The LockBit ransomware crew is claiming to have stolen 78GB of data from Italy's tax agency and is threatening to leak it if a ransom isn't paid by July 31.β¦
Back in March, security researchers reported a critical command injection vulnerability in Parse Server, an open-source backend for Node.js environments.β¦
T-Mobile US has agreed to pay about $550 million to end legal action against it and improve its security after crooks infiltrated the self-described Un-carrier last summer and harvested personal data belonging to almost 77 million customers.β¦
Twitter is investigating claims that a near-seven-month-old vulnerability in its software has been exploited to obtain the phone numbers and email addresses of a reported 5.4 million users.Β β¦
An emerging and fast-growing threat group is using a unique business model to offer cybercriminals a broad range of services that span from leaked databases and distributed denial-of-service (DDoS) attacks to hacking scripts and, in the future, potentially ransomware.β¦
In Brief Google's legally fraught journey to buy cybersecurity business Mandiant is in its final stretch, with the US Department of Justice closing its investigation and giving the go-ahead for the sale to proceed.β¦
Opinion The calls are coming from inside the house! Lately, Outlook users have been getting their own version of this classic urban horror myth. The email system is alerting them to suspicious activity on their accounts, and helpfully providing the IP addresses responsible.β¦
Webinar If you realized software you'd developed contained a vulnerability that left you β and your customers - open to cyber-attack what should your first priority be?β¦
A crook who created a business called My Big Coin to cheat victims out of more than $6 million has been found guilty by a jury.β¦
Microsoft is trying to shut the door on a couple of routes cybercriminals have used to attack users and networks.β¦
The FBI has warned cryptocurrency owners and would-be owners about a scam involving phony liquidity mining that the bureau says has cost victims more than $70 million in combined losses since 2019.β¦
Sponsored Feature If you've ever wondered what edge computing looks like in action, you could do worse than study the orbiting multi-dimensional challenge that is the multi-agency International Space Station (ISS).β¦
Comment Two notorious characters from the British security services have published a paper that once again suggests breaking strong end-to-end encryption would be a good thing for society.Β β¦
Iran's Communications Ministry joined in a pledge with Russian state-owned defence and technology conglomerate Rostec to explore future collaboration in e-government, information security, and other areas.β¦
A now-former Coinbase manager, his brother, and a friend were today charged with wire fraud conspiracy and wire fraud in connection with the first-ever cryptocurrency insider trading scheme in the US.β¦
US Cyber Command has disclosed 20 new strains of malware among the numerous software nasties and cyberattacks being used against Ukrainian targets over the last few months.β¦
Webinar Nothing ever stays the same for long in IT. New ways to meet the changing requirements of businesses are constantly needed alongside in-house structural and policy reforms, plus the added complication of complying with new and updated regulations.β¦
Apple last month gave hope to a large segment of the mobile device-using population when it announced that the upcoming iOS 16 operating system will eliminate the requirement to use CAPTCHAs to verify their humanity before accessing a website.β¦
Updated Strange things are afoot in the world of Microsoft email with multiple users reporting unusual sign-in notifications for their Outlook accounts.β¦
Webinar The explosion of open-source projects in recent years has allowed organizations to build ever more complex architectures using their pick of components developed by specialists or "the community".β¦
Atlassian has warned users of its Bamboo, Bitbucket, Confluence, Fisheye, Crucible, and Jira products that a pair of critical-rated flaws threaten their security.β¦
A man suspected of providing the IT infrastructure behind the Gozi banking trojan has been extradited to the US to face a string of computer fraud charges.β¦
Kremlin-backed criminals are trying to trick people into downloading Android malware by spoofing a Ukrainian military group, according to Google security researchers.β¦
Infosec boffins have released a tool to decrypt and unpack the microcode for a class of low-power Intel CPUs, opening up a way to look at how the chipmaker has implemented various security fixes and features as well as things like virtualization.β¦
Federal law enforcement officials this week said they seized about $500,000 that healthcare facilities in the United States paid to the Maui ransomware group.β¦
The Monetary Authority of Singapore (MAS) said on Tuesday that its cryptocurrency regulations will add measures to protect consumers, in addition to ongoing work to contain money laundering and terrorist funding.β¦
Amazon is suing over 10,000 administrators of Facebook groups that offer to post fake reviews on the online souk's website in exchange for products and money.β¦
The government of Belgium has claimed it detected three Chinese Advanced Persistent Threat actors attacking its public service and defence forces.β¦
A handful of vulnerabilities, some critical, in MiCODUS GPS tracker devices could allow criminals to disrupt fleet operations and spy on routes, or even remotely control or cut off fuel to vehicles, according to CISA. And there's no fixes for these security flaws.β¦
Google pulled 60 malware-infected apps from its Play Store, installed by more than 3.3 million punters, that can be used for all kinds of criminal activities including credential theft, spying and even stealing money from victims.β¦
