An Azure Active Directory (AAD) misconfiguration by Microsoft in one of its own cloud-hosted applications could have allowed miscreants to subvert the IT giant's Bing search engine β even changing search results.β¦
A fast-evolving toolkit that can be used to compromise email and web hosting services represents a disturbing evolution of attacks in the cloud, which for the most part have previously been confined to mining cryptocurrencies.β¦
Two security firms have found what they believe to be a supply chain attack on communications software maker 3CX β and the vendor's boss is advising users to switch to the progressive web app until the 3CX desktop client is updated.β¦
Some Exchange Online users who have the RPS feature turned off by Microsoft can now have it re-enabled β at least until September when the tool is retired.β¦
Webinar Business email compromise (BEC) is possibly the worst of cybercrimes because it abuses trust. It feeds on relationships carefully nurtured over decades and erodes a confidence which is foundational to cooperation, and progress.β¦
Ambiguity in the Wi-Fi specification has left the wireless networking stacks in various operating systems vulnerable to several attacks that have the potential to expose network traffic.β¦
Google Cloud's recently acquired security outfit Mandiant has named a new nasty from North Korea: a cyber crime gang it calls APT43 and accuses of a five-year rampage.β¦
International Talk Like a Pirate Day is still months away β circle September 19 on your calendar, me hearties! β but The Register has found news of technology smuggling in China that suggests a buccaneering approach to imports.β¦
Clipboard-injector malware disguised as Tor browser installers has been used to steal about $400,000 in cryptocurrency from nearly 16,000 users worldwide so far in 2023, according to Kaspersky researchers.β¦
Updated Microsoft's at-times-glitchy Defender service is again causing headaches for IT admins by flagging legitimate URLs as malicious.β¦
By March 2024, instant messaging and real-time media apps operated by large tech platforms in Europe will be required to communicate with other services, per the EU's Digital Markets Act (DMA).β¦
US authorities have charged FTX co-founder Sam Bankman-Fried (aka SBF) with attempting to bribe Chinese officials with $40 million worth of cryptocurrency in exchange for unfreezing trading accounts.β¦
Sponsored Feature Ransomware may currently be the biggest bogeyman for cybersecurity pros, law enforcement, and governments, but it shouldn't divert us from more traditional, but still very disruptive threats.β¦
Senior Chinese government officials have urged Apple CEO Tim Cook to improve the security and privacy features of his company's products.β¦
Happy belated Patch Tuesday from Cupertino: Apple has issued security updates for almost every piece of code it slings - including a fix for a vulnerability in older iOS devices the iGiant believes is under attack right now.β¦
Updated Google Chat histories handed over by the web giant in ongoing Android antitrust litigation reveal the biz has been systematically destroying evidence, according to those suing the big G.β¦
US president Joe Biden on Monday issued an executive order on the "prohibition on use by the United States government of commercial spyware that poses risks to national security" β a title that is not quite as simple it seems.β¦
New York law firm Heidell, Pittoni, Murphy and Bach (HPMB) has agreed to pay $200,000 to settle a data-breach lawsuit related to the now-notorious Hafnium Microsoft Exchange attacks that siphoned sensitive data from victims around the world.Β β¦
In brief A team of hackers from French security shop Synacktiv have won $100,000 and a Tesla Model 3 after subverting the Muskmobile's entertainment system, and from there opening up the car's core management systems.β¦
Opinion As country after country bans TikTok from official systems, itβs fair to ask whatβs so dodgy about a social network filled with dance crazes, makeup advice and cats.β¦
American cybersecurity officials have released an early-warning system to protect Microsoft cloud users.β¦
GitHub has updated its SSH keys after accidentally publishing the private part to the world. Whoops.β¦
Despite the opposition of 38 civil society groups, the French National Assembly has approved the use of algorithmic video surveillance during the 2024 Paris Olympics.β¦
US Cyber Command operators have confirmed they carried out an online defensive mission in Albania, in response to last year's cyber attacks against the local government.β¦
Devices used in critical infrastructure are riddled with vulnerabilities that can cause denial of service, allow configuration manipulation, and achieve remote code execution, according to security researchers.β¦
Webinar In the distant past, a master forger with a quill could fake a signature on the end of a letter but at least then you had time to consider the potential for fraud before any damage could be done. In the digital age of email, it's increasingly hard to spot a scam's threat to your security and react in time.β¦
Unidentified miscreants have siphoned cryptocurrency valued at more than $1.5 million from Bitcoin ATMs by exploiting an unknown flaw in digicash delivery systems.β¦
Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies βΒ but not before more than 9,000 users installed the account-compromising bot.β¦
Eight very B-list celebrities have agreed to cough up fines after being accused of shilling a cryptocurrency without disclosing they were paid to do so, while the chap who apparently paid them has been charged with fraud.β¦
South Korea's Personal Information Protection Commission has fined McDonald's, British American Tobacco, and Samsung for privacy breaches.β¦
Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers β including one critical command execution vulnerability.Β β¦
