Asia In Brief India's government has denied its Co-WIN COVID-19 vaccination management platform has leaked data, but ordered an investigation into the program's security.β¦
American prosecutors have unsealed an indictment against two Russians who allegedly had a hand in the ransacking and collapse of Mt Gox a decade ago, an implosion that cost the cryptocurrency exchange's thousands of customers most of their digital coins.β¦
Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN that can be exploited to hijack the equipment.β¦
Miscreants targeting Discord and Twitter accounts have stolen more than $3.3 million in cryptocurrency from 2,300 victims so far in an ongoing campaign that started in April and saw the highest spike in activity earlier this month.β¦
Microsoft stands accused by cyber intelligence firm Hold Security of violating an agreement between the pair by misusing Hold's database of more than 360 million sets of credentials culled from the dark web.β¦
Updated A UK agency for freelance doctors has potentially exposed personal details relating to 3,200 individuals via unsecured S3 buckets, which one expert said could be used to launch ID theft attacks or blackmail.β¦
Infosec in brief Security firms helping Progress Software dissect the fallout from a ransomware attack against its MOVEit file transfer suite have discovered an additional exploitable bug.β¦
Two flaws in Microsoft software are under attack on systems that haven't been patched by admins.β¦
The FBI doesn't want to lose its favorite codified way to spy, Section 702 of the US Foreign Intelligence Surveillance Act. In its latest salvo, the agency's deputy director Paul Abbate called it "absolutely critical for the FBI to continue protecting the American people."β¦
Japanese pharma giant Eisai today confirmed to The Register that "there is no imminent risk of stock shortage" after it was hit by ransomware at the weekend.β¦
Commissioned Commissioned: If you're like most IT leaders, you are facing two uncomfortable realities. The first is that external and internal cybersecurity threats are proliferating from individuals, independent collectives and nation-state attackers. The second is that your computing operating models are becoming more complex, as their tentacles spread across multicloud environments.β¦
Britain's data watchdog has slapped a financial penalty on two energy companies it claims were posing as third parties, including the National Grid and UK government, when making unsolicited marketing calls.β¦
The number of stolen Asian credit card numbers appearing on darkweb crime marts has fallen sharply, cyber security firm Group-IB told Singapore's ATxSG conference on Thursday.β¦
Google says it has fixed a flaw that allowed a scammer to impersonate delivery service UPS on Gmail, after the data-hoarding web behemoth labeled the phony email as authentic.β¦
Cold boot attacks, in which memory chips can be chilled and data including encryption keys plundered, were demonstrated way back in 2008 β but they just got automated.β¦
The North Korean criminal gang Lazarus Group has been blamed for last weekend's attack on Atomic Wallet that drained at least $35 million in cryptocurrency from private accounts.β¦
Barracuda has now told customers to "immediately" replace infected Email Security Gateway (ESG) appliances β even if they have received a patch to fix a critical bug under exploit.β¦
Google Cloud has put $1 million on the table to cover customers' unauthorized compute expenses stemming from cryptomining attacks if its sensors don't spot these illicit miners.β¦
Hyundai and Kia cars were stolen 977 times in New York City in the first four months of 2023, and authorities have had enough.β¦
Webinar Rubrik Zero Lab's annual report on the state of data security is not a comfortable read. And as if to prepare you for what lies inside, the company has called it 'The Hard Truths.'β¦
The timeworn adage that "those who don't learn from history are doomed to repeat it" can certainly be applied to cyber security. Microsoft is hoping to spare enterprises that use its cloud services from repeating history by sharing what it has learned.β¦
Sponsored Feature When Windows 11 launched in October 2021, one of its big selling points was a new security architecture. Microsoft designed it from the ground up with zero-trust principles in mind, refusing to trust the legitimacy of any single system component. Instead, everything must prove that it has not been compromised.β¦
The UK government will set a deadline for removing made-in-China surveillance cameras from "sensitive sites."β¦
Miscreants are using AI to create faked images of a sexual nature, which they then employ in sextortion schemes.β¦
Clop, the ransomware crew that has exploited the MOVEit vulnerability extensively to steal corporate data, has given victims a June 14 deadline to pay up or the purloined information will be leaked.β¦
Feature The world got a first glimpse into the US government's far-reaching surveillance of American citizens' communications βΒ namely, their Verizon telephone calls β 10 years ago this week when Edward Snowden's initial leaks hit the press.β¦
Three supporters of activists against a $90 million police training facility dubbed Cop City were arrested after the cops used PayPal data to bring money-laundering charges against the trio.β¦
The US Ninth Circuit Court of Appeals last week ruled that Enigma Software Group can pursue its long standing complaint against rival security firm Malwarebytes for classifying its software as "potentially unwanted programs" or PUPs.β¦
The US federal government's ban on TikTok has been extended to include devices used by its many contractors - even those that are privately owned. The bottom line: if some electronics are used for government work, it better not have any ByteDance bits on it.Β β¦
