Europol nukes nearly 600 IP addresses in Cobalt Strike crackdown Private sector helped out with week-long operation – but didn't touch China Security04 Jul 2024 | 6
Ransomware scum who hit Indonesian government apologizes, hands over encryption key Brain Cipher was never getting the $8 million it demanded anyway Security04 Jul 2024 | 16
Traeger security bugs bad news for grillers with neighborly beef Never risk it when it comes to brisket – make sure those updates are applied Research03 Jul 2024 | 19
Affirm fears customer info pilfered during ransomware raid at Evolve Bank Number of partners acknowledging data theft continues to rise Malware Month02 Jul 2024 | 2
'Almost every Apple device' vulnerable to CocoaPods supply chain attack Dependency manager used in millions of apps leaves a bitter taste Security02 Jul 2024 | 15
Baddies hijack Korean ERP vendor's update systems to spew malware Notorious 'Andariel' crew takes a bite of HotCroissant backdoor for fresh attack Malware Month02 Jul 2024 |
Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk Full system takeovers on the cards, for those with enough patience to pull it off Patches01 Jul 2024 | 59
Juniper Networks flings out emergency patches for perfect 10 router vuln Get 'em while they're hot Patches01 Jul 2024 | 5
Polyfill.io claims reveal new cracks in supply chain, but how deep do they go? Opinion There will always be bad actors in the system. We can always learn from the drama they create Security01 Jul 2024 | 18
CISA director: US is 'not afraid' to shout about Big Tech's security failings Jen Easterly hopes CSRB's Microsoft report won't impede future private sector collaboration CSO01 Jul 2024 | 11
Police allege 'evil twin' of in-flight Wi-Fi used to steal passenger's credentials Fasten your seat belts, secure your tray table, and try not to give away your passwords Security01 Jul 2024 | 60
Indonesian government didn't have backups of ransomwared data, because DR was only an option President has ordered a datacenter audit and made backups mandatory Malware Month01 Jul 2024 | 23
Microsoft tells yet more customers their emails have been stolen security in brief Plus: US auto dealers still offline; Conti coders sanction; Rabbit R1 hardcoded API keys; and more Security01 Jul 2024 | 22
CISA looked at C/C++ projects and found a lot of C/C++ code. Wanna redo any of it in Rust? So, so many lines of memory-unsafe routines in crucial open source, and unsafe dependencies Research28 Jun 2024 | 77
TeamViewer says Russia broke into its corp IT network Updated Same APT29 crew that hit Microsoft and SolarWinds. How close were we to a mega backdoor situation? CSO28 Jun 2024 | 25
Google cuts ties with Entrust in Chrome over trust issues Move comes weeks after Mozilla blasted certificate authority for failings Security28 Jun 2024 | 24
Microsoft hits snooze again on security certificate renewal Seeing weird warnings in Microsoft 365 and Office Online? That'll be why Security28 Jun 2024 | 33
'Skeleton Key' attack unlocks the worst of AI, says Microsoft Simple jailbreak prompt can bypass safety guardrails on major models AI + ML28 Jun 2024 | 113
Polyfill.io owner punches back at 'malicious defamation' amid domain shutdown Updated No supply-chain attacks to see over here! Research28 Jun 2024 | 28
VMware license changes mean bare metal can make a comeback through 'devirtualization', says Gartner Latest datacenter Hype Cycle also includes augmented reality, new types of memory, nuke power
Ransomware scum who hit Indonesian government apologizes, hands over encryption key Brain Cipher was never getting the $8 million it demanded anyway
Kernel tweaks improve Raspberry Pi performance, efficiency There's a lot of room for improvement in modern computing, from the low end to the very high
UN telecom watchdog wags finger at Russia for satellite interference European neighbors say interference comes from Moscow and Kaliningrad, Kremlin claims it didn't find anything
Microsoft Stores all close their doors in China Slump in Surface sales suspected as one reason for move online
Japan's digital minister declares victory against floppy disks The war on the relic is finally won. Now on to fax machines?