Police in Ecuador are investigating attacks on media organizations across the country after a journalist was injured by an exploding USB flash drive.β¦
Remember the Who Targets Me browser extension from privacy activists at Noyb? The group yesterday filed explosive complaints based on log records from the extension that claim six of Germany's political parties broke European data law when they targeted voters on Facebook's adtech platform.β¦
A cyber espionage campaign targeting organizations in Russian-occupied regions of Ukraine is using novel malware to steal data, according to Russia-based infosec software vendor Kaspersky.β¦
India's rules requiring local organizations to report infosec incidents within six hours of detection have been observed by a mere 15 entities/β¦
Russian president Vladimir Putin and his Chinese counterpart Xi Jinping have set themselves the goal of dominating the world of information technology.β¦
BreachForums has reportedly shut down for good, just days after US authorities arrested the online criminal marketplace's alleged chief administrator.β¦
Microsoft has torn the wraps off its multi-cloud security benchmark (MCSB), which replaces the four-year-old Azure Security Benchmark. Crucially, as the name suggests, it now has usage and configuration guidance that reaches into rival environments.β¦
Meta's former security policy manager, who split her time between the US and Greece, is reportedly suing the Hellenic national intelligence service for hacking her phone.β¦
Advisors and staff to Russia's maximum leader have been told to ditch their iPhones by the end of the month. Or, for those who don't want to throw their Apple devices in the bin, the other option is to "give it to the kids," according to a local Kommersant report.β¦
Google has suspended Chinese shopping app Pinduoduo from its Play store because versions of the software found elsewhere have included malware.β¦
Latitude Financial has blamed a supplier for leaking creds that caused vast PII leak Australian outfit Latitude Financial has taken itself offline, and even stopped serving customers, while it tries to clean up an attack on its systems.β¦
Italian automaker Ferrari has warned its well-heeled customers that their personal data may be at risk.β¦
Updated If you've owned a Google Pixel smartphone since the 3 series came out in 2018, bad news: any screenshot that you've cropped or redacted on your Pixel can be potentially restored without much fuss.β¦
The world's oldest national broadcaster, the venerable British Broadcasting Corporation, has told staff they shouldn't keep the TikTok app on a BBC corporate device unless there is a "justified business reason."β¦
Australian airline Qantas issued standing orders to its pilots last week advising them that some of its fleet experienced interference on VHF stations from sources purporting to be the Chinese Military.β¦
In Brief A man accused of being the head of one of the biggest criminal online souks, BreachForums, has been arrested in Peekskill, New York.β¦
Asia In Brief ByteDance, the Chinese developer of TikTok, "can no longer be accurately described as a private enterprise" and is instead intertwined with China's government, according to a report [PDF] submitted to Australia's Select Committee on Foreign Interference through Social Media.β¦
The BianLian gang is ditching the encrypting-files-and-demanding-ransom route and instead is going for full-on extortion.β¦
A Florida healthcare group has settled a class-action lawsuit after thieves stole more than 447,000 patients' names, Social Security numbers, and sensitive medical information, from its servers.β¦
Google security analysts have warned Android device users that several zero-day vulnerabilities in some Samsung chipsets could allow an attacker to completely hijack and remote-control their handsets knowing just the phone number.β¦
A lawsuit filed against eufy security cam maker Anker Tech claims the biz assigns "unique identifiers" to the faces of any person who walks in front of its devices β and then stores that data in the cloud, "essentially logging the locations of unsuspecting individuals" when they stroll past.β¦
Meet the newest member of the crypto rogues' gallery: Ho Wan Kwok, aka Guo Wengui, aka Miles Guo, whom the US Department of Justice on Wednesday arrested over what investigators have described as a "sprawling and complex scheme β¦ to solicit investments in various entities and programs through false statements and representations to hundreds of thousands of Kwok's online followers."β¦
Suspected Chinese spies have exploited a critical Fortinet bug, and used custom networking malware to steal credentials and maintain network access, according to Mandiant security researchers.β¦
In fresh filings in the FTX bankruptcy case, the cryptocurrency-exchange-slash-hedge-fund's liquidators sayΒ they've uncovered $3.2 billion (Β£2.6b) in payments and loans made to disgraced FTX founder Sam Bankman-Fried and his inner circle.Β β¦
Good news for ransomware victims: Kaspersky security researchers say they've cracked the Conti ransomware code and released a decryptor tool after uncovering leaked data belonging to the notorious Russian crime group.β¦
The United Kingdom government has banned use of Chinese social media platform TikTok among ministers and officials on their work devices as a βprecautionaryβ measure over worries the app is used to snoop on Brits.β¦
Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency's Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution.β¦
A cancer patient whose nude medical photos and records were posted online after they were stolen by a ransomware gang, has sued her healthcare provider for allowing the "preventable" and "seriously damaging" leak.β¦
The collapse of Silicon Valley Bank (SVB) late last week sent tremors through the global financial system, creating opportunities for short-sellers β and numerous species of scammer.β¦