Fidelity National now says 1.3M customers had data stolen by cyber-crooks It's still not calling it ransomware Cyber-crime10 Jan 2024 | 1
Uncle Sam tells hospitals: Meet security standards or no federal dollars for you Expect new rules in upcoming weeks Security10 Jan 2024 | 7
Be honest. Would you pay off a ransomware crew? Kettle Today us vultures are debating bans on ransom payments, deplorable tactics by extortionists, and more Cyber-crime10 Jan 2024 | 37
Cybercrooks play dress-up as 'helpful' researchers in latest ransomware ruse Posing as cyber samaritans, scumbags are kicking folks when they're down Cyber-crime10 Jan 2024 | 2
ShinyHunters chief phisherman gets 3 years, must cough up $5M Sebastien Raoult developed various credential-harvesting websites over more than 2 years Cyber-crime10 Jan 2024 | 5
New year, new updates for security holes in Windows, Adobe, Android and more Patch Tuesday Nothing under exploit… The calm before the storm? Patches09 Jan 2024 | 14
SEC Twitter hijacked to push fake news of hotly anticipated Bitcoin ETF approval Updated Buy the hype, sell the, wait, what do we do now?! Cyber-crime09 Jan 2024 | 11
US Navy sailor swaps sea for cell after accepting bribes from Chinese snoops Petty officer Wenheng Zhao admitted to taking as many as 14 payoffs in return for non-public military information Security09 Jan 2024 | 32
And that's a wrap for Babuk Tortilla ransomware as free decryptor released Experts' job made 'straightforward' by crooks failing to update encryption schema after three years Research09 Jan 2024 | 3
Apache OFBiz zero-day pummeled by exploit attempts after disclosure Issue has been patched so be sure to check your implementations Cyber-crime08 Jan 2024 |
British Library: Finances remain healthy as ransomware recovery continues Authors continue to lose out on owed payments as rebuild of digital services drags on Cyber-crime08 Jan 2024 | 16
Facebook, Instagram now mine web links you visit to fuel targeted ads Infosec in brief Also: Twitter hijackings, BEC arrest, and critical vulnerabilities Patches08 Jan 2024 | 20
Ransomware payment ban: Wrong idea at the wrong time Opinion Won't stop the chaos, may lead to attacks with more dire consequences CSO06 Jan 2024 | 130
After injecting cancer hospital with ransomware, crims threaten to swat patients Remember the good old days when ransomware crooks vowed not to infect medical centers? CSO05 Jan 2024 | 70
BreachForums boss busted for bond blunders – including using a VPN Fitzpatrick faces potentially decades in prison later this month, so may as well get some foreign Netflix in beforehand Cyber-crime05 Jan 2024 | 2
Sandworm's Kyivstar attack should serve as a reminder of the Kremlin crew's 'global reach' 'Almost everything' wiped in the telecom attack, says Ukraine's top cyber spy CSO05 Jan 2024 | 13
X-ploited: Mandiant restores hijacked Twitter account after attempted crypto heist Miscreants mock Google-owned security house: 'Change password please' Security04 Jan 2024 | 9
Infosec experts divided over 23andMe's 'victim-blaming' stance on data breach Users apparently at fault after reusing credentials the company didn't check were already compromised Cyber-crime04 Jan 2024 | 29
Infostealer malware, weak password leaves Orange Spain RIPE for plucking Updated No 2FA or special characters to prevent database takeover and BGP hijack Cyber-crime04 Jan 2024 | 6
As lawmakers mull outlawing poor security, what can they really do to tackle online gangs? Comment Headline-grabbing takedowns are nice, but long-term solutions require short-term sacrifices Cyber-crime04 Jan 2024 | 19
Three Chinese balloons float near Taiwanese airbase Also: Remember that balloon over the US last February? It might have used a US internet provider CSO04 Jan 2024 | 15
Microsoft kills off Windows app installation from the web, again Unpleasant Christmas package lets malware down the chimney Security04 Jan 2024 | 23
Freight giant Estes refuses to deliver ransom, says personal data opened and stolen Pay up, or just decline to submit Cyber-crime03 Jan 2024 | 5
Atos confirms talks with Airbus over cybersecurity wing sale IT service company's latest move to clear its maturing debts Security03 Jan 2024 | 2
Copy that? Xerox confirms 'security incident' at subsidiary Company’s removal from ransomware gang’s leak blog could mean negotiations underway Cyber-crime03 Jan 2024 |
Formal ban on ransomware payments? Asking orgs nicely to not cough up ain't working With the average demand hitting $1.5 million, something's gotta change Security03 Jan 2024 | 72
Google password resets not enough to stop these info-stealing malware strains Updated Now every miscreant is jumping on Big G's OAuth account security hole Research02 Jan 2024 | 12
Court hearings become ransomware concern after justice system breach From legal proceedings to potential YouTube fodder Cyber-crime02 Jan 2024 | 6
Crypto-crook Sam Bankman-Fried spared a second trial Eighth charge related to campaign contributions would just take too dang long Security02 Jan 2024 | 54
CEO arranged his own cybersecurity, with predictable results On Call Cleaning up after hackers is easy compared to surviving the politics of consultancy Security29 Dec 2023 | 128
