Red Hat is backing a Cloud Native Computing Foundation (CNCF) project that aims to improve the security of containers in Kubernetes clusters by running them inside hardware-enforced enclaves.β¦
End users, often viewed by infosec specialists as a corporation's weakest link, appear to be finally understanding the importance of good security and privacy practices.β¦
Singtel has confirmed that another Australian business it owns, consulting unit Dialog, has fallen victim to a cyber burglary just weeks after the mammoth data leak at telco Optus was revealed.β¦
A Russia based threat group that set up a malware distribution shop earlier this year is behind a Swiss Army knife-like botnet that comes with a range of other malicious capabilities, from stealing information to mining cryptocurrency.β¦
Opinion People are the biggest problem in corporate infosec. Make them the biggest asset.Β β¦
Supposedly ingenious schemes to revolutionize the finance industry with crypto are not hard to find β nor are their failures. And scarcely a day passes on which a cryptocurrency venture's infosec is not found wanting. That sad situation is causing financial institutions sufficient pain that Mastercard thinks the time is ripe for a service that helps lenders to understand if their customers' crypto purchases are dangerous.β¦
An internet security mechanism called Resource Public Key Infrastructure (RPKI), intended to safeguard the routing of data traffic, can be broken.β¦
Comment It's getting difficult these days to find a ransomware group that doesn't steal data and promise not to sell it if a ransom is paid off. What's more, these criminals are going down the extortion-only route, and not even bothering to scramble your files with encryption.β¦
In brief An executive order signed by President Biden on Friday to setting out fresh rules on how the US and Europe share people's private personal info may still fall short of the EU's wishes, says the privacy advocate who defeated the previous regulations in court.β¦
A couple of vulnerabilities in Ikea smart lighting systems can be exploited to make lights annoyingly flicker for hours.β¦
Cryptocurrency exchange Binance temporarily halted its blockchain network on Thursday in response to a cyberattack that led to the theft of two million BNB tokens, notionally exchangeable for $566 million in fiat currency.β¦
The US Department of Energy has proposed regulations to financially reward cybersecurity modernization at power plants by offering rate deals for everything from buying new hardware to paying for outside help.β¦
China appears to have upgraded its Great Firewall, the instrument of pervasive real-time censorship it uses to ensure that ideas its government doesnβt like donβt reach Chinaβs citizens.β¦
Only a third of PostgreSQL databases connected to the internet use SSL for encrypted messaging, according to a cloud database provider.β¦
Sponsored Feature As enterprises continue to migrate applications into the cloud, security concerns about the data those workloads store and process are inevitable. But how can IT departments be certain that sensitive information covered by stringent data protection laws hosted in public, private and hybrid cloud environments spanning multiple servers and locations is adequately protected from both internal and external threats?β¦
Three US national security agencies - CISA, the FBI and the NSA - on Thursday issued a joint advisory naming the 20 infosec exploited by state-sponsored Chinese threat actors since 2020.β¦
Updated Lloyd's of London has cut off its IT systems and is probing a possible cyberattack against it after detecting worrisome network behavior this week.β¦
America's second-largest nonprofit healthcare org is suffering a security "issue" that has diverted ambulances and shut down electronic records systems at hospitals around the country.β¦
Papa John's is being sued by a customer β not for its pizza but for allegedly breaking the US Wiretap Act by snooping on the way he browsed the pie-slinger's website.β¦
The FBI and the US government's Cybersecurity and Infrastructure Security Agency (CISA) claim any foreign interference in the 2022 US midterm elections is unlikely to disrupt or prevent voting, compromise ballot integrity, or manipulate votes at scale.β¦
South Korea issued a publicly available notice on Wednesday to wanted man and Terraform Labs founder Do Kwon, demanding he return his passport.β¦
Aussie police have cuffed a 19-year-old Sydney resident accused of trying to extort money from victims of the recent cyberattack and digital burglary at national telecommunications provider Optus.β¦
Sponsored Post There's nothing much to be said in favour of cybercrime. It ruins legitimate endeavours and wrecks livelihoods. It does, though, build a sense togetherness among the people whose job is to stop it.β¦
Joe Sullivan, Uber's former chief security officer, has been found guilty of illegally covering up the theft of Uber drivers and customers' personal information.β¦
An ex-Canadian government worker who extorted tens of millions of dollars from organizations worldwide using the NetWalker ransomware has been sent down for 20 years.β¦
Spies for months hid inside a US military contractor's enterprise network and stole sensitive data, according to a joint alert from the US government's Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and NSA.β¦
Webinar "You are the weakest link, goodbye!". One of the most famous catchphrases in television history. Popularized by the BBC gameshow and delivered by caustic TV presenter Anne Robinson, it is still the ultimate put down.β¦
Cybersecurity biz Kaspersky has spotted a modified version of the Tor Browser it says collects sensitive data on Chinese users.β¦
Convicted wire fraud perpetrator Paige Thompson (aka "erratic") has been sentenced to time served and five years of probation with location and computer monitoring, prompting U.S. Attorney Nick Brown to label the sanctions unsatisfactory.β¦
Video Digital transformation requires far-reaching and innovative business solutions, frequently tailormade.β¦
