Login
Updated Former Twitter security chief and whistleblower Peiter "Mudge" Zatko has landed his first official role since he left the company, a part-time job as "executive in residence" with cybersecurity firm Rapid7.β¦
An ex-General Electric engineer has been sentenced to two years in prison after being convicted of stealing the US giant's turbine technology for China.β¦
Updated Long-standing British newspaper The Guardian has told staff to continue working from home and notified the UK's data privacy watchdog about the security breach following a suspected ransomware attack before Christmas.β¦
Updated A legal saga between Meta, Ireland and the European Union has reached a conclusion β at least for now β that forces the social media giant to remove data consent requirements from its terms of service in favor of explicit consent, and subjects it to a few hundred million more euros in fines for the trouble.Β β¦
An unknown attacker used the PyPI code repository to get developers to download a compromised PyTorch dependency that included malicious code designed to steal system data.β¦
Notorious ransomware gang LockBit "formally apologized" for an extortion attack against Canada's largest children's hospital that the criminals blamed on a now-blocked affiliate group, and said it published a free decryptor for the victim to recover the files.β¦
An anti-government protest by truckers in Canada has been called off following "multiple security breaches," according to organizers, who also cited "personal character attacks,"Β as a reason for the withdrawal.β¦
Google has settled two more of the many location tracking lawsuits it had been facing over the past year, and this time the search giant is getting an even better deal: just $29.5 million to resolve complaints filed in Indiana and Washington DC with no admission of wrongdoing.β¦
Blocked by the British government from acquiring Newport Wafer Fab β Britain's largest chip factory β Nexperia has solicited the help of US law firm Akin Gump in the hopes of overturning the ban.β¦
The US government's New Year's resolution for 2023: no more TikTok at work.β¦
Updated A miscreant this Christmas weekend said they are willing to sell public and private info on more than 400 million Twitter accounts.β¦
In brief Merry Christmas, Linux systems administrators: here's a kernel vulnerability with a CVSS score of 10 potentially in your SMB server. It can be exploited to achieve unauthenticated user remote code execution.Β β¦
Password locker LastPass has warned customers that the August 2022 attack on its systems saw unknown parties copy encrypted files that contains customers' stored passwords.β¦
Intruders copied source code belonging to Okta after breaching the identity management company's GitHub repositories.β¦
US regulators want to fine the operators of a claimed massive robocall operation almost $300 million that made more than 5 billion pre-recorded calls over three months early last year.β¦
The Zerobot botnet, first detected earlier this month, is expanding the types of Internet of Things (IoT) devices it can compromise by going after Apache systems.β¦
Sponsored Feature When software vulnerabilities and zero days moved up the enterprise worry list 15 years ago, nobody imagined the world would one day end up with a threat as perplexing as Log4Shell β a vulnerability in the Apache Log4j open source logging framework that's used in software on all major operating systems spanning everything from cloud services to PC games.β¦
Scammers using Google Ads, stolen blog articles, and a "popunder" ad scheme on adult websites pulled in more than $275,000 a month by generating millions of ad impressions every month.β¦
Apple has been accused of selling out human rights for the sake of profit by cooperating with authoritarian censorship demands in China and Russia, according to two reports issued on Thursday.β¦
Crooks are using an Android banking Trojan dubbed Godfather to steal from banking and cryptocurrency exchange app users in 16 countries, according to Group-IB security researchersβ¦
As the Rackspace email fiasco approaches week three with the company's hosted Exchange customers' data in limbo, Rackspace execs still won't put an exact number on how many customers were affected by the ransomware-induced email outage, or when β if β they'll be able to recover their old messages and contacts.β¦
Microsoft has pushed out an emergency fix for a problem in Windows Server caused by patch updates that made it impossible for some organizations to create virtual machines on Hyper-V hosts.β¦
UK broadsheet media outlet The Guardian has become the victim of a ransomware attack which seems to have taken out a large chunk of office-based systems.β¦
The NASA Office of Inspector General (OIG) has published its annual audit of the aerospace agency's infosec capabilities and practices, which earned an overall rating of "Not Effective."β¦
Threat researchers have found a rapidly updated malicious Python package on PyPI masquerading as a legitimate software-development kit (SDK) from cybersecurity firm SentinelOne, but actually contains malware designed to exfiltrate data from infected systems.β¦
Parental control apps may do more harm than good, according to researchers who found 18 bugs in eight Android apps with more than 20 million total downloads that could be exploited to, among many nefarious acts, control other devices on the parents' network.β¦
It took a few years and one temporary halt, but in July Microsoft finally began blocking certain macros by default in Word, Excel, and PowerPoint, cutting off a popular attack vector for those who target users of Microsoft's Windows OS and Office suite.β¦
Two men have been charged with an alleged week-long US swatting spree in which they used stolen Yahoo email credentials to break into Ring door cameras, livestream the events on social media, and then taunt responding police officers.β¦
Two men have been charged for allegedly conspiring with Russian hackers to manipulate the taxi dispatch system at New York's John F. Kennedy International Airport.β¦
Security researchers at Microsoft have discovered a bug in macOS that lets malicious apps bypass Apple's Gatekeeper security software "for initial access by malware and other threats."Β β¦
