China has utterly pwned 'thousands and thousands' of devices at US telcos
Senate Intelligence Committee chair says his 'hair is on fire' as execs front the White House
Cyber-crime25 Nov 2024 | 2
Security
Google blocked 1,000-plus pro-China fake news websites from its search results
Beijing's propaganda buddies aren't just using social media
Security25 Nov 2024 | 9
Imagine a land in which Big Tech can't send you down online rabbit holes or use algorithms to overcharge you
China is trying to become that land, with a government crackdown on the things that make the internet no fun
Security25 Nov 2024 | 14
Russian spies may have moved in next door to target your network
Infosec in brief Plus: Microsoft seizes phishing domains; Helldown finds new targets; Illegal streaming with Jupyter, and more
Security25 Nov 2024 | 11
Volunteer DEF CON hackers dive into America's leaky water infrastructure
Six sites targeted for security clean-up, just 49,994 to go
Security24 Nov 2024 | 9
Trump taps border hawk to head DHS. Will Noem's 'enthusiasm' extend to digital domain?
Analysis Meanwhile, CISA chief Jen Easterly will step down prior to inauguration
Public Sector23 Nov 2024 | 40
Andrew Tate's site ransacked, subscriber data stolen
He'll just have to take this one on the chin
Cyber-crime22 Nov 2024 | 93
1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole
PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more
CSO22 Nov 2024 | 10
How to master endpoint security
Get some advice from this discussion with a Kaseya expert
Webinar
SafePay ransomware gang claims Microlise attack that disrupted prison van tracking
Fledgling band of crooks says it stole 1.2 TB of data
Cyber-crime22 Nov 2024 | 2
Helpline for Yakuza victims fears it leaked their personal info
Organized crime types tend not to be kind to those who go against them, so this is nasty
Security22 Nov 2024 | 21
Here's what happens if you don't layer network security – or remove unused web shells
TL;DR: Attackers will break in and pwn you, as a US government red team demonstrated
Security22 Nov 2024 | 4
DARPA-backed voting system for soldiers abroad savaged
VotingWorks, developer of the system, disputes critics' claims
Security21 Nov 2024 | 4
Chinese ship casts shadow over Baltic subsea cable snipfest
Danish military confirms it is monitoring as Swedish police investigate. Cloudflare says impact was 'minimal'
Networks21 Nov 2024 | 40
'Alarming' security bugs lay low in Linux's needrestart utility for 10 years
Update now: Qualys says flaws give root to local users, 'easily exploitable', default in Ubuntu Server
Research21 Nov 2024 | 15
Now Online Safety Act is law, UK has 'priorities' – but still won't explain 'spy clause'
Draft doc struggles to describe how theoretically encryption-busting powers might be used
Cyber-crime21 Nov 2024 | 57
Put your usernames and passwords in your will, advises Japan's government
Digital end of life planning saves your loved ones from a little extra anguish
Software21 Nov 2024 | 75
Five Scattered Spider suspects indicted for phishing spree and crypto heists
DoJ also shutters allleged crimeware and credit card mart PopeyeTools
Cyber-crime21 Nov 2024 | 3
Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator
Meet Liminal Panda, which prowls telecom networks in South Asia and Africa
CSO20 Nov 2024 | 13
Mega US healthcare payments network restores system 9 months after ransomware attack
Change Healthcare’s $2 billion recovery is still a work in progress
Cyber-crime20 Nov 2024 | 5
Popular
Volunteer DEF CON hackers dive into America's leaky water infrastructure
Six sites targeted for security clean-up, just 49,994 to go
Trump taps border hawk to head DHS. Will Noem's 'enthusiasm' extend to digital domain?
