Login
A New York fintech biz is set to pay $1 million in fines under a US Securities and Exchange Commission order that claims it advertised "annualized" returns on Titan Crypto of up to 2,700 percent, a number based on a "purely hypothetical account."β¦
Webinar You could be forgiven for wondering if anything can ever again be completely straightforward or demonstrably authentic in a world where generative AI can masquerade convincingly as your mother, or express itself in the exact language your best friend might use.β¦
Updated Apple last year introduced a security feature called App Management that's designed to prevent one application from modifying another without authorization under macOS Ventura β but a developer claims itβs not very good at its job under some circumstances.β¦
A critical authentication bypass bug in MobileIron Sentry has been exploited in the wild, its maker Ivanti said in an advisory on Monday.β¦
With America outspending the rest of the world on space technologies, those systems and their blueprints are a highly alluring and lucrative target for sticky-fingered spies, Uncle Sam has reminded industry.β¦
Insiders are to blame for a May data breach at Tesla, the company claimed in filings after news of the incident was reported months ago by German media.β¦
Users of the popular WinRAR compression and archiving tool should update now to avoid a vulnerability that allows code to be run when a user opens a RAR file.β¦
Opinion Information wants to be free. This usefully ambiguous battle cry has been the mischievous slogan of hackers since early networking thinker Stuart Brand coined it in the early 1980s. Intended as part of a discussion about the inherent contradictions of intellectual property, it has bestowed irony in many other places since.β¦
Infosec in brief Someone at Microsoft has some explaining to do after a messed-up DNS record caused emails sent from accounts using Microsoft's Outlook Hotmail service to be rejected and directed to spam folders starting on Thursday.β¦
An Interpol-led operation arrested 14 suspects and identified 20,674 "suspicious" networks spanning 25 African countries that international cops have linked to more than $40 million in cybercrime losses.β¦
Here's a heads up. Another version of BlackCat ransomware has been spotted extorting victims. This variant embeds two tools, we're told: the network toolkit Impacket for lateral movement within compromised environments, and Remcom for remote code execution.β¦
Analysis Despite the hype around criminals using ChatGPT and various other large language models to ease the chore of writing malware, it seems this generative AI technology isn't terribly good at helping with that kind of work.β¦
Updated Miscreants are actively exploiting critical bugs in two of Citrix's products, both of which the business IT player fixed earlier this summer.β¦
A man was arrested in Northern Ireland for suspected Collection of Terrorist Information following an incident where police mistakenly leaked details that identified 10,000 serving officers, but he has now been released on bail.β¦
Japanβs digital minister has doubled down on a June promise to penalize himself for the poor rollout of the countryβs digital ID, My Number Card, by offering up three months salary on Tuesday.β¦
Vietnamβs Ministry of Information and Communications has admitted the nation has a vast shortfall of infosec pros.β¦
Discord.io has shut down "for the foreseeable future," after crooks stole, and then put up for sale, data belonging to all 760,000 of the service's users.β¦
The Clorox Company has some cleaning up to do as some of its IT systems remain offline and operations "temporarily impaired" following a security breach.β¦
Sponsored Feature Securing the corporate network has never been a simple process, but years ago it was at least a bit more straightforward. Back then, the network perimeter was clear and well defined, and everything inside itΒ was considered trusted and safe. The security team defended against everything outside, established security protocols and deployed security tools, monitored the network gateways, and kept sensitive data as safe as possible.β¦
Norfolk and Suffolk police have stepped forward to admit that a βtechnical issueβ resulted in raw data pertaining to crime reports accidentally being included in Freedom of Information responses.β¦
The former chief executive of a company that was sold to Qualcomm for more than $150 million has pleaded guilty to one count of money laundering relating to a $1.5 million transaction involving proceeds from the deal.β¦
Authorities in the US state of Georgia have indicted a famous Floridian and his loyal associates on counts including theft of data, software, and personal information.β¦
China's Global Times, a state-controlled media outlet, has teased an imminent exposΓ© of alleged US attacks on seismic data measurement stations.β¦
Two Nigerian men have been extradited to the US and were scheduled to appear in deferral court on Monday, charged with sextortion and causing the death of one of their victims: a teen who was found dead from a self-inflicted gunshot wound.β¦
The FBI has warned of a scam in which criminals lure people into installing what they think are pre-release beta-grade phone apps to try out β only for the software to be laced with malware.β¦
Ford has suggested owners of vehicles equipped with its SYNC 3 infotainment system disable the Wi-Fi lest someone nearby exploits a buffer-overflow vulnerability and hijacks the equipment.β¦
Cumbria Constabulary inadvertently published the names and salaries of all its officers and staff online earlier this year, making it the second UK force in a fortnight to admit disclosing personal information about its employees.β¦
Entities using the name and iconography of Anonymous (EUTNAIOA) claim to have conducted cyber protests against the Japanese government for actions related to the release of wastewater from the Fukushima Daini Nuclear Power Plant.β¦
