JD Sports admits intruder accessed 10 million customers' data No payment details exposed in breach, says retailer, but shoppers told to be 'vigilant about potential scams' Cyber-crime30 Jan 2023 | 10
Gee, tanks: Russian hackers DDoS Germany for aiding Ukraine in brief Also: a week of leaks; Riot Games says 'LoL' to source code ransom demands; and Yandex source also appears online Security30 Jan 2023 | 11
Mon Dieu! Suspected French ShinyHunters gang member in the dock Man seized in Morocco is now presumably sleepless in Seattle Cyber-crime28 Jan 2023 | 5
Microsoft to enterprises: Patch your Exchange servers If you want to keep the miscreants out, put the updates in, Redmond says Patches28 Jan 2023 | 10
Uncle Sam slaps $10m bounty on Hive while Russia ban-hammers FBI, CIA New meaning to sweetening the pot Cyber-crime27 Jan 2023 | 4
Savvy cybersecurity pros benefit from host of free resources to step up fight against hackers and cyber threats Sign up to SANS Institute to keep up to speed with all aspects of the fast-evolving infosec sector Sponsored Post
UK Cyber Security Centre's scary new story: One phish, two phish, Russia phish, Iran phish Nice people on LinkedIn want to harvest logins from politicians, boffins, and defense types Cyber-crime27 Jan 2023 | 10
Google slays thousands of fake news vids posted by pro-China group Dragonbridge If you yell 'death to America' and no one watches the video, does it make a sound? Security27 Jan 2023 | 13
FBI smokes ransomware Hive after secretly buzzing around gang's network for months Uncle Sam doles out decryption keys to 300+ victims amid sting op Cyber-crime26 Jan 2023 | 3
Bloke allegedly stole, sold private info belonging to 'tens of millions' globally If true, was it worth the $500k and prison jumpsuit? Cyber-crime26 Jan 2023 | 7
Months after NSA disclosed Microsoft cert bug, datacenters remain unpatched You know when we all said quit using MD5? We really meant it CSO26 Jan 2023 | 3
Microsoft closes another door to attackers by blocking Excel XLL files from the internet More of them used by baddies since Redmond blocked VBA macros Research25 Jan 2023 | 4
Cybersecurity professionals upskill in Brazil and Mexico SANS Institute meets fast-growing demand for cyber security training in Latin America Sponsored Post
Go to security school, GoTo – theft of encryption keys shows you need it Ongoing probe into cloud storage attack finds customer data exfiltrated Security25 Jan 2023 | 49
Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws You know the drill: patch before criminals use these bugs in vRealize to sniff your systems Patches25 Jan 2023 |
FBI catches up with infosec and crypto communities, blames Lazarus Group for $100 million heist Well played, feds. What's next? Ransomware is rampant? Strong passwords are important? Cyber-crime25 Jan 2023 | 3
Apple emits emergency patch for older iPhones after snoops pounce on WebKit hole Also: Yay for Data Privacy Day! Security24 Jan 2023 | 14
Fujitsu: Quantum computers no threat to encryption just yet Heavily hyped tech bound for some sort of milestone by decade end Security24 Jan 2023 |
Microsoft took its macros and went home, so miscreants turned to Windows LNK files Adapt or die Research23 Jan 2023 | 6
So you want to replace workers with AI? Watch out for retraining fees, they're a killer Comment Who said workforce development was just for humans?
Gee, tanks: Russian hackers DDoS Germany for aiding Ukraine in brief Also: a week of leaks; Riot Games says 'LoL' to source code ransom demands; and Yandex source also appears online
Shag pile PC earned techies a carpeting from HR Who, Me? Thankfully a veep with a sense of humor pulled the rug out
After less than half a year, Intel quietly kills RISC-V dev environment Did Pathfinder get lost in Intel's sea of red ink? Or is Chipzilla becoming RISC averse?