Traeger security bugs bad news for grillers with neighborly beef Never risk it when it comes to brisket – make sure those updates are applied
RIP: WordPerfect co-founder Bruce Bastian dies at 76 Obit Tributes paid to passionate LGBTQ+ equality champion
So much for green Google ... Emissions up 48% since 2019 AI datacenters blamed for the increase, even as Chocolate Factory bets on AI to fix it
TeamViewer can't bring itself to say someone broke into its network – but it happened Updated Claims customer data, prod environment not affected as NCC sounds alarm Cyber-crime28 Jun 2024 | 24
US lawmakers wave red flags over Chinese drone dominance Congressman warns tech is getting the 'Huawei Playbook' treatment Security27 Jun 2024 | 20
Korean telco allegedly infected its P2P users with malware KT may have had an entire team dedicated to infecting its own customers Security27 Jun 2024 | 8
WhisperGate suspect indicted as US offers a $10M bounty for his capture Russian national accused of attacks in lead-up to the Ukraine war Public Sector27 Jun 2024 | 6
Feds put $5M bounty on 'CryptoQueen' Ruja Ignatova OneCoin co-founder allegedly bilked investors out of $4B Cyber-crime26 Jun 2024 | 20
US convicts crypto-robbing gang leader who kidnapped victims before draining their accounts Said to have zip tied elderly crypto investors, held them at gunpoint, and threatened to kill them Cyber-crime26 Jun 2024 | 13
Batten down the hatches, it's time to patch some more MOVEit bugs Exploit attempts for ‘devastating’ vulnerabilities already underway Patches26 Jun 2024 | 9
Julian Assange pleads guilty, leaves courtroom a free man Now, about that bill for the private jet that's taking him home to Australia … Security26 Jun 2024 | 201
Yahoo! Japan to waive $189 million ad revenue after detecting fraudulent clicks Admits it's not sure some clicks came from humans, points to bettter quality as sign not all is rotten Cyber-crime26 Jun 2024 | 11
Organized crime and domestic violence perps are big buyers of tracking devices Australian study finds GPS trackers – and sometimes AirTags – are in demand for the wrong reasons Security26 Jun 2024 | 24
Microsoft blamed for million-plus patient record theft at US hospital giant Updated Probe: Worker at speech-recog outfit Nuance wasn't locked out after firing CSO26 Jun 2024 | 20
If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately Scripts turn sus after mysterious CDN swallows domain CSO25 Jun 2024 | 61
Fiend touts stolen Neiman Marcus customer info for $150K Flash clobber chain fashionably late to Snowflake fiasco party Cyber-crime25 Jun 2024 | 2
Crypto scammers circle back, pose as lawyers, steal an extra $10M in truly devious plan Business is more lucrative than you might think Cyber-crime25 Jun 2024 | 18
CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities Crafty crims broke in but encryption stopped any nastiness Cyber-crime25 Jun 2024 | 3
UK and US cops band together to tackle Qilin's ransomware shakedowns Attacking the NHS is a very bad move Malware Month25 Jun 2024 | 26
Ransomware thieves beware Why Object First and Veeam tick the box for encryption and immutability Sponsored Feature
Julian Assange to go free in guilty plea deal with US WikiLeaks boss already out of Blighty and, if all goes to plan, ultimately off to home in Australia Security25 Jun 2024 | 144
America's best chance for nationwide privacy law could do more harm than good Analysis 'Congress has effectively gutted it as part of a backroom deal' Personal Tech25 Jun 2024 | 31
Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server About a thousand vulnerable instances still exposed online, we're told Patches24 Jun 2024 | 8
Car dealers stuck in the slow lane after cyber woes at software biz CDK More customers self-reporting to SEC as disruption carries into second week Cyber-crime24 Jun 2024 | 2
'Mirai-like' botnet observed attacking EOL Zyxel NAS devices Seems like as good a time as any to upgrade older hardware Research24 Jun 2024 | 3
Levi's and more affected in pants-dropping week of data breaches A busy few days for security teams Cyber-crime24 Jun 2024 | 5
Meta, Microsoft SQL Server make strange bedfellows on a couch of cyber-pain Opinion Yanks get food poisoning far more often than Brits. Is American IT just as sickening? Security24 Jun 2024 | 41
Admin took out a call center – and almost their career – with a cut and paste error Who, me? Have you heard the one about the techie who forgot what was on the clipboard? Cyber-crime24 Jun 2024 | 53
Snowflake breach snowballs as more victims, perps, come forward Infosec in brief Also: The leaked Apple internal tools that weren't; TV pirate pirates convicted; and some critical vulns, too Security24 Jun 2024 | 9
