The Register
FAANGs failing on keeping user data safe from bug hunters
Black Hat Dylan Ayrey, a bug hunter and CEO of Truffle Security, discovered a big data company credential dump containing personal information belonging to about 50,000 of its users, and still hasn't fixed it. …
Higher risks and premiums are creating critical gap in cyber insurance
Black Hat Many organizations are increasingly unprepared to deal with the skyrocketing costs of a ransomware attacks, at a time when the number of incidents and the payments demanded by cybercriminals are rising rapidly.…
Security needs to learn from the aviation biz to avoid crashing
Black Hat video The security industry needs to take a leaf from the manual of an industry where smart incident response is literally life and death, if it is to fix systemic problems.…
Russian invasion has dangerously destabilized cyber security norms
Black Hat The hacktivist attacks that have occurred during the ongoing war in Ukraine are setting a dangerous precedent for cyber norms — and infrastructure security, according to journalist and author Kim Zetter.…
AWS and Splunk partner for faster cyberattack response
Black Hat AWS and Splunk are leading an initiative aimed at creating an open standard for ingesting and analyzing data, enabling enterprise security teams to more quickly respond to cyberthreats.…
Ex-CIA security boss predicts coming crackdown on spyware
Black Hat It turns out that ex-CIA chief information security officers don't spill secrets at bars in Vegas. Or via Zoom, while pretending to be at a Black Hat cocktail party.…
Sonatype spots another PyPI package behaving badly
Sonatype has unearthed yet more malware lurking on PyPI, this time a fileless Linux nasty designed to mine Monero and using the identity of a real person to lend credibility to the package.…
Keeping the enemy at the gate
Webinar Faced with relentless cyberattacks organizations need the kind of defenses usually reserved for small states. And everything that Zero Trust principles can pull into play will help safeguard against the nimble nastiness of the dark actors intent on doing harm.…
Don't be surprised if your organization suffers multiple cyberattacks
Security experts spent years warning enterprises to expect cyberattacks and to plan their defenses accordingly, now Sophos researchers are saying organizations shouldn't be surprised if they get attacked multiple times.…
Making the cloud a safer place with SANS
Sponsored Post Protecting sensitive data and mission critical applications spread across multiple on- and off-prem cloud environments and different service providers is a tough gig for busy security professionals. So a chance to hear from experts and peers on how best to stop hackers from making hay will be welcome.…
Cisco admits corporate network compromised by gang with links to Lapsus$
Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee's personal Google account was compromised – an act a ransomware gang named "Yanluowang" has now claimed as its work.…
Meta privacy red team lead: Does your business know its privacy adversaries?
Black Hat Miscreants aren't only working to exploit flaws in an enterprise's security posture, they're also looking for holes in organizations' privacy programs to steal user data, according to Meta's Scott Tenaglia.…
Boffins rate npm and PyPI package security and it's not good
The Open Source Security Foundation (OpenSSF), as its name plainly states, aims to help make open source software more secure, but improvements flowing from its efforts are hard to find.…
Ex-CISA chief Krebs calls for US to get serious on security
Black Hat It's time to reorganize the US government and create a new agency focused solely on on digital risk management services, according to former CISA director Chris Krebs.…
As Black Hat kicks off, the US government is getting the message on hiring security talent
Black Hat interview With the world's largest collection of security folk gathering in Las Vegas for Black hat there are encouraging signs that the US government might actually be getting smarter about hiring.…
Maui ransomware linked to North Korean group Andariel
The Maui ransomware that has been used against US healthcare operations has been linked to Andariel, a North Korean state-sponsored threat with links to the notorious Lazarus Group.…
Google's bug bounty boss: Finding and patching vulns? 'Totally useless'
Simply finding vulnerabilities and patching them "is totally useless," according to Google's Eduardo Vela, who heads the cloud giant's product security response team.…
Cloudflare: Someone tried to pull the Twilio phishing tactic on us too
Cloudflare says it was subject to a similar attack to one made on comms company Twilio last week, but in this case it was thwarted by hardware security keys that are required to access applications and services.…
Businesses should dump Windows for the Linux desktop
Opinion I've been preaching the gospel of the Linux desktop for more years than some of you have been alive. However, unless you argue that the Linux desktop includes Android smartphones and ChromeOS laptops, there will be no year of the Linux desktop.…
Patch Tuesday: Yet another Microsoft RCE bug under active exploit
August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …