Hyundai and Kia cars were stolen 977 times in New York City in the first four months of 2023, and authorities have had enough.β¦
Webinar Rubrik Zero Lab's annual report on the state of data security is not a comfortable read. And as if to prepare you for what lies inside, the company has called it 'The Hard Truths.'β¦
The timeworn adage that "those who don't learn from history are doomed to repeat it" can certainly be applied to cyber security. Microsoft is hoping to spare enterprises that use its cloud services from repeating history by sharing what it has learned.β¦
Sponsored Feature When Windows 11 launched in October 2021, one of its big selling points was a new security architecture. Microsoft designed it from the ground up with zero-trust principles in mind, refusing to trust the legitimacy of any single system component. Instead, everything must prove that it has not been compromised.β¦
The UK government will set a deadline for removing made-in-China surveillance cameras from "sensitive sites."β¦
Miscreants are using AI to create faked images of a sexual nature, which they then employ in sextortion schemes.β¦
Clop, the ransomware crew that has exploited the MOVEit vulnerability extensively to steal corporate data, has given victims a June 14 deadline to pay up or the purloined information will be leaked.β¦
Feature The world got a first glimpse into the US government's far-reaching surveillance of American citizens' communications βΒ namely, their Verizon telephone calls β 10 years ago this week when Edward Snowden's initial leaks hit the press.β¦
Three supporters of activists against a $90 million police training facility dubbed Cop City were arrested after the cops used PayPal data to bring money-laundering charges against the trio.β¦
The US Ninth Circuit Court of Appeals last week ruled that Enigma Software Group can pursue its long standing complaint against rival security firm Malwarebytes for classifying its software as "potentially unwanted programs" or PUPs.β¦
The US federal government's ban on TikTok has been extended to include devices used by its many contractors - even those that are privately owned. The bottom line: if some electronics are used for government work, it better not have any ByteDance bits on it.Β β¦
Microsoft is being fined $20 million by the US Federal Trade Commission for violating the Children's Online Privacy Protection Act (COPPA) by illegally gathering kids' personal information and retaining it without parental consent.β¦
An American university founded in 1833 is facing a bunch of class action lawsuits after the personal data of nearly 100,000 people was stolen from its tech infrastructure.β¦
The US Securities and Exchange Commission (SEC) has dismissed proceedings against 42 companies and individuals after admitting that its enforcement staff accessed documents that were supposed to be for judges' eyes only.β¦
Microsoft has warned investors about a "non-public" draft decision by Irish regulators against LinkedIn for allegedly dodgy ad data practices, explaining it had set aside some cash to pay off any potential fine.β¦
Sponsored Feature Email is a popular target for cybercriminals, offering an easy way of launching an attack disguised as an innocent message. One moment of inattention on the part of the recipient and the door is open to malware, spam, phishing, perhaps even a dose of the dreaded ransomware. Entire organisations can suffer, not just individual victims.β¦
British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer app.β¦
As much as $35 million worth of cryptocurrency may have been stolen in a large-scale attack on Atomic Wallet users, with one investigator claiming losses could potentially exceed $50 million.β¦
The Qbot malware operation β which started more than a decade ago as banking trojan only to evolve into a backdoor and a delivery system for ransomware and other threats β continues to deftly adapt its techniques to stay ahead of security pros, according to a new report.β¦
Australia's Signals Directorate, the signals intelligence organization, has revealed it employed zero-click attacks on devices used by fighters for Islamic State of Iraq and the Levant (ISIL) β then unleashed the terrifying power of Rick Astley.β¦
infosec in brief Japanese automaker Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment β the same explanation it gave when the same thing happened a couple of weeks ago. It's like a pattern.β¦
In late September 2021, staff at Taiwanese threat intelligence company TeamT5 noticed something very nasty: a fake news report accusing it of conducting phishing attacks against Japan's government and local tech companies.β¦
Feature Assuming the weather and engineering gods cooperate, a US government-funded satellite dubbed Moonlighter will launch at 1212 EDT (1612 UTC) on Sunday, hitching a ride on a SpaceX rocket before being releasing into Earth's orbit.β¦
Malaysia could be putting itself on a collision course with the EU and US as the country looks set to allow Chinese suppliers including Huawei a chance to play a part in its planned 5G network rollout.β¦
Researchers recently uncovered the following novel attack on the Python Package Index (PyPI).β¦
The United States and the Republic of Korea have issued a joint cyber security advisory [PDF] about North Koreas "Kimsuky" cyber crime group.β¦
FAQ You may have seen some headlines about a supply-chain backdoor in millions of Gigabyte motherboards. Here's the lowdown.β¦
Security researchers and the US government have sounded the alarm on a flaw in Progress Software's MOVEit Transfer that criminals have been "mass exploiting" for at least a month to break into IT environments and steal data.β¦
Russian intelligence has accused American snoops and Apple of working together to backdoor iPhones to spy on "thousands" of diplomats worldwide.β¦
