Login
A trio of now-patched security issues in TorchServe, an open-source tool for scaling PyTorch machine-learning models in production, could lead to server takeover and remote code execution (RCE), according to security researchers.β¦
The first of two US government prosecutions of former FTX CEO Sam Bankman-Fried commenced in New York on Monday, only a day after the cryptocurrency tycoon sued his own insurance company for failing to cover his legal costs.β¦
The US's Cybersecurity and Infrastructure Security Agency (CISA) has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) Catalog.β¦
Asia in brief Zhu Su, co-founder of fallen crypto business Three Arrows Capital (3AC), was arrested last Friday at Changi Airport in Singapore as he attempted to leave the country.β¦
Updated Security researchers have spotted what they believe to be a "possible mass exploitation" of vulnerabilities in Progress Software's WS_FTP Server.β¦
Interview AWS has unveiled MadPot, its previously secret threat-intelligence tool that one of the cloud giant's security execs tells us has thwarted Chinese and Russian spies β and millions of bots.β¦
Last week the internet was abuzz with talk that Singapore's commercial Changi airport was no longer going to require passports for clearance at immigration. Although it is true the paper documentation will be replaced by biometric measures, it's not quite time to pack the document away.β¦
Infosec in brief Progress Software, maker of the mass-exploited MOVEit document transfer tool, is back in the news with more must-apply security patches, this time for another file-handling product: WS_FTP.β¦
Microsoft introduced its Bing Chat AI search assistant in February and a month later began serving ads alongside it to help cover costs.β¦
A PhD student has been found guilty of building a potentially deadly drone for Islamic State terrorists, in part using his home 3D printer.β¦
Norway has told the European Data Protection Board (EDPB) it believes a countrywide ban on Meta harvesting user data to serve up advertising on Facebook and Instagram should be made permanent and extended across Europe.β¦
Chinese snoops stole about 60,000 State Department emails when they broke into Microsoft-hosted Outlook and Exchange Online accounts belonging to US government officials over the summer.β¦
A privacy panel within the US government today narrowly recommended that Congress reauthorize the Feds' Section 702 spying powers β but with some stronger protections for US citizens only.β¦
DARPA's extended-duration unmanned undersea vehicle (UUV) is having its first aquatic excursion to test if this naval drone has wings, er, fins.β¦
Google's Bard chatbot is currently being re-educated to better understand privacy.β¦
Chinese minister for national security Chen Yixin has penned an article rating the digital risks his country faces and rated network security incidents as the most realistic source of harm to the Chinternet β both in terms of attacks and the dissemination of fake news.β¦
"New Yorkers should not be forced to accept biometric surveillance as part of simple activities like buying groceries or taking their kids to a baseball game," more than 30 civil and digital rights organizations said yesterday in a letter backing new privacy laws in the city.β¦
An engineer has identified longstanding undetected flaws in a 25-year-old method for encrypting data using RSA public-key cryptography.β¦
Canada's Better Outcomes Registry & Network (BORN) fears a MOVEit breach allowed cybercriminals to copy 3.4 million people's childcare health records dating back more than a decade.β¦
The Ukrainian State Service of Special Communications and Information Protection (SSSCIP) has claimed that Russian cyberspies are targeting its servers looking for data about alleged Kremlin-backed war crimes.β¦
Mixin Network confirmd on Monday that it has "temporarily suspended" all deposit and withdrawal services after hackers broke into a database and stole about $200 million in funds from the Hong-Kong based cryptocurrency firm.Β β¦
Infosec in brief T-Mobile US has had another bad week on the infosec front β this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied.β¦
Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.β¦
The European Space Agency has signed up to build and launch the European Union's Infrastructure for Resilience, Interconnectivity and Security by Satellite constellation.β¦
A US government worker has been arrested and charged with spying for Ethiopia, according to court documents unsealed Thursday.β¦
Updated Days after a miscreant boasted leaking a 3GB-plus database from TransUnion containing financial information on 58,505 people, the credit-checking agency has claimed the info was actually swiped from a third party.β¦
Cisco is making its most expensive acquisition ever β by far - with an announcement it's buying data crunching software firm Splunk for $157 per share, or approximately $28 billion (Β£22.8b).β¦
The UK data watchdog has penalized five businesses it says collectively made 1.9 million cold calls to members of the public, illegally, as those people had opted out of being menaced at home by marketeers.β¦
India is grappling with a three-and-a-half year surge in cyber crime, with analysis suggesting cities like Bengaluru and Gurugram β centers of India's tech development β are hubs of this activity.β¦
Pizza Hut's Australian outpost has suffered a data breach.β¦
The Snatch ransomware crew has listed on its dark-web site the Florida Department of Veterans Affairs as one of its latest victims β as the Feds warn organizations to be on the lookout for indicators of compromise linked to the extortionist gang.β¦
