Cybersecurity

Belgian cops cuff 2 suspected cybercrooks in Redline, Meta infostealer sting

US also charges an alleged Redline dev, no mention of an arrest

Cyber-crime29 Oct 2024 | 1

Admins better Spring into action over latest critical open source vuln

Patch up: The Spring framework dominates the Java ecosystem

Security29 Oct 2024 | 1

Skyscraper-high sewage plume erupts in Moscow

Ukrainian hackers again, or just 50+ year old infrastructure showing its age? Either way, it's a mess

Offbeat28 Oct 2024 | 76

Delta officially launches lawyers at $500M CrowdStrike problem

Legal action comes months after alleging negligence by Falcon vendor

Cybersecurity Month28 Oct 2024 | 23

Dutch cops pwn the Redline and Meta infostealers, leak 'VIP' aliases

Legal proceedings underway with more details to follow

Cybersecurity Month28 Oct 2024 | 5

Senator accuses sloppy domain registrars of aiding Russian disinfo campaigns

in brief Also, Change Healthcare sets a record, cybercrime cop suspect indicted, a new Mallox decryptor, and more

Security27 Oct 2024 | 35

Here's a NIS2 compliance checklist since no one cares about deadlines anymore

Only two EU members have completed the transposition into domestic law

Cybersecurity Month24 Oct 2024 | 11

Samsung phone users under attack, Google warns

Don't ignore this nasty zero day exploit says TAG

Cyber-crime24 Oct 2024 | 10

Penn State pays DoJ $1.25M to settle cybersecurity compliance case

Fight On, State? Not this time

Security23 Oct 2024 | 3

Tech firms to pay millions in SEC penalties for misleading SolarWinds disclosures

Unisys, Avaya, Check Point, and Mimecast settled with the agency without admitting or denying wrongdoing

Software22 Oct 2024 | 7

Akira ransomware is encrypting victims again following pure extortion fling

Crooks revert to old ways for greater efficiency

Cybersecurity Month22 Oct 2024 | 2

Telcos find cloud migrations, security, are a pain in the IaaS

Carriers consume less than half the cloud they committed to use

PaaS + IaaS22 Oct 2024 | 17

Pixel perfect Ghostpulse malware loader hides inside PNG image files

Miscreants combine it with an equally tricky piece of social engineering

Cybersecurity Month22 Oct 2024 | 34

macOS HM Surf vuln might already be under exploit by major malware family

Like keeping your camera and microphone private? Patch up

Cybersecurity Month21 Oct 2024 | 14

Jetpack fixes 8-year-old flaw affecting millions of WordPress sites

In Brief - Updated Also, new EU cyber reporting rules are live, exploiters hit the gas pedal, free PDNS for UK schools, and more

Security18 Oct 2024 | 5

Spectre flaws continue to haunt Intel and AMD as researchers find fresh attack method

The indirect branch predictor barrier is less of a barrier than hoped

Cybersecurity Month18 Oct 2024 | 28

Alleged Bitcoin crook faces 5 years after SEC's X account pwned

SIM swappers strike again, warping cryptocurrency prices

Cybersecurity Month18 Oct 2024 | 14

ESET denies it was compromised as Israeli orgs targeted with 'ESET-branded' wipers

Says 'limited' incident isolated to 'partner company'

Cybersecurity Month18 Oct 2024 | 3

Healthcare Services Group discloses 'cybersecurity incident' in SEC filing

Laundry and dining provider still investigating cause and scope

Cybersecurity Month18 Oct 2024 | 5

Troubled US insurance giant hit by extortion after data leak

Globe Life claims blackmailers shared stolen into with short sellers

Security17 Oct 2024 |

WeChat devs introduced security flaws when they modded TLS, say researchers

No attacks possible, but enough issues to cause concern

Cybersecurity Month17 Oct 2024 | 15

US contractor pays $300K to settle accusation it didn't properly look after Medicare users' data

Resolves allegations it improperly stored screenshots containing PII that were later snaffled

Cybersecurity Month16 Oct 2024 | 7

Microsoft says more ransomware stopped before reaching encryption

Volume of attacks still surging though, according to Digital Defense Report

Cyber-crime15 Oct 2024 | 6

Microsoft says tougher punishments needed for state-sponsored cybercriminals

Although it also reaffirmed commitment to secure-by-design initiatives

Cloud Infrastructure Month15 Oct 2024 | 17

US healthcare org admits up to 400,000 people's personal info was snatched

It waited till just before Columbus Day weekend to make mandated filing, but don't worry, we saw it

Cybersecurity Month14 Oct 2024 | 3

Thousands of Fortinet instances vulnerable to actively exploited flaw

No excuses for not patching this nine-month-old issue

Cybersecurity Month14 Oct 2024 | 8

Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption

With an off-the-shelf D-Wave machine, but only against very short keys

Cybersecurity Month14 Oct 2024 | 23

US and UK govts warn: Russia scanning for your unpatched vulnerabilities

in brief Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more

Security12 Oct 2024 | 10

INC ransomware rebrands to Lynx – same code, new name, still up to no good

Researchers point to evidence that scumbags visited the strategy boutique

Cybersecurity Month11 Oct 2024 | 10

Ukraine cyber cops collar man who allegedly hooked citizens up to Russian internet

'Self-taught hacker' facing a possible 15 years in the slammer

Cybersecurity Month11 Oct 2024 | 10

Keir Starmer hands ex-Darktrace boss investment minister gig

What's harder? Convincing people to invest in a beleaguered security business or a tiny island everybody hates?

