US lawmakers wave red flags over Chinese drone dominance Congressman warns tech is getting the 'Huawei Playbook' treatment Security27 Jun 2024 | 14
Korean telco allegedly infected its P2P users with malware KT may have had an entire team dedicated to infecting its own customers Security27 Jun 2024 | 7
WhisperGate suspect indicted as US offers a $10M bounty for his capture Russian national accused of attacks in lead-up to the Ukraine war Public Sector27 Jun 2024 | 5
Feds put $5M bounty on 'CryptoQueen' Ruja Ignatova OneCoin co-founder allegedly bilked investors out of $4B Cyber-crime26 Jun 2024 | 14
US convicts crypto-robbing gang leader who kidnapped victims before draining their accounts Said to have zip tied elderly crypto investors, held them at gunpoint, and threatened to kill them Cyber-crime26 Jun 2024 | 12
Batten down the hatches, it's time to patch some more MOVEit bugs Exploit attempts for ‘devastating’ vulnerabilities already underway Patches26 Jun 2024 | 8
Julian Assange pleads guilty, leaves courtroom a free man Now, about that bill for the private jet that's taking him home to Australia … Security26 Jun 2024 | 185
Yahoo! Japan to waive $189 million ad revenue after detecting fraudulent clicks Admits it's not sure some clicks came from humans, points to bettter quality as sign not all is rotten Cyber-crime26 Jun 2024 | 11
Organized crime and domestic violence perps are big buyers of tracking devices Australian study finds GPS trackers – and sometimes AirTags – are in demand for the wrong reasons Security26 Jun 2024 | 23
Microsoft blamed for million-plus patient record theft at US hospital giant Updated Probe: Worker at speech-recog outfit Nuance wasn't locked out after firing CSO26 Jun 2024 | 19
If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately Scripts turn malicious, infects webpages after mysterious CDN swallows domain CSO25 Jun 2024 | 51
Fiend touts stolen Neiman Marcus customer info for $150K Flash clobber chain fashionably late to Snowflake fiasco party Cyber-crime25 Jun 2024 | 2
Crypto scammers circle back, pose as lawyers, steal an extra $10M in truly devious plan Business is more lucrative than you might think Cyber-crime25 Jun 2024 | 18
CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities Crafty crims broke in but encryption stopped any nastiness Cyber-crime25 Jun 2024 | 3
UK and US cops band together to tackle Qilin's ransomware shakedowns Attacking the NHS is a very bad move Cyber-crime25 Jun 2024 | 26
Ransomware thieves beware Why Object First and Veeam tick the box for encryption and immutability Sponsored Feature
Julian Assange to go free in guilty plea deal with US WikiLeaks boss already out of Blighty and, if all goes to plan, ultimately off to home in Australia Security25 Jun 2024 | 147
America's best chance for nationwide privacy law could do more harm than good Analysis 'Congress has effectively gutted it as part of a backroom deal' Personal Tech25 Jun 2024 | 31
Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server About a thousand vulnerable instances still exposed online, we're told Patches24 Jun 2024 | 8
Car dealers stuck in the slow lane after cyber woes at software biz CDK More customers self-reporting to SEC as disruption carries into second week Cyber-crime24 Jun 2024 | 2
If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately Scripts turn malicious, infects webpages after mysterious CDN swallows domain
Microsoft blamed for million-plus patient record theft at US hospital giant Updated Probe: Worker at speech-recog outfit Nuance wasn't locked out after firing
British Airways blames T5 luggage chaos on fault 'outside of our control' Exclusive It was Vodafone, basically
Julian Assange pleads guilty, leaves courtroom a free man Now, about that bill for the private jet that's taking him home to Australia …
Microsoft makes it harder to avoid OneDrive during new Windows 11 installs Hey, OneDrive! Leave my files alone
Organized crime and domestic violence perps are big buyers of tracking devices Australian study finds GPS trackers – and sometimes AirTags – are in demand for the wrong reasons
Microsoft founder Paul Allen's tech museum closes, sells off collection Letter from Einstein, vintage space suit, and ancient computers all up for sale
Resource burden of electric vehicles set to triple by 2050 Experts say 'circular economy strategies' could keep demand at 2015 levels
Apple tells emulator developers it's OK with retro games – not entire OSes Updated We sure hope this won't upset European regulators given how great their relationship is with Apple right now