Analysis Meanwhile, CISA chief Jen Easterly will step down prior to inauguration
One thing AI can't generate at the moment – compelling reasons to use it for work
Kettle Our vultures think this tech is interesting but in its 8-bit stage
We can clone you wholesale: Boffins build ML agents that respond like specific people
Oh, AI wanna be like you, AI wanna walk like you, talk like you, too
Network engineer chose humiliation over a night on the datacenter floor
Who, Me? To avoid lock-in, it helps if you remember your keys
Imagine a land in which Big Tech can't send you down online rabbit holes or use algorithms to overcharge you
China is trying to become that land, with a government crackdown on the things that make the internet no fun
Russian spies may have moved in next door to target your network
Infosec in brief Plus: Microsoft seizes phishing domains; Helldown finds new targets; Illegal streaming with Jupyter, and more
Mysteries in polar orbit – space's oldest working hardware still keeps its secrets
Opinion It's never aliens, but it could be underground TV repair techs
Google blocked 1,000-plus pro-China fake news websites from its search results
Beijing's propaganda buddies aren't just using social media
China sends cloud powered by homebrew Loongson CPUs into space
Asia In Brief Plus: Korea cracks down on Temu; US, Vietnam, sign infosec pact; India extends controversial hardware import law; and more
STORIES
Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed
OSS-Fuzz is making a strong argument for LLMs in security research
AI + ML20 Nov 2024 | 9
D-Link tells users to trash old VPN routers over bug too dangerous to identify
Vendor offers 20% discount on new model, but not patches
CSO20 Nov 2024 | 54
Data is the new uranium – incredibly powerful and amazingly dangerous
Column CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value
CSO20 Nov 2024 | 46
Healthcare org Equinox notifies 21K patients and staff of data theft
Ransomware scum LockBit claims it did the dirty deed
Cyber-crime20 Nov 2024 | 1
China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer
No word on when or if the issue will be fixed
Security19 Nov 2024 | 2
Russian suspected Phobos ransomware admin extradited to US over $16M extortion
This malware is FREE for EVERY crook ($300 decryption keys sold separately)
Cyber-crime19 Nov 2024 | 5
America's drinking water systems have a hard-to-swallow cybersecurity problem
More than 100M rely on gear rife with vulnerabilities, says EPA OIG
Public Sector19 Nov 2024 | 19
Palo Alto Networks tackles firewall-busting zero-days with critical patches
Amazing that these two bugs got into a production appliance, say researchers
Patches19 Nov 2024 | 4
Navigating third-party risks
Strategies for mitigating external access vulnerabilities and safeguarding sensitive data
Webinar
Crook breaks into AI biz, points $250K wire payment at their own account
Fastidious attacker then tidied up email trail behind them
Cyber-crime19 Nov 2024 | 12
Join in the festive cybersecurity fun
Get hands-on cybersecurity training this seasonal challenge
Sponsored Post
iOS 18 added secret and smart security feature that reboots iThings after three days
Security researcher's reverse engineering effort reveals undocumented reboot timer that will make life harder for attackers
Security19 Nov 2024 | 41
Ford 'actively investigating' after employee data allegedly parked on leak site
Updated Plus: Maxar Space Systems confirms employee info stolen in digital intrusion
Security18 Nov 2024 | 3
Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble
If you didn't fix this a month ago, your to-do list probably needs a reshuffle
Virtualization18 Nov 2024 | 4
T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears
updated Un-carrier said to be among those hit by Salt Typhoon, including AT&T, Verizon
Networks18 Nov 2024 | 2
Sweden's 'Doomsday Prep for Dummies' guide hits mailboxes today
First in six years is nearly three times the size of the older, pre-NATO version
Security18 Nov 2024 | 38
Deepen your knowledge of Linux security
Event
Teen serial swatter-for-hire busted, pleads guilty, could face 20 years
Infosec in brief PLUS: Cost of Halliburton hack disclosed; Time to dump old D-Link NAS; More UN cybercrime convention concerns; and more
Security18 Nov 2024 | 23
Will passkeys ever replace passwords? Can they?
