Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission (SEC) now investigating the matter, and lots of affected parties seeking compensation.Β β¦
Shadow, which hosts Windows PC gaming in the cloud among other services, has confirmed criminals stole a database containing customer data following a social-engineering attack against one of its employees.β¦
An early ransomware campaign against organizations by exploiting the vulnerability in Progress Software's WS_FTP Server was this week spotted by security researchers.β¦
Perceived weaknesses in the security of Microsoft's Visual Studio IDE are being raised once again this week with a fresh single-click exploit.β¦
35 vulnerabilities in the Squid caching proxy remain unfixed more than two years after being found and disclosed to the open source project's maintainers, according to the person who reported them.β¦
The Everest ransomware group is stepping up its efforts to purchase access to corporate networks directly from employees amid what researchers believe to be a major transition for the cybercriminals.β¦
Sponsored Feature In August 2023, Danish hosting subsidiaries CloudNordic and AzeroCloud were on the receiving end of one of the most serious ransomware attacks ever made public by a cloud services company.β¦
Simpson Manufacturing Company yanked some tech systems offline this week to contain a cyberattack it expects will "continue to cause disruption."β¦
Partner Content According to the Cyber Security Breaches Survey 26 percent of medium businesses, 37 percent of large businesses and 25 percent of high-income charities have experienced cyber crime in the last 12 months.β¦
A US Navy service member pleaded guilty yesterday to receiving thousands of dollars in bribes from a Chinese spymaster in exchange for passing on American military secrets.β¦
Updated After a week of rampant speculation about the nature of the security issues in curl, the latest version of the command line transfer tool was finally released today.β¦
Opinion The UK Extension to the EU-US Data Privacy Framework (aka Data Bridge) will enter into force on October 12, allowing certifying entities to easily transfer personal data from the UK to the US.β¦
Patch Tuesday Microsoft on Tuesday issued more than 100 security updates to fix flaws in its products, including two bugs that are already under active attack, as well as addressing an HTTP/2 weakness that has also been exploited in the wild.β¦
At the fraud trial of former FTX head Sam Bankman-Fried, prosecutors presented the jury with Python code for the FTX backend that allowed flagged client accounts to spend money they didn't have on the cryptocurrency exchange.β¦
A zero-day vulnerability in the HTTP/2 protocol was exploited to launch the largest distributed denial-of-service (DDoS) attack on record, according to Cloudflare.β¦
The infamous Mirai botnet was spotted by researchers who say it is spinning up again, this time with an "aggressively updated arsenal of exploits."β¦
Researchers discovered a high-severity remote code execution (RCE) vulnerability in an inherent component of GNOME-based Linux distros, potentially impacting a huge number of users.β¦
Updated Start your patch engines β a new version of curl is due tomorrow that addresses a pair of flaws, one of which lead developer Daniel Stenberg describes as "probably the worst curl security flaw in a long time."β¦
The time taken by cyber attackers between gaining an initial foothold in a victim's environment and deploying ransomware has fallen to 24 hours, according to a study.β¦
Sponsored The cyber attack which culminated in the personal details of 1.5m patients being compromised after hackers broke into the databases of SingHealth in 2018 provides a stark illustration of why organizations in Singapore need to remain vigilant and well protected against further incidents.β¦
A former US Army Sergeant with Top Secret US military clearance created a Word document entitled "Important Information to Share with Chinese Government," according to an FBI agent's sworn declaration.β¦
Hacktivism efforts have proliferated rapidly in the Middle East following the official announcement of a war between Palestine and Israel.β¦
Volex, the British integrated maker of critical power and data transmission cables, confirmed this morning that intruders accessed data after breaking into its tech infrastructure.β¦
Infosec in brief Bot defense software vendor Human Security last week detailed an attack that "sold off-brand mobile and Connected TV (CTV) devices on popular online retailers and resale sites β¦ preloaded with a known malware called Triada."β¦
The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) are blaming unchanged default credentials as the prime security misconfiguration that leads to cyberattacks.β¦
MGM Resorts has admitted that the cyberattack it suffered in September will likely cost the company at least $100 million.β¦
CDW, one of the largest resellers on the planet, will have its data leaked by LockBit after negotiations over the ransom fee broke down, a spokesperson for the cybercrime gang says.β¦
Sponsored Feature Most of us dislike cyber criminals, but not many of us dislike them quite as much as Anthony Cusimano.β¦
Google has committed to being a little less creepy with user data in response to proceedings from the German Federal Cartel Office (Bundeskartellamt).β¦
Singapore-based infosec outfit Group-IB on Thursday released details of a new Android trojan that exploits the operating system's accessibility features to steal info that enables theft of personal information.β¦
Cisco has issued a security advisory about a vulnerability in its Emergency Responder software that would allow an unauthenticated remote attacker to log in to an affected device using the root account.β¦
Apple has demonstrated that it can more than hold its own among the tech giants, at least in terms of finding itself on the wrong end of zero-day vulnerabilities.β¦
The Lorenz ransomware group leaked the details of every person who contacted it via its online contact form over the course of the last two years.β¦
South Korea's National Intelligence Service (NIS) has warned North Korea is attacking its shipbuilding sector.β¦
Atlassian today said miscreants have exploited a critical bug in on-premises instances of Confluence Server and Confluence Data Center to create and abuse admin accounts within the enterprise colab software.Β Β β¦
Grab security updates for your Linux distributions: there's a security hole that can be fairly easily exploited by rogue users, intruders, and malicious software to gain root access and take over the box.β¦
NATO is "actively addressing" multiple IT security incidents after a hacktivist group claimed it once again breached some of the military alliance's websites, this time stealing what's claimed to be more than 3,000 files and 9GB of data.β¦
New guidelines have been codified to govern the rules of engagement concerning hacktivists involved in ongoing cyber warfare.β¦
The US Fifth Circuit Court of Appeals has modified a ruling from last month to add the Cybersecurity and Infrastructure Security Agency (CISA) to a list of US government entities prohibited from working with social media outfits to curtail the spread of misinformation.Β β¦
A trio of now-patched security issues in TorchServe, an open-source tool for scaling PyTorch machine-learning models in production, could lead to server takeover and remote code execution (RCE), according to security researchers.β¦
The first of two US government prosecutions of former FTX CEO Sam Bankman-Fried commenced in New York on Monday, only a day after the cryptocurrency tycoon sued his own insurance company for failing to cover his legal costs.β¦
The US's Cybersecurity and Infrastructure Security Agency (CISA) has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) Catalog.β¦
Asia in brief Zhu Su, co-founder of fallen crypto business Three Arrows Capital (3AC), was arrested last Friday at Changi Airport in Singapore as he attempted to leave the country.β¦
Updated Security researchers have spotted what they believe to be a "possible mass exploitation" of vulnerabilities in Progress Software's WS_FTP Server.β¦
Interview AWS has unveiled MadPot, its previously secret threat-intelligence tool that one of the cloud giant's security execs tells us has thwarted Chinese and Russian spies β and millions of bots.β¦
Last week the internet was abuzz with talk that Singapore's commercial Changi airport was no longer going to require passports for clearance at immigration. Although it is true the paper documentation will be replaced by biometric measures, it's not quite time to pack the document away.β¦
Infosec in brief Progress Software, maker of the mass-exploited MOVEit document transfer tool, is back in the news with more must-apply security patches, this time for another file-handling product: WS_FTP.β¦
Microsoft introduced its Bing Chat AI search assistant in February and a month later began serving ads alongside it to help cover costs.β¦
A PhD student has been found guilty of building a potentially deadly drone for Islamic State terrorists, in part using his home 3D printer.β¦
Norway has told the European Data Protection Board (EDPB) it believes a countrywide ban on Meta harvesting user data to serve up advertising on Facebook and Instagram should be made permanent and extended across Europe.β¦
Chinese snoops stole about 60,000 State Department emails when they broke into Microsoft-hosted Outlook and Exchange Online accounts belonging to US government officials over the summer.β¦
A privacy panel within the US government today narrowly recommended that Congress reauthorize the Feds' Section 702 spying powers β but with some stronger protections for US citizens only.β¦
DARPA's extended-duration unmanned undersea vehicle (UUV) is having its first aquatic excursion to test if this naval drone has wings, er, fins.β¦
Google's Bard chatbot is currently being re-educated to better understand privacy.β¦
Chinese minister for national security Chen Yixin has penned an article rating the digital risks his country faces and rated network security incidents as the most realistic source of harm to the Chinternet β both in terms of attacks and the dissemination of fake news.β¦
"New Yorkers should not be forced to accept biometric surveillance as part of simple activities like buying groceries or taking their kids to a baseball game," more than 30 civil and digital rights organizations said yesterday in a letter backing new privacy laws in the city.β¦
An engineer has identified longstanding undetected flaws in a 25-year-old method for encrypting data using RSA public-key cryptography.β¦
Canada's Better Outcomes Registry & Network (BORN) fears a MOVEit breach allowed cybercriminals to copy 3.4 million people's childcare health records dating back more than a decade.β¦
The Ukrainian State Service of Special Communications and Information Protection (SSSCIP) has claimed that Russian cyberspies are targeting its servers looking for data about alleged Kremlin-backed war crimes.β¦
Mixin Network confirmd on Monday that it has "temporarily suspended" all deposit and withdrawal services after hackers broke into a database and stole about $200 million in funds from the Hong-Kong based cryptocurrency firm.Β β¦