Infosec in brief The July breach of Microsoft Exchange Online by suspected Chinese hackers is the next topic up for review by the Department of Homeland Security's Cyber Safety Review Board (CSRB).Β β¦
Google has started deploying a hybrid key encapsulation mechanism (KEM) to protect the sharing of symmetric encryption secrets during the establishment of secure TLS network connections.β¦
Sam Bankman-Fried (SBF), former chief executive of crypto-disaster FTX, who has been awaiting trial for his firm's failure while in home detention with his family, has been sent to jail for attempting to intimidate witnesses.β¦
Fifteen bugs in Codesys' industrial control systems software could be exploited to shut down power plants or steal information from critical infrastructure environments, experts have claimed.β¦
Interview In the past nine years, Oleg Anashkin, a software developer based in San Jose, California, has received more than 130 solicitations to monetize his Chrome browser extension, Hover Zoom+.β¦
The hacking of the UKβs Electoral Commission was potentially facilitated by the exploitation of a vulnerability in Microsoft Exchange, according to a security expert.β¦
Ecommerce stores using Adobe's open source Magento 2 software are being targeted by an ongoing exploitation campaign based on a critical vulnerability that was patched last year, on February 13, 2022.β¦
The boss of US Cyber Command has opined that China's cyber and surveillance capabilities are not ahead of, or even comparable to, to those of the United States.β¦
A couple of techniques collectively known as TunnelCrack can, in the right circumstances, be used by snoops to force victims' network traffic to go outside their encrypted VPNs, it was demonstrated this week.β¦
Companies that monitor their employees should only do so after they consult with and get consent from the staffers they are watching or tracking.β¦
AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine.β¦
Rapid7 is initiating a restructuring process that will involve shedding 18 percent of its workforce after net losses widened over the most recent quarter.β¦
A spreadsheet containing details of serving Northern Ireland police officers was mistakenly posted online yesterday, potentially endangering the safety of officers, given the volatile politics of the region.β¦
INTERPOL has revealed a successful investigation into a phishing-as-a-service operation named "16shop" with arrests of alleged operators made in Indonesia and Japan and the platform shut down.β¦
Patch Tuesday Microsoft's August patch party seems almost boring compared to the other security fires it's been putting out lately.β¦
Data going back as far as nearly 20 years may have been stolen from the Colorado Department of Higher Education (CDHE) after ransomware extortionists breached the government body's IT systems.β¦
The IT infrastructure of the UK's Electoral Commission was broken into by miscreants, who will have had access to names and addresses of voters, as well as the election oversight body's email and unspecified other systems.β¦
China has released draft regulations to govern the country's facial recognition technology that include prohibitions on its use to analyze race or ethnicity.β¦
Two North Korean hacker groups had access to the internal systems of Russian missile and satellite developer NPO Mashinostoyeniya for five to six months, cyber security firm SentinelOne asserted on Monday. The attack illustrates potential North Korean efforts to advance development of missile and other military tech via cyber espionage.β¦
Stalkerware slinger LetMeSpy will shut down for good this month after a miscreant breached its servers and stole a heap of data in June.β¦
Microsoft has explained why it seemingly took its time to fix a flaw reported to it by infosec intelligence vendor Tenable.β¦
Infosec in brief If you're wondering what patches to prioritize, ponder no longer: An international group of cybersecurity agencies has published a list of the 12 most commonly exploited vulnerabilities of 2022 β a list many will recognize.Β β¦
Two US Navy service members appeared in federal court Thursday accused of espionage and stealing sensitive military information for China in separate cases.β¦
Updated A security engineer at Linux distro maker SUSE has published an advisory for a flaw in the Mozilla VPN client for Linux that has yet to be addressed in a publicly released fix because the disclosure process went off the rails.β¦
Ilya Lichtenstein and Heather Morgan on Thursday pleaded guilty to money-laundering charges related to the 2016 theft of some 120,000 Bitcoins from Hong Kong-based Bitfinex.β¦
An infamous Kremlin-backed gang has been using Microsoft Teams chats in attempts to phish marks in governments, NGOs, and IT businesses, according to the Windows giant.β¦
Hacktivism may have dropped off of organization radars over the past few years, but it is now very visibly coming from what is believed to be Bangladesh, thanks to a group tracked by cybersecurity firm Group-IB.β¦
Staff at NHS Lanarkshire - which serves over half a million Scottish residents - used WhatsApp to swap photos and personal info about patients, including children's names and addresses.β¦
Intruders who exploited a critical Ivanti bug to compromise 12 Norwegian government agencies spent at least four months looking around the organizations' systems and stealing data before the intrusion was discovered and stopped.β¦
An Australian Senate Committee has recommended banning Chinese social media apps in the land down under, on grounds the Communist Party of China uses them to spread propaganda and misinformation.β¦
Interview Open source security biz Socket is extending its source code dependency checker, which previously addressed only JavaScript and Python, by adding support for checking Go code.β¦
Boffins in Austria and Germany have devised a power-monitoring side-channel attack on modern computer chips that exposes sensitive data, but very slowly.β¦
FreshRSS