Signal has adopted a new key agreement protocol in an effort to keep encrypted Signal chat messages protected from any future quantum computers.β¦
The International Criminal Court said crooks breached its IT systems last week, and that attack isn't over yet, with the ICC saying the "cybersecurity incident" is still ongoing.β¦
The ongoing face-off between Washington and Beijing over technology and security issues has taken a new twist, with China accusing the US of hacking into the servers of Huawei in 2009 and conducting other cyber-attacks to steal critical data.β¦
Two Indian nationals have each received 41-month prison sentences in the United States for their involvement in a $1.2 million robocall scam targeting the elderly, according to New Jersey prosecutors on Tuesday.β¦
A sysadmin and his partner pleaded guilty this week to being part of a "massive" international ring that sold software licenses worth $88 million for "significantly below the wholesale price."β¦
Sponsored Post Cyber security remains a top three priority for most, if not all, organisations. The risks associated with failure to implement adequate defences were once again highlighted by the ransomware incident which impacted several hospital computer systems across the US last month.β¦
Singapore officials announced on Monday that next month they will deliver a consultation paper detailing a split liability scheme that will mean both consumers and banks are on the hook for financial losses flowing from scams.β¦
Cavium, a maker of semiconductors acquired in 2018 by Marvell, was allegedly identified in documents leaked in 2013 by Edward Snowden as a vendor of semiconductors backdoored for US intelligence. Marvell denies it or Cavium placed backdoors in products at the behest of the US government.β¦
A Russian national helped smuggle, via shell companies in Hong Kong, more than $1.6 million in microelectronics to Moscow potentially to support its war against Ukraine, it is claimed.β¦
The Clorox Company, makers of bleach and other household cleaning products, doesn't expect operations to return to normal until near month end as it combs over "widescale disruption to operations" caused by cyber baddies.β¦
Australia will build "six cyber shields around our nation" declared home affairs minister Clare O'Neill yesterday, as part of a national cyber security strategy.β¦
About 79 percent of public-facing Juniper SRX firewalls remain vulnerable to a single security flaw can allow an unauthenticated attacker to remotely execute code on the devices, according to threat intelligence platform provider VulnCheck.β¦
Last October, Pennsylvania State University (Penn State) was sued by a former chief information officer for allegedly falsifying government security compliance reports.β¦
A Microsoft employee accidentally exposed 38 terabytes of private data while publishing a bucket of open-source AI training data on GitHub, according to Wiz security researchers who spotted the leaky account and reported it to the Windows giant.β¦
Infosec in brief Californians may be on their way to the nation's first "do not broker" list with the passage of a bill that would create a one-stop service for residents of the Golden State who want to opt out of being tracked by data brokers.Β β¦
As cloud native computing continues to gain popularity, so does the risk posed by criminals seeking to exploit the unwary. One newly spotted method targets services on the AWS platform, but not necessarily the ones you might think.β¦
Israeli software maker Insanet has reportedly developed a commercial product called Sherlock that can infect devices via online adverts to snoop on targets and collect data about them for the biz's clients.β¦
Scattered Spider, the crew behind at least one of the recent Las Vegas casino IT security breaches, has already hit some 100 organizations during its so-far brief tenure in the cybercrime scene, according to Mandiant.β¦
Google has been hit with another lawsuit alleging it deceived users about its collection, storage, and use of their location data, this time from the state of California.Β Yet it's over before it really began.β¦
The UK's Greater Manchester Police (GMP) has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked.β¦
The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization.β¦
Updated Casino giant Caesars Entertainment has confirmed miscreants stole a database containing customer info, including driver license and social security numbers for a "significant number" of its loyalty program members, in a social engineering attack earlier this month.β¦
Cloud-based bug tracking and monitoring platform Rollbar has warned users that attackers have rifled through their data.β¦
Twice delayed and over budget, the US Department of Homeland Security (DHS) has been told by the Government Accountability Office (GAO) that it needs to correct shortcomings in its biometric identification program.β¦
Deepfakes are coming for your brand, bank accounts, and corporate IP, according to a warning from US law enforcement and cyber agencies.β¦
Aerospace giant Airbus has fallen victim to a data breach, thanks in part to the inattention of a third party.β¦
Researchers have found almost 15,000 automotive accounts for sale online and pointed at a credential-stuffing attack that targeted car makers.β¦
Some smart cookies at institutions in China and Singapore have devised a technique for reading keystrokes and pilfering passwords or passcodes from Wi-Fi-connected mobile devices on public networks, without any hardware hacking.β¦
The number of claimants signing up to a collective action against Capita over the infamous March cyber security break-in and subsequent data exposure keeps going up, according to the lawyer overseeing the case.β¦
FreshRSS