Uncle Sam charges Russian GRU cyber-spies behind 'WhisperGate intrusions'
Feds post $10M bounty for each of the six's whereabouts
Cyber-crime05 Sep 2024 | 4
Security
Cisco's Smart Licensing Utility flaws suggest it's pretty dumb on security
Two critical holes including hardcoded admin credential
Security05 Sep 2024 | 4
Security boom is over, with over a third of CISOs reporting flat or falling budgets
Good news? Security is still getting a growing part of IT budget
CSO05 Sep 2024 | 1
Security biz Verkada to pay $3M penalty under deal that also enforces infosec upgrade
Allowed access to 150K cameras, some in sensitive spots, but has been done for spamming
Security05 Sep 2024 | 3
White House seizes 32 domains, issues criminal charges in massive election-meddling crackdown
Russia has seemingly decided who it wants Putin the Oval Office
Security05 Sep 2024 | 60
North Korean scammers plan wave of stealth attacks on crypto companies, FBI warns
Feds warn of 'highly tailored, difficult-to-detect social engineering campaigns'
Cyber-crime05 Sep 2024 | 6
NARROWER TOPICS
Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data
93GB of info feared pilfered in Montana by heartless crooks
Cyber-crime04 Sep 2024 | 15
Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade
Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials
Research04 Sep 2024 |
White House thinks it's time to fix the insecure glue of the internet: Yup, BGP
Better late than never
Networks03 Sep 2024 | 26
Spamouflage trolls pretend to be American patriots on X, TikTok ahead of US presidential election
No, Abbey is not really a "pure patriotic girl"
Cyber-crime03 Sep 2024 | 36
Transport for London confirms cyberattack, assures us all is well
Government body claims there is no evidence of customer data being compromised
Cyber-crime03 Sep 2024 | 30
House to grill CrowdStrike exec on epic IT meltdown... no, not the CEO
VP Adam Meyers to testify about that faulty software update which ruined July and some of August
Software02 Sep 2024 | 21
Rust for Linux maintainer steps down in frustration with 'nontechnical nonsense'
Community seems to C Rust more as a burden than a benefit
Software02 Sep 2024 | 176
Novel attack on Windows spotted in phishing campaign run from and targeting China
Resources hosted at Tencent Cloud involved in Cobalt Strike campaign
Research02 Sep 2024 | 3
GPT apps fail to disclose data collection, study finds
Researchers say that implementing Actions omit privacy details and expose info
AI + ML31 Aug 2024 | 3
Green Berets storm building after compromising its Wi-Fi
Relax, it's just a drill. This time at least
Security30 Aug 2024 | 23
Iran hunts down double agents with fake recruiting sites, Mandiant reckons
Farsi-language posts target possibly-pro-Israel individuals
Security30 Aug 2024 | 2
US indicts duo over alleged Swatting spree that targeted elected officials
Apparently made over 100 fake crime reports and bomb threats
Cyber-crime29 Aug 2024 | 20
What a coincidence. Spyware makers, Russia's Cozy Bear seem to share same exploits
Google researchers note similarities, can't find smoking-gun link
Security29 Aug 2024 | 3
Feds claim sinister sysadmin locked up thousands of Windows workstations, demanded ransom
Sordid search history 'evidence' in case that could see him spend 35 years for extortion and wire fraud
Cyber-crime29 Aug 2024 | 52
Rock Chrome hard enough and get paid half a million
Google revises Chrome Vulnerability Rewards Program with higher payouts for bug hunters
Security29 Aug 2024 |
CrowdStrike's meltdown didn't dent its market dominance … yet
Total revenue for Q2 grew 32 percent
Software29 Aug 2024 | 22
Microsoft hosts a security summit but no press, public allowed
op-ed CrowdStrike, other vendors, friendly govt reps…but not anyone who would tell you what happened
Security28 Aug 2024 | 11
Proof-of-concept code released for zero-click critical IPv6 Windows hole
If you haven't deployed August's patches, get busy before others do
OSes28 Aug 2024 | 13
Iran's Pioneer Kitten hits US networks via buggy Check Point, Palo Alto gear
The government-backed crew also enjoys ransomware as a side hustle
Cyber-crime28 Aug 2024 | 5
Dick's Sporting Goods discloses cyberattack
Authorities probing unwanted intrusion; hard questions ahead
Cyber-crime28 Aug 2024 | 11
From Copilot to Copirate: How data thieves could hijack Microsoft's chatbot
Prompt injection, ASCII smuggling, and other swashbuckling attacks on the horizon
Patches28 Aug 2024 | 7
Woman uses AirTags to nab alleged parcel-pinching scum
Phew! Consumer-grade tracking devices are good for more than finding your keys and stalking
Personal Tech28 Aug 2024 | 98
Chinese broadband satellites may be Beijing's flying spying censors, think tank warns
Ground stations are the perfect place for the Great Firewall to block things China finds unpleasant
Networks28 Aug 2024 | 27
Intel's Software Guard Extensions broken? Don't panic
More of a storm in a teacup
Systems27 Aug 2024 | 9
Volt Typhoon suspected of exploiting Versa SD-WAN bug since June
update The same Beijing-backed cyber spy crew the feds say burrowed into US critical infrastructure