WAN router IP address change blamed for global Microsoft 365 outage Command line not vetted using full qualification process, says Redmond. We think it involved chewing gum somewhere
FOSS could be an unintended victim of EU crusade to make software more secure Opinion Don't throw the open source baby out with the bathwater
China stops recognizing online study, orders kids back to foreign unis Asia In Brief PLUS: NTT’s haptics advance; Australia cracks down on influencers; Korean Uni websites hit by Chinese protestors; and more
Oh, 07734! Internet Archive debuts vintage calculator emulator MAME adapted to bring your favorite TI and HP graphing machines back to life
Labyrinth of 371 legacy systems hindered hospital's IT meltdown recovery Guy's and St Thomas' in London spent two months getting back on its feet after heatwave fried datacenter
US authorities release asylum seekers after leaking their data online In brief Also: US terrorist no-fly list found left on unsecured server, Russian dark web drug markets go to war Security23 Jan 2023 | 4
India floats plan to make big tech pay for news, walks back government censorship Asia In Brief PLUS: Taiwan’s new supercomputer; China-linked cybercrims strike; Australian content clampdown; and more Security23 Jan 2023 | 2
Ireland’s privacy watchdog fines WhatsApp €5.5 million You’ve got 6 months to get into compliance, it tells yak-yak app Security20 Jan 2023 | 5
Miscreants sure do love ransacking cloud networks, more so than before Thanks for putting all your data in one basket CSO20 Jan 2023 | 9
Happy Lunar New Year: Beijing warns of enhanced surveillance during celebrations Censors are on the lookout for showering under a waterfall of money, overeating, and more conventional sins Security20 Jan 2023 | 8
Crims steal data on 40 million T-Mobile US customers Sixth snafu in five years? Crooks have this useless carrier on speed dial Cyber-crime20 Jan 2023 | 12
PayPal says crooks poked around 35,000 accounts in credential stuffing attack That passwordless option is looking really good right about now Security19 Jan 2023 | 14
Finally, ransomware victims are refusing to pay up Near 50% drop in extorted dosh ... or so it says here Cyber-crime19 Jan 2023 | 18
University of Texas latest US school to ban TikTok Great, now staff and students can stop scrolling and get back to work Security19 Jan 2023 | 27
Mailchimp 'fesses up to second digital burglary in five months Social engineering helped intruders break into customers' inboxes again Cyber-crime19 Jan 2023 | 11
Ransomware severs 1,000 ships from on-shore servers Get your eyepatch out: Cyber attacks on the high seas are trending Cyber-crime19 Jan 2023 | 24
Thousands of Sophos firewalls still vulnerable out there to hijacking Updated As hundreds of staff axed this week Security18 Jan 2023 | 3
Period-tracking apps, search engines on notice by draft law And no more geofencing around health clinics either Security18 Jan 2023 | 9
Been hit by BianLian ransomware? Here's your get-out-of-jail-free card Avast issues a free decryptor so victims can get their data back Security18 Jan 2023 | 3
Russian criminals can't wait to hop over OpenAI's fence, use ChatGPT for evil Scriptkiddies rush to machine intelligence to make up for lack in skills Security18 Jan 2023 | 10
Nearly 300 MSI motherboards will run any old code in Secure Boot, no questions asked Updated 'I believe they made this change deliberately' claims researcher Security17 Jan 2023 | 13
Microsoft locks door to default guest authentication in Windows Pro Bringing OS version into sync with Enterprise and Education editions CSO17 Jan 2023 | 23
Crypto exchanges freeze accounts tied to North Korea’s notorious Lazarus Group Well whaddya know, the crypto ecosystem did the right thing by stiffing the WannaCry bandits Cyber-crime17 Jan 2023 | 11
Tencent fired 100 people for corruption during 2022 A couple have already been jailed, others shown the door for embezzling or arranging sham contracts Security17 Jan 2023 | 7
For password protection, dump LastPass for open source Bitwarden Opinion After the security breach last summer, staying put is playing with fire Cyber-crime16 Jan 2023 | 131
China aims to grow local infosec industry by 30 percent a year, to $22 billion by 2025 Optimistically suggests international collaboration – including on standards – will help it get there Government Tech Week16 Jan 2023 | 9
NSA asks Congress to let it get on with that warrantless data harvesting, again In brief Also: That Pokemon is actually a RAT, Uncle Sam fails a password audit Security14 Jan 2023 | 24