Risk of installing dodgy extensions from Chrome store way worse than Google's letting on, study suggests All depends on how you count it – Chocolate Factory claims 1% fail rate Research23 Jun 2024 | 34
From network security to nyet work in perpetuity: What's up with the Kaspersky US ban? Kettle It's been a long time coming. Now our journos speak their brains Security22 Jun 2024 | 43
Change Healthcare finally spills the tea on what medical data was stolen by cyber-crew 'Substantial proportion' of America to get a little note from next month Cyber-crime21 Jun 2024 | 9
Uncle Sam sanctions Kaspersky's top bosses – but not Mr K himself Here's America's list of the supposedly dirty dozen CSO21 Jun 2024 | 16
Phoenix UEFI flaw puts long list of Intel chips in hot seat Researchers discuss it in same breath as BlackLotus and MosaicRegressor Research21 Jun 2024 | 20
Qilin cyber scum leak data they claim belongs to London hospitals’ pathology provider At least they didn’t get paid their $50M ransom demand Cyber-crime21 Jun 2024 | 11
Since joining NATO, Sweden claims Russia has been borking Nordic satellites If Putin likes jammin', we hope NATO likes jammin' too Security21 Jun 2024 | 56
Coding error in forgotten API blamed for massive data breach Australian telco Optus allegedly left redundant website with poor access controls online for years Security21 Jun 2024 | 16
Crooks get their hands on 500K+ radiology patients' records in cyber-attack Two ransomware gangs bragged of massive theft of personal info and medical files Cyber-crime20 Jun 2024 | 4
Biden bans Kaspersky: No more sales, updates in US Blockade begins July 20 on national security grounds as antivirus slinger vows to fight back CSO20 Jun 2024 | 111
Car dealer software bigshot CDK pulls systems offline twice amid 'cyber incident' Downtime set to crash into next week Cyber-crime20 Jun 2024 | 13
Crypto exchange Kraken accuses blockchain security outfit CertiK of extortion Researchers allegedly stole $3M using the vulnerability, then asked how much it was really worth Security20 Jun 2024 | 4
Russia's cyber spies still threatening French national security, democracy Publishing right before a major election is apparently just a coincidence Cyber-crime20 Jun 2024 | 9
Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals Interview Cybercriminals claim they used a zero-day to breach pathology provider’s systems Cyber-crime20 Jun 2024 | 25
Amtrak confirms crooks are breaking into accounts using creds swiped from other DBs Railco goes full steam ahead with notification letters to Rewards users about spilled card details and more Cyber-crime19 Jun 2024 | 12
That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise Control-C, Control-V, Enter ... Hell Research19 Jun 2024 | 18
Rogue uni IT director pleads guilty after fraudulently buying $2.1M of tech Two decades in the clink would be quite an education Cyber-crime18 Jun 2024 | 14
Dark-web kingpin puts 'stolen' internal AMD databases, source code up for sale Updated Chip designer really gonna need to channel some Zen right now Cyber-crime18 Jun 2024 |
EU attempt to sneak through new encryption-eroding law slammed by Signal, politicians If you call 'client-side scanning' something like 'upload moderation,' it still undermines privacy, security Security18 Jun 2024 | 75
CHERI Alliance formed to promote memory security tech ... but where's Arm? Updated Academic-industry project takes next step as key promoter chip designer licks its wounds Research18 Jun 2024 | 3
Uncle Sam ends financial support to orgs hurt by Change Healthcare attack Billions of dollars made available but worst appears to be over Research18 Jun 2024 | 3
NHS boss says Scottish trust wouldn't give cyberattackers what they wanted CEO of Dumfries and Galloway admits circa 150K people should assume their details leaked Cyber-crime18 Jun 2024 | 13
VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug Specially crafted network packet could allow remote code execution and access to VM fleets Patches18 Jun 2024 | 8
Arm security defense shattered by speculative execution 95% of the time 'TikTag' security folks find anti-exploit mechanism rather fragile Research18 Jun 2024 | 27
Shoddy infosec costs PwC spinoff and NMA $11.3M in settlement with Uncle Sam Updated Pen-testing tools didn't work – and personal info of folks hit by pandemic started appearing in search engines CSO17 Jun 2024 | 2
Suspected bosses of $430M dark-web Empire Market charged in US Cybercrime super-souk's Dopenugget and Zero Angel may face life behind bars if convicted Cyber-crime17 Jun 2024 | 1
Blackbaud has to cough up a few million dollars more over 2020 ransomware attack Four years on and it's still paying for what California attorney general calls 'unacceptable' practice Cyber-crime17 Jun 2024 | 3
