News

Uncertainty is the new certainty

In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) program.…

DPP Law is appealing against data watchdog's conclusions

A law firm is appealing against a £60,000 fine from the UK's data watchdog after 32 GB of personal information was stolen from its systems.…

Vintage phishing varietal has improved with age

Russia never stops using proven tactics, and its Cozy Bear, aka APT 29, cyber-spies are once again trying to lure European diplomats into downloading malware with a phony invitation to a lux event.…

It involves a number close to three or six depending on the fiend

Ransomware operators jack up their ransom demands by a factor of 2.8x if they detect a victim has cyber-insurance, a study highlighted by the Netherlands government has confirmed.…

Because vulnerability management has nothing to do with national security, right?

US government funding for the world's CVE program – the centralized Common Vulnerabilities and Exposures database of product security flaws – ends Wednesday.…

800K? Make that double, and we'll need a double, too, for the pain

A Texas firm that provides backend IT and other services for American insurers has admitted twice as many people had their info stolen from it than previously disclosed.…

Source code, moderator info, IP addresses, more allegedly swiped and leaked

Thousands of 4chan users reported outages Monday night amid rumors on social media that the edgy anonymous imageboard had been ransacked by an intruder, with someone on a rival forum claiming to have leaked its source code, moderator identities, and users' IP addresses.…

Beijing claims NSA went for gold in offensive cyber, got caught in the act

China's state-run press has taken its turn in trying to highlight alleged foreign cyber offensives, accusing the US National Security Agency of targeting the 2025 Asian Winter Games.…

Login green-lit for lone staffer if he’s trained, papered up, won’t pull an Elez

A federal judge has partly lifted an injunction against Elon Musk's Trump-blessed cost-trimming DOGE unit, allowing one staff member to access sensitive US Treasury payment systems. This access includes personally identifiable financial information tied to millions of Americans.…

Let the espionage and access resale campaigns begin (again)

A cyberspy crew or individual with ties to China's Ministry of State Security has infected global organizations with a remote access trojan (RAT) that's "even better" than Cobalt Strike, using this stealthy backdoor to enable its espionage and access resale campaigns.…

Stopping users shooting themselves in the foot with last century's tech

Microsoft has twisted the knife into ActiveX once again, setting Microsoft 365 to disable all controls without so much as a prompt.…

Car hire biz takes your privacy seriously, though

Car hire giant Hertz has confirmed that customer information was stolen during the zero-day data raids on Cleo file transfer products last year.…

That would put America on the same level as China for espionage

The European Commission is giving staffers visiting the US on official business burner laptops and phones to avoid espionage attempts, according to the Financial Times.…

Copilot vibe coding for OS development? Why not

Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured – it's perfectly benign. In fact, it's recommended you leave the directory there.…

IT admins, get ready to grumble

CA/Browser Forum – a central body of web browser makers, security certificate issuers, and friends – has voted to cut the maximum lifespan of new SSL/TLS certs to just 47 days by March 15, 2029.…

What's the goal here, Homeland Insecurity or something?

As drastic cuts to the US govt's Cybersecurity and Infrastructure Security Agency loom, Rep Eric Swalwell (D-CA), the ranking member of the House's cybersecurity subcommittee, has demanded that CISA brief the subcommittee "prior to any significant changes to CISA's workforce or organizational structure."…

UK holds onto oversight by a whisker, but it's utterly barefaced on the other side of the pond

Opinion  The UK government's attempts to worm into Apple's core end-to-end encryption were set back last week when the country's Home Office failed in its bid to keep them secret on national security grounds.…

Brit retailer says troubled breakup with tech platform of former US owner nearing conclusion

Two of the top team behind Asda's £1 billion ($1.31 billion) tech divorce from US retail giant Walmart — which has seen a number of setbacks — are departing the company.…

PLUS: Chinese robodogs include backdoor; OpenAI helps spammer; A Dutch data disaster; And more!

Infosec In Brief  Fortinet last week admitted that attackers have found new ways to exploit three flaws it thought it had fixed last year.…

PLUS: India's new electronics subsidies; Philippines unplugs a mobile carrier; Alibaba Cloud expands

Asia In Brief  Chinese officials admitted to directing cyberattacks on US infrastructure at a meeting with their American counterparts, according to The Wall Street Journal.…