Three unpatched high-severity bugs in the NGINX ingress controller can be abused by miscreants to steal credentials and other secrets from Kubernetes clusters.Β β¦
Security researchers have uncovered a multi-year cryptojacking campaign they claim autonomously clones GitHub repositories and steals their exposed AWS credentials.β¦
Stanford University has confirmed it is "investigating a cybersecurity incident" after an attack last week by the Akira ransomware group.β¦
Security In Brief Notorious ransomware gang LockBit has reportedly exfiltrated βa tremendous amount of sensitive data from aerospace outfit Boeing.β¦
Three years after Apple introduced a menu setting called Private Wi-Fi Address, a way to spoof network identifiers called MAC addresses, the privacy protection may finally work as advertised, thanks to a software fix.β¦
F5 has issued a fix for a remote code execution (RCE) bug in its BIG-IP suite carrying a near-maximum severity score.β¦
Microsoft's latest report on "one of the most dangerous financial criminal groups" operating offers security pros an abundance of threat intelligence to protect themselves from its myriad tactics.β¦
With the assent of King Charles, the United Kingdom's Online Safety Act has become law, one that the British government says will "make the UK the safest place in the world to be online."β¦
Apple pushed several security fixes on Wednesday, including one for all iPhone and iPads used before September last year that has already been exploited by cyber snoops.β¦
Kettle In this week's Kettle the topic is one that's been much in the news this week - the much-underrated insider threat issue.β¦
University researchers have developed a novel exploit that can steal information from virtually all modern Apple Macs, iPhones, and iPads.β¦
ServiceNow is issuing a fix for a flaw that exposes data after a researcher published a method for unauthenticated attackers to steal an organization's sensitive files.β¦
Cybercriminals have Canada in the crosshairs, with five Ontario hospitals and a fresh Spamoflague disinformation campaign targeting "dozens" of Canadian government officials, including the PM.β¦
The Winter Vivern cyber spy group is exploiting an XSS zero-day vulnerability in attacks on European governments.β¦
Webinar It's a challenge to maintain the availability and security of mission critical data in today's environment. As IT teams know only too well, there's no quiet season for enterprise IT operations or cyber threats.β¦
A newly emerged ransomware gang claims to have successfully gained access to the systems of a US plastic surgeon's clinic, leaking patients' pre-operation pictures in an attempt to hurry a ransom payment.β¦
VMware has disclosed a critical vulnerability in its vCenter Server β and that it issued an update to fix it weeks ago, along with patches for unsupported versions of the software.β¦
Video Boffins from ETH Zurich have devised a novel fuzzer for finding bugs in RISC-V chips and have used it to find more than three dozen.β¦
Citrix has urged admins to "immediately" apply a fix for CVE-2023-4966, a critical information disclosure bug that affects NetScaler ADC and NetScaler Gateway, admitting it has been exploited.β¦
A former US National Security Agency techie has plead guilty to six counts of violating the Espionage Act after being caught handing classified information to FBI agents he thought were Russian spies.Β β¦
1Password is confirming it was attacked by cyber criminals after Okta was breached for the second time in as many years, but says customers' login details are safe.β¦
Element, one of the companies behind decentralized comms platform Matrix, says customers are asking it to insert a protective clause from the encryption-busting element of UK government's Online Safety Bill (OSB).β¦
A third-party contractor running a database without password protection exposed more than 500,000 records related to vehicle seizures by the Irish National Police (An Garda SΓochΓ‘na, "Garda").β¦
Sponsored Post The job of the cyber security professional is never easy, and it gets progressively harder with the movement of sensitive data and applications across the multiple different on and off premise systems that make up modern hybrid cloud environments.β¦
China-based scammers are using a combination of fake loan apps and India's real-time mobile payment system, Unified Payments Interface (UPI), to separate victims from their cash, according to a report by threat intel firm CloudSEK.β¦
After a six-day wait, Cisco started rolling out a patch for a critical bug that miscreants had exploited to install implants in thousands of devices. Alas, it seems, the security results have been mixed since the attackers got wise.β¦
The US Capital's election agency says a ransomware crew might have stolen its entire voter roll, which includes the personal information of all registered voters in the District of Columbia.β¦
Microsoft is opening up the early access program for its flagship cybersecurity AI product, which marks the inevitable folding in of Copilot into its infosec suite.β¦
Webinar There is no longer an off button for businesses and organizations, no closed signs, or downtime. This means enterprise IT operations and data assets must be protected round the clock in all operating environments.β¦
A Moldovan who allegedly ran the compromised-credential marketplace E-Root has been extradited from the UK to America to stand trial.β¦