Systems Approach Here's why they really should
Security17 Nov 2024 | 119
Rust haters, unite! Fil-C aims to Make C Great Again
It's memory-safe, with a few caveats
Software16 Nov 2024 | 104
Swiss cheesed off as postal service used to spread malware
QR codes arrive via an age-old delivery system
Bootnotes16 Nov 2024 | 39
Bloke behind Helix Bitcoin launderette jailed for three years, hands over $400M
Digital money laundering pays, until it doesn't
Cyber-crime16 Nov 2024 | 7
Letting chatbots run robots ends as badly as you'd expect
LLM-controlled droids easily jailbroken to perform mayhem, researchers warn
AI + ML16 Nov 2024 | 44
Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit
Yank access to management interface, stat
CSO15 Nov 2024 | 28
Keyboard robbers steal 171K customers' data from AnnieMac mortgage house
Names and social security numbers of folks looking for the biggest loan of their lives exposed
Cyber-crime15 Nov 2024 | 6
Bitfinex burglar bags 5 years behind bars for Bitcoin heist
A nervous wait for rapper wife who also faces a stint in the clink
Cyber-crime15 Nov 2024 | 4
Microsoft Power Pages misconfigurations exposing sensitive data
NHS supplier that leaked employee info fell victim to fiddly access controls that can leave databases dangling online
Security15 Nov 2024 | 6
Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost
Plus a bonus hard-coded local API key
Patches14 Nov 2024 |
Cybercriminal devoid of boundaries gets 10-year prison sentence
Serial extortionist of medical facilities stooped to cavernous lows in search of small payouts
Cyber-crime14 Nov 2024 | 6
Kids' shoemaker Start-Rite trips over security again, spilling customer card info
Updated Full details exposed, putting shoppers at serious risk of fraud
Cyber-crime14 Nov 2024 | 14
NatWest blocks bevy of apps in clampdown on unmonitorable comms
From guidance to firm action... no more WhatsApp, Meta's Messenger, Signal, Telegram and more
Security14 Nov 2024 | 25
Asda security chief replaced, retailer sheds jobs during Walmart tech divorce
British grocer's workers called back to office as clock ticks for contractors
On-Prem14 Nov 2024 | 18
Five Eyes infosec agencies list 2023's most exploited software flaws
Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns
CSO14 Nov 2024 | 28
Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'
Updated Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds
Research14 Nov 2024 | 5
ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue
Plus: CISA's ScubaGear dives deep to fix M365 misconfigs
CSO14 Nov 2024 | 3
Data broker amasses 100M+ records on people – then someone snatches, sells it
We call this lead degeneration
Cyber-crime13 Nov 2024 | 18
Ransomware fiends boast they've stolen 1.4TB from US pharmacy network
American Associated Pharmacies yet to officially confirm infection
Cyber-crime13 Nov 2024 | 1
Microsoft slips Task Manager and processor count fixes into Patch Tuesday
Sore about cores no more
Patches13 Nov 2024 | 7
Admins can give thanks this November for dollops of Microsoft patches
Patch Tuesday Don't be a turkey – get these fixed
Patches13 Nov 2024 | 21
China's Volt Typhoon crew and its botnet surge back with a vengeance
Ohm, for flux sake
Public Sector13 Nov 2024 | 4
Air National Guardsman gets 15 years after splashing classified docs on Discord
22-year-old talked of 'culling the weak minded' – hmm!
Cyber-crime13 Nov 2024 | 93
Here's what we know about the suspected Snowflake data extortionists
A Canadian and an American living in Turkey 'walk into' cloud storage environments…
Cyber-crime12 Nov 2024 | 5
'Cybersecurity issue' at Food Lion parent blamed for US grocery mayhem
Stores still open, but customers report delayed deliveries, invoicing issues, and more at Stop & Shop and others
Cyber-crime12 Nov 2024 | 2
HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code
'Once again, we've lost a little more faith in the internet,' researcher says
CSO12 Nov 2024 | 3
Managing third-party risks in complex IT environments
Key steps to protect your organization’s data from unauthorized external access
Webinar
Amazon confirms employee data exposed in leak linked to MOVEit vulnerability
Over 5 million records from 25 organizations posted to black hat forum
Cyber-crime12 Nov 2024 | 2
FBI issues warning as crooks ramp up emergency data request scams
Just because it's .gov doesn't mean that email is trustworthy
Cyber-crime11 Nov 2024 | 12
Dark web crypto laundering kingpin sentenced to 12.5 years in prison
Prosecutors hand Russo-Swede a half-billion bill
Cyber-crime11 Nov 2024 | 24
Alleged Snowflake attacker gets busted by Canadians – politely, we assume
Infosec in brief Also: Crypto hacks will continue; CoD hacker gets thousands banned, and more
Security11 Nov 2024 |
Scattered Spider, BlackCat claw their way back from criminal underground
We all know by now that monsters never die, right?
