Ivanti discloses fifth vulnerability, doesn't credit researchers who found it Software company's claim of there being no active exploits also being questioned Security09 Feb 2024 | 5
Fortinet's week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim An orchestra of fails for the security vendor Cyber-crime09 Feb 2024 | 6
India to make its digital currency programmable Reserve Bank also wants a national 2FA framework Cyber-crime09 Feb 2024 | 26
Crime gang targeted jobseekers across Asia, looted two million email addresses That listing for a gig that looked too good to be true may have been carrying SQL injection code Cyber-crime09 Feb 2024 | 1
Uncle Sam sweetens the pot with $15M bounty on Hive ransomware gang members Honor among thieves about to be put to the test Cyber-crime09 Feb 2024 | 3
FBI: Give us warrantless Section 702 snooping powers – or China wins Analysis Never mind the court orders obtained to thwart Volt Typhoon botnet Security09 Feb 2024 | 22
Fake LastPass lookalike made it into Apple App Store No walled garden can keep out every weed, we suppose Cyber-crime08 Feb 2024 | 10
Raspberry Robin devs are buying exploits for faster attacks One of most important malware loaders to cybercrims who are jumping on vulnerabilities faster than ever Research08 Feb 2024 | 2
Cybercrime duo accused of picking $2.5M from Apple's orchard Security researcher buddies allegedly tag team a four-month virtual gift card heist at Cupertino tech giant Cyber-crime08 Feb 2024 | 2
Rust can help make software secure – but it's no cure-all Security is a process, not a product. Nor a language Security08 Feb 2024 | 36
IT suppliers hacked off with Uncle Sam's demands in aftermath of cyberattacks Plan says to hand over keys to networks – and report intrusions within eight hours of discovery Public Sector08 Feb 2024 | 36
Volt Typhoon not the only Chinese crew lurking in US energy, critical networks Presumably American TLAs are all over Beijing's infrastructure, too ... right? Public Sector07 Feb 2024 | 4
Half of polled infosec pros say their degree was less than useful for real-world work The other half paid attention in class? CSO07 Feb 2024 | 18
US says China's Volt Typhoon is readying destructive cyberattacks 12 international govt agencies sound the alarm, critical infrastructure at the heart of threats Security07 Feb 2024 | 10
Iran's cyber operations in Israel a potential prelude to US election interference Tactics are more sophisticated and supported in greater numbers Security07 Feb 2024 | 25
Raspberry Pi Pico cracks BitLocker in under a minute Windows encryption feature defeated by $10 and a YouTube tutorial Research07 Feb 2024 | 142
JetBrains urges swift patching of latest critical TeamCity flaw Cloud version is safe, but no assurances offered about possible on-prem exploits Patches07 Feb 2024 |
The spyware business is booming despite government crackdowns Updated 'Almost zero data being shared across the industry on this particular threat,' we're told Security07 Feb 2024 | 35
DEF CON is canceled! No, really this time – but the show will go on Longtime host Caesars ends relationship at short notice Security07 Feb 2024 | 39
Mozilla adds paid-for data-deletion tier to Monitor, its privacy-breach radar Firefox maker promises to lean on personal info brokers to scrub records Personal Tech06 Feb 2024 | 15
Verizon says 63K employees' info fell into the wrong hands – an insider this time Telco says it's a private matter, data 'not shared externally' Security06 Feb 2024 |
Chinese Coathanger malware hung out to dry by Dutch defense department Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions CSO06 Feb 2024 | 13
EquiLend back in the saddle as ransom payment rumors swirl Still no word on how the intruders broke in or the full extent of any possible data compromise Cyber-crime06 Feb 2024 |
Double trouble for Fortinet as it issues critical FortiSIEM vulns Updated Please stand by 73 hours for vendor response...* Patches06 Feb 2024 | 3
New kids on the ransomware block in 2023: Akira and 8Base lead dozens of newbies How good are your takedowns when fresh gangs are linked to previous ops, though? Research06 Feb 2024 | 1
Google throws $1M at Rust Foundation to build C++ bridges Chocolate Factory matches Microsoft money for memory safety Devops05 Feb 2024 | 14
Ivanti devices hit by wave of exploits for latest security hole At this point you might be better off just shutting the stuff down Security05 Feb 2024 | 5
Ignore Uncle Sam's 'voluntary' cybersecurity goals for hospitals at your peril Interview What is on HHS paper will most likely become law, Google security boss says Cyber-crime05 Feb 2024 | 12
AnyDesk revokes signing certs, portal passwords after crooks sneak into systems Horse, meet stable door Cyber-crime05 Feb 2024 | 6
Lurie Children's Hospital back to pen and paper after cyberattack It's the second Chicago hospital to disclose a major incident in the same week Cyber-crime05 Feb 2024 | 9
