Webinar Believe it or not the word 'password' is still being used as the most common password across all industries, including retail and ecommerce.β¦
Google says it has blocked the largest ever HTTPS-based distributed-denial-of-service (DDoS) attack in June, which peaked at 46 million requests per second.β¦
A water company in the drought-hit UK was recently compromised by a ransomware gang, though initially it was unclear exactly which water company was the victim.β¦
Spam-tracking service Spamhaus reported Tuesday that some of the world's biggest brands are getting loose with their email practices, causing its spam blocklists (SBL) to swell significantly.β¦
The music video for Janet Jackson's 1989 pop hit Rhythm Nation has been recognized as an exploit for a cybersecurity vulnerability after Microsoft reported it can crash old laptop computers.β¦
Google has issued 11 security fixes for desktop Chrome, including one bug that has an exploit for it out in the wild.β¦
A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle's manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples.β¦
A highly pervasive .NET-based crypter that has flown under the radar since about 2015 and can deliver a wide range of malicious payloads continues to evolve rapidly, with almost 10,000 code samples being uploaded to VirusTotal over a 16-month period.β¦
Webinar Barely a day goes by without news of a ransomware attack somewhere in the media. And these types of cyber security incident can seriously derail financial, social, health and industrial activity, inflicting massive damage and requiring a multiagency response in their aftermath.β¦
TikTok has joined Twitter in publishing new US midterm misinformation rules, with considerable crossover in scope and style.β¦
It's official: your period and/or pregnancy tracker will probably share your data with law enforcement.β¦
A Minnesota computer store suing its crime insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses.β¦
Russia's military has praised civilian grade Chinese-made drones and robots for having performed well on the battlefield, leading their manufacturers to point out the equipment is not intended or sold for military purposes.β¦
RubyGems.org, the Ruby programming community's software package registry, now requires maintainers of popular "gems" to secure their accounts using multi-factor authentication (MFA).β¦
America's financial watchdog has accused 18 individuals and shell companies of using compromised brokerage accounts to manipulate stock prices to rake in $1.3 million in illicit profits.β¦
Sponsored Post You might be happy with your cloud infrastructure and totally on top of your internal network, but one thing for certain is that whatever your workforce is doing, they'll have endpoints. Are you sure you know exactly what's happening on all those devices?β¦
Microsoft Defender for Endpoint's Tamper Protection in macOS has entered general availability.β¦
Updated The security breach at Twilio earlier this month affected at least one high-value customer, Signal, and led to the exposure of the phone number and SMS registration codes for 1,900 users of the encrypted messaging service, it confirmed.β¦
Microsoft said it disabled accounts used by Russian-linked Seaborgium troupe to phish and steal credentials from its customers as part of the cybercrime gang's illicit spying and data-stealing activities.β¦
Junior cloud Digital Ocean has revealed that some of its clientsβ email addresses were exposed to attackers, thanks to an attack on email marketing service Mailchimp.β¦
Thousands of machines on the public internet can be remotely controlled via VNC without any authentication, a cybersecurity vendor has reminded us this month.β¦
At DEF CON 30 on Saturday, an Australian who goes by the handle Sick Codes showed off a way to fully take control of some John Deere farming machine electronics to run first-person shooter Doom.β¦
The CIA illegally spied on US citizens while they visited WikiLeaks publisher Julian Assange inside the Ecuadorian embassy in London, a lawsuit filed today has claimed.β¦
Dutch authorities have arrested a software developer suspected of working with Tornado Cash, a cryptocurrency mixing service that only two days earlier was sanctioned by the US government for allegedly laundering money for ransomware operators and other cybercriminals.β¦
India's military has celebrated the nation's Independence Day by announcing it will adopt locally developed quantum key distribution (QKD) technology that can operate across distances of 150km.β¦
Black Hat As last week's hacker summer camps wound down it's clear that attendee numbers are still well down on the pre-COVID days, although things are recovering.β¦
Asia in Brief Elon Musk has written an article for the Cyberspace Administration of China's flagship magazine.β¦
Black Hat In Brief Victor Zhora, Ukraine's lead cybersecurity official, made an unannounced visit to Black Hat in Las Vegas this week, where he spoke to attendees about the state of cyberwarfare in the country's conflict with Russia. The picture Zhora painted was bleak.β¦
Six years after web security and privacy concerns surfaced about ambient light sensors in mobile phones and notebooks, browser boffins have finally implemented defenses.β¦
A high-severity Palo Alto Networks denial-of-service (DoS) vulnerability has been exploited by miscreants looking to launch DDoS attacks, and several of the affected products won't have a patch until next week.β¦
Black Hat A security researcher has shown how to, with physical access at least, fully take over a Starlink satellite terminal using a homemade modchip.β¦
