Hardware security hackers have detailed how it's possible to bypass Windows Hello's fingerprint authentication and login as someone else β if you can steal or be left alone with their vulnerable device.β¦
The self-described "gay furry hackers" of SiegedSec are back: this time boasting they've broken into America's biggest nuclear power lab's computer systems and stolen records on thousands of employees. Some of that data has already been leaked, it appears.β¦
The US has seized nearly $9 million in proceeds generated by exploiting more than 70 victims across the nation in so-called "pig butchering" scams.β¦
Interview Microsoft's bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade β with $60 million awarded to bug hunters in the past five years alone, according to Redmond.β¦
The UK's Information Commissioner's Office (ICO) is getting tough on website design, insisting that opting out of cookies must be as simple as opting in.β¦
The world's largest cryptocurrency exchange just got a little smaller, with the US Department of Justice announcing Binance and its CEO Changpeng Zhao have both pleaded guilty to a multitude of financial crimes. As a result Binance will fork out $10 billion to Uncle Sam in fines and settlements.β¦
Sumo Logic has confirmed that no customer data was compromised as a result of the potential security breach it discovered on November 3.β¦
Webinar A Software Bill of Materials (SBOM) has become a non-negotiable requirement to meet regulatory and buyer requirements. But does this provide enough protection if it can give only a partial view into interconnected and ever-changing application attack surfaces?β¦
The government of Canada has confirmed its data was accessed after two of its third-party service providers were attacked.β¦
Sponsored Post You can never afford to drop your guard when it comes to cyber security β hackers never do. Β Any weakness in your organisation's defence is certain to be tested at some point.β¦
Quick show of hands: whose data hasn't been stolen in the mass exploitation of Progress Software's vulnerable MOVEit file transfer application? Anyone?β¦
An Atlanta tech company's former COO has pleaded guilty to a 2018 incident in which he deliberately launched online attacks on two hospitals, later citing the incidents in sales pitches.β¦
The Rhysida ransomware group says it's behind the highly disruptive October cyberattack on the British Library, leaking a snippet of stolen data in the process.β¦
Infosec in brief It's that time of year again β NordPass has released its annual list of the most common passwords. And while it seems some of you took last year's chiding to heart, most of you arguably swapped bad for worse.β¦
In response to growing frustrations inside the LockBit organization, its leaders have overhauled the way they negotiate with ransomware victims going forward.β¦
Channel-focused cybersecurity company SonicWall is buying Virginia-based MSSP Solutions Granted β its first acquisition in well over a decade.β¦
Updated The UK division of Samsung Electronics has allegedly alerted customers of a year-long data security breach β the third such incident the South Korean giant has experienced around the world in the past two years.β¦
The FBI is applying "significant" resources to find members of the infamous Scattered Spider cyber-crime crew, which seemingly attacked a couple of high-profile casinos a few months ago and remains active, according to a senior bureau official.β¦
Rackspace's costs from last year's ransomware infection continue to mount. The cloud hosting biz has told America's financial watchdog, the SEC, its total expenses to date regarding that cyberattack have now reached about $11 million, though insurance has helped cover half of that.β¦
Something likely to be absent from Microsoft's Ignite event is talk of a fix rolled out to deal with malfunctioning Windows Server 2022 Virtual Machines following a problematic update from the company.β¦
Updated Affiliates of the ALPHV/BlackCat ransomware-as-a-service operation are turning to malvertising campaigns to establish an initial foothold in their victims' systems.β¦
Royal Mail's parent International Distributions Services has revealed for the first time the infrastructure costs associated with its January ransomware attack.β¦
Swedish digital rights organization Qurium has discovered around 250 cloned websites and suggested they exist to drive people to China-linked gambling sites.β¦
The Clorox Company's chief security officer has left her job in the wake of a corporate network breach that cost the manufacturer hundreds of millions of dollars.β¦
Novel weaknesses in Google Workspace have been exposed by researchers, with exploits potentially leading to ransomware attacks, data exfiltration, and password decryption.β¦
FBI director Christopher Wray made yet another impassioned plea to US lawmakers to kill a proposed warrant requirement for so-called "US person queries" of data collected via the Feds' favorite snooping tool, FISA Section 702.β¦
Sponsored Post Fighting cybercrime demands constant vigilance and can be a huge drain on time and resources. So it's good to know that not every weapon in the armory of the cybersecurity professional has to cost the earth. In fact, there's quite a bit of free stuff out there if you know where to look for it.β¦
Organizations are still failing to implement adequate logging measures, increasing the difficulty faced by defenders and incident responders to identify the cause of infosec attacks.β¦
Patch Tuesday Heads up: Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities β including three that have already been found and abused in the wild.β¦