Hong Kong's Furi Labs shakes up smartphone scene with dash of Debian DEVCONF.CZ The FLX1 runs its own build of 'Trixie' but has an Android layer
'Mirai-like' botnet observed attacking EOL Zyxel NAS devices Seems like as good a time as any to upgrade older hardware Research24 Jun 2024 | 3
Levi's and more affected in pants-dropping week of data breaches A busy few days for security teams Cyber-crime24 Jun 2024 | 5
Meta, Microsoft SQL Server make strange bedfellows on a couch of cyber-pain Opinion Yanks get food poisoning far more often than Brits. Is American IT just as sickening? Security24 Jun 2024 | 41
Admin took out a call center – and almost their career – with a cut and paste error Who, me? Have you heard the one about the techie who forgot what was on the clipboard? Cyber-crime24 Jun 2024 | 52
Snowflake breach snowballs as more victims, perps, come forward Infosec in brief Also: The leaked Apple internal tools that weren't; TV pirate pirates convicted; and some critical vulns, too Security24 Jun 2024 | 9
Risk of installing dodgy extensions from Chrome store way worse than Google's letting on, study suggests All depends on how you count it – Chocolate Factory claims 1% fail rate Research23 Jun 2024 | 33
From network security to nyet work in perpetuity: What's up with the Kaspersky US ban? Kettle It's been a long time coming. Now our journos speak their brains Security22 Jun 2024 | 40
Change Healthcare finally spills the tea on what medical data was stolen by cyber-crew 'Substantial proportion' of America to get a little note from next month Cyber-crime21 Jun 2024 | 8
Uncle Sam sanctions Kaspersky's top bosses – but not Mr K himself Here's America's list of the supposedly dirty dozen CSO21 Jun 2024 | 16
Phoenix UEFI flaw puts long list of Intel chips in hot seat Researchers discuss it in same breath as BlackLotus and MosaicRegressor Research21 Jun 2024 | 20
Qilin cyber scum leak data they claim belongs to London hospitals’ pathology provider At least they didn’t get paid their $50M ransom demand Cyber-crime21 Jun 2024 | 11
Since joining NATO, Sweden claims Russia has been borking Nordic satellites If Putin likes jammin', we hope NATO likes jammin' too Security21 Jun 2024 | 55
Coding error in forgotten API blamed for massive data breach Australian telco Optus allegedly left redundant website with poor access controls online for years Security21 Jun 2024 | 16
Crooks get their hands on 500K+ radiology patients' records in cyber-attack Two ransomware gangs bragged of massive theft of personal info and medical files Cyber-crime20 Jun 2024 | 4
Biden bans Kaspersky: No more sales, updates in US Blockade begins July 20 on national security grounds as antivirus slinger vows to fight back CSO20 Jun 2024 | 105
Car dealer software bigshot CDK pulls systems offline twice amid 'cyber incident' Downtime set to crash into next week Cyber-crime20 Jun 2024 | 13
Crypto exchange Kraken accuses blockchain security outfit CertiK of extortion Researchers allegedly stole $3M using the vulnerability, then asked how much it was really worth Security20 Jun 2024 | 4
Russia's cyber spies still threatening French national security, democracy Publishing right before a major election is apparently just a coincidence Cyber-crime20 Jun 2024 | 9
Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals Interview Cybercriminals claim they used a zero-day to breach pathology provider’s systems Cyber-crime20 Jun 2024 | 25
Amtrak confirms crooks are breaking into accounts using creds swiped from other DBs Railco goes full steam ahead with notification letters to Rewards users about spilled card details and more Cyber-crime19 Jun 2024 | 12
That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise Control-C, Control-V, Enter ... Hell Research19 Jun 2024 | 18
Rogue uni IT director pleads guilty after fraudulently buying $2.1M of tech Two decades in the clink would be quite an education Cyber-crime18 Jun 2024 | 14
Dark-web kingpin puts 'stolen' internal AMD databases, source code up for sale Updated Chip designer really gonna need to channel some Zen right now Cyber-crime18 Jun 2024 |
EU attempt to sneak through new encryption-eroding law slammed by Signal, politicians If you call 'client-side scanning' something like 'upload moderation,' it still undermines privacy, security Security18 Jun 2024 | 75
CHERI Alliance formed to promote memory security tech ... but where's Arm? Updated Academic-industry project takes next step as key promoter chip designer licks its wounds Research18 Jun 2024 | 3
Uncle Sam ends financial support to orgs hurt by Change Healthcare attack Billions of dollars made available but worst appears to be over Research18 Jun 2024 | 3