Russians say they can grab software from Intel again And Windows updates from Microsoft, too Patches14 Jan 2023 | 52
Canadian owes bosses for 'time theft' after work-tracking app sinks tribunal bid She hoped to score thousands but laptop app had other ideas Security13 Jan 2023 | 35
Microsoft Defender ASR rules strip icons, app shortcuts from Taskbar, Start Menu Happy Friday 13th sysadmins! Techies find workarounds but Redmond still 'investigating' Security13 Jan 2023 | 40
Long data privacy notices aren't foolproof, Euro watchdog tells Meta As Meta reels from €390 million EU fine, the 'personalized ads' case might not be over, Max Schrem’s legal group says Security13 Jan 2023 | 4
This can’t be a real bomb threat: You've called a modem, not a phone On-Call Security was nonetheless very, very, interested in hearing this comms engineer tell his tale Security13 Jan 2023 | 178
Euro-cops shut down crypto scam that bilked millions from unwitting punters If the investment opportunity sounds too good to be true … Security13 Jan 2023 | 26
Microsoft fumbles zero trust upgrade for some Asian customers Enhanced access privileges for partners choke on double-byte characters, contribute to global delays Security13 Jan 2023 | 4
Lawyers slam SEC for 'blatant fishing expedition' after Exchange mega-attack Not a 'whiff of wrongdoing' here, says attorney now fighting off Uncle Sam Security12 Jan 2023 | 4
VALL-E AI can mimic a person’s voice from a three-second snippet Are you really saying what I’m hearing? Security12 Jan 2023 | 17
US think tank says China would probably lose if it tries to invade Taiwan But even a short conflict would wreck the economy, which would be bad news for semiconductor supplies Government Tech Week12 Jan 2023 | 58
Royal Mail, cops probe 'cyber incident' that's knackered international mail Final update Don't go postal and call it a cyberattack because nobody knows (yet) what knocked out key system Cyber-crime11 Jan 2023 | 57
AI-generated phishing emails just got much more convincing Did a criminally minded robot write this? In part, yes. Security11 Jan 2023 | 31
Microsoft fixes Windows database connections it broke in November January Patch Tuesday update resolves issue caused by Patch Tuesday update late in '22 Patches11 Jan 2023 | 3
German cartel watchdog objects to the way Google processes user data Not transparent, not specific, and too easy to say yes to Security11 Jan 2023 | 16
Swiss Army's Threema messaging app was full of holes – at least seven At least the penknives are still secure Security11 Jan 2023 | 17
Health insurer Aflac blames US partner for leak of Japanese cancer policy info Zurich’s Japanese outpost also leaks a couple of million records Cyber-crime11 Jan 2023 | 2
Privacy on the line: Boffins break VoLTE phone security Call metadata can be ferreted out Security11 Jan 2023 | 24
First Patch Tuesday of the year explodes with in-the-wild exploit fix Patch Tuesday Plus: Intel, Adobe, SAP and Android bugs Patches11 Jan 2023 | 20
Russian meddling in 2016 US presidential election was weak sauce Boffins find Twitter foreign influence campaign didn't have much pull Security10 Jan 2023 | 59
How to track equipped cars via exploitable e-ink platemaker Miscreants could have tracked, modified, deleted digital plates Research10 Jan 2023 | 90
Wiretap lawsuit accuses Apple of tracking iPhone users who opted out This is the company that claims: 'Privacy. That's iPhone' Security10 Jan 2023 | 10
Pakistan’s government to agencies: Dark web is dangerous, please don’t go there Advice follows embarrassing leak of audio from Prime Minister’s office Security10 Jan 2023 | 12
Homeland Security, CISA builds AI-based cybersecurity analytics sandbox High-spec system is crucial to defending against the latest threats Government Tech Week10 Jan 2023 | 5
US Supremes deny Pegasus spyware maker's immunity claim NSO maintains that it's all legit Security09 Jan 2023 | 28
No more holidays for US telcos, FCC is cracking down In Brief Also, LastPass faces class action, and Louisiana says that, while the internet may be for porn, ID is still required Security08 Jan 2023 | 41
Chinese researchers' claimed quantum encryption crack looks unlikely Near-term vulnerability of RSA-2048 keys not so near, says quantum boffin Scott Aaronson Security07 Jan 2023 | 31
Here's how to remotely take over a Ferrari...account, that is Connected cars. What could possibly go wrong? Security07 Jan 2023 | 86