Cops cuff 22-year-old Brit suspected of being Scattered Spider leader Spanish plod make arrest at airport before he jetted off to Italy Cyber-crime17 Jun 2024 | 21
AWS is pushing ahead with MFA for privileged accounts. What that means for you ... The clock is ticking – why not try a passkey? CSO17 Jun 2024 | 17
UK's Total Fitness exposed nearly 500K images of members, staff through unprotected database Exclusive Health club chain headed for the spa on choose-a-password day Security17 Jun 2024 | 24
Notorious cyber gang UNC3944 attacks vSphere and Azure to run VMs inside victims' infrastructure Who needs ransomware when you can scare techies into coughing up their credentials? Security17 Jun 2024 | 5
That didn't take long: Replacement for SORBS spam blacklist arises ... sort of Infosec in brief Also: Online adoption cyberstalker nabbed; Tesla trade secrets thief pleads guilty; and a critical ASUS Wi-Fi vuln Security17 Jun 2024 | 2
Japan's space junk cleaner hunts down major target Asia in brief Plus: Australia to age limit social media; Hong Kong's robo-dogs; India's new tech minister Security17 Jun 2024 | 10
Microsoft answered Congress' questions on security. Now the White House needs to act Feature Business as usual needs a real change Public Sector15 Jun 2024 | 44
Stanford Internet Observatory wilts under legal pressure during election year Because who needs disinformation research at times like these Research14 Jun 2024 | 85
Meta won't train AI on Euro posts after all, as watchdogs put their paws down Facebook parent calls step forward for privacy a 'step backwards' AI + ML14 Jun 2024 | 41
Nigerian faces up to 102 years in the slammer for $1.5M phishing scam Crook and his alleged co-conspirators said to have used Discord to coordinate Cyber-crime14 Jun 2024 | 9
Ukraine busts SIM farms targeting soldiers with spyware Russia recruits local residents to support battlefield goals Cyber-crime14 Jun 2024 | 8
French state bidding for piece of Atos, offers €700M Big data + security division could be owed by the government and its people Security14 Jun 2024 | 13
Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended 'It's not our job to find the culprits – That's what we're paying you for' lawmaker scolds Brad Smith CSO14 Jun 2024 | 57
US Space Force wanted $77M to reinforce GPS – and Congress shot it down Can't we do this another way, like without these mini-sats costing $1B over 5 years, House reps wonder Public Sector13 Jun 2024 | 23
Oracle Ads have had it: $2B operation shuts down after dwindling to $300M Analysis In this slightly more private era, your data ain't as profitable as it once was Personal Tech13 Jun 2024 | 25
Ukrainian cops collar Kyiv programmer believed to be Conti, LockBit linchpin 28-year-old accused of major ransomware attacks across Europe Malware Month13 Jun 2024 | 13
Google's Privacy Sandbox more like a privacy mirage, campaigners claim Updated Chocolate Factory accused of misleading Chrome browser users Security13 Jun 2024 | 8
Student's flimsy bin bags blamed for latest NHS data breach Confidential patient information found by member of the public Security13 Jun 2024 | 63
Time to zero in on Zero Trust? Recently discovered vulnerabilities in VPN services should push ASEAN organizations to rethink their perimeter security approach Sponsored Post
Crooks crack customer info at tracking device vendor Tile, issue 'extortion' demands Who tracks the trackers? Cyber-crime13 Jun 2024 | 5
Ransomware crew may have exploited Windows make-me-admin bug as a zero-day Symantec suggests Black Basta crew beat Microsoft to the patch Malware Month12 Jun 2024 | 2
White House report dishes deets on all 11 major government breaches from 2023 The MOVEit breach and ransomware weren’t kind to the Feds last year CSO12 Jun 2024 | 1
China's FortiGate attacks more extensive than first thought Dutch intelligence says at least 20,000 firewalls pwned in just a few months Cyber-crime12 Jun 2024 | 13
Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows Patch Tuesday Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack CSO12 Jun 2024 | 7
Pure Storage pwned, claims data plundered by crims who broke into Snowflake workspace Secure storage company hasn't spilled details on how they got in Cyber-crime11 Jun 2024 | 1
Cylance clarifies data breach details, except where the data came from Customers, partners, operations remain uncompromised, BlackBerry says Security11 Jun 2024 | 2
UK and Canada's data chiefs join forces to investigate 23andMe mega-breach Three-pronged approach aims to uncover any malpractice at the Silicon Valley biotech biz Cyber-crime11 Jun 2024 | 14