Interview Mick Baccio, global security advisor at Splunk, has watched the evolution of election security threats in real time.β¦
Healthcare organization Ascension is the latest of its kind in the US to say its network has been affected by what it believes to be a "cybersecurity event."β¦
Dell has confirmed information about its customers and their orders has been stolen from one of its portals. Though the thief claimed to have swiped 49 million records, which are now up for sale on the dark web, the IT giant declined to say how many people may be affected.β¦
RSAC Digital intruders from China, Russia, and Iran breaking into US water systems this year should be a "wake-up call," according to former National Security Agency cyber boss Rob Joyce.β¦
A crime ring dubbed BogusBazaar has scammed 850,000 people out of tens of millions of dollars via a network of dodgy shopping websites.β¦
Interview As undersea cables carry increasing amounts of information, cyber and physical attacks against them will cause a greater impact on the wider internet.β¦
RSAC There's a way to vastly reduce the scale and scope of ransomware attacks plaguing critical infrastructure, according to CISA director Jen Easterly: Make software secure by design.β¦
Just short of a year after the initial incident, the state of Georgia's higher education government agency has confirmed that it was the victim of an attack on its systems affecting the data of 800,000 people.β¦
UK Government has confirmed a cyberattack on the payroll system used by the Ministry of Defence (MoD) led to "malign" forces accessing data on current and a limited number of former armed forces personnel.β¦
Interview This year is an unfortunate anniversary for information security: We're told it's a decade since ransomware started infecting corporations.β¦
Interview The 33rd RSA Conference is underway this week, and no one feels that more acutely than the cybersecurity event's SVP Linda Gray Martin.β¦
Interview The cybersecurity practices that led up to the stunning Change Healthcare ransomware infection indicate "egregious negligence" on the part of parent company UnitedHealth, according to Tom Kellermann, SVP of cyber strategy at Contrast Security.β¦
RSAC AI is a double-edged sword in that the government can see ways in which the tech can protect and also be used to attack Americans, says US Homeland Security Secretary Alejandro Mayorkas.β¦
A newly discovered vulnerability undermines countless VPN clients in that their traffic can be quietly routed away from their encrypted tunnels and intercepted by snoops on the network.β¦
Interview As ransomware gangs step up their attacks against healthcare, schools, and other US critical infrastructure, CISA is ramping up a program to help these organizations fix flaws exploited by extortionists in the first place.β¦
TikTok and its China-based parent ByteDance sued the US government today to prevent the forced sale or shutdown of the video-sharing giant.β¦
Updated Police have finally named who they firmly believe is the kingpin of the LockBit ransomware ring: Dmitry Yuryevich Khoroshev.β¦
The deadlines associated with CISA's Known Exploited Vulnerabilities (KEV) catalog only apply to federal agencies, but fresh research shows they're having a positive impact on private organizations too.β¦
Exclusive A UK-based physical security business let its guard down, exposing nearly 1.3 million documents via a public-facing database, according to an infosec researcher.β¦
RSAC Ransomware infections have morphed into "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant.β¦
Updated Last week, Apple began requiring iOS developers justify the use of a specific set of APIs that could be used for device fingerprinting.β¦
Updated Cops around the world have relaunched LockBit's website after they shut it down in February β and it's now counting down the hours to reveal documents that could unmask the ransomware group.β¦
Updated Mastodon has pushed back an update that's expected to fully address the issue of link previews sparking accidental distributed denial of service (DDoS) attacks.β¦
A cybersecurity expert could face a 20-year prison sentence after being accused of trying to extort a multinational IT infrastructure services biz to the tune of $1.5 million.β¦
CISA is calling on the software industry to stamp out directory traversal vulnerabilities following recent high-profile exploits of the 20-year-old class of bugs.β¦
Infosec in brief It was just around a year ago that a spate of allegedly Russian-orchestrated cyberattacks hit government agencies in Germany, and now German officials claim to know for a fact who did it: APT28, or Fancy Bear, a Russian threat actor linked to the GRU intelligence service.β¦
interview Police can complain all they like about strong end-to-end encryption making their jobs harder, but it doesn't matter because the technology is here and won't go away.Β β¦
Interview Dating apps ask people to disclose all kinds of personal information in the hope of finding them love, or at least a hook-up.β¦
AI built by Russian infosec firm Kaspersky was used in Russian drones for its war on Ukraine, volunteer intelligence gatherers claim.β¦
interview The more cybersecurity news you read, the more often you seem to see a familiar phrase: Software supply chain (SSC) vulnerabilities. Varun Badhwar, founder and CEO at security firm Endor Labs, doesn't believe that's by coincidence.Β β¦
