News
The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster
Two anonymous US government employees have sued Uncle Sam's HR department – the Office of Personnel Management – claiming the Trump administration's rapid roll out of a new federal email system broke the law.…
SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon
Many recent Apple laptops, desktops, tablets, and phones powered by Cupertino's homegrown Silicon processors can be exploited to reveal email content, browsing behavior, and other sensitive data through two newly identified side-channel attacks on Chrome and Safari.…
Baguette bandits strike again with ransomware and a side of mockery
Hellcat, the ransomware crew that infected Schneider Electric and demanded $125,000 in baguettes, has aggressively targeted government, education, energy, and other critical industries since it emerged around mid-2024.…
Protecting AWS environments from cyberthreats
Partner Content Organizations are increasingly shifting their deployments to the cloud due to its many benefits over traditional on-premises solutions.…
Security pros more confident about fending off ransomware, despite being battered by attacks
IT and security pros say they are more confident in their ability to manage ransomware attacks after nearly nine in ten (88 percent) were forced to contain efforts by criminals to breach their defenses in the past year.…
Apple plugs security hole in its iThings that's already been exploited in iOS
Apple has plugged a security hole in the software at the heart of its iPhones, iPads, Vision Pro goggles, Apple TVs and macOS Sequoia Macs, warning some miscreants have already exploited the bug.…
US freezes foreign aid, halting cybersecurity defense and policy funds for allies
US Secretary of State Marco Rubio has frozen nearly all foreign aid cash for a full-on government review, including funds to defend America's allies from cyberattacks as well as steer international computer security policies.…
DeepSeek suspends new registrations amid cyberattack
China's DeepSeek, which shook up US AI companies with the debut of its R1 model family, has limited new signups due to ongoing cyberattack.…
Google takes action after coder reports 'most sophisticated attack I've ever seen'
Google says it's now hardening defenses against a sophisticated account takeover scam documented by a programmer last week.…
Sweden seizes cargo ship after another undersea cable hit in suspected sabotage
Swedish authorities have "seized" a vessel – believed to be the cargo ship Vezhen – "suspected of carrying out sabotage" after a cable running between Sweden and Latvia in the Baltic Sea was damaged on the morning of January 26.…
CDNs: Great for speeding up the internet, bad for location privacy
Infosec in brief Using a custom-built tool, a 15-year-old hacker exploited Cloudflare's content delivery network to approximate the locations of users of apps like Signal, Discord, and others.…
British Museum says ex-contractor 'shut down' IT systems, wreaked havoc
The British Museum was forced to temporarily close some galleries and exhibitions this weekend after a disgruntled former tech contractor went rogue and shuttered some onsite IT systems.…
Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet
Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023.…
UK telco TalkTalk confirms probe into alleged data grab underway
UK broadband and TV provider TalkTalk says it's currently investigating claims made on cybercrime forums alleging data from the company was up for grabs.…
AI chatbot startup founder, lawyer wife accused of ripping off investors in $60M fraud
The co-founder and former CEO of AI startup GameOn is in a pickle. After exiting the top job last year under a cloud, he's now in court – along with his wife – for allegedly bilking his company and its investors out of more than $60 million.…
Don't want your Kubernetes Windows nodes hijacked? Patch this hole now
A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster, and thus fully take over those systems, according to Akamai researcher Tomer Peled.…
North Korean dev who renamed himself 'Bane' accused of IT worker fraud scheme
The US is indicting yet another five suspects it believes were involved in North Korea's long-running, fraudulent remote IT worker scheme – including one who changed their last name to "Bane" and scored a gig at a tech biz in San Francisco.…
China and friends claim success in push to stamp out tech support cyber-scam slave camps
A group established by six Asian nations to fight criminal cyber-scam slave camps that infest the region claims it’s made good progress dismantling the operations.…
Court rules FISA Section 702 surveillance of US resident was unconstitutional
It was revealed this week a court in New York made a landmark ruling that sided against the warrantless state surveillance of people's private communications in America.…
One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers
One of the critical security flaws exploited by China's Salt Typhoon to breach US telecom and government networks has had a patch available for nearly four years - yet despite repeated warnings from law enforcement and private-sector security firms, nearly all public-facing Microsoft Exchange Server instances with this vulnerability remain unpatched.…
Pages