Cyber-crime27 Aug 2024 | 3
Microsoft security tools questioned for treating employees as threats
Cracked Labs examines how workplace surveillance turns workers into suspects
Security27 Aug 2024 | 68
Watchdog warns FBI is sloppy on secure data storage and destruction
update National security data up for grabs, Office of the Inspector General finds
Security26 Aug 2024 | 6
Seattle airport 'possible cyberattack' snarls travel yet again
No word yet on if ransomware is to blame
Security26 Aug 2024 | 11
AMD internal data reportedly offered for sale
Second sensitive info theft claimed by the same crims since June
Cyber-crime26 Aug 2024 | 1
31.5M invoices, contracts, patient consent forms, and more exposed to the internet
Exclusive Unprotected database with 12 years of biz records yanked offline
CSO26 Aug 2024 | 28
Alleged Karakut ransomware scumbag charged in US
Infosec in brief Plus: Microsoft issues workaround for dual-boot crashes; ARRL cops to ransom payment, and more
Security26 Aug 2024 | 2
SolarWinds left critical hardcoded credentials in its Web Help Desk product
Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway
CSO22 Aug 2024 | 18
CrowdStrike deja vu as 'performance issue' leaves systems sluggish
Not related to the massive outage in July, security biz spokesperson told us
Security22 Aug 2024 | 14
Halliburton probes 'an issue' disrupting business ops
Updated What could the problem be? Reportedly, a cyberattack
Security22 Aug 2024 | 9
This uni thought it would be a good idea to do a phishing test with a fake Ebola scare
Needless to say, it backfired in a big way
CSO22 Aug 2024 | 118
You probably want to patch this critical GitHub Enterprise Server bug now
Unless you're cool with an unauthorized criminal enjoying admin privileges to comb through your code
Patches21 Aug 2024 |
Microsoft's Patch Tuesday borks dual-boot Linux-Windows PCs
Plus: Three-year-old ProxyOracle flaw added to CISA's exploited bugs list
OSes21 Aug 2024 | 35
Top companies ground Microsoft Copilot over data governance concerns
Securiti's Jack Berkowitz polled 20-plus CDOs, and half have hit pause
AI + ML21 Aug 2024 | 43
Slack AI can be tricked into leaking data from private channels via prompt injection
Updated Whack yakety-yak app chaps rapped for security crack
AI + ML21 Aug 2024 | 21
Deadbeat dad faked his own death by hacking government databases
Hoped to dodge child support payments, now faces 81 months inside – and a bigger bill than ever
Cyber-crime21 Aug 2024 | 72
Chipmaker Microchip reveals cyber attack whacked manufacturing capacity
Defense contractor gets hacked – what's the worst that could happen
Security21 Aug 2024 | 3
Digital wallets can allow purchases with stolen credit cards
Researchers find it's possible to downgrade authentication checks, and shabby token refresh policies
Research20 Aug 2024 | 32
Mad Liberator extortion crew emerges on the cyber-crook scene
Anydesk is its access tool of choice
Cyber-crime15 Aug 2024 | 4
China-linked cyber-spies infect Russian govt, IT sector
No, no, go ahead, don't let us stop you, Xi
Research15 Aug 2024 | 17
Russian cyber snoops linked to massive credential-stealing campaign
Citizen Lab also spots a COLDWASTREL swimming in the Rivers of Phish
Cyber-crime14 Aug 2024 |
Microsoft pushing, pushing, pushing Edge in Defender slammed as a 'dark pattern'
Is it an ad? Or serious infosec advice?
Personal Tech14 Aug 2024 | 59
NIST finalizes trio of post-quantum encryption standards
Nicely ahead of that always-a-decade-away moment when all our info becomes an open book
Security14 Aug 2024 | 18
Microsoft patches scary wormable hijack-my-box-via-IPv6 security bug and others
Patch Tuesday Plus more pain for Intel which fixed 43 bugs, SAP and Adobe also in on the action
Patches14 Aug 2024 | 24
Six ransomware gangs behind over 50% of 2024 attacks
Plus many more newbies waiting in the wings
Cyber-crime13 Aug 2024 |
Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls
Because apps talking like pirates and creating ASCII art never gets old
AI + ML13 Aug 2024 | 17
AI chatbots amplify creation of false memories, boffins reckon – or do they?
We can misremember it for you wholesale
AI + ML13 Aug 2024 | 14
Trump campaign cites Iran election phish claim as evidence leaked docs were stolen
Dots have been joined, but hard evidence is not apparent
Security12 Aug 2024 | 74
The UN unanimously agrees that cybercrime is bad, mkay?
Infosec in brief Also: British nuke subs get code from Russia; and BlackSuit begs for $500M
Security12 Aug 2024 | 7
How to ingeniously and wirelessly inject malware onto someone's nearby Windows PC via Google's Quick Share
DEF CON Or rather could, until the web giant was tipped off
Black Hat and DEF CON10 Aug 2024 | 16
Twilio's Segment SDK challenged with wiretapping claim
Mobile app analytics software said to surreptitiously snarf data
Applications09 Aug 2024 | 5
It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0
Can't reach someone's private server on localhost from outside? No problem
Research09 Aug 2024 | 39
Biting the hand that feeds IT
