News

$10M bounty for anyone with info leading to Alireza Shafie Nasab's identification or location

The US Department of Justice has unsealed an indictment accusing an Iranian national of a years-long campaign that compromised hundreds of thousands of accounts and attempting to infiltrate US defense contractors and multiple government agencies.…

Everything you need to know about quantum safe encryption

Webinar  The quantum threat might seem futuristic, more like something you'd encounter in a science fiction film. But it's arguably already a danger to real cyber security defences.…

Data watchdog reprimands police force for mixing up 2 people with same name and birthday with disastrous results

The UK's Information Commissioner's Office has put the West Midlands Police (WMP) on the naughty step after the force was found to have repeatedly mixed up two people's personal data for years.…

How zero trust controls and Google AI can strengthen your organization’s defences

Webinar  Dealing with cyber security incidents is an expensive business. Each data breach costs an estimated $4.35 million on average and it's not as if the volume of cyber attacks is falling - last year, they rose by 38 percent according to Google Cloud.…

No mere mea culpa would suffice after 9.2 million records leaked over a decade, warnings were ignored, and lies were told

NTT West president Masaaki Moribayashi announced his resignation on Thursday, effective at the end of March, in atonement for the leak of data pertaining to 9.28 million customers that came to light last October.…

Cloned then compromised, bad repos are forked faster than they can be removed

A malware distribution campaign that began last May with a handful of malicious software packages uploaded to the Python Package Index (PyPI) has spread to GitHub and expanded to reach at least 100,000 compromised repositories.…

Those little popups may reveal location, device details, IP address, and more

More than 130 petitions seeking access to push notification metadata have been filed in US courts, according to a Washington Post investigation – a finding that underscores the lack of privacy protection available to users of mobile devices.…

Choose your own FISA Section 702 adventure: End-run around lawmakers or business as usual?

The Biden Administration has asked a court, rather than Congress, to renew controversial warrantless surveillance powers used by American intelligence and due to expire within weeks. It's a move that is either business as usual or an end-run around spying reforms, depending on who in Washington you believe.…

No Chinese automakers sell cars in the US, but the feds are still going to investigate whether they're a threat

Concerned over the chance that Chinese-made cars could pose a future threat to national security, Biden's administration is proposing plans to probe potential threats posed by "connected" vehicles made in the Middle Kingdom.…

Analysts warn of big leap in cred-harvesting malware activity last year

There appears to be an uptick in interest among cybercriminals in infostealers – malware designed to swipe online account passwords, financial info, and other sensitive data from infected PCs – as a relatively cheap and easy way to get a foothold in organizations' IT environments to deploy devastating ransomware.…

GDPR claim alleges Facebook parent's 'commercial surveillance practices are fundamentally illegal'

Consumer groups are filing legal complaints in the EU in a coordinated attempt to use data protection law to stop Meta from giving local users a "fake choice" between paying up and consenting to data collection.…

Tried to speed boot times, maybe by messing with 'Windows source code', ended up building a viral on-ramp

Chinese PC maker Acemagic has admitted some of its products shipped with pre-installed malware.…

And accuses a former Australian politician of having 'sold out their country'

The director general of security at Australia's Security Intelligence Organisation (ASIO) has delivered his annual threat assessment, revealing ongoing attempts by adversaries to map digital infrastructure with a view to disrupting important services at delicate moments.…

Brags it lifted 6TB of data, but let's remember these people are criminals and not worthy of much trust

The ALPHV/BlackCat cybercrime gang has taken credit – if that's the word – for a ransomware infection at Change Healthcare that has disrupted thousands of pharmacies and hospitals across the US, and also claimed that the amount of sensitive data stolen and affected health-care organizations is much larger than the victims initially disclosed.…

Talk about gone in 60 seconds

Computer scientists at the University of Maryland have developed an efficient way to craft prompts that elicit harmful responses from large language models (LLMs).…

Lawsuit alleges it misled investors with claims new AI products were 'facilitating greater platformization' and more

Palo Alto Networks (PAN) is facing a proposed class action lawsuit that alleges investors were deceived about the traction of its platform tactics and hurt by an unexpectedly low billings forecast that crashed the share price.…

Biden readies executive order targeting China, Russia, and pals

US President Joe Biden is expected to sign an executive order today that aims to prevent the sale or transfer of Americans' sensitive personal information and government-related data to adversarial countries including China and Russia.…

Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs

Authorities from eleven nations have delivered a sequel to the January takedown of a botnet run by Russia on compromised Ubiquiti Edge OS routers – in the form of a warning that Russia may try again, so owners of the devices should take precautions.…

Canadian network box maker floats in denial

The US Commerce Department has blacklisted Sandvine for selling its networking monitoring technology to Egypt, where the Feds say the gear was used to spy on political and human-rights activists.…

The original was definitely getting a bit long in the tooth for modern challenges

After ten years operating under the original model, and two years working to revise it, the National Institute of Standards and Technology (NIST) has released version 2.0 of its Cybersecurity Framework (CSF).…