News
Are your Prometheus servers and exporters secure? Probably not
Infosec in brief There's a problem of titanic proportions brewing for users of the Prometheus open source monitoring toolkit: hundreds of thousands of servers and exporters are exposed to the internet, creating significant security risks and leaving organizations vulnerable to attack.…
Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks
An Iranian government-linked cybercriminal crew used custom malware called IOCONTROL to attack and remotely control US and Israel-based water and fuel management systems, according to security researchers.…
Scumbag gets 30 years in the clink for running CSAM dark-web chatrooms, abusing kids
A Texan who ran a forum on the dark web where depraved netizens could swap child sex abuse material (CSAM), and chat freely about abusing kids, has been sentenced to 30 years in prison.…
Google Timeline location purge causes collateral damage
A year ago, Google announced plans to save people's Location History, which it now calls Timeline, locally on devices rather than on its servers.…
Cyber protection made intuitive and affordable
Partner Content Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running.…
Taming the multi-vault beast
Partner Content With Non-Human Identities (NHIs) now outnumbering human users 100 to one in enterprise environments, managing secrets across multiple vaults has become a significant security concern.…
North Korea's fake IT worker scam hauled in at least $88 million over six years
North Korea's fake IT worker scams netted the hermit kingdom $88 million over six years, according to the US Department of Justice, which thinks it's found the people who run them.…
Apache issues patches for critical Struts 2 RCE bug
We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE.…
Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push
The Europol-coordinated Operation PowerOFF struck again this week as cross-border cops pulled the plug on 27 more domains tied to distributed denial of service (DDoS) criminality.…
British Army zaps drones out of the sky with laser trucks
The British Army has successfully destroyed flying drones for the first time using a high-energy laser mounted on an armored vehicle. If perfected, the technology could form an effective counter-measure against drone attacks.…
Firefox ditches Do Not Track because nobody was listening anyway
When Firefox 135 is released in February, it'll ship with one less feature: Mozilla plans to remove the Do Not Track toggle from its Privacy and Security settings. …
Citrix goes shopping in Europe and returns with gifts for security-conscious customers
Citrix has gone on a European shopping trip, and come home with its bag of gifts bulging thanks to a pair of major buys: infosec outfits deviceTRUST and Strong Network.…
Blocking Chinese spies from intercepting calls? There ought to be a law
US telecoms carriers would be required to implement minimum cyber security standards and ensure their systems are not susceptible to hacks by nation-state attackers – like Salt Typhoon – under legislation proposed by senator Ron Wyden (D-OR).…
Krispy Kreme Doughnut Corporation admits to hole in security
Doughnut slinger Krispy Kreme has admitted to an attack that has left many customers unable to order online.…
Three more vulns spotted in Ivanti CSA, all critical, one 10/10
Ivanti just put out a security advisory warning of three critical vulnerabilities in its Cloud Services Application (CSA), including a perfect 10.…
US names Chinese national it alleges was behind 2020 attack on Sophos firewalls
The US Departments of Treasury and Justice have named a Chinese business and one of its employees as the actors behind the 2020 exploit of a zero-day flaw in Sophos firewalls…
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins
Microsoft hasn't added too much coal to the stocking this Patch Tuesday, with just 72 fixes, only one of which scored more than nine on the CVSS threat ranking scale.…
US military grounds entire Osprey tiltrotor fleet over safety concerns
The US Navy, Air Force, and Marine Corps have grounded their fleet of Boeing-Bell-made Osprey V-22s on safety grounds.…
AMD secure VM tech undone by DRAM meddling
Researchers have found that the security mechanism AMD uses to protect virtual machine memory can be bypassed with $10 of hardware – and perhaps not even that.…
Fully patched Cleo products under renewed 'zero-day-ish' mass attack
Researchers at security shop Huntress are seeing mass exploitation of a vulnerability affecting three Cleo file management products, even on patched systems.…
Pages