NHS boss says Scottish trust wouldn't give cyberattackers what they wanted CEO of Dumfries and Galloway admits circa 150K people should assume their details leaked Cyber-crime18 Jun 2024 | 13
VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug Specially crafted network packet could allow remote code execution and access to VM fleets Patches18 Jun 2024 | 8
Arm security defense shattered by speculative execution 95% of the time 'TikTag' security folks find anti-exploit mechanism rather fragile Research18 Jun 2024 | 27
Shoddy infosec costs PwC spinoff and NMA $11.3M in settlement with Uncle Sam Updated Pen-testing tools didn't work – and personal info of folks hit by pandemic started appearing in search engines CSO17 Jun 2024 | 2
Suspected bosses of $430M dark-web Empire Market charged in US Cybercrime super-souk's Dopenugget and Zero Angel may face life behind bars if convicted Cyber-crime17 Jun 2024 | 1
Blackbaud has to cough up a few million dollars more over 2020 ransomware attack Four years on and it's still paying for what California attorney general calls 'unacceptable' practice Cyber-crime17 Jun 2024 | 3
Cops cuff 22-year-old Brit suspected of being Scattered Spider leader Spanish plod make arrest at airport before he jetted off to Italy Cyber-crime17 Jun 2024 | 21
AWS is pushing ahead with MFA for privileged accounts. What that means for you ... The clock is ticking – why not try a passkey? CSO17 Jun 2024 | 17
UK's Total Fitness exposed nearly 500K images of members, staff through unprotected database Exclusive Health club chain headed for the spa on choose-a-password day Security17 Jun 2024 | 24
Notorious cyber gang UNC3944 attacks vSphere and Azure to run VMs inside victims' infrastructure Who needs ransomware when you can scare techies into coughing up their credentials? Security17 Jun 2024 | 5
That didn't take long: Replacement for SORBS spam blacklist arises ... sort of Infosec in brief Also: Online adoption cyberstalker nabbed; Tesla trade secrets thief pleads guilty; and a critical ASUS Wi-Fi vuln Security17 Jun 2024 | 2
Japan's space junk cleaner hunts down major target Asia in brief Plus: Australia to age limit social media; Hong Kong's robo-dogs; India's new tech minister Security17 Jun 2024 | 10
Microsoft answered Congress' questions on security. Now the White House needs to act Feature Business as usual needs a real change Public Sector15 Jun 2024 | 42
Stanford Internet Observatory wilts under legal pressure during election year Because who needs disinformation research at times like these Research14 Jun 2024 | 85
Meta won't train AI on Euro posts after all, as watchdogs put their paws down Facebook parent calls step forward for privacy a 'step backwards' AI + ML14 Jun 2024 | 41
Nigerian faces up to 102 years in the slammer for $1.5M phishing scam Crook and his alleged co-conspirators said to have used Discord to coordinate Cyber-crime14 Jun 2024 | 9
Ukraine busts SIM farms targeting soldiers with spyware Russia recruits local residents to support battlefield goals Cyber-crime14 Jun 2024 | 8
French state bidding for piece of Atos, offers €700M Big data + security division could be owed by the government and its people Security14 Jun 2024 | 13
Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended 'It's not our job to find the culprits – That's what we're paying you for' lawmaker scolds Brad Smith CSO14 Jun 2024 | 57
US Space Force wanted $77M to reinforce GPS – and Congress shot it down Can't we do this another way, like without these mini-sats costing $1B over 5 years, House reps wonder Public Sector13 Jun 2024 | 23
Oracle Ads have had it: $2B operation shuts down after dwindling to $300M Analysis In this slightly more private era, your data ain't as profitable as it once was Personal Tech13 Jun 2024 | 25
Ukrainian cops collar Kyiv programmer believed to be Conti, LockBit linchpin 28-year-old accused of major ransomware attacks across Europe Malware Month13 Jun 2024 | 13
Google's Privacy Sandbox more like a privacy mirage, campaigners claim Updated Chocolate Factory accused of misleading Chrome browser users Security13 Jun 2024 | 8
Student's flimsy bin bags blamed for latest NHS data breach Confidential patient information found by member of the public Security13 Jun 2024 | 63
Time to zero in on Zero Trust? Recently discovered vulnerabilities in VPN services should push ASEAN organizations to rethink their perimeter security approach Sponsored Post
Crooks crack customer info at tracking device vendor Tile, issue 'extortion' demands Who tracks the trackers? Cyber-crime13 Jun 2024 | 5
Ransomware crew may have exploited Windows make-me-admin bug as a zero-day Symantec suggests Black Basta crew beat Microsoft to the patch Malware Month12 Jun 2024 | 2
