The Black Basta ransomware group has reportedly generated upwards of $100 million in revenue since it started operations in April 2022.β¦
Sponsored Post Industrial Control Systems (ICS) which can automate processes, increase productivity and reduce labour costs, are rapidly gaining worldwide enterprise traction.β¦
Multiple Bluetooth chips from major vendors such as Qualcomm, Broadcom, Intel, and Apple are vulnerable to a pair of security flaws that allow a nearby miscreant to impersonate other devices and intercept data.β¦
A US congressional committee has questioned whether Chinese-made Light Detection and Ranging (LiDAR) devices might have a negative impact on national security, and suggested they may therefore be worthy of the same bans that prevent stateside adoption of other tech.β¦
An ex-Motorola Solutions technician in the US has admitted he tried to fraudulently obtain a passport while awaiting trial for a cyberattack on his former employer.β¦
CISA is investigating a cyberattack against a Pennsylvania water authority by suspected Iranian miscreants. The intrusion forced operators to switch a pumping station to manual control.β¦
Okta has admitted that the number of customers affected by its October customer support system data breach is far greater than previously thought.β¦
The Rhysida ransomware group has published most of the data it claimed to have stolen from the British Library a month after the attack was disclosed.β¦
The UK government plans to introduce new legislation to ban SIM farms, which it views as a widely abused means for carrying out cyber fraud.β¦
Reading Borough Council has securely restored its planning portal after facing criticism for recommending questionable tech security practices to users.β¦
Japan's Space Exploration Agency (JAXA) has reported a cyber incident.β¦
Updated A new Plex "feature" has infuriated some users after sharing with others what they are watching on the streaming service. This functionality is on by default.β¦
Partner Content Athena AI, the new generative AI layer that spans across the entire Varonis Data Security Platform, redefines how security teams protect data - from visibility to action.β¦
International law enforcement investigators have made a number of high-profile arrests after tracking a major cybercrime group for more than four years.β¦
Sponsored Post Building an effective cyber security defense involves protecting the assets you know you have as well as the ones you don't.β¦
India's government has granted its Computer Emergency Response Team, CERT-In, immunity from Right To Information (RTI) requests β the nation's equivalent of the freedom of information queries in the US, UK, or Australia.β¦
A Los Angeles man has been jailed after pulling off SIM-swap attacks on victims, hijacking social media accounts, committing fraud with Zelle payments, and impersonating Apple support.β¦
ownCloud has disclosed three critical vulnerabilities, the most serious of which leads to sensitive data exposure and carries a maximum severity score.β¦
Infosec in Brief Cybercriminals working out of Russia go to great lengths to conceal their real identities, and you won't ever find the state trying to unmask them either β as long as they keep supplying the attacks on Axis nations. It's the reason why we found it so amusing that of all the ways the identity of an organized cybercrime gang leader could be revealed, it was Russian state media that may have recently outed someone of note.β¦
Sponsored Post Every organisation needs to make cyber security training a high priority. Effective education is an essential part of improving security practices and fostering a sound security posture.β¦
Opinion The British Libraryβs showpiece site, in a listed red brick building in St Pancras, is presided over by a large bronze sculpture depicting Isaac Newton poring over a document heβs working with, measuring it with dividers.β¦
Terraform Labs founder Do Kwon β a wanted man in both South Korea and the United States β will soon face extradition from Montenegro after a court gave approval for his removal.β¦
China is offering foreign influencers access to its vast market in return for content that sings its praises and helps to spreads Beijing's desired narratives more widely around the world, according to think tank the Australian Strategic Policy Institute (ASPI).β¦
The owner of the e-commerce store management system OpenCart has responded with hostility to a security researcher disclosing a vulnerability in the product.β¦
Fortune 500 insurance biz Fidelity National Financial (FNF) has confirmed that it has fallen victim to a "cybersecurity incident."β¦
The national cybersecurity organizations of the UK and the Republic of Korea (ROK) have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks.Β β¦
A ransomware attack and resulting outages at direct debit collection company London & Zurich has forced at least one customer to take out a short-term loan as six-figure backlogs continue to cause cash flow mayhem.β¦
Sponsored Post Ransomware can hit any organization at any time, and hackers are proving adept at social engineering techniques to gain access to sensitive data in any way they can.β¦
Akamai has uncovered two zero-day bugs capable of remote code execution, both being exploited to distribute the Mirai malware and built a botnet army for distributed denial of service (DDoS) attacks.β¦
Web tracking and analytics outfit New Relic has issued a scanty security advisory warning customers it has experienced a scary cyber something.β¦
Palo Alto Networks' Unit 42 has detailed a pair of job market hacking schemes linked to state-sponsored actors in North Korea: one in which the threat actors pose as job seekers, the other as would-be employers.β¦
