Login
Bug hunters who found security holes in Google β and also responsibly disclosed details of those flaws to the Chocolate Factory β earned more than $12 million in bounty rewards in 2022, marking a record year for the corporation's Vulnerability Reward Programs (VRPs) in terms of payouts and number of vulnerabilities found and fixed.β¦
British law practices of "all sizes and types" have been warned by GCHQ's cyberspy arm that their "widespread adoption of hybrid working" combined with the large sums of money they handle is making them a target.β¦
Webinar The explosion in remote working since the pandemic means the number of people doing their job from home has more than doubled in the UK.β¦
Malware intended to spread on USB drives is unintentionally infecting networked storage devices, according to infosec vendor Checkpoint.β¦
China has a playbook to use IP theft to seize leadership in cloud computing, and other nations should band together to stop that happening, according to Nathaniel C. Fick, the US ambassador-at-large for cyberspace and digital policy.β¦
BlackLotus, the malware capable of bypassing Secure Boot protections and compromising Windows computers, has caught the ire of the NSA, which today published a guide to help organizations detect and prevent infections of the UEFI bootkit.β¦
Ransomware gang BlackCat claims it infected a plastic surgery center, stole "lots" of highly sensitive medical records, and has vowed to leak patients' photos if the clinic doesn't pay up.β¦
Sponsored Feature Friday the 10 of December 2021 is etched in the memory of many IT professionals, but not for reasons they will look back on with fondness. That was the day, just as most American workers were logging off for a long weekend, when a critical vulnerability in an obscure but essential piece of software code first came to widespread attention.β¦
Japanese prime minister Fumio Kishida has ordered an emergency review of the nation's ID Cards, amid revelations of glitches and data leaks that threaten the government's digital services push.β¦
Webinar The one thing a cyber security team can rarely afford to do is relax its vigilance. But count the collective manhours spent on the frontline and the figure starts to look unsustainable, leaving many organizations with little choice but to engage with technology to help defend against malign intent.β¦
Miscreants are right now exploiting two security bugs for which patches exist, one in a VMware network and applications monitoring tool and the other in some TP-Link routers.β¦
Whoever is infecting people's iPhones with the TriangleDB spyware may be targeting macOS computers with similar malware, according to Kaspersky researchers.β¦
The Federal Trade Commission has alleged that genetic testing firm 1Health.io, also known as Vitagene, deceived people when it said it would dispose of their physical DNA sample as well as their collected health data.β¦
Sponsored Post Cybercrime is a global phenomenon, but the effectiveness of measures put in place to fight it varies considerably from one region to another.β¦
Mondelez International has warned 51,000 of its past and present employees that their personal information has been stolen from a law firm hired by the Oreo and Ritz cracker giant.β¦
Reddit this week confirmed ransomware gang BlackCat, aka AlphaV, broke into its corporate systems in February.β¦
UPDATED Singapore-based threat intelligence outfit Group-IB has found ChatGPT credentials in more than 100,000 stealer logs traded on the dark web in the past year.β¦
An infosec incident at a major Australian law firm has sparked fear among the nation's governments, banks and businesses β and a free speech debate.β¦
Infosec in brief Remember earlier this year, when we found out that a bunch of baddies including at least one nation-state group broke into a US federal government agency's Microsoft Internet Information Services (IIS) web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution?β¦
Sponsored Feature Life is tougher than ever for security pros facing a rising tide of cyberattacks. And adversaries are becoming more adept than ever at using diverse methods and technologies to scale up assaults on their selected targets.β¦
In the murky world of political and corporate spin, announcing bad news on Friday afternoon β a time when few media outlets are watching, and audiences are at a low ebb β is called "taking out the trash." And thatβs what Microsoft appears to have done last Friday.β¦
Progress Software on Friday issued a fix for a third critical bug in its MOVEit file transfer suite, a vulnerability that had just been disclosed the day earlier.β¦
FBI agents have arrested a Russian man suspected of being part of the Lockbit ransomware gang. An unsealed complaint alleges the 20-year-old was an Apple fanboy, an online gambler, and scored 80 percent of at least one ransom payment given to the criminals.β¦
Capita is facing its first legal claim over the high profile digital burglary in late March that exposed some customer data to intruders and will cost the outsourcing biz around Β£20 million ($26 million) to clean up.β¦
Here's a curious tale about a highly destructive yet flaky Kremlin-backed crew that was active during the early days of Russia's invasion of Ukraine, then went relatively quiet β until this year.β¦
European commissioner Thierry Breton wants Huawei and ZTE barred throughout the EU, and revealed plans to remove kit made by the Chinese telecom vendors from the Commission's internal networks.β¦
The US Department of Energy and other federal bodies are among a growing list of organizations hit by Russians exploiting the MOVEit file-transfer vulnerability.β¦
Chinese spies are behind the data-stealing malware injected into Barracuda's Email Security Gateway (ESG) devices globally as far back as October 2022, according to Mandiant.β¦
North Korea has created a fake version of South Korea's largest internet portal, Naver, in a large scale phishing attempt, Seoul's National Intelligence Service (NIS) said on Wednesday.β¦