Freedom for MegaCortex ransomware victims – the fix is out Criminals hit 1,800 victims across 71 countries to the tune of $100m+ Security06 Jan 2023 | 4
Dridex malware pops back up and turns its attention to macOS Malware testers spot attempt to attack Macs. But (try not to weep for the bad guys) there are still compatibility issues with MS exe files Research06 Jan 2023 | 6
JP Morgan must face suit from Ray-Ban maker after crooks drained $272m from accounts Don't masquerade with the guy in shades, oh no Cyber-crime06 Jan 2023 | 17
Rackspace blames ransomware woes on zero-day attack Play gang blamed, ProxyNotShell cleared and hosted Exchange doomed Security05 Jan 2023 | 13
Twitter data dump: 200m+ account database now free to download Updated No passwords, but plenty of stuff for social engineering and doxxing Security05 Jan 2023 | 48
Twitter whistleblower Peiter 'Mudge' Zatko lands new gig at Rapid7 Updated A long way from password crackers for Windows NT for former L0pht legend Security05 Jan 2023 | 8
Ex-GE engineer gets two years in prison after stealing turbine tech for China Beijing isn't the only one spying on work computers, right GE? Security04 Jan 2023 | 19
The Guardian ransomware attack hits week two as staff told to work from home Updated UK data watchdog would like a word over failure to systems Security04 Jan 2023 | 21
Ireland fines Meta $414m for using personal data without asking Updated Facebook, Insta told to pay up, make changes to data slurping process within 3 months Security04 Jan 2023 | 25
PyTorch dependency poisoned with malicious code System data was exfiltrated during attack, but an anonymous person says it was a research project gone wrong Security04 Jan 2023 | 22
LockBit: Sorry about the SickKids ransomware, not sorry about the rest Blame it on the affiliate Security04 Jan 2023 | 16
'Multiple security breaches' shut down trucker protest 10-7, there buddy, sorry Security03 Jan 2023 | 94
Google gets off easy in location tracking lawsuits $29.5 million and we don't have to admit wrongdoing? Where do we sign? Security03 Jan 2023 | 4
US House boots TikTok from government phones ByteDance ban for federal devices awaits Biden’s signature Security28 Dec 2022 | 13
Stolen info on 400m+ Twitter accounts seemingly up for sale Updated Plus: Cracked Piers Morgan spews offensive tweets, not the usual kind Security27 Dec 2022 | 64
Back to work, Linux admins: You may have a CVSS 10 kernel bug to address In brief Also, script kiddies are coming for your gift cards, and Meta's Cambridge Analytica pathetic payout Security24 Dec 2022 | 23
LastPass admits attackers have a copy of customers’ password vaults Thankfully a well encrypted copy that could take an eon to crack, unless users practiced bad password hygiene Security23 Dec 2022 | 121
Crooks copy source code from Okta’s GitHub repository The hack wraps up a year of bad security incidents for identity Security23 Dec 2022 | 13
FCC calls for mega $300 million fine for massive US robocall campaign 5 billion calls over three months. Was your phone spammed? Security22 Dec 2022 | 83
Zerobot malware now shooting for Apache systems Upgraded threat, time to patch Security22 Dec 2022 | 11
Fraudulent ‘popunder’ Google Ad campaign generated millions of dollars The scam was lurking behind the content of an adult website Security22 Dec 2022 | 43
Apple accused of censoring apps in Hong Kong and Russia to maintain market access Activists note absence of VPNs ponder whether Apple may put revenue above human rights in some markets Security22 Dec 2022 | 35
Godfather malware makes banking apps an offer they can’t refuse No horse heads in beds...that we know of Security22 Dec 2022 | 7
Being one of the 1% sucks if you're a Rackspace user Nearly three weeks and no email for customers Security22 Dec 2022 | 49
Microsoft fixes Hyper-V VM problem caused by Patch Tuesday The emergency OOB release should solve those frustrating failures Patches21 Dec 2022 | 2
UK's Guardian newspaper breaks news of ransomware attack on itself Reporters work from home as publication promises Thursday's print edition will hit newstands on time Cyber-crime21 Dec 2022 | 44
NASA infosec again falls short of required US government standard Good thing space agency doesn’t have any state secrets … oh, hang on CSO21 Dec 2022 | 13
Malicious PyPI package found posing as a SentinelOne SDK Security firm tagged with malware misrepresentation Security21 Dec 2022 | 8
Parental control apps prove easy to beat by kids and crims 20m downloads can't be wrong? Or can they? Security21 Dec 2022 | 19