A tale of 2 casino ransomware attacks: One paid out, one did not Feature What can be learned from MGM's and Caesars' infosec moves CSO28 Dec 2023 | 64
Kaspersky reveals previously unknown hardware 'feature' exploited in iPhone attacks 'This is no ordinary vulnerability' sec pros explain Security28 Dec 2023 | 43
Iranian cyberspies target US defense orgs with a brand new backdoor Infosec in brief Also: International cops crackdown on credit card stealers and patch these critical vulns Cyber-crime23 Dec 2023 | 9
Cyber sleuths reveal how they infiltrate the biggest ransomware gangs Feature How do you break into the bad guys' ranks? Master the lingo and research, research, research Cyber-crime22 Dec 2023 | 14
Lapsus$ teen sentenced to indefinite detention in hospital for Nvidia, GTA cyberattacks Arion Kurtaj will remain hospitalized until a mental health tribunal says he can leave Cyber-crime21 Dec 2023 | 53
Four in five Apache Struts 2 downloads are for versions featuring critical flaw Seriously, people - please check the stuff you fetch more carefully Patches21 Dec 2023 | 10
Mozilla decides Trusted Types is a worthy security feature DOM-XSS attacks have become scarce on Google websites since TT debuted Security21 Dec 2023 | 15
Something nasty injected login-stealing JavaScript into 50K online banking sessions Why keeping your PC secure and free of malware remains paramount Cyber-crime20 Dec 2023 | 26
Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials Research highlights how major attacks like those exploiting Booking.com are executed Cyber-crime20 Dec 2023 | 20
Manchester's finest drowning in paperwork as Freedom of Information requests pile up Updated Enforcement notice issued months after data regulator schooled police force Security20 Dec 2023 | 30
SSH shaken, not stirred by Terrapin vulnerability No need to panic, but grab those updates or mitigations anyway just to be safe Patches20 Dec 2023 | 14
Philippines, South Korea, Interpol cuff 3,500 suspected cyber scammers, seize $300M Alleged crims used AI to pose as friends, family, romantic partners – and sold dodgy NFTs Cyber-crime20 Dec 2023 | 5
Millions of Xfinity customers' info, hashed passwords feared stolen in cyberattack 35M-plus Comcast user IDs accessed by intruder via Citrix Bleed Cyber-crime19 Dec 2023 | 29
Before you go away for Xmas: You've patched that critical Perforce Server hole, right? Microsoft bug hunters highlight weaknesses in source-wrangling suite Patches19 Dec 2023 | 9
FBI develops decryptor for BlackCat ransomware, seizes gang's website Updated Crims laugh it off and resume their activity Cyber-crime19 Dec 2023 | 5
Qakbot's backbot: FBI-led takedown keeps crims at bay for just 3 months Experts say malware strain make take years to die off completely Cyber-crime19 Dec 2023 | 2
Hacktivists boast: We shut down Iran's gas pumps today Predatory Sparrow previously knocked out railways and a steel plant Security18 Dec 2023 | 9
Mr Cooper cyberattack laid bare: 14.7M people's info stolen, costs hit $25M Mortgage lender says no evidence of identity theft (yet) after SSNs, DoBs, addresses, more swiped Cyber-crime18 Dec 2023 | 14
Cyber-crooks slip into Vans, trample over operations IT systems encrypted, personal data pilfered from North Face parent, we're told Cyber-crime18 Dec 2023 | 6
National Grid latest UK org to zap Chinese kit from critical infrastructure Move reportedly made after consulting with National Cyber Security Centre Security18 Dec 2023 | 39
MongoDB warns breach of internal systems exposed customer contact info Infosec in brief PLUS: Cancer patients get ransom notes for Christmas, Delta Dental is the latest MOVEit victim, and critical vulns Security18 Dec 2023 | 2
Pro-China campaign targeted YouTube with AI avatars Asia In Brief PLUS: Beijing wants ten-minute reporting of infosec incidents; Infosys CFO bails; TikTok's Indonesia comeback approved, for now Security18 Dec 2023 | 9
Hundreds of thousands of dollars in crypto stolen after Ledger code poisoned Former worker phished then NPM repo hijacked Cyber-crime16 Dec 2023 | 56
Kraft Heinz suggests we simmer down about Snatch ransomware attack claims Ah, beans Cyber-crime15 Dec 2023 | 17
NKabuse backdoor harnesses blockchain brawn to hit several architectures Novel malware adapts delivers DDoS attacks and provides RAT functionality Research15 Dec 2023 | 3
To BCC or not to BCC – that is the question data watchdog wants answered The dos and don'ts of bulk emailing Security15 Dec 2023 | 61
Microsoft seizes websites used to sell phony email accounts to Scattered Spider and other crims That should solve the global cybercrime problem, right? Cyber-crime14 Dec 2023 | 8
Russia joins North Korea in sending state-sponsored cyber troops to pick on TeamCity users Updated National security and infosec authorities band together to help victims sniff out stealthy Russian baddies hiding in networks Cyber-crime14 Dec 2023 | 1
Money-grubbing crooks abuse OAuth – and baffling absence of MFA – to do financial crimes Business email compromise, illicit cryptomining, phishing ... if it makes a dollar, this lot do it Cyber-crime14 Dec 2023 | 6
Surprise! Email from personal. information.reveal@gmail.com is not going to contain good news Internet plod highlight tactics used by cruel Karakurt crime gang Cyber-crime14 Dec 2023 | 33