Global nonprofit Women in Cybersecurity (WiCyS), despite months of controversy over the cities named to host its 2024 and 2025 conferences, says it will move forward as planned with the events in Nashville, Tennessee, and Dallas, Texas, respectively.β¦
Seven nations today issued an alert, plus protection tips, about LockBit, the prolific ransomware-as-a-service gang.β¦
Webinar The cloud is floating around everywhere and with the rapid expansion of IT always comes new complexities that alter the threat landscape.β¦
Capita, which is still dealing with a digital break-in that exposed customers' data to criminals, has scored a Β£50 million contract with the City of London police to run contact and engagement services for the force's fraud reporting service.β¦
Sponsored Feature Many organizations are suffering from an identity crisis. Not in the psychological sense, nor in respect to their branding or culture. But in how their IT systems enable employees to access the applications and data they need for work.β¦
A Florida man and his valet appeared in a Miami federal courtroom on Tuesday to respond to criminal charges of document hoarding and related claims.β¦
Microsoft has released security updates for 78 flaws for June's Patch Tuesday, and luckily for admins, none of these are under exploit.β¦
The last of the three men said to be responsible for infecting Windows computers with the banking trojan Gozi has been sentenced to three years.β¦
Webinar It seems no longer possible to imagine whether it's just a case of if a security breach will occur within your organization, or if malicious actors will exploit a vulnerability to play havoc with your data. Rather, it's just a question of when.β¦
Updated Office Open XML (OOXML) Signatures, an Ecma/ISO standard used in Microsoft Office applications and open source OnlyOffice, have several security flaws and can be easily spoofed.β¦
Sponsored Feature When military historians come to chronicle the first 15 months of the Russian invasion of Ukraine, they won't find any shortage of battlefront bulletins to inform their accounts.β¦
Two more organizations hit in the mass exploitation of the MOVEit file-transfer tool have been named β the Minnesota Department of Education in the US, and the UK's telco regulator Ofcom β just days after security researchers discovered additional flaws in Progress Software's buggy suite.β¦
China's cyber-ops against the US have shifted from espionage activities to targeting infrastructure and societal disruption, the director of the Cybersecurity and Infrastructure Security Agency (CISA) Jen Easterly told an Aspen Institute event on Monday.β¦
Asia In Brief India's government has denied its Co-WIN COVID-19 vaccination management platform has leaked data, but ordered an investigation into the program's security.β¦
American prosecutors have unsealed an indictment against two Russians who allegedly had a hand in the ransacking and collapse of Mt Gox a decade ago, an implosion that cost the cryptocurrency exchange's thousands of customers most of their digital coins.β¦
Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN that can be exploited to hijack the equipment.β¦
Miscreants targeting Discord and Twitter accounts have stolen more than $3.3 million in cryptocurrency from 2,300 victims so far in an ongoing campaign that started in April and saw the highest spike in activity earlier this month.β¦
Microsoft stands accused by cyber intelligence firm Hold Security of violating an agreement between the pair by misusing Hold's database of more than 360 million sets of credentials culled from the dark web.β¦
Updated A UK agency for freelance doctors has potentially exposed personal details relating to 3,200 individuals via unsecured S3 buckets, which one expert said could be used to launch ID theft attacks or blackmail.β¦
Infosec in brief Security firms helping Progress Software dissect the fallout from a ransomware attack against its MOVEit file transfer suite have discovered an additional exploitable bug.β¦
Two flaws in Microsoft software are under attack on systems that haven't been patched by admins.β¦
The FBI doesn't want to lose its favorite codified way to spy, Section 702 of the US Foreign Intelligence Surveillance Act. In its latest salvo, the agency's deputy director Paul Abbate called it "absolutely critical for the FBI to continue protecting the American people."β¦
Japanese pharma giant Eisai today confirmed to The Register that "there is no imminent risk of stock shortage" after it was hit by ransomware at the weekend.β¦
Commissioned Commissioned: If you're like most IT leaders, you are facing two uncomfortable realities. The first is that external and internal cybersecurity threats are proliferating from individuals, independent collectives and nation-state attackers. The second is that your computing operating models are becoming more complex, as their tentacles spread across multicloud environments.β¦
Britain's data watchdog has slapped a financial penalty on two energy companies it claims were posing as third parties, including the National Grid and UK government, when making unsolicited marketing calls.β¦
The number of stolen Asian credit card numbers appearing on darkweb crime marts has fallen sharply, cyber security firm Group-IB told Singapore's ATxSG conference on Thursday.β¦
Google says it has fixed a flaw that allowed a scammer to impersonate delivery service UPS on Gmail, after the data-hoarding web behemoth labeled the phony email as authentic.β¦
Cold boot attacks, in which memory chips can be chilled and data including encryption keys plundered, were demonstrated way back in 2008 β but they just got automated.β¦
The North Korean criminal gang Lazarus Group has been blamed for last weekend's attack on Atomic Wallet that drained at least $35 million in cryptocurrency from private accounts.β¦
Barracuda has now told customers to "immediately" replace infected Email Security Gateway (ESG) appliances β even if they have received a patch to fix a critical bug under exploit.β¦
Google Cloud has put $1 million on the table to cover customers' unauthorized compute expenses stemming from cryptomining attacks if its sensors don't spot these illicit miners.β¦
FreshRSS