point Security14 Mar 2024 | 21
FTC goes undercover to probe suspected antivirus scam, scores $26M settlement Imagine trying to trick folks into buying $500 of unnecessary repairs – and they turn out to be federal agents Cyber-crime14 Mar 2024 | 9
LockBit ransomware kingpin gets 4 years behind bars Canadian-Russian said to have turned to a life of cybercrime during pandemic, now must pay the price – literally Cyber-crime14 Mar 2024 | 12
Google gooses Safe Browsing with real-time protection that doesn't leak to ad giant Rare occasion when you do want Big Tech to make a hash of it Personal Tech14 Mar 2024 | 16
Record breach of French government exposes up to 43 million people's data Zut alors! Department for registering and helping unemployed people broken into Cyber-crime14 Mar 2024 | 28
International effort to disrupt cybercrime moves into operational phase Will the WEF experiment work? Cyber-crime14 Mar 2024 | 22
US to probe Change Healthcare's data protection standards as lawsuits mount Services slowly coming back online but providers still struggling Cyber-crime14 Mar 2024 | 3
US Congress goes bang, bang, on TikTok sale-or-ban plan Bill proposes to do to China what China already does to the US – make life hard for foreign social networks Public Sector14 Mar 2024 | 61
Nissan to let 100,000 Aussies and Kiwis know their data was stolen in cyberattack Akira ransomware crooks brag of swiping thousands of ID documents during break-in Cyber-crime14 Mar 2024 | 7
Poking holes in Google tech bagged bug hunters $10M A $2M drop from previous year. So … things are more secure? Security13 Mar 2024 | 4
Cryptocurrency laundryman gets hung out to dry Bitcoin Fog washed hundreds of millions for criminals Cyber-crime13 Mar 2024 | 27
Microsoft Copilot for Security prepares for April liftoff Automated AI helper intended to make security more manageable Security13 Mar 2024 | 23
Stanford University failed to detect ransomware intruders for 4 months 27,000 individuals had data stolen, which for some included names and social security numbers Cyber-crime13 Mar 2024 | 4
Reducing the cloud security overhead Why creating a layered defensive strategy that includes security by design can help address cloud challenges Sponsored Feature
Whizkids jimmy OpenAI, Google's closed models Infosec folk aren’t thrilled that if you poke APIs enough, you learn AI's secrets AI + ML13 Mar 2024 | 44
March Patch Tuesday sees Hyper-V join the guest-host escape club Patch Tuesday Critical bugs galore among 61 Microsoft fixes, 56 from Adobe, a dozen from SAP, and a fistful from Fortinet Patches13 Mar 2024 | 8
Meta sues ex infra VP for allegedly stealing top-secret datacenter blueprints Exec accused of using own work PC to swipe confidential AI and staffing docs for stealth cloud startup PaaS + IaaS12 Mar 2024 | 4
Biden's budget proposal boosts CISA funding to $3B Plus almost $1.5b for health-care cybersecurity Security12 Mar 2024 | 5
JetBrains is still mad at Rapid7 for the ransomware attacks on its customers War of words wages on between vendors divided Patches12 Mar 2024 | 12
UK council yanks IT systems and phone lines offline following cyber ambush Targeting recovery this week, officials still trying to 'dentify the nature of the incident' Cyber-crime12 Mar 2024 | 49
French government sites disrupted by très grande DDoS Russia and Sudan top the list of suspects Public Sector12 Mar 2024 | 7
White House and lawmakers increase pressure on UnitedHealth to ease providers' pain US senator calls cyber attack 'inexcusable,' calls for mandatory security rules Security12 Mar 2024 | 3
Kremlin accuses America of plotting cyberattack on Russian voting systems Don't worry, we have a strong suspicion Putin's still gonna win Security11 Mar 2024 | 48
British Library pushes the cloud button, says legacy IT estate cause of hefty rebuild Five months in and the mammoth post-ransomware recovery has barely begun Cyber-crime11 Mar 2024 | 44
How do you lot feel about Pay or say OK to ads model, asks ICO And does it count as consent? Security11 Mar 2024 | 82
Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability Infosec in brief PLUS: NSA shares cloud security tips; Infosec training for Jordanian women; Critical vulnerabilities Security11 Mar 2024 | 10
Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes Plus: CISA pulls plug on couple of systems feared compromised Cyber-crime08 Mar 2024 | 2
Microsoft confirms Russian spies stole source code, accessed internal systems Still 'no evidence' of any compromised customer-facing systems, we're told Cyber-crime08 Mar 2024 | 54
Change Healthcare registers pulse after crippling ransomware attack Remaining services are expected to return in the coming weeks after $22M ALPHV ransom Cyber-crime08 Mar 2024 | 2
Swiss cheese security? Play ransomware gang milks government of 65,000 files Classified docs, readable passwords, and thousands of personal information nabbed in Xplain breach Cyber-crime08 Mar 2024 | 11
Font security 'still a Helvetica of a problem' says Australian graphics outfit Canva Who knew that unzipping a font archive could unleash a malicious file Security08 Mar 2024 | 38