UK businesses' response to security breaches has "astounded" experts following the release of the government's official cybercrime stats for 2024.…
Let’s say that, during the middle of a busy day, you receive what looks like a work-related email with a QR code. The email claims to come from a coworker, requesting your help in reviewing a d… Read more on Cisco Blogs
US insurance companies are reportedly relying on aerial photos from drones to deny claims.…
Short'Em All is a URL scanning tool trusted by CTI Analysts and Security Researchers. It's designed to scan short URLs and provide insights into potential security risks or useful information. This tool automates the process of scanning URLs, allowing users to focus on analyzing the results.
Home Depot has confirmed that a third-party company accidentally exposed some of its employees' personal details after a criminal copy-pasted the data online.…
First, they came for hospitals, then it was charities and cancer centers. Now, cyber scumbags are coming for the puppies and kittens.…
Change Healthcare is allegedly being extorted by a second ransomware gang, mere weeks after recovering from an ALPHV attack.…
Infosec in brief Protecting your privacy online is hard. So hard, in fact, that even a top Israeli spy who managed to stay incognito for 20 years has found himself exposed after one basic error.…
I suggest, based on my experiences with data breaches over the years, that AT&T is about to have a very bad time of it. Class actions following data breaches have become all too common and I've written before about how much I despise them. The trouble for AT&T (in my non-legal but "hey, I'm the data breach guy" opinion), will be their denial of a breach in 2021 and the subsequent years in which tens of millions of social security numbers were floating around. As much as it's hard for the victim of identity theft to say "this happened because of that breach", it's also hard for the corporate victim of a breach to say that identity theft didn't happen because of their breach. Particularly in such a litigious part of the world, I wouldn't be at all surprised if the legal cost of this runs into the tens if not hundreds of millions of dollars. I doubt the plaintiffs will see much of this, but there's sure going to be some happy lawyers out there!
Kettle It's been about a week since the shock discovery of a hidden and truly sophisticated backdoor in the xz software library that ordinarily is used by countless systems.…
I tried to gather all the related Web Cache vulnerabilities techniques into one blog post.
Analysis You might think that when a government supplier fails in one of its key duties it would find itself shunned or at least feel financial pain.…
A self-service check-in terminal used in a German Ibis budget hotel was found leaking hotel room keycodes, and the researcher behind the discovery claims the issue could potentially affect hotels around Europe.…
My latest blog post
A study has concluded that Apple's privacy practices aren't particularly effective, because default apps on the iPhone and Mac have limited privacy settings and confusing configuration options.…
If ever there was an incident that brings the need for good infosec into sharp focus, this is the one: Japan's Hoya – a maker of eyeglass and contact lenses, plus kit used to make semiconductor manufacturing, flat panel displays, and hard disk drives – has halted some production and sales activity after experiencing an attack on its IT systems.…
Updated Uncle Sam is investigating claims that some miscreant stole and leaked classified information from the Pentagon and other national security agencies.…
Ivanti has committed to adopting a secure-by-design approach to security as it gears up for an organizational overhaul in response to the multiple vulnerabilities in Connect Secure exploited earlier this year.…