News

Longtime host Caesars ends relationship at short notice

It's an annual meme that DEF CON infosec conference has been canceled, but this time it actually happened.…

Firefox maker promises to lean on personal info brokers to scrub records

Mozilla on Tuesday expanded its free privacy-monitoring service with a paid-for tier called Mozilla Monitor Plus that will try to get data brokers to delete their copies of subscribers' personal information.…

Telco says it's a private matter, data 'not shared externally'

Verizon is notifying more than 63,000 people, mostly current employees, that an insider, accidentally or otherwise, had inappropriate access to their personal data.…

Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions

Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense (MoD), blaming Chinese state-sponsored attackers for the espionage-focused intrusion.…

Still no word on how the intruders broke in or the full extent of any possible data compromise

Global securities finance tech company EquiLend's systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago.…

Admins should get a move on while info is scarce and exploits aren't yet available

Fortinet's FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution.…

How good are your takedowns when fresh gangs are linked to previous ops, though?

At least 25 new ransomware gangs emerged in 2023, with Akira and 8Base proving the most "successful," research reveals.…

Chocolate Factory matches Microsoft money for memory safety

Google on Monday donated $1 million to the Rust Foundation specifically to improve interoperability between the language and C++.…

At this point you might be better off just shutting the stuff down

Various miscreants are attempting to exploit the latest Ivanti flaw, a server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 that can be used to hijack equipment.…

What is on HHS paper will most likely become law, Google security boss says

Interview  If you are responsible for infosec at a US hospital or other healthcare organization, and you treat the government's new "voluntary" cybersecurity performance goals (CPGs) as, well, voluntary, you're ignoring the writing on the wall. …

Horse, meet stable door

AnyDesk has copped to an IT security "incident" in which criminals broke into the remote-desktop software maker's production systems. The biz has told customers to expect disruption as it attempts to lock down its infrastructure.…

It's the second Chicago hospital to disclose a major incident in the same week

For the second time in one week, cybercriminals have targeted a Chicago children's hospital, this time causing significant operational disruption.…

PLUS: more glibc vulns discovered; DraftKings hacker sentenced; and a hefty dose of critical vulnerabilities

Infosec In Brief  The recent indictment of a massive SIM-swapping ring may mean convicted crypto conman Sam Bankman-Fried is innocent of at least one allegation still hanging over his head: The theft of more than $400 million in crypto hacked from wallets belonging to his crypto firm, FTX, just before it declared bankruptcy.…

The closest thing we may ever get to a real-life Die Hard 2 scenario

Criminals could remotely tamper with the data that apps used by airplane pilots rely on to inform safe takeoff and landing procedures, according to fresh research.…

Cloud software slinger admits no guilt, promises better basic security hygiene

Blackbaud, which had data on millions of people stolen from it by one or more crooks, has promised to shore up its IT defenses in a proposed deal with the FTC.…

Danger of remote account takeovers leaves lead devs scared of releasing many details

Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers.…

Efforts part of internationally coordinated operations carried out in recent months

Interpol has arrested 31 people following a three-month operation to stamp out various types of cybercrime.…

'Vault 7' leak detailed cyber-ops including forged digital certs

Joshua Schulte, a former CIA employee and software engineer accused of sharing material with WikiLeaks, was sentenced to 40 years in prison by the US Southern District of New York on Thursday.…

How F5 Distributed Cloud Services seal security gaps in modern app development amid growing attack surface

Partner Content  Application programming interfaces (APIs) play a significant role in today's digital economy, but at the same time they can also represent a data security vulnerability.…

Atlassian systen compromised via October Okta intrusion

Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October.…