SBF likely off the hook for misplaced FTX funds after cops bust SIM swap ring Infosec In Brief PLUS: more glibc vulns discovered; DraftKings hacker sentenced; and a hefty dose of critical vulnerabilities Security05 Feb 2024 | 4
Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs The closest thing we may ever get to a real-life Die Hard 2 scenario Research03 Feb 2024 | 17
Blackbaud settles with FTC after that IT breach exposed millions of people's info Cloud software slinger admits no guilt, promises better basic security hygiene Cyber-crime02 Feb 2024 | 6
Critical vulnerability in Mastodon is pounced upon by fast-acting admins Danger of remote account takeovers leaves lead devs scared of releasing many details Security02 Feb 2024 | 20
Interpol's latest cybercrime intervention dismantles ransomware, banking malware servers Efforts part of internationally coordinated operations carried out in recent months Cyber-crime02 Feb 2024 | 2
Wikileaks source and former CIA worker Joshua Schulte sentenced to 40 years jail 'Vault 7' leak detailed cyber-ops including forged digital certs Cyber-crime02 Feb 2024 | 56
Managing the hidden risks of shadow APIs How F5 Distributed Cloud Services seal security gaps in modern app development amid growing attack surface Partner Content
Cloudflare sheds more light on Thanksgiving security breach in which tokens, source code accessed by suspected spies Atlassian systen compromised via October Okta intrusion CSO02 Feb 2024 | 14
Rise of deepfake threats means biometric security measures won't be enough Defenses need a rethink in face of increasing sophistication CSO01 Feb 2024 | 18
Biden will veto attempts to kill off SEC's security breach reporting rules Senate, House can try but won't make it past the Prez, says White House Security01 Feb 2024 | 18
LockBit shows no remorse for ransomware attack on children's hospital It even had the gall to set the ransom demand at $800K … for a nonprofit Cyber-crime01 Feb 2024 | 42
Congress told how Chinese goons plan to incite 'societal chaos' in the US American public is way ahead of them Security01 Feb 2024 | 83
FBI confirms it issued remote kill command to blow out Volt Typhoon's botnet Disinfects Cisco and Netgear routers to thwart Chinese critters Security31 Jan 2024 | 43
Ransomware payment rates drop to new low – now 'only 29% of victims' fork over cash It's almost like years of false assurances have made people realize payments are pointless Security31 Jan 2024 | 23
Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks Evidence mounts of an exploit gatekept within Russia's borders Research31 Jan 2024 |
We know nations are going after critical systems, but what happens when crims join in? This isn't going to end well Security31 Jan 2024 | 4
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns Many versions still without fixes while sophisticated attackers bypass mitigations Patches31 Jan 2024 | 8
US shorts China's Volt Typhoon crew targeting America's criticals Invaders inveigle infrastructure Security30 Jan 2024 | 7
Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after patch released Multiple publicly available exploits have since been published for the critical flaw Security30 Jan 2024 | 2
Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process Vendor gets tangled in its own web of undisclosed vulnerabilities Patches30 Jan 2024 |
UK biometrics boss bows out, bemoaning bureaucratic blunders Questionable institutional change and myriad IT issues pervade the governance landscape Security30 Jan 2024 | 9
SolarWinds slams SEC lawsuit against it as 'unprecedented' victim blaming 18,000 customers, including the Pentagon and Microsoft, may have other thoughts CSO29 Jan 2024 | 16
Tesla hacks make big bank at Pwn2Own's first automotive-focused event Infosec in brief ALSO: SEC admits to X account negligence; New macOS malware family appears; and some critical vulns Security29 Jan 2024 | 9
750 million Indian mobile subscribers' info for sale on dark web Asia In Brief ALSO: Samsung turns to Baidu for Galaxy AI in China; Terraform Labs files for bankruptcy; India's supercomputing ambitions Cyber-crime28 Jan 2024 | 3
Microsoft sheds some light on Russian email heist – and how to learn from Redmond's mistakes Step one, actually turn on MFA CSO27 Jan 2024 | 17
Wait, security courses aren't a requirement to graduate with a computer science degree? Comment And software makers seem to be OK with this, apparently CSO26 Jan 2024 | 64
Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months Breach filings show Reddit post led to the discovery rather than any sophisticated cyber defenses Cyber-crime26 Jan 2024 | 36
Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist Updated Cosmetics brand goes from Jackson Pollocking your bathwater to cleaning up serious a digital mess Cyber-crime26 Jan 2024 | 35
Trickbot malware scumbag gets five years for infecting hospitals, businesses Most of the crew still at large Cyber-crime25 Jan 2024 | 8
EquiLend drags systems offline after admitting attacker broke in Securities lender processes trillions of dollars worth of Wall Street transactions every day Cyber-crime25 Jan 2024 | 1