FBI Director: FISA Section 702 warrant requirement a 'de facto ban' War of words escalates as deadline draws near Security15 Nov 2023 | 56
How cyber training can help you beat the bad guys No matter what stage your security career is at, SANS has resources that will add to your knowledge Sponsored Post
Ransomware more efficient than ever, and baddies are still after your logs Trying times for incident responders who battle fastest-ever ransomware blitz as attackers keep scrubbing evidence clean Research15 Nov 2023 | 3
Another month, another bunch of fixes for Microsoft security bugs exploited in the wild Patch Tuesday Plus: VMware closes critical hole, Adobe fixes a whopping 76 flaws Patches15 Nov 2023 | 17
Russian national pleads guilty to building now-dismantled IPStorm proxy botnet 23K nodes earned operator more than $500K – and now perhaps jail time Cyber-crime14 Nov 2023 | 1
AMD SEV OMG: Trusted execution in VMs undone by bad hypervisors' cache meddling Let's do the CacheWarp again Research14 Nov 2023 | 7
Intel emits patch to squash chip bug that lets any guest VM crash host servers Sapphire Rapids, Alder Lake, Raptor Lake chip families treated for 'Redundant Prefix' Patches14 Nov 2023 | 1
Ransomware royale: US confirms Royal, BlackSuit are linked Royal alone scored $275M in past year as FBI, other agencies hot on merging trail Cyber-crime14 Nov 2023 | 1
Novel backdoor persists even after critical Confluence vulnerability is patched Got a Confluence server? Listen up. Malware said to have wide-ranging capabilities Cyber-crime14 Nov 2023 | 1
Bug hunters on your marks: TETRA radio encryption algorithms to enter public domain Emergency comms standard had five nasty flaws but will be opened to academic research Security14 Nov 2023 | 10
NCSC says cyber-readiness of UK’s critical infrastructure isn’t up to scratch And the world's getting more and more dangerous CSO14 Nov 2023 | 16
Beijing reportedly asked Hikvision to identify fasting students in Muslim-majority province University managment app also tracked library activity, holidays, and much more Security14 Nov 2023 | 27
Passive SSH server private key compromise is real ... for some vulnerable gear OpenSSL, LibreSSL, OpenSSH users, don't worry – you can sit this one out Research14 Nov 2023 | 12
Google sues scammers peddling fake malware-riddled Bard chatbot download Updated Plus: Chocolate Factory launches second lawsuit against false DMCA takedowns Cyber-crime14 Nov 2023 | 13
Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks Zyxel zero days and nation-state actors (maybe) had a hand in the sector’s worst cybersecurity event on record Cyber-crime13 Nov 2023 | 38
Introducing the tech that keeps the lights on Opinion Genuinely new ideas are rare in IT – this superhero is ready to make a real difference Security13 Nov 2023 | 21
Royal Mail cybersecurity still a bit of a mess, infosec bods claim Infosec in brief Also: Most Mainers are MOVEit victims, NY radiology firm fined for not updating kit, and some critical vulnerabilities Security13 Nov 2023 | 8
Australia declares 'nationally significant cyber incident' after port attack Asia in brief PLUS: Citrix quits China; Cambodia deports Japanese scammers; Chinese tech CEO disappears; and more Security13 Nov 2023 | 3
Impatient LockBit says it's leaked 50GB of stolen Boeing files after ransom fails to land Aerospace titan pores over data to see if dump is legit Cyber-crime10 Nov 2023 | 29
Poloniex crypto-exchange offers 5% cut to thieves if they return that $120M they nicked White hat bounty looks more like a beg bounty Cyber-crime10 Nov 2023 | 18
Strangely enough, no one wants to buy a ransomware group that has cops' attention Ransomed.vc shuts after 20% discount fails to entice bids Cyber-crime10 Nov 2023 | 5
China's top bank ICBC hit by ransomware, derailing global trades CitrixBleed patch has been available for around a month Security10 Nov 2023 | 7
Downfall fallout: Intel knew AVX chips were insecure and did nothing, lawsuit claims Billions of data-leaking processors sold despite warnings and patch just made them slower, punters complain Research09 Nov 2023 | 27
SolarWinds says SEC sucks: Watchdog 'lacks competence' to regulate cybersecurity IT software slinger publishes fierce response to lawsuit brought last month Cyber-crime09 Nov 2023 | 17
MOVEit cybercriminals unearth fresh zero-day to exploit on-prem SysAid hosts Second novel zero-day exploited by Lace Tempest this year offers notable demonstration of skill, especially for a ransomware affiliate Cyber-crime09 Nov 2023 |
Russia's Sandworm – not just missile strikes – to blame for Ukrainian power blackouts Online attack coincided with major military action, Mandiant says Security09 Nov 2023 | 38
What to do with a cloud intrusion toolkit in 2023? Slap a chat assistant on it, duh Don't worry, this half-baked Python script is for educational purposes onl-hahaha Cyber-crime09 Nov 2023 | 3
Microsoft, Meta detail plans to fight election disinformation in 2024 Strategies differ, though both have gaps that could hurt efficacy Security08 Nov 2023 | 10
Atlassian cranks up the threat meter to max for Confluence authorization flaw Attackers secure admin rights after vendor said they could only steal data Cyber-crime08 Nov 2023 | 10
Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach It's the latest in a string of unusual wallet-draining attacks that began in April Cyber-crime08 Nov 2023 | 14
Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections EFF warns incoming rules may return web 'to the dark ages of 2011' Security08 Nov 2023 | 121
Microsoft likens MFA to 1960s seatbelts, buckles admins in yet keeps eject button Admins have 90 days to opt out before MFA is deployed automatically Security07 Nov 2023 | 29
Fresh find shines new light on North Korea’s latest macOS malware Months of work reveals how this tricky malware family targets... the financial services sector Research07 Nov 2023 | 4
Woman jailed after RentaHitman.com assassin turned out to be – surprise – FBI 18 months in the slammer no laughing matter, but the rest... maybe Cyber-crime07 Nov 2023 | 112
US slaps sanctions on accused fave go-to money launderer of Russia's rich And that includes ransomware crims, claims US of alleged sanctions-buster Cyber-crime06 Nov 2023 | 9
Okta October breach affected 134 orgs, biz admits Infosec in brief Plus: CVSS 4.0 is here, this week's critical vulns, and 'incident' hit loan broker promises no late fees. Generous Security06 Nov 2023 | 6
'Corrupt' cop jailed for tipping off pal to EncroChat dragnet Taking selfie with 'official sensitive' doc wasn't smartest idea, either Cyber-crime04 Nov 2023 | 62
81K people's sensitive info feared stolen from Hilb after email inboxes ransacked Credit card numbers, security codes, SSNs, passwords, PINs? Yikes! Cyber-crime03 Nov 2023 | 3
Ex-GCHQ software dev jailed for stabbing NSA staffer Terrorist ideology suspected to be motivation Security03 Nov 2023 | 43
Microsoft pins hopes on AI once again – this time to patch up Swiss cheese security Secure Future Initiative needed in wake of tech evolution and unrelenting ransomware criminality Security03 Nov 2023 | 18
UK data watchdog fines three text spammers for flouting electronic marketing rules 'High-pressure' sales tactics targeted people registered with Telephone Preference Service Security03 Nov 2023 | 13
FTX crypto-villain Sam Bankman-Fried convicted on all charges Jury took just four hours to reach guilty verdicts Cyber-crime03 Nov 2023 | 112
Infosec pros can secure IT, but have harder time securing job satisfaction Industry facing burnout scare as workplace issues snowball Security02 Nov 2023 | 2
Critical Apache ActiveMQ flaw under attack by 'clumsy' ransomware crims Over a week later and barely any patches for the 10/10 vulnerability have been applied Cyber-crime02 Nov 2023 | 4
Okta tells 5,000 of its own staff that their data was accessed in third-party breach Updated The hits keep on coming for troubled ID management biz Cyber-crime02 Nov 2023 | 28
Boeing acknowledges cyberattack on parts and distribution biz Won't say if it's LockBit, but LockBit appears to have claimed credit. Maybe payment, too Cyber-crime02 Nov 2023 | 7
Dirty dancing grabs the attention of China's cyberspace regulators Alibaba service fined as Beijing calls for online platforms to name major creators and deploy kid-mode services Security02 Nov 2023 | 6
FBI boss: Taking away our Section 702 spying powers could be 'devastating' Of course, he would say that, wouldn't he? Security02 Nov 2023 | 48
Ransomware crooks SIM swap medical research biz exec, threaten to leak stolen data Advarra probes intrusion claims, says 'the matter is contained' Cyber-crime01 Nov 2023 | 6
Mozi botnet murder mystery: China or criminal operators behind the kill switch? Middle Kingdom or self-immolation - there are a couple of theories Security01 Nov 2023 | 3
Feds collar suspected sanctions-busting Russian smugglers of US tech Parts sent to Moscow allegedly found on Ukrainian battlefields Security01 Nov 2023 | 15
Critical vulnerability in F5 BIG-IP under active exploitation Full extent of attacks unknown but telecoms thought to be especially exposed Cyber-crime01 Nov 2023 |
Cybercrooks amp up attacks via macro-enabled XLL files Neither Excel nor PowerPoint safe as baddies continue to find ways around protections Research01 Nov 2023 | 6
Get your very own ransomware empire on the cheap, while stocks last RansomedVC owner takes to Telegram to flog criminal enterprise Cyber-crime01 Nov 2023 | 5
Indian politicians say Apple warned them of state-sponsored attacks Nobody knows which state, but government never quite shrugged off claims it uses spyware Security01 Nov 2023 |
US officials close to persuading allies to not pay off ransomware crooks 'We're still in the final throes of getting every last member to sign' Cyber-crime31 Oct 2023 | 21
'Mass exploitation' of Citrix Bleed underway as ransomware crews pile in At least two extortion gangs abusing CVE-2023-4966, we're told Cyber-crime31 Oct 2023 | 3
Now Russians accused of pwning JFK taxi system to sell top spots to cabbies Big Apple unlikely to get a bite out of them at this rate, though Cyber-crime31 Oct 2023 | 6
Ace holed: Hardware store empire felled by cyberattack US outfit scrambles to repair operations, restore processing of online orders Cyber-crime31 Oct 2023 | 6
Finance orgs have 30 days to confess cyber sins under incoming FTC rules Follows similar efforts from the SEC and DHS in recent months Cyber-crime31 Oct 2023 |