Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack
The largest distributed denial-of-service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices. [...]
Using OSCAL to express Canadian cybersecurity requirements as compliance-as-code
The Open Security Controls Assessment Language (OSCAL) is a project led by the National Institute of Standards and Technology (NIST) that allows security professionals to express control-related information in machine-readable formats. Expressing compliance information in this way allows security practitioners to use automated tools to support data analysis, while …
Fake Homebrew Google ads target Mac users with malware
Hackers are once again abusing Google ads to spread malware, using a fake Homebrew website to infect Macs and Linux devices with an infostealer that steals credentials, browser data, and cryptocurrency wallets. [...]
Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day
Seven days after disclosure and little action taken, data shows Fortinet customers need to get with the program and apply the latest updates as nearly 50,000 management interfaces are still vulnerable to the latest zero-day exploit.... [...]
Safeguard your generative AI workloads from prompt injections
Generative AI applications have become powerful tools for creating human-like content, but they also introduce new security challenges, including prompt injections, excessive agency, and others. See the OWASP Top 10 for Large Language Model Applications to learn more about the unique security risks associated with generative AI applications. When …
7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now
A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives. [...]
Ransomware gangs pose as IT support in Microsoft Teams phishing attacks
Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides access to the company network. [...]
Criminal IP Teams Up with OnTheHub for Digital Education Cybersecurity
AI SPERA announced today that it has partnered with education platform OnTheHub to provide its integrated cybersecurity solution, Criminal IP, to students and educational institutions. [...]
HPE probes IntelBroker's bold data theft boasts
Incident response protocols engaged following claims of source code burglary Hewlett Packard Enterprise (HPE) is probing assertions made by prolific Big Tech intruder IntelBroker that they broke into the US corporation's systems and accessed source code, among other things.... [...]
AI Mistakes Are Very Different from Human Mistakes
Humans make mistakes all the time. All of us do, every day, in tasks both new and routine. Some of our mistakes are minor and some are catastrophic. Mistakes can break trust with our friends, lose the confidence of our bosses, and sometimes be the difference between life and …
Breaking free from reactive security
Why not adopt a new approach for 2025? Webinar In today's digital landscape, cybersecurity teams can often find themselves trapped in an endless cycle of responding to threats.... [...]
Banks must keep ahead of risks and reap AI rewards
AI has transformed banking across APAC. But is this transformation secure? Partner Content The banking industry in Asia Pacific (APAC) is thriving, with strong financial performance underpinning its technological ambitions.... [...]
HPE investigates breach as hacker claims to steal source code
Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company's developer environments. [...]
Hackers game out infowar against China with the US Navy
Taipei invites infosec bods to come and play on its home turf Picture this: It's 2030 and China's furious with Taiwan after the island applies to the UN to be recognized as an independent state. After deciding on a full military invasion, China attempts to first cripple its rebellious …
How to leave the submarine cable cutters all at sea – go Swedish
Clear rules and guaranteed consequences concentrate the mind wonderfully. Just ask a Russian Opinion "As obsolete as warships in the Baltic" was a great pop lyric in Prefab Sprout's 1985 gem, Faron Young. Great, but ironically obsolete itself. Sweden has just deployed multiple warships in that selfsame sea to …
Biden Signs New Cybersecurity Order
President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Some details : The core of the executive order is an array of mandates for protecting government networks based on lessons learned from …
Ransomware attack forces Brit high school to shut doors
Students have work to complete at home in the meantime A UK high school will have to close for at least two days, today and tomorrow, after becoming the latest public-sector victim of ransomware criminals.... [...]
Sage Copilot grounded briefly to fix AI misbehavior
'Minor issue' with showing accounting customers 'unrelated business information' required repairs Sage Group plc has confirmed it temporarily suspended its Sage Copilot, an AI assistant for the UK-based business software maker's accounting tools, this month after it blurted customer information to other users.... [...]
Datacus extractus: Harry Potter publisher breached without resorting to magic
PLUS: Allstate sued for allegedly tracking drivers; Dutch DDoS; More fake jobs from Pyongyang; and more Infosec in brief Hogwarts doesn’t teach an incantation that could have saved Harry Potter publisher Scholastic from feeling the power of an online magician who made off with millions of customer records …
When food delivery apps reached Indonesia, everyone put on weight
PLUS: Salt Typhoon and IT worker scammers sanctioned; Alibaba Cloud’s K8s go global; Amazon acquires Indian BNPL company Asia In Brief When food delivery “superapps” started operations in Indonesia, users started putting on weight – and that’s not an entirely bad thing.... [...]
Donald Trump proposes US government acquire half of TikTok, which thanks him and restores service
Incoming president promises to allow ongoing operations for 90 days just as made-in-China app started to go dark US president-elect Donald Trump appears to have proposed the government he will soon lead should acquire half of made-in-China social media service TikTok’s stateside operations.... [...]
Donald Trump proposes US govt acquire half of TikTok, which thanks him and restores service
The same Florida Man who wanted to ban the app in the first place US president-elect Donald Trump appears to have proposed the government he will soon lead should acquire half of made-in-China social media service TikTok’s stateside operations.... [...]
OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries
The S in LLM stands for Security OpenAI's ChatGPT crawler appears to be willing to initiate distributed denial of service (DDoS) attacks on arbitrary websites, a reported vulnerability the tech giant has yet to acknowledge.... [...]
TikTok shuts down in the US as Trump throws the company a lifeline
TikTok shut down in the U.S. late Saturday night following the Supreme Court's decision to uphold the law that banned the company over national security concerns. [...]