Hotel chain Shangri-La Group has admitted to its systems being attacked, and personal data describing guests accessed by unknown parties, over a timeframe that includes the dates on which a high-level international defence conference was staged at one of its Singapore properties.β¦
The US government's Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to scan for and report software vulnerabilities in their IT systems more frequently under a directive issued this week.β¦
Microsoft is warning Exchange Online users about a rise in password spray attacks, urging those that have yet to disable Basic Authentication to at least set up authentication policies to protect their users and data.β¦
The president of casual Japanese chain restaurant Kappa Sushi resigned yesterday in the wake of a data-theft scandal that has rocked the world of sushi trains.β¦
Sponsored Post Fighting cybercrime is an expensive business. If your cyber defences fail, then the cost can be measured in many ways. There's the price of repairing damaged infrastructure, retrieving lost data, and paying regulatory penalties. And the cost in reputational terms with customers simply has no metric.β¦
A recently disclosed critical vulnerability in Atlassian's Bitbucket is actively being exploited, according to the US government.β¦
A man in the US has been jailed for 25 years after using dating websites, email scams, and other online swindles to steal more than $9.5 million from companies and individuals.β¦
The Data Access Agreement (DAA), by which the US and UK have agreed how one country can respond to lawful data demands from police and investigators in the other, took effect on Monday.β¦
Cloudflare is the first major internet infrastructure provider to support post-quantum cryptography for all customers, which, in theory, should protect data if quantum computing ever manages to break today's encryption technologies.β¦
If you've ever found yourself in an interminable meeting listening to the CISO ramble on about the important role you play in protecting yourself and the company from cyberthreats, you could probably point an accusatory finger in large part at the National Cybersecurity Awareness Month (NCSAM) program.β¦
A 30-year-old ex-NSA employee was accused by the FBI of trying to sell classified US information to a foreign government β after the Feds said they linked him to the printing of secret documents.β¦
Webinar Ransomware has a longer history than you might imagine. The very first recognized attack was at the World Health Organization in 1989 when the AIDS Trojan was distributed to 20,000 attendees via floppy disc.β¦
Acronis founder Serg Bell is afraid of his own vacuum cleaner, he told The Register in Singapore last week.β¦
Remember the good old days of cyber-incident response, when the job involved digital forensics and lots of stolen credit cards, as opposed to power-grid-breaking malware and multi-million-dollar ransom demands?β¦
About $22 trillion of global debt rated by Moody's Investors Service has "high," or "very high" cyber-risk exposure, with electric, gas and water utilities, as well as hospitals, among the sectors facing the highest risk of cyberattacks.β¦
Internet snoops have been caught concealing spyware in an old Windows logo in an attack on governments in the Middle East.β¦
In Brief The BlackCat ransomware gang, also known as ALPHV, has allegedly broken into IT firm NJVC, a provider of services to civilian US government agencies and the Department of Defense.β¦
Once they've broken into an IT environment, most intruders need less than five hours to collect and steal sensitive data, according to a SANS Institute survey of more than 300 ethical hackers.Β β¦
Microsoft has claimed a North Korean crew poses as LinkedIn recruiters to distribute poisoned versions of open source software packages.β¦
Updated Infosec experts have warned zero-day flaws in Microsoftβs Exchange server are being actively exploited.β¦
Two now-former eBay executives who pleaded guilty to cyberstalking charges this year have been sent down and fined tens of thousands of dollars.β¦
For almost a decade, the US Central Intelligence Agency communicated with informants abroad using a network of websites with hidden communications capabilities.β¦
Discovering and reporting critical security flaws that could allow foreign spies to steal sensitive US government data or launch cyberattacks via the Department of Defense's IT systems doesn't carry a high reward.β¦
Emerging covert malware can target VMware environments to allow criminals to gain persistent administrative access to hypervisors, transfer files, and execute arbitrary commands on virtual machines, according to VMware and Mandiant, which discovered such a software nasty in the wild earlier this year.β¦
Microsoft next month will start phasing out Client Access Rules (CARs) in Exchange Online β and will do away with this means for controlling access altogether within a year.β¦
Four security researchers have identified five cryptographic vulnerabilities in code libraries that can be exploited to undermine Matrix encrypted chat clients. This includes impersonating users and sending messages as them.β¦
Akamai reckons that, in the first half of 2022 alone, it flagged nearly 79 million newly observed domains (NODs) as malicious.β¦
A tool sold on the dark web that allows cybercriminals to build malicious shortcuts for delivering malware is being used in a campaign pushing a longtime .NET keylogger and remote access trojan (RAT) named Agent Tesla.β¦
Apple News shut down Fast Company's news channel after "an incredibly offensive alert" was sent to subscribers following a hack of the business publication on Tuesday evening.β¦
Webinar We all make mistakes. Some happy accidents enhance the way we live. Matches were invented when scientist John Walker was cleaning his laboratory with a wooden stick coated in chemicals and it caught fire. But if you are trying to secure your data, unforced errors are the last thing you need to torch it.β¦