News

Honor among thieves about to be put to the test

The US government has placed an extra $5 million bounty on Hive ransomware gang members – its second such reward in a year. And it also comes a little over 11 months since the FBI said it had shut down the criminal organization's network.…

Never mind the court orders obtained to thwart Volt Typhoon botnet

Analysis  The FBI's latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the Chinese government.…

No walled garden can keep out every weed, we suppose

LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install.…

One of most important malware loaders to cybercrims who are jumping on vulnerabilities faster than ever

Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks.…

Security researcher buddies allegedly tag team a four-month virtual gift card heist at Cupertino tech giant

A cybersecurity researcher and his pal are facing charges in California after they allegedly defrauded an unnamed company, almost certainly Apple, out of $2.5 million.…

Security is a process, not a product. Nor a language

Memory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they're not necessarily associated with the majority of vulnerabilities that actually get exploited.…

Plan says to hand over keys to networks – and report intrusions within eight hours of discovery

Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident.…

Presumably American TLAs are all over Beijing's infrastructure, too ... right?

Volt Typhoon isn't the only Chinese spying crew infiltrating computer networks in America's energy sector and other critical organizations with the aim of wrecking equipment and causing other headaches, the US government has said.…

The other half paid attention in class?

Half of infosec professionals polled by Kaspersky said any cybersecurity knowledge they picked up from their higher education is at best somewhat useful for doing their day jobs. On the other hand, half said the know-how was at least very useful. We're a glass half-empty lot.…

12 international govt agencies sound the alarm, critical infrastructure at the heart of threats

The US government today confirmed China's Volt Typhoon crew comprised "multiple" critical infrastructure org's IT networks in America – and Uncle Sam warned that the Beijing-backed spies are readying "disruptive or destructive cyberattacks" against those targets.…

Tactics are more sophisticated and supported in greater numbers

Iran's anti-Israel cyber operations are providing a window into the techniques the country may deploy in the run-up to the 2024 US Presidential elections, Microsoft says.…

Windows encryption feature defeated by $10 and a YouTube tutorial

We're very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company will be bragging too much about that particular application.…

Cloud version is safe, but no assurances offered about possible on-prem exploits

JetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool.…

'Almost zero data being shared across the industry on this particular threat,' we're told

The commercial spyware economy – despite government and big tech's efforts to crack down – appears to be booming.…

Longtime host Caesars ends relationship at short notice

It's an annual meme that DEF CON infosec conference has been canceled, but this time it actually happened.…

Firefox maker promises to lean on personal info brokers to scrub records

Mozilla on Tuesday expanded its free privacy-monitoring service with a paid-for tier called Mozilla Monitor Plus that will try to get data brokers to delete their copies of subscribers' personal information.…

Telco says it's a private matter, data 'not shared externally'

Verizon is notifying more than 63,000 people, mostly current employees, that an insider, accidentally or otherwise, had inappropriate access to their personal data.…

Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions

Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense (MoD), blaming Chinese state-sponsored attackers for the espionage-focused intrusion.…

Still no word on how the intruders broke in or the full extent of any possible data compromise

Global securities finance tech company EquiLend's systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago.…

Admins should get a move on while info is scarce and exploits aren't yet available

Fortinet's FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution.…