Sponsored Feature Sovereignty has traditionally been defined as the ability for a state to rule itself and its subjects, and it's been on the agenda since civilisation began. But only recently has digital sovereignty - the ability to control and make decisions about your own digital assets β emerged to become an issue in its own right.β¦
The European Commission last week proposed rules governing the use of Advance Passenger Information in a bid to strengthen border security.β¦
Misconfigured Amazon Web Services S3 buckets belonging to McGraw Hill exposed more than 100,000 students' information as well as the education publishing giant's own source code and digital keys, according to security researchers.β¦
Some users running Windows 10 who installed the KB5021233 cumulative update this month are seeing their operating system crash with the Blue Screen of Death, Microsoft is warning.β¦
Google has added client-side encryption for some email customers, allowing enterprise and education Gmail users to send and receive encrypted messages.β¦
In brief Business email compromise (BEC) continues to be a multibillion-dollar threat, but it's evolving, with the FBI and other federal agencies warning that cybercriminals have started using spoofed emails to steal shipments of physical goods β in this case, food.Β β¦
A bipartisan trio of US lawmakers has proposed a law that pledges as much as $22 million of public funding to help victims of tech-enabled domestic abuse.β¦
A Twitter employee who spied for the Saudi government and royal family has been sentenced to three and half years behind bars in America.β¦
Australia's e-safety commissioner, a government agency charged with keeping citizens safe online, has delivered a report on seven tech platforms' mechanisms to protect children from online sexual abuse β and found most don't respond quickly, or have the processes to do so well.β¦
The United States Department of Commerce has added 36 Chinese companies or subsidiaries to its list of companies that cannot import certain US technologies without a license, citing national security, foreign policy interests, and the possibility that some might help already banned companies to evade restrictions.β¦
The US National Institute of Standards and Technology (NIST) says it's time to retire Secure Hash Algorithm-1 (SHA-1), a 27-year-old weak algorithm used in security applications.β¦
Police around the globe have seized as many as 50 internet domains said to be involved in tens of millions of distributed-denial-of-service (DDoS) attacks worldwide. Seven people were collared during the swoop.β¦
Microsoft has confirmed that from the beginning of 2023, it will introduce an EU Data Boundary solution designed to help customers in the European Union and the European Free Trade Association comply with legislation including the General Data Protection Regulation (GDPR).β¦
Eight braggadocious social media influencers fond of posing next to sportscars are facing charges from the US Securities and Exchange Commission (SEC) and Department of Justice (DoJ), who claim they manipulated their 1.5 million followers in order to help themselves to $100 million in "fraudulent profits."β¦
An Iranian cyber espionage gang with ties to the Islamic Revolutionary Guard Corps has learned new methods and phishing techniques, and aimed them at a wider set of targets β including politicians, government officials, critical infrastructure and medical researchers β according to email security vendor Proofpoint.β¦
Updated There's no end β or restored data β in sight for some Rackspace customers now on day 12 of the company's ransomware-induced hosted Exchange email outage.β¦
Microsoft says it has suspended several third-party developer accounts that submitted malicious Windows drivers for the IT giant to digitally sign so that the code could be used in cyberattacks.β¦
The US Department of Justice unsealed a 16-count indictment today accusing five Russians, an American citizen, and a lawful permanent US resident of smuggling export-controlled electronics and military ammunition out of the United States for the Russian government.β¦
Amazon wants you to know that it's not to blame for the data you've exposed though its cloud storage service. AWS Simple Storage Service (S3) is, after all, simple.β¦
The US government's crackdown on TikTok continues, with the latest salvo being a bipartisan bill that would outright ban the popular social media app from doing business in the country.β¦
Updates to Windows Server that were included in Microsoft's Patch Tuesday batch of fixes this week could trip up users who want to spin up new virtual machines in some Hyper-V hosts.β¦
The EU has issued a draft decision agreeing that measures taken by the United States ensure sufficient protection for personal data to be transferred from the region to US companies.β¦
The China-linked crime gang APT5 is already attacking a flaw in Citrix's Application Delivery Controller (ADC) and Gateway products that the vendor patched today.β¦
Patch Tuesday For its final Patch Tuesday of the year, Microsoft fixed one bug that's already been exploited in the wild β and another that's publicly known.β¦
LockBit claims it was behind a cyber-attack on the California Department of Finance, bragging it stole data during the intrusion.β¦
Uber, which has suffered a few data thefts in its time, is this week dealing with the fallout from yet another β this time from one of its technology suppliers.β¦
Apple tracked users without their consent and deserves to be fined β¬6 million, according to a top advisor to France's data privacy watchdog.Β β¦
A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems.β¦
Pwn2Own paid out almost $1 million to bug hunters at last week's consumer product hacking event in Toronto, but the prize money wasn't big enough attract attempts at cracking the iPhone or Google Pixel because miscreants can score far more from less wholesome sources.β¦
Webinar How does your security team prioritize work? When a new attack from a state actor hits the news, do you know if your team should drop everything to hunt for IOCs? Do you understand your security control coverage for the threat actors that might target your organization? Recently, the Red Canary corporate security team asked itself these questions when it was creating its own threat model.β¦
FreshRSS