An Indian flight booking website majority-owned by US retail colossus Walmart has experienced a data breach, but is saying very little about what happened or the risks to customers.β¦
Two Florida residents will spend years behind bars and pay more than half a million dollars for wire fraud and identity theft, among other illicit deeds, for running COVID-19 scams.β¦
Cybercriminals posing as legitimate investment firms and cryptocurrency exchanges have stolen tens of millions of dollars from more than 200 people by convincing them to download mobile apps and deposit cryptocurrency into wallets owned by the perpetrators.β¦
Industrial engineers and operators are being lured into running backdoor malware disguised as tools for recovering access to work systems.β¦
Updated Albania's online public services and websites have gone dark following what appears to be a cyberattack.β¦
Updated Complaints over Microsoft's latest patch Tuesday have intensified after some Windows 11 users found their systems worse for wear following installation.β¦
The US Federal Communications Commission (FCC) notified Congress on Friday that the cost to rip and replace equipment kit from Huawei and ZTE installed at US telcos is more than $3 billion higher than funding allocated for the program.β¦
TikTok's Global Chief Security Officer Roland Cloutier has "transitioned" from his job into "a strategic advisory role focusing on the business impact of security and trust programs."β¦
Asia In Brief Senior execs from Alibaba Cloud were summoned to discuss the data leak that saw information pertaining to a billion Chinese citizens sold on the dark web, according to Nikkei and The Wall Street Journal.β¦
In brief SMBs, beware: Microsoft said this week it has discovered a North Korean crew targeting small businesses with ransomware since September of last year.β¦
Juniper Networks has patched critical-rated bugs across its Junos Space, Contrail Networking and NorthStar Controller products that are serious enough to prompt CISA to weigh in and advise admins to update the software as soon as possible.β¦
Miscreants have reportedly scanned almost 1.6 million websites in attempts to exploit an arbitrary file upload vulnerability in a previously disclosed buggy WordPress plugin.β¦
Trend Micro Research has published an anatomy of a Windows remote code execution vulnerability lurking in the Network File System.β¦
The bad news keeps on rolling for British recruitment agency Morgan Hunt amid confirmation it suffered a digital burglary, with intruders making off with the personal data for some of the freelancers on its books.β¦
The botnet behind the largest-ever HTTPS-based distributed-denial-of-service (DDoS) attack has been named after a tiny shrimp.β¦
Organizations can expect risks associated with Log4j vulnerabilities for "a decade or longer," according to the US Department of Homeland Security.β¦
Security researchers have spotted fresh flaws in Lenovo laptops just months after the vendor patched a bunch of its products.β¦
Webinar Cloud security is a challenge likely to keep a lot of IT professionals awake at night. So there might be some relief in knowing what types of tool offer the best protection β agent-based or agentless β and if organizations really have to rely on just one or the other.β¦
Updated Amazon's home security wing Ring turned over footage to US law enforcement without permission from the devices' owners and seemingly without a warrant 11 times so far in 2022.β¦
Webinar Most IT infrastructures evolve over time as the needs of the business and its users change to meet fresh demands and comply with updated organizational policies and regulatory requirements.β¦
Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that private data β including names, addresses, social security numbers, and health records β for more than 1.9 million people was exposed during a ransomware infection.β¦
A widespread phishing campaign that has hit more than 10,000 organizations since September 2021 uses adversary-in-the-middle (AiTM) proxy sites to get around multifactor authentication (MFA) features and steal credentials that are then used to compromise business email accounts.β¦
The US Supreme Court justices who overturned Roe v. Wade last month may have been doxxed β had their personal information including physical and IP addresses, and credit card info revealed β according to threat intel firm Cybersixgill.β¦
When Jay Chaudhry launched Zscaler in 2007, he envisioned a number of use cases for the zero-trust platform, from security for a growing distributed, virtualized IT environment a nascent cloud computing environment to improved network visibility and identity governance.β¦
X.org has released a bunch of updates, which includes closing two security holes and, yes, this affects Wayland users too.β¦
Patch Tuesday Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live β with a slew of caveats β the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit.Β β¦
AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could allow an attacker to escalate privileges within a Kubernetes cluster.β¦
Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place. Mitigating this side channel is expected to take a toll on performance.β¦
Microsoft has warned users clinging to Windows 7 and Windows 8.1 that the end really is nigh.β¦
The UK Information Commissioner's Office (ICO) on Monday issued a reprimand and called for a review of how and whether messaging services should be used for government business practices, after finding widespread and potentially dangerous use of private email, WhatsApp and other messaging tools by officials at the Department of Health and Social Care (DHSC).β¦