News

The company also curiously disappears from Black Basta leak site

UK utilities giant Southern Water admits between 5 and 10 percent of its customers have had their data stolen during a January cyberattack.…

Trying to break in with malicious Word documents? How very 2015 of you

The Bumblebee malware loader seemingly vanished from the internet last October, but it's back and - oddly - relying on a vintage vector to try and gain access.…

$1.3 billion lost as identity fraud – and greed – saw 57,000 or more seek unearned tax refunds

One hundred and fifty people who worked for the Australian Taxation Office (ATO) have been investigated – and some prosecuted – for participating in a tax refund scam promoted on Facebook and TikTok.…

SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android

Patch Tuesday  Microsoft fixed 73 security holes in this February's Patch Tuesday, and you better get moving because two of the vulnerabilities are under active attack.…

'You don't have to do more than that to disconnect an entire network' El Reg told as patches emerge

A 20-plus-year-old security vulnerability in the design of DNSSEC could allow a single DNS packet to exhaust the processing capacity of any server offering the system for domain-name resolution, effectively disabling the machine.…

Two new flaws, one zero-day, countless different patches, but everything's fine!

Network-attached storage (NAS) specialist QNAP has disclosed and released fixes for two new vulnerabilities, one of them a zero-day discovered in early November.…

Gang still going after critical infrastructure because it's, you know, critical

Canada's Trans-Northern Pipelines has allegedly been infiltrated by the ALPHV/BlackCat ransomware crew, which claims to have stolen 190 GB of data from the oil distributor.…

Plenty of successful attacks observed with dangerous follow-on activity

The number of senior business executives stymied by an ongoing phishing campaign continues to rise with cybercriminals registering hundreds of cloud account takeovers (ATOs) since spinning it up in November.…

Leaves it to carriers, promoting a complaint to Irish data cops from Big Tech's bête noire

Meta has acknowledged that phone number reuse that allows takeovers of its accounts "is a concern," but the ad biz insists the issue doesn't qualify for its bug bounty program and is a matter for telecom companies to sort out.…

Looks like LockBit took a swipe at an outsourced life insurance application

Indian tech services giant Infosys has been named as the source of a data leak suffered by the Bank of America.…

Great news for victims of gang that hit the British Library in October

Some smart folks have found a way to automatically unscramble documents encrypted by the Rhysida ransomware, and used that know-how to produce and release a handy recovery tool for victims.…

No photos? No, second operation

Dutch health insurers are reportedly forcing breast cancer patients to submit photos of their breasts prior to reconstructive surgery despite a government ban on precisely that.…

Yep, cell carriers didn't have to do this before

The FCC's updated reporting requirements mean telcos in America will have just seven days to officially disclose that a criminal has broken into their systems.…

Pulls part of system offline as Black Basta docs suggest the worst

Willis Lease Finance Corporation has admitted to US regulators that it fell prey to a "cybersecurity incident" after data purportedly stolen from the biz was posted to the Black Basta ransomware group's leak blog.…

Experts also put an end to social media security updates

The Caravan and Motorhome Club (CAMC) and the experts it drafted to help clean up the mess caused by a January cyberattack still can't figure out whether members' data was stolen.…

PLUS: Juniper's support portal leaks customer info; Canada moves to ban Flipper Zero; Critical vulns

Infosec In Brief  Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week.…

Some useful indicators of compromise right here

More than 70,000 presumably legit websites have been hijacked and drafted into a network that crooks use to distribute malware, serve phishing pages, and share other dodgy stuff, according to researchers.…

Software company's claim of there being no active exploits also being questioned

In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it.…

An orchestra of fails for the security vendor

We've had to write the word "Fortinet" so often lately that we're considering making a macro just to make our lives a little easier after what the company's reps will surely agree has been a week sent from hell.…

Should you be paying more attention to securing your AI models from attack?

Webinar  As artificial intelligence (AI) technology becomes increasingly complex so do the threats from bad actors. It is like a forever war.…