The US Department of Energy and other federal bodies are among a growing list of organizations hit by Russians exploiting the MOVEit file-transfer vulnerability.β¦
Chinese spies are behind the data-stealing malware injected into Barracuda's Email Security Gateway (ESG) devices globally as far back as October 2022, according to Mandiant.β¦
North Korea has created a fake version of South Korea's largest internet portal, Naver, in a large scale phishing attempt, Seoul's National Intelligence Service (NIS) said on Wednesday.β¦
Global nonprofit Women in Cybersecurity (WiCyS), despite months of controversy over the cities named to host its 2024 and 2025 conferences, says it will move forward as planned with the events in Nashville, Tennessee, and Dallas, Texas, respectively.β¦
Seven nations today issued an alert, plus protection tips, about LockBit, the prolific ransomware-as-a-service gang.β¦
Webinar The cloud is floating around everywhere and with the rapid expansion of IT always comes new complexities that alter the threat landscape.β¦
Capita, which is still dealing with a digital break-in that exposed customers' data to criminals, has scored a Β£50 million contract with the City of London police to run contact and engagement services for the force's fraud reporting service.β¦
Sponsored Feature Many organizations are suffering from an identity crisis. Not in the psychological sense, nor in respect to their branding or culture. But in how their IT systems enable employees to access the applications and data they need for work.β¦
A Florida man and his valet appeared in a Miami federal courtroom on Tuesday to respond to criminal charges of document hoarding and related claims.β¦
Microsoft has released security updates for 78 flaws for June's Patch Tuesday, and luckily for admins, none of these are under exploit.β¦
The last of the three men said to be responsible for infecting Windows computers with the banking trojan Gozi has been sentenced to three years.β¦
Webinar It seems no longer possible to imagine whether it's just a case of if a security breach will occur within your organization, or if malicious actors will exploit a vulnerability to play havoc with your data. Rather, it's just a question of when.β¦
Updated Office Open XML (OOXML) Signatures, an Ecma/ISO standard used in Microsoft Office applications and open source OnlyOffice, have several security flaws and can be easily spoofed.β¦
Sponsored Feature When military historians come to chronicle the first 15 months of the Russian invasion of Ukraine, they won't find any shortage of battlefront bulletins to inform their accounts.β¦
Two more organizations hit in the mass exploitation of the MOVEit file-transfer tool have been named β the Minnesota Department of Education in the US, and the UK's telco regulator Ofcom β just days after security researchers discovered additional flaws in Progress Software's buggy suite.β¦
China's cyber-ops against the US have shifted from espionage activities to targeting infrastructure and societal disruption, the director of the Cybersecurity and Infrastructure Security Agency (CISA) Jen Easterly told an Aspen Institute event on Monday.β¦
Asia In Brief India's government has denied its Co-WIN COVID-19 vaccination management platform has leaked data, but ordered an investigation into the program's security.β¦
American prosecutors have unsealed an indictment against two Russians who allegedly had a hand in the ransacking and collapse of Mt Gox a decade ago, an implosion that cost the cryptocurrency exchange's thousands of customers most of their digital coins.β¦
Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN that can be exploited to hijack the equipment.β¦
Miscreants targeting Discord and Twitter accounts have stolen more than $3.3 million in cryptocurrency from 2,300 victims so far in an ongoing campaign that started in April and saw the highest spike in activity earlier this month.β¦
Microsoft stands accused by cyber intelligence firm Hold Security of violating an agreement between the pair by misusing Hold's database of more than 360 million sets of credentials culled from the dark web.β¦
Updated A UK agency for freelance doctors has potentially exposed personal details relating to 3,200 individuals via unsecured S3 buckets, which one expert said could be used to launch ID theft attacks or blackmail.β¦
Infosec in brief Security firms helping Progress Software dissect the fallout from a ransomware attack against its MOVEit file transfer suite have discovered an additional exploitable bug.β¦
Two flaws in Microsoft software are under attack on systems that haven't been patched by admins.β¦
The FBI doesn't want to lose its favorite codified way to spy, Section 702 of the US Foreign Intelligence Surveillance Act. In its latest salvo, the agency's deputy director Paul Abbate called it "absolutely critical for the FBI to continue protecting the American people."β¦
Japanese pharma giant Eisai today confirmed to The Register that "there is no imminent risk of stock shortage" after it was hit by ransomware at the weekend.β¦
Commissioned Commissioned: If you're like most IT leaders, you are facing two uncomfortable realities. The first is that external and internal cybersecurity threats are proliferating from individuals, independent collectives and nation-state attackers. The second is that your computing operating models are becoming more complex, as their tentacles spread across multicloud environments.β¦
Britain's data watchdog has slapped a financial penalty on two energy companies it claims were posing as third parties, including the National Grid and UK government, when making unsolicited marketing calls.β¦
The number of stolen Asian credit card numbers appearing on darkweb crime marts has fallen sharply, cyber security firm Group-IB told Singapore's ATxSG conference on Thursday.β¦
Google says it has fixed a flaw that allowed a scammer to impersonate delivery service UPS on Gmail, after the data-hoarding web behemoth labeled the phony email as authentic.β¦