Webinar Popular DevOps tools are great when it comes to helping developers optimize digital infrastructure, but there's a potential downside β the hidden risks they can contain which may compromise your supply chain.β¦
America's Federal Trade Commission has made Amazon a case study for every cautionary tale about how sloppily designed internet-of-things devices and associated services represent a risk to privacy β and made the cost of those actions, as alleged, a mere $30.8 million.β¦
A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine, according to Trend Micro analysts.β¦
Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at least two attacks since the beginning of the year.β¦
A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the US border, barring exigent circumstances.β¦
A critical remote command injection vulnerability in some Barracuda Network devices that the vendor patched 11 days ago has been exploited by miscreants β for at least the past seven months.β¦
The criminals who hit one of the biggest government-backed dental care and insurance providers in the US earlier this year hung about for 10 days while they extracted info on nearly 9 million people, including kids from poverty-stricken homes.β¦
SGI may be no more but people are still using its code β and some more of that code may be about to enjoy a revival.β¦
Webinar A software supply chain attack is a hugely painful form of infiltration which can paralyse any business or organization. An attack like a lethal snake bite where the poison silently and swiftly infects your whole software base.β¦
Sponsored Feature What do bears and cyber criminals have in common? Both of them are scary, and they both have the same effect on security teams.β¦
Just days after releasing the second β and supposedly more stable and secure β version of its decentralized finance (DeFi) app, Jimbos Protocol over the weekend was hit by attackers who stole stole 4,090 ETH tokens from the project worth about $7.5 million.β¦
A coalition of 90-plus groups, including Fight for the Future and Mozilla, will descend upon Slack's offices in San Francisco and Denver on Wednesday to ask on the collaboration app to protect users' conversations via end-to-end encryption (E2EE).β¦
Spyware maker NSO Group has a new ringleader, as the notorious biz seeks to revamp its image amid new reports that the company's Pegasus malware is targeting yet more human rights advocates and journalists.β¦
security in brief The fallout from an eight-month-old cyber attack on a county in Long Island, New York has devolved into mud-slinging as leaders try to figure out just what is going on.β¦
The Android Predator spyware has more surveillance capabilities than previously suspected, according to analysis by Cisco Talos, with an assist from non-profit Citizen Lab in Canada.β¦
The US International Trade Administration (ITA) has admitted it promotes the sale of American-approved commercial spyware to foreign governments, and won't answer questions about it, according to US Senator Ron Wyden (D-OR).β¦
BlackByte ransomware crew has claimed Augusta, Georgia, as its latest victim, following what the US city's mayor has, so far, only called a cyber "incident."β¦
Sri Lanka's Ministry of Technology has confirmed it will have a cyber security authority β at some point.β¦
Malware designed to disrupt electric power grids was likely developed by a Russian contractor, according to Mandiant's threat intel team that discovered the malicious software and dubbed it CosmicEnergy.β¦
Register Kettle If there's one thing that's more all the rage these days than this AI hype, it's warrantless spying by the Feds.β¦
The UK Parliament has heard that a facial recognition system used by the Metropolitan police during the Kingβs Coronation can exhibit racial bias at certain thresholds.β¦
China has attacked critical infrastructure organizations in the US using a "living off the land" attack that hides offensive action among everyday Windows admin activity.β¦
Google Play has been caught with its cybersecurity pants down yet again after a once-legit Android screen-and-audio recorder app was updated to include malicious code that listened in on device microphones.β¦
The Philadelphia Inquirer has punched back at the Cuba ransomware gang after the criminals leaked what they said were files stolen from the newspaper.β¦
A former IT security analyst at Oxford Biomedica has admitted, five years after the fact, to turning to the dark side β by hijacking a cyber attack against his own company in an attempt to divert any ransom payments to himself.β¦
When businesses go shopping for IT services, North Korea-controlled companies probably struggle to make it into many lists.β¦
Personal and financial data describing almost 1.9 million Apria Healthcare patients and employees may have been accessed by crooks who breached the company's networks over a series of months in 2019 and 2021.β¦
Dish Network has admitted that a February cybersecurity incident and associated multi-day outage led to the extraction of data on nearly 300,000 people, while also appearing to indirectly admit it may have paid cybercriminals to delete said data.β¦
TikTok, the social video platform used by around 150 million people in the US, is set to hand access to its source code, algorithm and content moderation material to Oracle in a bid to allay data protection and national security concerns stateside.β¦
The FBI has issued a warning about fake job ads that recruit workers into forced labor operations in Southeast Asia β some of which enslave visitors and force them to participate in cryptocurrency scams.β¦
US memory-maker Micron has no idea why Chinese authorities have decided its products represent a security risk, or which customers it's not allowed to sell to.β¦