UK water giant admits attackers broke into system as gang holds it to ransom Comes mere months after Western intelligence agencies warned of attacks on water providers Cyber-crime23 Jan 2024 | 35
Australia imposes cyber sanctions on Russian it says ransomwared health insurer 'Aleksandr Ermakov' isn't allowed down under after being linked to ten-million-record leak Cyber-crime23 Jan 2024 | 9
Atlassian Confluence Server RCE attacks underway from 600+ IPs If you're still running a vulnerable instance then 'assume a breach' Security22 Jan 2024 | 5
Slug slimes aerospace biz AerCap with ransomware, brags about 1TB theft Loanbase admits massive loss of customer data to thieves, too Security22 Jan 2024 | 1
EFF adds Street Surveillance Hub so Americans can check who's checking on them 'The federal government has almost entirely abdicated its responsibility' Security22 Jan 2024 | 2
Ivanti and Juniper Networks accused of bending the rules with CVE assignments Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE Patches22 Jan 2024 | 7
Subway's data torpedoed by LockBit, ransomware gang claims Fast food chain could face a footlong recovery process if allegations are true Cyber-crime22 Jan 2024 | 8
ICO fines spam slinging financial services biz It's all very well offering 'Free Debt Help,' but recipients were unwilling, says watchdog... Security22 Jan 2024 | 7
BreachForums admin 'Pompourin' sentenced to 20 years of supervised release Infosec in brief Also: Another UEFI flaw found; Kaspersky discovers iOS log files actually work; and a few critical vulnerabilities Security22 Jan 2024 | 16
Russians invade Microsoft exec mail while China jabs at VMware vCenter Server Plus: Uncle Sam says Ivanti exploits 'consistent with PRC' snoops Cyber-crime20 Jan 2024 | 9
Five ripped off IT giant with $7M+ in bogus work expenses, prosecutors claim Account manager and pals blew it on hotels, cruise, fancy meals and more allegedly Cyber-crime19 Jan 2024 | 37
Thieves steal 35.5M customers’ data from Vans sneakers maker But what kind of info was actually compromised? None of your business Cyber-crime19 Jan 2024 | 8
IT consultant fined for daring to expose shoddy security Spotting a plaintext password and using it in research without authorization deemed a crime Research19 Jan 2024 | 94
US agencies warn made-in-China drones might help Beijing snoop on the world It’s a bird, it’s a plane… it’s a flying menace out to endanger national security Security19 Jan 2024 | 17
JPMorgan exec claims bank repels '45 billion' cyberattack attempts per day Updated Assets boss also reckons she has more engineers than Amazon CSO18 Jan 2024 | 20
Future of America's Cyber Safety Review Board hangs in balance amid calls for rethink Politics-busting, uber-transparent incident reviews require independence, less internal conflict Security18 Jan 2024 |
Ransomware attacks hospitalizing security pros, as one admits suicidal feelings Untold harms of holding the corporate perimeter revealed in extensive series of interviews Cyber-crime18 Jan 2024 | 23
Two more Citrix NetScaler bugs exploited in the wild Just when you thought you had recovered from Bleed Cyber-crime18 Jan 2024 | 2
Google TAG: Kremlin cyber spies move into malware with a custom backdoor The threat hunters believe COLDRIVER has used SPICA since at least November 2022 Research18 Jan 2024 | 5
Vast botnet hijacks smart TVs for prime-time cybercrime Updated 8-year-old op responsible for DDoS attacks and commandeering broadcasts to push war material Research18 Jan 2024 | 7
Insurance website's buggy API leaked Office 365 password and a giant email trove Pen-tester accessed more than 650,000 sensitive messages, and still can, at Indian outfit using Toyota SaaS Security18 Jan 2024 | 3
Apple, AMD, Qualcomm GPU security hole lets miscreants snoop on AI training and chats So much for isolation Research17 Jan 2024 | 1
What's worse than paying an extortion bot that auto-pwned your database? Paying one that lied to you and only saved the first 20 rows of each table Research17 Jan 2024 | 17
Windows Server 2022 patch is breaking apps for some users Uninstall the update or edit the Windows registry to restore order Patches17 Jan 2024 | 42
Home improvement marketers dial up trouble from regulator ICO slaps penalties on two businesses that collectively made more than 3 million cold calls Security17 Jan 2024 | 22
Combination of cheap .cloud domains and fake Shark Tank news fuel unhealthy wellness scams .SBS gTLD once owned by Australian broadcaster is another source of strife Security17 Jan 2024 | 5
Nokia walks the walk about its RAN to play on Uncle Sam’s China fears Comment It pays not to be Huawei, and the US military can be lucrative, too Security17 Jan 2024 | 8
FBI: Beware of thieves building Androxgh0st botnets using stolen creds Infecting networks via years-old CVEs that should have been patched by now CSO17 Jan 2024 |
Patch now: Critical VMware, Atlassian flaws found You didn't have anything else to do this Tuesday, right? Patches16 Jan 2024 | 8
More than 178,000 SonicWall firewalls are exposed to old denial of service bugs Updated Majority of public-facing devices still unpatched against critical vulns from as far back as 2022 Research16 Jan 2024 | 8