Public Sector11 Oct 2024 | 53

Healthcare attacks spread beyond US – just ask India's Star Health

Updated Acknowledges bulk customer data leak weeks after Telegram channels dangled it online

Cyber-crime11 Oct 2024 | 1

CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame

Usual three-week window to address significant risks to federal agencies applies

Cybersecurity Month10 Oct 2024 |

Mozilla patches critical Firefox vuln that attackers are already exploiting

Firefixed: It's maintenance time for low-complexity, high-impact security flaw

Cybersecurity Month10 Oct 2024 | 26

OpenAI says Chinese gang tried to phish its staff

Claims its models aren't making threat actors more sophisticated - but is helping debug their code

Cybersecurity Month10 Oct 2024 | 4

China reportedly tells local AI buyers to ignore Nvidia

In Brief Plus: Google, Oracle, spend $9.5 billion on Asia datacenters; Philippines to tax clouds; Vietnam infosec praised; and more

AI + ML08 Oct 2024 | 3

American Water rinsed in cyber attack, turns off app

Updated It's still safe to drink, top provider tells us

Cybersecurity Month07 Oct 2024 | 12

'Critical' CUPS vulnerability chain easy to use for massive DDoS attacks

Infosec In Brief Also, rooting for Russian cybercriminals, a new DDoS record, sneaky Linux server malware and more

Cybersecurity Month07 Oct 2024 | 5

About a quarter million Comcast subscribers had their data stolen from debt collector

Cable giant says ransomware involved, FBCS keeps schtum

Cybersecurity Month04 Oct 2024 | 6

Apple fixes bug that let VoiceOver shout your passwords

Not a great look when the iGiant just launched its first password manager

Cybersecurity Month04 Oct 2024 | 6

Sensitive data on 61K+ patients accessed in Alabama hospital cyberattack

Intruder pored over medical records, insurance details, Social Security numbers in some cases

Cybersecurity Month03 Oct 2024 |

'Patch yesterday': Zimbra mail servers under siege through RCE vuln

Attacks began the day after public disclosure

Cybersecurity Month02 Oct 2024 | 5

Euro cops arrest 4 including suspected LockBit dev chilling on holiday

And what looks like proof stolen data was never deleted even after ransom paid

Cybersecurity Month01 Oct 2024 | 15

Evil Corp's deep ties with Russia and NATO member attacks exposed

Ransomware criminals believed to have taken orders from intel services

Cyber-crime01 Oct 2024 | 9

NCA unmasks man it suspects is both 'Evil Corp kingpin' and LockBit affiliate

Aleksandr Ryzhenkov alleged to have extorted around $100M from victims, built 60 LockBit attacks

Cybersecurity Month01 Oct 2024 |

If you're holding important data, Iran is probably trying spearphish it

It's election year for more than 50 countries and the Islamic Republic threatens a bunch of them

Cyber-crime30 Sep 2024 | 6

Cloud threats have execs the most freaked out because they're not prepared

Ransomware? More like 'we don't care' for everyone but CISOs

Research30 Sep 2024 | 3

Forget the Kia Boyz: Crooks could hijack your car with just a smartphone

Infosec In Brief Plus: UK man charged with compromising firms for stock secrets; ransomware actor foils self; and more

Security30 Sep 2024 | 17

Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud

Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda

Research27 Sep 2024 | 6

Victims lose $70K to one single wallet-draining app on Google's Play Store

Attackers got 10K people to download 'trusted' web3 brand cheat before Mountain View intervened

Cyber-crime26 Sep 2024 | 22

Public Wi-Fi operator investigating cyberattack at UK's busiest train stations

Updated See it, say it… not sorted just yet as network access remains offline

Cyber-crime26 Sep 2024 | 62

RansomHub genius tries to put the squeeze on Delaware Libraries

Extorting underfunded public services for $1M isn't a good look

Cyber-crime25 Sep 2024 | 5

Northern Ireland cops whose info was leaked in 2023 may get £240M+ damages

Officers put in danger when republican dissidents grabbed hold of their names and details

Legal25 Sep 2024 | 2

China claims Taiwan, not civilians, behind web vandalism

Taipei laughs it off – and so does Beijing, which says political slurs hit sites nobody reads anyway

Cyber-crime25 Sep 2024 | 2

Russia's digital warfare on Ukraine shows no signs of slowing: Malware hits surge

Severe incidents may be down, but Putin had to throw one in for good measure

Cyber-crime24 Sep 2024 | 9

How to spot a North Korean agent before they get comfy inside payroll

Mandiant publishes cheat sheet for weeding out fraudulent IT staff

Cyber-crime24 Sep 2024 | 19