Microsoft is being fined $20 million by the US Federal Trade Commission for violating the Children's Online Privacy Protection Act (COPPA) by illegally gathering kids' personal information and retaining it without parental consent.β¦
An American university founded in 1833 is facing a bunch of class action lawsuits after the personal data of nearly 100,000 people was stolen from its tech infrastructure.β¦
The US Securities and Exchange Commission (SEC) has dismissed proceedings against 42 companies and individuals after admitting that its enforcement staff accessed documents that were supposed to be for judges' eyes only.β¦
Microsoft has warned investors about a "non-public" draft decision by Irish regulators against LinkedIn for allegedly dodgy ad data practices, explaining it had set aside some cash to pay off any potential fine.β¦
Sponsored Feature Email is a popular target for cybercriminals, offering an easy way of launching an attack disguised as an innocent message. One moment of inattention on the part of the recipient and the door is open to malware, spam, phishing, perhaps even a dose of the dreaded ransomware. Entire organisations can suffer, not just individual victims.β¦
British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer app.β¦
As much as $35 million worth of cryptocurrency may have been stolen in a large-scale attack on Atomic Wallet users, with one investigator claiming losses could potentially exceed $50 million.β¦
The Qbot malware operation β which started more than a decade ago as banking trojan only to evolve into a backdoor and a delivery system for ransomware and other threats β continues to deftly adapt its techniques to stay ahead of security pros, according to a new report.β¦
Australia's Signals Directorate, the signals intelligence organization, has revealed it employed zero-click attacks on devices used by fighters for Islamic State of Iraq and the Levant (ISIL) β then unleashed the terrifying power of Rick Astley.β¦
infosec in brief Japanese automaker Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment β the same explanation it gave when the same thing happened a couple of weeks ago. It's like a pattern.β¦
In late September 2021, staff at Taiwanese threat intelligence company TeamT5 noticed something very nasty: a fake news report accusing it of conducting phishing attacks against Japan's government and local tech companies.β¦
Feature Assuming the weather and engineering gods cooperate, a US government-funded satellite dubbed Moonlighter will launch at 1212 EDT (1612 UTC) on Sunday, hitching a ride on a SpaceX rocket before being releasing into Earth's orbit.β¦
Malaysia could be putting itself on a collision course with the EU and US as the country looks set to allow Chinese suppliers including Huawei a chance to play a part in its planned 5G network rollout.β¦
Researchers recently uncovered the following novel attack on the Python Package Index (PyPI).β¦
The United States and the Republic of Korea have issued a joint cyber security advisory [PDF] about North Koreas "Kimsuky" cyber crime group.β¦
FAQ You may have seen some headlines about a supply-chain backdoor in millions of Gigabyte motherboards. Here's the lowdown.β¦
Security researchers and the US government have sounded the alarm on a flaw in Progress Software's MOVEit Transfer that criminals have been "mass exploiting" for at least a month to break into IT environments and steal data.β¦
Russian intelligence has accused American snoops and Apple of working together to backdoor iPhones to spy on "thousands" of diplomats worldwide.β¦
Webinar Popular DevOps tools are great when it comes to helping developers optimize digital infrastructure, but there's a potential downside β the hidden risks they can contain which may compromise your supply chain.β¦
America's Federal Trade Commission has made Amazon a case study for every cautionary tale about how sloppily designed internet-of-things devices and associated services represent a risk to privacy β and made the cost of those actions, as alleged, a mere $30.8 million.β¦
A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine, according to Trend Micro analysts.β¦
Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at least two attacks since the beginning of the year.β¦
A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the US border, barring exigent circumstances.β¦
A critical remote command injection vulnerability in some Barracuda Network devices that the vendor patched 11 days ago has been exploited by miscreants β for at least the past seven months.β¦
The criminals who hit one of the biggest government-backed dental care and insurance providers in the US earlier this year hung about for 10 days while they extracted info on nearly 9 million people, including kids from poverty-stricken homes.β¦
SGI may be no more but people are still using its code β and some more of that code may be about to enjoy a revival.β¦
Webinar A software supply chain attack is a hugely painful form of infiltration which can paralyse any business or organization. An attack like a lethal snake bite where the poison silently and swiftly infects your whole software base.β¦
Sponsored Feature What do bears and cyber criminals have in common? Both of them are scary, and they both have the same effect on security teams.β¦
Just days after releasing the second β and supposedly more stable and secure β version of its decentralized finance (DeFi) app, Jimbos Protocol over the weekend was hit by attackers who stole stole 4,090 ETH tokens from the project worth about $7.5 million.β¦
A coalition of 90-plus groups, including Fight for the Future and Mozilla, will descend upon Slack's offices in San Francisco and Denver on Wednesday to ask on the collaboration app to protect users' conversations via end-to-end encryption (E2EE).β¦
Spyware maker NSO Group has a new ringleader, as the notorious biz seeks to revamp its image amid new reports that the company's Pegasus malware is targeting yet more human rights advocates and journalists.β¦