The US government is putting a face on a claimed member of the infamous Conti ransomware group as part of a $10 million reward for information about five of the gang's crew.β¦
Microsoft appears to have beat Google on the bug bounty front, with $13.7 million in rewards spread out over 335 researchers.β¦
Black Hat Intel has disclosed how it may be able to protect systems against some physical threats by repurposing circuitry originally designed to counter variations in voltage and timing that may occur as silicon circuits age.β¦
Advanced, the MSP forced to shut down some of its servers last week after identifying an "issue" with its infrastructure hosting products, has confirmed a ransomware attack and says recovery will be in the order of weeks.β¦
Black Hat Dylan Ayrey, a bug hunter and CEO of Truffle Security, discovered a big data company credential dump containing personal information belonging to about 50,000 of its users, and still hasn't fixed it.Β β¦
Black Hat Many organizations are increasingly unprepared to deal with the skyrocketing costs of a ransomware attacks, at a time when the number of incidents and the payments demanded by cybercriminals are rising rapidly.β¦
Black Hat video The security industry needs to take a leaf from the manual of an industry where smart incident response is literally life and death, if it is to fix systemic problems.β¦
Black Hat The hacktivist attacks that have occurred during the ongoing war in Ukraine are setting a dangerous precedent for cyber norms β and infrastructure security, according to journalist and author Kim Zetter.β¦
Black Hat AWS and Splunk are leading an initiative aimed at creating an open standard for ingesting and analyzing data, enabling enterprise security teams to more quickly respond to cyberthreats.β¦
Black Hat video It turns out that ex-CIA chief information security officers don't spill secrets at bars in Vegas. Or via Zoom, while pretending to be at a Black Hat cocktail party.β¦
Sonatype has unearthed yet more malware lurking on PyPI, this time a fileless Linux nasty designed to mine Monero and using the identity of a real person to lend credibility to the package.β¦
Webinar Faced with relentless cyberattacks organizations need the kind of defenses usually reserved for small states. And everything that Zero Trust principles can pull into play will help safeguard against the nimble nastiness of the dark actors intent on doing harm.β¦
Black Hat Security experts spent years warning enterprises to expect cyberattacks and to plan their defenses accordingly, now Sophos researchers are saying organizations shouldn't be surprised if they get attacked multiple times.β¦
Sponsored Post Protecting sensitive data and mission critical applications spread across multiple on- and off-prem cloud environments and different service providers is a tough gig for busy security professionals. So a chance to hear from experts and peers on how best to stop hackers from making hay will be welcome.β¦
Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee's personal Google account was compromised β an act a ransomware gang named "Yanluowang" has now claimed as its work.β¦
Black Hat Video Miscreants aren't only working to exploit flaws in an enterprise's security posture, they're also looking for holes in organizations' privacy programs to steal user data, according to Meta's Scott Tenaglia.β¦
The Open Source Security Foundation (OpenSSF), as its name plainly states, aims to help make open source software more secure, but improvements flowing from its efforts are hard to find.β¦
Black Hat It's time to reorganize the US government and create a new agency focused solely on on digital risk management services, according to former CISA director Chris Krebs.β¦
Black Hat Video With the world's largest collection of security folk gathering in Las Vegas for the Black Hat conference there are encouraging signs that the US government might actually be getting smarter about hiring.β¦
The Maui ransomware that has been used against US healthcare operations has been linked to Andariel, a North Korean state-sponsored threat with links to the notorious Lazarus Group.β¦
Simply finding vulnerabilities and patching them "is totally useless," according to Google's Eduardo Vela, who heads the cloud giant's product security response team.β¦
Cloudflare says it was subject to a similar attack to one made on comms company Twilio last week, but in this case it was thwarted by hardware security keys that are required to access applications and services.β¦
Opinion I've been preaching the gospel of the Linux desktop for more years than some of you have been alive. However, unless you argue that the Linux desktop includes Android smartphones and ChromeOS laptops, there will be no year of the Linux desktop.β¦
August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too.Β β¦
A group of computer scientists has identified an architectural error in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys.β¦
Security teams are facing down more cyberattacks following Russia's invasion of Ukraine, and sophisticated crooks are using double-extortion techniques and, increasingly, deepfakes in their strikes.β¦
Microsoft has warned that Windows devices with the newest supported processors might be susceptible to data damage, noting the initial fix might have slowed operations down for some.β¦
Fraudsters in China have targeted a child with promises of allowing them to get around the nation's time limits on playing computer games β for a mere $560, according to the nation's cyberspace administration. Yesterday the CAC detailed some of the 12,000 acts of online fraud perpetrated against minors it handled this year.β¦
Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions, according to Kaspersky researchers.β¦