Cold boot attacks, in which memory chips can be chilled and data including encryption keys plundered, were demonstrated way back in 2008 β but they just got automated.β¦
The North Korean criminal gang Lazarus Group has been blamed for last weekend's attack on Atomic Wallet that drained at least $35 million in cryptocurrency from private accounts.β¦
Barracuda has now told customers to "immediately" replace infected Email Security Gateway (ESG) appliances β even if they have received a patch to fix a critical bug under exploit.β¦
Google Cloud has put $1 million on the table to cover customers' unauthorized compute expenses stemming from cryptomining attacks if its sensors don't spot these illicit miners.β¦
Hyundai and Kia cars were stolen 977 times in New York City in the first four months of 2023, and authorities have had enough.β¦
Webinar Rubrik Zero Lab's annual report on the state of data security is not a comfortable read. And as if to prepare you for what lies inside, the company has called it 'The Hard Truths.'β¦
The timeworn adage that "those who don't learn from history are doomed to repeat it" can certainly be applied to cyber security. Microsoft is hoping to spare enterprises that use its cloud services from repeating history by sharing what it has learned.β¦
Sponsored Feature When Windows 11 launched in October 2021, one of its big selling points was a new security architecture. Microsoft designed it from the ground up with zero-trust principles in mind, refusing to trust the legitimacy of any single system component. Instead, everything must prove that it has not been compromised.β¦
The UK government will set a deadline for removing made-in-China surveillance cameras from "sensitive sites."β¦
Miscreants are using AI to create faked images of a sexual nature, which they then employ in sextortion schemes.β¦
Clop, the ransomware crew that has exploited the MOVEit vulnerability extensively to steal corporate data, has given victims a June 14 deadline to pay up or the purloined information will be leaked.β¦
Feature The world got a first glimpse into the US government's far-reaching surveillance of American citizens' communications βΒ namely, their Verizon telephone calls β 10 years ago this week when Edward Snowden's initial leaks hit the press.β¦
Three supporters of activists against a $90 million police training facility dubbed Cop City were arrested after the cops used PayPal data to bring money-laundering charges against the trio.β¦
The US Ninth Circuit Court of Appeals last week ruled that Enigma Software Group can pursue its long standing complaint against rival security firm Malwarebytes for classifying its software as "potentially unwanted programs" or PUPs.β¦
The US federal government's ban on TikTok has been extended to include devices used by its many contractors - even those that are privately owned. The bottom line: if some electronics are used for government work, it better not have any ByteDance bits on it.Β β¦
Microsoft is being fined $20 million by the US Federal Trade Commission for violating the Children's Online Privacy Protection Act (COPPA) by illegally gathering kids' personal information and retaining it without parental consent.β¦
An American university founded in 1833 is facing a bunch of class action lawsuits after the personal data of nearly 100,000 people was stolen from its tech infrastructure.β¦
The US Securities and Exchange Commission (SEC) has dismissed proceedings against 42 companies and individuals after admitting that its enforcement staff accessed documents that were supposed to be for judges' eyes only.β¦
Microsoft has warned investors about a "non-public" draft decision by Irish regulators against LinkedIn for allegedly dodgy ad data practices, explaining it had set aside some cash to pay off any potential fine.β¦
Sponsored Feature Email is a popular target for cybercriminals, offering an easy way of launching an attack disguised as an innocent message. One moment of inattention on the part of the recipient and the door is open to malware, spam, phishing, perhaps even a dose of the dreaded ransomware. Entire organisations can suffer, not just individual victims.β¦
British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer app.β¦
As much as $35 million worth of cryptocurrency may have been stolen in a large-scale attack on Atomic Wallet users, with one investigator claiming losses could potentially exceed $50 million.β¦
The Qbot malware operation β which started more than a decade ago as banking trojan only to evolve into a backdoor and a delivery system for ransomware and other threats β continues to deftly adapt its techniques to stay ahead of security pros, according to a new report.β¦
Australia's Signals Directorate, the signals intelligence organization, has revealed it employed zero-click attacks on devices used by fighters for Islamic State of Iraq and the Levant (ISIL) β then unleashed the terrifying power of Rick Astley.β¦
infosec in brief Japanese automaker Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment β the same explanation it gave when the same thing happened a couple of weeks ago. It's like a pattern.β¦
In late September 2021, staff at Taiwanese threat intelligence company TeamT5 noticed something very nasty: a fake news report accusing it of conducting phishing attacks against Japan's government and local tech companies.β¦
Feature Assuming the weather and engineering gods cooperate, a US government-funded satellite dubbed Moonlighter will launch at 1212 EDT (1612 UTC) on Sunday, hitching a ride on a SpaceX rocket before being releasing into Earth's orbit.β¦
Malaysia could be putting itself on a collision course with the EU and US as the country looks set to allow Chinese suppliers including Huawei a chance to play a part in its planned 5G network rollout.β¦
Researchers recently uncovered the following novel attack on the Python Package Index (PyPI).β¦
The United States and the Republic of Korea have issued a joint cyber security advisory [PDF] about North Koreas "Kimsuky" cyber crime group.β¦