Ivanti zero-day exploits explode as bevy of attackers get in on the act Customers still patchless and mitigation only goes so far Cyber-crime16 Jan 2024 | 6
China’s gambling crackdown spawned wave of illegal online casinos and crypto-crime in Asia ‘Inaccessible and autonomous armed group territories’ host crooks who use tech to launder cash, run slave scam gangs, and more Cyber-crime16 Jan 2024 | 5
Thousands of Juniper Networks devices vulnerable to critical RCE bug Yet more support for the argument to adopt memory-safe languages Patches15 Jan 2024 | 13
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers The bug with a perfect 10 severity score has been ripe for exploitation since May Patches15 Jan 2024 | 21
FTC secures first databroker settlement banning sale of sensitive location data Infosec in brief Also, iOS spyware abused Apple's own ECC, breach victim says it can't figure out what hackers took, and some critical vulns Security15 Jan 2024 | 3
China loathes AirDrop so much it's publicized an old flaw in Apple's P2P protocol Infosec academic suggests Beijing's warning that iThing owners aren't anonymous deserves attention outside the great firewall too Security15 Jan 2024 | 13
Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in Snoops had no fewer than five custom bits of malware to hand to backdoor networks CSO13 Jan 2024 | 4
Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc Patches12 Jan 2024 | 20
Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew It’s taken months for crims to hack together a working exploit chain Cyber-crime12 Jan 2024 | 8
Secret multimillion-dollar cryptojacker snared by Ukrainian police Criminal scored $2M in crypto proceeds but ends up in ‘cuffs following property raid Cyber-crime12 Jan 2024 | 8
So, are we going to talk about how GitHub is an absolute boon for malware, or nah? Microsoft says it's doing its best to crack down on crims Research12 Jan 2024 | 23
Data regulator fines HelloFresh £140K for sending 80M+ spams Messaging menace used text and email to bombard people Security12 Jan 2024 | 29
While we fire the boss, can you lock him out of the network? On Call And he would have got away with it, too, if it weren’t for this one tiny backdoor Security12 Jan 2024 | 152
Drivers: We'll take that plain dumb car over a flashy data-spilling internet one, thanks CES Now that's a smart move Research12 Jan 2024 | 193
eBay to cough up $3M after cyber-stalking couple who dared criticize the souk Staff sent live cockroaches, porno – and more – in harassment campaign to silence pair Cyber-crime11 Jan 2024 | 24
Mandiant's brute-forced X account exposes perils of skimping on 2FA Speculation builds over whether a nearly year-old policy change was to blame Cyber-crime11 Jan 2024 | 25
Infoseccers think attackers backed by China are behind Ivanti zero-day exploits Customers currently left patchless while attacks are expected to increase Cyber-crime11 Jan 2024 | 6
Fidelity National now says 1.3M customers had data stolen by cyber-crooks It's still not calling it ransomware Cyber-crime10 Jan 2024 | 1
Uncle Sam tells hospitals: Meet security standards or no federal dollars for you Expect new rules in upcoming weeks Security10 Jan 2024 | 7
Be honest. Would you pay off a ransomware crew? Kettle Today us vultures are debating bans on ransom payments, deplorable tactics by extortionists, and more Cyber-crime10 Jan 2024 | 37
Cybercrooks play dress-up as 'helpful' researchers in latest ransomware ruse Posing as cyber samaritans, scumbags are kicking folks when they're down Cyber-crime10 Jan 2024 | 2
ShinyHunters chief phisherman gets 3 years, must cough up $5M Sebastien Raoult developed various credential-harvesting websites over more than 2 years Cyber-crime10 Jan 2024 | 5
New year, new updates for security holes in Windows, Adobe, Android and more Patch Tuesday Nothing under exploit… The calm before the storm? Patches09 Jan 2024 | 14
SEC Twitter hijacked to push fake news of hotly anticipated Bitcoin ETF approval Updated Buy the hype, sell the, wait, what do we do now?! Cyber-crime09 Jan 2024 | 11
US Navy sailor swaps sea for cell after accepting bribes from Chinese snoops Petty officer Wenheng Zhao admitted to taking as many as 14 payoffs in return for non-public military information Security09 Jan 2024 | 32
And that's a wrap for Babuk Tortilla ransomware as free decryptor released Experts' job made 'straightforward' by crooks failing to update encryption schema after three years Research09 Jan 2024 | 3
Apache OFBiz zero-day pummeled by exploit attempts after disclosure Issue has been patched so be sure to check your implementations Cyber-crime08 Jan 2024 |
British Library: Finances remain healthy as ransomware recovery continues Authors continue to lose out on owed payments as rebuild of digital services drags on Cyber-crime08 Jan 2024 | 16
Facebook, Instagram now mine web links you visit to fuel targeted ads Infosec in brief Also: Twitter hijackings, BEC arrest, and critical vulnerabilities Patches08 Jan 2024 | 20
Ransomware payment ban: Wrong idea at the wrong time Opinion Won't stop the chaos, may lead to attacks with more dire consequences CSO06 Jan 2024 | 130