It's that time of the year again, time to head from the heat to the cold as we jump on the big plane(s) back to Europe. The next 4 weekly updates will all be from places of varying degrees colder than home, most of them done with Scott Helme too so they'll be a little different to usual. For now, here's a pretty casual Christmas edition, see you next week from the other side π
Infosec in brief Iranian cyberspies are targeting defense industrial base organizations with a new backdoor called FalseFont, according to Microsoft.β¦
Feature When AlphV/BlackCat's website went dark this month, it was like Chrimbo came early for cybersecurity defenders, some of whom seemingly believed law enforcement had busted one of the most menacing cyber criminal crews.β¦
Two British teens who were members of the Lapsus$ gang have been sentenced for their roles in a cyber-crime spree that included compromising Uber, Nvidia, and fintech firm Revolut, and also blackmailing Grand Theft Auto maker Rockstar Games.β¦
Security vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code.β¦
Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser.β¦
NASA's Office of Inspector General has run its eye over the aerospace agency's privacy regime and found plenty to like β but improvements are needed.β¦
IBM Security has dissected some JavaScript code that was injected into people's online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023.β¦
Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season.β¦
Updated Greater Manchester Police (GMP) must clear the backlog of hundreds of Freedom of Information (FOI) Act requests β some years old β or find itself in contempt of court.β¦
A vulnerability in the SSH protocol can be exploited by a well-placed adversary to weaken the security of people's connections, if conditions are right.β¦