Hardware security hackers have detailed how it's possible to bypass Windows Hello's fingerprint authentication and login as someone else β if you can steal or be left alone with their vulnerable device.β¦
The self-described "gay furry hackers" of SiegedSec are back: this time boasting they've broken into America's biggest nuclear power lab's computer systems and stolen records on thousands of employees. Some of that data has already been leaked, it appears.β¦
The US has seized nearly $9 million in proceeds generated by exploiting more than 70 victims across the nation in so-called "pig butchering" scams.β¦
Interview Microsoft's bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade β with $60 million awarded to bug hunters in the past five years alone, according to Redmond.β¦
The UK's Information Commissioner's Office (ICO) is getting tough on website design, insisting that opting out of cookies must be as simple as opting in.β¦
The world's largest cryptocurrency exchange just got a little smaller, with the US Department of Justice announcing Binance and its CEO Changpeng Zhao have both pleaded guilty to a multitude of financial crimes. As a result Binance will fork out $10 billion to Uncle Sam in fines and settlements.β¦
Sumo Logic has confirmed that no customer data was compromised as a result of the potential security breach it discovered on November 3.β¦
Webinar A Software Bill of Materials (SBOM) has become a non-negotiable requirement to meet regulatory and buyer requirements. But does this provide enough protection if it can give only a partial view into interconnected and ever-changing application attack surfaces?β¦
The government of Canada has confirmed its data was accessed after two of its third-party service providers were attacked.β¦
Sponsored Post You can never afford to drop your guard when it comes to cyber security β hackers never do. Β Any weakness in your organisation's defence is certain to be tested at some point.β¦
Quick show of hands: whose data hasn't been stolen in the mass exploitation of Progress Software's vulnerable MOVEit file transfer application? Anyone?β¦
An Atlanta tech company's former COO has pleaded guilty to a 2018 incident in which he deliberately launched online attacks on two hospitals, later citing the incidents in sales pitches.β¦
The Rhysida ransomware group says it's behind the highly disruptive October cyberattack on the British Library, leaking a snippet of stolen data in the process.β¦
Infosec in brief It's that time of year again β NordPass has released its annual list of the most common passwords. And while it seems some of you took last year's chiding to heart, most of you arguably swapped bad for worse.β¦
In response to growing frustrations inside the LockBit organization, its leaders have overhauled the way they negotiate with ransomware victims going forward.β¦
Channel-focused cybersecurity company SonicWall is buying Virginia-based MSSP Solutions Granted β its first acquisition in well over a decade.β¦
Updated The UK division of Samsung Electronics has allegedly alerted customers of a year-long data security breach β the third such incident the South Korean giant has experienced around the world in the past two years.β¦
The FBI is applying "significant" resources to find members of the infamous Scattered Spider cyber-crime crew, which seemingly attacked a couple of high-profile casinos a few months ago and remains active, according to a senior bureau official.β¦
Rackspace's costs from last year's ransomware infection continue to mount. The cloud hosting biz has told America's financial watchdog, the SEC, its total expenses to date regarding that cyberattack have now reached about $11 million, though insurance has helped cover half of that.β¦
Something likely to be absent from Microsoft's Ignite event is talk of a fix rolled out to deal with malfunctioning Windows Server 2022 Virtual Machines following a problematic update from the company.β¦
Updated Affiliates of the ALPHV/BlackCat ransomware-as-a-service operation are turning to malvertising campaigns to establish an initial foothold in their victims' systems.β¦
Royal Mail's parent International Distributions Services has revealed for the first time the infrastructure costs associated with its January ransomware attack.β¦
Swedish digital rights organization Qurium has discovered around 250 cloned websites and suggested they exist to drive people to China-linked gambling sites.β¦
The Clorox Company's chief security officer has left her job in the wake of a corporate network breach that cost the manufacturer hundreds of millions of dollars.β¦
Novel weaknesses in Google Workspace have been exposed by researchers, with exploits potentially leading to ransomware attacks, data exfiltration, and password decryption.β¦
FBI director Christopher Wray made yet another impassioned plea to US lawmakers to kill a proposed warrant requirement for so-called "US person queries" of data collected via the Feds' favorite snooping tool, FISA Section 702.β¦
Sponsored Post Fighting cybercrime demands constant vigilance and can be a huge drain on time and resources. So it's good to know that not every weapon in the armory of the cybersecurity professional has to cost the earth. In fact, there's quite a bit of free stuff out there if you know where to look for it.β¦
Organizations are still failing to implement adequate logging measures, increasing the difficulty faced by defenders and incident responders to identify the cause of infosec attacks.β¦
Patch Tuesday Heads up: Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities β including three that have already been found and abused in the wild.β¦