A Europol-led operation dubbed βPandoraβ has shut down a dozen phone scam centers, and arrested 21 suspects. The cops reckon the action prevented criminals from bilking victims out of more than β¬10 million (Β£8.6 million, $11 million).β¦
Indonesia has acquired spyware and surveillance technologies through a "murky network" that extends into Israel, Greece, Singapore and Malaysia for equipment sourcing, according to Amnesty International.β¦
Exclusive Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week.β¦
Microsoft today said it will now let us common folk β not just commercial subscribers β signΒ into their Microsoft accounts and apps using passkeys with their face, fingerprint, or device PIN.β¦
Miami resident Onur Aksoy has been sentenced to six and a half years in prison for running a multi-million-dollar operation selling fake Cisco equipment that ended up in the US military.β¦
Network admins are being urged to patch a bundle of critical vulnerabilities in ArubaOS that lead to remote code execution as a privileged user.β¦
The US Cybersecurity and Infrastructure Security Agency (CISA) is forcing all federal agencies to patch a critical vulnerability in GitLab's Community and Enterprise editions, confirming it is very much under "active exploit."β¦
Chinese tech companies that serve as important links in the world's digital supply chains are helping Beijing to execute and refine its propaganda strategy, according to an Australian think tank.β¦
A Ukrainian man has been sentenced to almost 14 years in prison and ordered to pay more than $16 million in restitution for his role in infecting thousands of victims with REvil ransomware.β¦
Updated Over a million records describing Australians who visited local pubs and clubs have apparently been posted online.β¦
Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.β¦
Fintech biz Block is reportedly under investigation by US prosecutors over claims by a former employee that lax compliance checks mean its Square and Cash App services may have been used by terrorists β or in countries that US orgs are not permitted to do business.β¦
Jack Blount, the now-ex CEO of Intrusion, has settled with the SEC over allegations he made false and misleading statements about his infosec firm's product as well as his own background and experience.β¦
Sixteen people are facing charges from US prosecutors for allegedly preying on the elderly and scamming them out of millions of dollars.β¦
Aussie airline Qantas says its app is now stable following a data breach that saw boarding passes take off from passengers' accounts.β¦
Updated The open source R programming language β popular among statisticians and data scientists for performing visualization, machine learning, and suchlike β has patched an arbitrary code execution hole that scored a preliminary CVSS severity rating of 8.8 out of 10.β¦
A cyber-thief who snatched tens of thousands of patients' sensitive records from a psychotherapy clinic before blackmailing them and then leaking their files online has been caged for six years and three months.β¦
Updated UnitedHealth CEO Andrew Witty will tell US lawmakers Wednesday the cybercriminals who hit Change Healthcare with ransomware used stolen credentials to remotely access a Citrix portal that didn't have multi-factor authentication enabled.β¦
A former NSA employee has been sentenced to 262 months in prison for attempting to freelance as a Russian spy.β¦
The European Commission has launched formal proceedings against Meta, alleging failure to properly monitor distribution by "foreign actors" of political misinformation before June's European elections.β¦
Apple's grudging accommodation of European antitrust rules by allowing third-party app stores on iPhones has left users of its Safari browser exposed to potential web activity tracking.β¦
The FCC on Monday fined four major US telcos almost $200 million for "illegally" selling subscribers' location information to data brokers.β¦
Google says it stopped 2.28 million Android apps from being published in its official Play Store last year because they violated security rules.β¦
Updated Canadian pharmacy chain London Drugs closed all of its stores over the weekend until further notice following a "cybersecurity incident."β¦
The French government has tabled an offer to buy key assets of ailing IT giant Atos after the company late last week almost doubled its estimate of the cash it will need to stay afloat in the near future.β¦
Smart device manufacturers will have to play by new rules in the UK as of today, with laws coming into force to make it more difficult for cybercriminals to break into hardware such as phones and tablets.β¦
The UK Competition and Markets Authority (CMA) still has privacy and competition concerns about Google's Privacy Sandbox advertising toolkit, which explains why the ad giant recently again delayed its plan to drop third-party cookies in Chrome until 2025.β¦
Sponsored Feature As business enters the 2020s, organizations find themselves protecting fast-expanding digital estates using security concepts that are decades old.β¦
Updated - Infosec in brief They say sunlight is the best disinfectant, and that appears to have been true in the case of Discord data harvesting site Spy.pet β as it was recently and swiftly dismantled after its existence and purpose became known.β¦
Millions of Kaiser Permanente patients' data was likely handed over to Google, Microsoft Bing, X/Twitter, and other third-parties, according to the American healthcare giant.β¦