White House report dishes deets on all 11 major government breaches from 2023 The MOVEit breach and ransomware weren’t kind to the Feds last year CSO12 Jun 2024 | 1
China's FortiGate attacks more extensive than first thought Dutch intelligence says at least 20,000 firewalls pwned in just a few months Cyber-crime12 Jun 2024 | 13
Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows Patch Tuesday Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack CSO12 Jun 2024 | 5
Pure Storage pwned, claims data plundered by crims who broke into Snowflake workspace Secure storage company hasn't spilled details on how they got in Cyber-crime11 Jun 2024 | 1
Cylance clarifies data breach details, except where the data came from Customers, partners, operations remain uncompromised, BlackBerry says Security11 Jun 2024 | 2
UK and Canada's data chiefs join forces to investigate 23andMe mega-breach Three-pronged approach aims to uncover any malpractice at the Silicon Valley biotech biz Cyber-crime11 Jun 2024 | 14
Snowflake customers not using MFA are not unique – over 165 of them have been compromised Mandiant warns criminal gang UNC5537, which may be friendly with Scattered Spider, is on the rampage Security11 Jun 2024 | 13
Japanese vid-sharing site Niconico needs rebuild after cyberattack Offline for four days and counting, as are parent company and e-commerce brand Security11 Jun 2024 | 5
Christie's confirms RansomHub crooks stole data on 45K clients A far cry from the half-million claim that crims originally boasted Cyber-crime10 Jun 2024 |
Snowflake tells customers to enable MFA as investigations continue infosec in brief Also, industry begs Uncle Sam for infosec reg harmony, dueling container-compromise campaigns, and crit vulns Security10 Jun 2024 | 2
Two cuffed over suspected smishing campaign using 'text message blaster' Thousands of dodgy SMSes bypassed network filters in UK-first case, it is claimed Cyber-crime10 Jun 2024 | 23
Akira: Perhaps the next big thing in ransomware, says Tidal threat intelligence chief Interview Scott Small tells us gang's 'intent and capability' should get the attention of CSOs Malware Month09 Jun 2024 | 3
Uber ex-CSO Joe Sullivan: We need security leaders running to work, not giving up Interview Lessons learned from the infosec chief convicted and punished for covering up theft of data from taxi app maker CSO08 Jun 2024 | 32
New York Times source code leaks online via 4chan Updated Breaking breaking-news news Cyber-crime07 Jun 2024 | 43
FCC takes some action against notorious BGP How's your RPKI-based security plan coming along? Feds want to know Networks07 Jun 2024 | 9
Defiant Microsoft pushes ahead with controversial Recall – tho as an opt-in Windows maker acknowledges 'clear signal' from everyone, then mostly ignores it OSes07 Jun 2024 | 82
Frontier Communications: 750k people's data stolen in April attack on systems Company says just names and SSNs affected, watering down RansomHub’s claims Cyber-crime07 Jun 2024 | 8
Cisco fixes WebEx flaw that allowed government, military meetings to be spied on Researchers were able to glean data from 10,000 meetings held by top Dutch gov officials Cyber-crime07 Jun 2024 | 12
Russian hacktivists vow mass attacks against EU elections But do they get to wear 'I DDoSed' stickers? Cyber-crime07 Jun 2024 | 56
Spam blocklist SORBS closed by its owner, Proofpoint Exclusive Spammers will probably bid to buy it, so community is trying to find a better home for decades-old service Security07 Jun 2024 | 59
POC exploit code published for 9.8-rated Apache HugeGraph RCE flaw You upgraded when this was fixed in April, right? Right?? Security07 Jun 2024 | 2
FBI encourages LockBit victims to step right up for free decryption keys The bad news? Gang wasn't deleting victim data after payments Malware Month06 Jun 2024 | 6
Uncle Sam seeks to claw back $5M+ stolen from trade union through spoofed email Funds are currently seized after being sent to offshore accounts Cyber-crime06 Jun 2024 | 8
Microsoft shows venerable and vulnerable NTLM security protocol the door Time to get moving if you still rely on this deprecated feature Security06 Jun 2024 | 17
7-year-old Oracle WebLogic bug under active exploitation Experts say Big Red will probably re-release patch in an upcoming cycle Malware Month06 Jun 2024 | 6
Microsoft Research chief scientist has no issue with Windows Recall As tool emerges to probe OS feature's SQLite-based store of user activities OSes06 Jun 2024 | 114
TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability Beware of zero-click malware sliding into your DMs Cyber-crime05 Jun 2024 | 13