The FBI says it has dismantled another botnet after collaring its operator, who admitted hijacking tens of thousands of machines around the world to create his network of obedient nodes.β¦
Boffins in Germany and Austria have found a flaw in AMD's SEV trusted execution environment that makes it less than trustworthy.β¦
Intel on Tuesday issued an out-of-band security update to address a privilege escalation vulnerability in recent server and personal computer chips.β¦
The FBI and the US govt's Cybersecurity and Infrastructure Security Agency (CISA) have released fresh guidance on the Royal ransomware operation, saying that evidence suggests it may soon undergo a long-speculated rebrand.β¦
A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence.β¦
A set of encryption algorithms used to secure emergency radio communications will enter the public domain after an about-face by the European Telecommunications Standards Institute (ETSI).β¦
The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI).β¦
US-based research group IPVM has accused Chinese video surveillance equipment company Hikvision of engaging with a contract to develop technology that can identify Muslim students that are fasting during Ramadan, based on their dining records.β¦
An academic study has shown how it's possible for someone to snoop on certain devices' SSH connections and, with a bit of luck, impersonate that equipment after silently figuring out the hosts' private RSA keys.β¦
Updated Google has sued three scammers for offering a fake download of its Bard AI chatbot that contained malware capable of stealing credentials for small business' social media accounts.β¦
Danish critical infrastructure faced the biggest online attack in the country's history in May, according to SektorCERT, Denmark's specialist organization for the cybersecurity of critical kit.β¦
Opinion Cybersecurity has many supremely annoying aspects. It soaks up talent, time, and money like the English men's football squad, and like that benighted institution, the results never seem to change.β¦
Webinar It seems counterintuitive to want to lock in a cybercriminal who has crept past all your defences to smuggle data out from under your nose.β¦
Infosec in brief After spending almost a year cleaning up after various security snafus, the UK's Royal Mail had an open redirect flaw on one of its sites, according to infosec types. We're told this vulnerability potentially exposes customers to malware infections and phishing attacks.β¦
Asia in brief Australia's National Cyber Security Coordinator has described an attack on logistics company DP World as a "nationally significant cyber incident."β¦
The LockBit crew is claiming to have leaked all of the data it stole from Boeing late last month, after the passenger jet giant apparently refused to pay the ransom demand.β¦
The founder of the Poloniex has offered to pay off thieves who drained an estimated $120 million of user funds from the cryptocurrency exchange in a raid on Friday.β¦
Short-lived ransomware outfit Ransomed.vc claims to have shut down for good after a number of suspected arrests.β¦
China's largest bank, ICBC, was hit by ransomware that resulted in disruption of financial services (FS) systems on Thursday Beijing time, according to a notice on its website.β¦
Intel has been sued by a handful of PC buyers who claim the x86 goliath failed to act when informed five years ago about faulty chip instructions that allowed the recent Downfall vulnerability, and during that period sold billions of insecure chips.β¦
SolarWinds has come out guns blazing to defend itself following the US Securities and Exchange Commission's announcement that it will be suing both the IT software maker and its CISO over the 2020 SUNBURST cyberattack.β¦
The cybercriminals behind the stream of MOVEit attacks from earlier this year are making use of a zero-day vulnerability in on-prem instances of IT service and help desk software-slinger SysAid.β¦
Blackouts in Ukraine last year were not just caused by missile strikes on the nation but also by a seemingly coordinated cyberattack on one of its power plants. That's according to Mandiant's threat intel team, which said Russia's Sandworm crew was behind the two-pronged power-outage and data-wiping attack.β¦
Infosec bods have detailed an underground cybersecurity tool dubbed Predator AI that not only can be used to compromise poorly secured cloud services and web apps, but has an optional chat-bot assistant that only kinda works.β¦
Microsoft and Meta have very different initiatives to combat misinformation in 2024, slated to be a busy election year all over the globe, but whether they'll be effective is another issue.β¦
Atlassian reassessed the severity rating of the recent improper authorization vulnerability in Confluence Data Center and Server, raising the CVSS score from 9.1 to a maximum of 10.β¦
The Monero Project is admitting that one of its wallets was drained by an unknown source in September, losing the equivalent of around $437,000 at today's exchange rate.β¦
Webinar Daily incursions are underway with the aim of removing every bit of data that you've got - the cyber criminals' aim is to break in and get out again laden with digital booty.β¦
Lawmakers in Europe are expected to adopt digital identity rules that civil society groups say will make the internet less secure and open up citizens to online surveillance.β¦
Microsoft is introducing three Conditional Access policies for sysadmins as it continues to promote the implementation of multi-factor authentication (MFA) in organizations.β¦
The UK government has set in train plans to introduce legislation requiring tech companies to let it know when they plan to introduce new security technologies and could potentially force them to disable when required.β¦