Cyber-crime08 Nov 2024 | 1
Winos4.0 abuses gaming apps to infect, control Windows machines
'Multiple' malware samples likely targeting education orgs
Security08 Nov 2024 | 6
Don't open that 'copyright infringement' email attachment – it's an infostealer
Curiosity gives crims access to wallets and passwords
Research07 Nov 2024 | 21
Cisco scores a perfect CVSS 10 with critical flaw in its wireless system
Ultra-Reliable Wireless Backhaul doesn't live up to its name
Patches07 Nov 2024 | 16
Officials warn of Russia's tech-for-troops deal with North Korea amid Ukraine conflict
10,000 of Kim Jong Un's soldiers believed to be headed for front line
Security07 Nov 2024 | 47
Cybercrooks are targeting Bengal cat lovers in Australia for some reason
In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos
Research06 Nov 2024 | 15
Operation Synergia II sees Interpol swoop on global cyber crims
22,000 IP addresses taken down, 59 servers seized, 41 arrests in 95 countries
Cyber-crime06 Nov 2024 | 3
Cyberattackers stole Microlise staff data following DHL, Serco disruption
Experts say incident has 'all the hallmarks of ransomware'
Cyber-crime06 Nov 2024 | 5
China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks
updated Alleged intrusion spotted in June
Security06 Nov 2024 | 5
Scumbag puts 'stolen' Nokia source code, SSH and RSA keys, more up for sale
Data pinched from pwned outside supplier, thief claims
Cyber-crime06 Nov 2024 | 6
Schneider Electric ransomware crew demands $125k paid in baguettes
Hellcat crew claimed to have gained access via the company's Atlassian Jira system
Cyber-crime05 Nov 2024 | 46
A Kansas pig butchering: CEO who defrauded bank, church, friends gets 24 years
FBI recovers just $8M after scam crashes Heartland Tri-State Bank
Cyber-crime05 Nov 2024 | 17
Criminals open DocuSign's Envelope API to make BEC special delivery
Why? Because that's where the money is
Research05 Nov 2024 | 4
Ongoing typosquatting campaign impersonates hundreds of popular npm packages
Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials
Research05 Nov 2024 | 11
Washington courts grapple with statewide outage after 'unauthorized activity'
Justice still being served, but many systems are down
Security05 Nov 2024 | 1
Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed
You snooze, you lose, er, win
AI + ML05 Nov 2024 | 19
Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack
Victims were placed in serious danger following highly sensitive data dump
Cyber-crime04 Nov 2024 | 5
Why the long name? Okta discloses auth bypass bug affecting 52-character usernames
Mondays are for checking months of logs, apparently, if MFA's not enabled
Security04 Nov 2024 | 14
Public sector cyber break-ins: Our money, our lives, our right to know
Opinion Is that a walrus in your server logs, or aren't you pleased to see me?
Cyber-crime04 Nov 2024 | 24
Six IT contractors accused of swindling Uncle Sam out of millions
Infosec in brief Also, ecommerce fraud ring disrupted, another Operation Power Off victory, Sino SOHO botnet spotted, and more
Security03 Nov 2024 | 11
Financial institutions told to get their house in order before the next CrowdStrike strikes
Calls for improvements will soon turn into demands when new rules come into force
Security02 Nov 2024 | 34
UK councils bat away DDoS barrage from pro-Russia keyboard warriors
Local authority websites downed in response to renewed support for Ukraine
Cyber-crime01 Nov 2024 | 34
Hack Nintendo's alarm clock to show cat pics? Let's-a-go!
How 'Gary' defeated Bowser broke into the interactive alarm clock
Security01 Nov 2024 | 34
Gang gobbles 15K credentials from cloud and email providers' garbage Git configs
Emeraldwhale looked sharp – until it made a common S3 bucket mistake
Research31 Oct 2024 | 2
LottieFiles supply chain attack exposes users to malicious crypto wallet drainer
A scary few Halloween hours for team behind hugely popular web plugin
Cyber-crime31 Oct 2024 | 11
Tower PC case used as 'creative cavity' by drug importer
Motherboard missing, leaving space for a million hits of meth
Cyber-crime31 Oct 2024 | 58
Chinese attackers accessed Canadian government networks – for five years
India makes it onto list of likely threats for the first time
Cybersecurity Month31 Oct 2024 | 15
Windows Themes zero-day bug exposes users to NTLM credential theft
Plus a free micropatch until Redmond fixes the flaw
Security30 Oct 2024 | 6
Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info
If you're gonna come at the mouse, you need to be better at hiding your tracks
Security30 Oct 2024 | 58
Russian spies use remote desktop protocol files in unusual mass phishing drive
The prolific Midnight Blizzard crew cast a much wider net in search of scrummy intel
Cyber-crime30 Oct 2024 | 18
Beijing claims it's found 'underwater lighthouses' that its foes use for espionage
Release the Kraken!
Security30 Oct 2024 | 70
Biting the hand that feeds IT