Star Blizzard hackers abuse WhatsApp to target high-value diplomats
Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. [...]
FCC to telcos: By law you must secure your networks from foreign spies. Get on it
Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping Decades-old legislation requiring American telcos to lock down their systems to prevent foreign snoops from intercepting communications isn't mere decoration on the pages of law books – it actually means carriers need to secure their networks …
Friday Squid Blogging: Opioid Alternatives from Squid Research
Is there nothing that squid research can’t solve? “If you’re working with an organism like squid that can edit genetic information way better than any other organism, then it makes sense that that might be useful for a therapeutic application like deadening pain,” he said. [...] Researchers hope …
Biden signs sweeping cybersecurity order, just in time for Trump to gut it
Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive Analysis Joe Biden, in the final days of his US presidency, issued another cybersecurity order that is nearly as vast in scope as it is late in the game.... [...]
Otelier data breach exposes info, hotel reservations of millions
Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. [...]
Malicious PyPi package steals Discord auth tokens from devs
A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. [...]
Fortinet: FortiGate config leaks are genuine but misleading
Competition hots up with Ivanti over who can have the worst start to a year Fortinet has confirmed that previous analyses of records leaked by the Belsen Group are indeed genuine FortiGate configs stolen during a zero-day raid in 2022.... [...]
Clock ticking for TikTok as US Supreme Court upholds ban
With Biden reportedly planning to skirt enforcement and kick the can to Trump, this saga might still not be over updated The US Supreme Court has upheld a law requiring TikTok to either divest from its Chinese parent ByteDance or face a ban in the United States. The decision …
Cloud CISO Perspectives: Talk cyber in business terms to win allies
Welcome to the first Cloud CISO Perspectives for January 2025. We’re starting off the year at the top with boards of directors, and how talking about cybersecurity in business terms can help us better convey the costs and priority and priority of the cybersecurity risks we face. As …
The EU’s DORA regulation has arrived. Google Cloud is ready to help
As the Digital Operational Resilience Act (DORA) takes effect today, financial entities in the EU must rise to a new level of operational resilience in the face of ever-evolving digital threats. At Google Cloud, we share your commitment to the goals of DORA. We believe in building a more …
US sanctions Chinese firm, hacker behind telecom and Treasury hacks
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group. [...]
FCC orders telecoms to secure their networks after Salt Tyhpoon hacks
The Federal Communications Commission (FCC) has ordered U.S. telecommunications carriers to secure their networks following last year's Salt Typhoon security breaches. [...]
Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day
Turns out tool does both file transfers and security fixes fast Don't panic. Yes, there were a bunch of CVEs, affecting potentially hundreds of thousands of users, found in rsync in early December – and made public on Tuesday – but a fixed version came out the same day, and was …
Social Engineering to Disable iMessage Protections
I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link …
Medusa ransomware group claims attack on UK's Gateshead Council
Pastes allegedly stolen documents on leak site with £600K demand Another year and yet another UK local authority has been pwned by a ransomware crew. This time it's Gateshead Council in North East England at the hands of the Medusa group.... [...]
Microsoft eggheads say AI can never be made secure – after testing Redmond's own products
If you want a picture of the future, imagine your infosec team stamping on software forever Microsoft brainiacs who probed the security of more than 100 of the software giant's own generative AI products came away with a sobering message: The models amplify existing security risks and create new …
Just as your LLM once again goes off the rails, Cisco, Nvidia are at the door smiling
Some of you have apparently already botched chatbots or allowed ‘shadow AI’ to creep in Cisco and Nvidia have both recognized that as useful as today's AI may be, the technology can be equally unsafe and/or unreliable – and have delivered tools in an attempt to help address those …
GM parks claims that driver location data was given to insurers, pushing up premiums
We'll defo ask for permission next time, automaker tells FTC General Motors on Thursday said that it has reached a settlement with the FTC "to address privacy concerns about our now-discontinued Smart Driver program."... [...]
GM parks claims that driver location data was shared to insurers, pushed up premiums
We'll defo ask for permission next time, automaker tells FTC General Motors on Thursday said that it has reached a settlement with the FTC "to address privacy concerns about our now-discontinued Smart Driver program."... [...]
GDPR complaints filed against TikTok, Temu for sending user data to China
Non-profit privacy advocacy group "None of Your Business" (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user's data to China and infringing European Union's general data protection regulation (GDPR). [...]
Chinese Innovations Spawn Wave of Toll Phishing Via SMS
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing …
W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks
A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. [...]
Microsoft expands testing of Windows 11 admin protection feature
Microsoft has expanded its Windows 11 administrator protection tests, allowing Insiders to enable the security feature from the Windows Security settings. [...]
Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts
FSB cyberspies venture into a new app for espionage, Microsoft says Star Blizzard, a prolific phishing crew backed by the Russian Federal Security Service (FSB), conducted a new campaign aiming to compromise WhatsApp accounts and gain access to their messages and data, according to Microsoft.... [...]
US cracks down on North Korean IT worker army with more sanctions
The U.S. Treasury Department has sanctioned a network of individuals and front companies linked to North Korea's Ministry of National Defense that have generated revenue via illegal remote IT work schemes. [...]
Biden signs executive order to bolster national cybersecurity
Days before leaving office, President Joe Biden signed an executive order to shore up the United States' cybersecurity by making it easier to sanction hacking groups targeting federal agencies and the nation's critical infrastructure. [...]
page 1 | older articles »