Japanese electronics giant Casio said miscreants broke into its ClassPad server and stole a database with personal information belonging to customers in 149 countries.β¦
Law enforcement agencies have taken over RagnarLocker ransomware group's leak site in an internationally coordinated takedown.β¦
A cybercriminal claims they've uploaded a second batch of stolen profile data from biotech company 23andMe, posting it to the same cybercrime forum that hosted the first batch two weeks ago.β¦
A former IT manager for the US Navy is facing a five-and-a-half year prison sentence for selling thousands of people's personal records on the dark web.β¦
Sponsored Post Organisations that fail to adequately address the potential vulnerabilities that internal employees sometimes encounter when developing an IT security strategy are exposing themselves to potentially catastrophic dangers, infosec experts have warned.β¦
D-Link has confirmed suspicions that it was successfully targeted by cyber criminals, but is talking down the scale of the impact.β¦
An ethical hacker has exploited a bug in the way X truncates URLs to take over a CIA Telegram channel used to receive intelligence.β¦
US authorities have issued an urgent plea to network admins to patch the critical vulnerability in Atlassian Confluence Data Center and Server amid ongoing nation-state exploitation.β¦
Sustainable aviation fuels (SAFs) made from sources other than fossil fuels have the potential to reduce emissions by up to 80 percent, UK researchers have found.β¦
Sponsored Post Imminent changes to cyber security regulations in the US and Europe demand that public and private sector organizations on both side of the Atlantic keep a close eye on their compliance.β¦
An unspecified security incident is forcing many state courts across Kansas to rely on paper filings, and it may have continue to do so for weeks, a state judge has warned.β¦
Security researchers have uncovered a backdoor used in attacks against governments and organizations in the Association of Southeast Asian Nations (ASEAN).β¦
Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission (SEC) now investigating the matter, and lots of affected parties seeking compensation.Β β¦
Shadow, which hosts Windows PC gaming in the cloud among other services, has confirmed criminals stole a database containing customer data following a social-engineering attack against one of its employees.β¦
An early ransomware campaign against organizations by exploiting the vulnerability in Progress Software's WS_FTP Server was this week spotted by security researchers.β¦
Perceived weaknesses in the security of Microsoft's Visual Studio IDE are being raised once again this week with a fresh single-click exploit.β¦
35 vulnerabilities in the Squid caching proxy remain unfixed more than two years after being found and disclosed to the open source project's maintainers, according to the person who reported them.β¦
The Everest ransomware group is stepping up its efforts to purchase access to corporate networks directly from employees amid what researchers believe to be a major transition for the cybercriminals.β¦
Sponsored Feature In August 2023, Danish hosting subsidiaries CloudNordic and AzeroCloud were on the receiving end of one of the most serious ransomware attacks ever made public by a cloud services company.β¦
Simpson Manufacturing Company yanked some tech systems offline this week to contain a cyberattack it expects will "continue to cause disruption."β¦
Partner Content According to the Cyber Security Breaches Survey 26 percent of medium businesses, 37 percent of large businesses and 25 percent of high-income charities have experienced cyber crime in the last 12 months.β¦
A US Navy service member pleaded guilty yesterday to receiving thousands of dollars in bribes from a Chinese spymaster in exchange for passing on American military secrets.β¦
Updated After a week of rampant speculation about the nature of the security issues in curl, the latest version of the command line transfer tool was finally released today.β¦
Opinion The UK Extension to the EU-US Data Privacy Framework (aka Data Bridge) will enter into force on October 12, allowing certifying entities to easily transfer personal data from the UK to the US.β¦
Patch Tuesday Microsoft on Tuesday issued more than 100 security updates to fix flaws in its products, including two bugs that are already under active attack, as well as addressing an HTTP/2 weakness that has also been exploited in the wild.β¦
At the fraud trial of former FTX head Sam Bankman-Fried, prosecutors presented the jury with Python code for the FTX backend that allowed flagged client accounts to spend money they didn't have on the cryptocurrency exchange.β¦
A zero-day vulnerability in the HTTP/2 protocol was exploited to launch the largest distributed denial-of-service (DDoS) attack on record, according to Cloudflare.β¦
The infamous Mirai botnet was spotted by researchers who say it is spinning up again, this time with an "aggressively updated arsenal of exploits."β¦
Researchers discovered a high-severity remote code execution (RCE) vulnerability in an inherent component of GNOME-based Linux distros, potentially impacting a huge number of users.β¦
Updated Start your patch engines β a new version of curl is due tomorrow that addresses a pair of flaws, one of which lead developer Daniel Stenberg describes as "probably the worst curl security flaw in a long time."β¦