On Monday, the United Kingdom's privacy watchdog announced that it is investigating TikTok, Reddit, and Imgur because of privacy concerns about how they are processing children's data. [...]
Ghost positions, HR AI no help – biz should talk to infosec staff and create 'realistic' job outline, say experts Analysis It's a familiar refrain in the security industry that there is a massive skills gap in the sector. And while it's true there are specific shortages in certain areas …
Some may have second thoughts about going all-in with an American vendor, no matter where their data is stored Microsoft has completed its EU data boundary, however, analysts and some regional cloud players are voicing concerns over dependencies on a US entity, even with the guarantees in place.... [...]
Officials vow to uncover who was behind it The Polish Space Agency (POLSA) is currently dealing with a "cybersecurity incident," it confirmed via its X account on Sunday.... [...]
ICO looking at what data is used to serve up recommendations The UK's data protection watchdog has launched three investigations into certain social media platforms following concerns about the protection of privacy among teenage users.... [...]
Cut off one head and 100 grow back? Decapitation may not be the way to go Opinion With Apple pulling the plug on at-rest end-to-end encryption (E2EE) for UK users, and Signal threatening to pull out of Sweden if that government demands E2EE backdoors, it's looking bleak.... [...]
PLUS: Phishing suspects used fishing gear as alibi; Apple's 'Find My' can track PCs and Androids; and more Infosec In Brief US Defense Secretary Pete Hegseth has reportedly ordered US Cyber Command to pause offensive operations against Russia – as the USA’s Cybersecurity and Infrastructure Security Agency (CISA) has …
Bjarne Stroustrup says standards committee needs to show it can respond to memory safety push Bjarne Stroustrup, creator of C++, has issued a call for the C++ community to defend the programming language, which has been shunned by cybersecurity agencies and technical experts in recent years for its memory …
Close to 12,000 valid secrets that include API keys and passwords have been found in the Common Crawl dataset used for training multiple artificial intelligence models. [...]
Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. [...]
Amazon Web Services (AWS) successfully completed an onboarding audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, and 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. EY CertifyPoint auditors conducted the audit and reissued …
U.S. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, a Binance Smart Chain-based DeFi protocol. [...]
Amnesty International on Friday said it determined that a zero-day exploit sold by controversial exploit vendor Cellebrite was used to compromise the phone of a Serbian student who had been critical of that country's government. The human rights organization first called out Serbian authorities in December for what it …
Firefly squid is now a delicacy in New York. Blog moderation policy. [...]
One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version …
1 in 3 entries are used to extort civilians, says new paper Fresh research suggests attackers are actively monitoring databases of vulnerabilities that are known to be useful in carrying out ransomware attacks.... [...]
The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company. [...]
Law enforcement agencies from 19 countries have arrested 25 suspects linked to a criminal ring that was distributing child sexual abuse material (CSAM) generated using artificial intelligence (AI). [...]
Welcome to the second Cloud CISO Perspectives for February 2025. Today, Christiane Peters from our Office of the CISO explains why post-quantum cryptography may seem like the future’s problem, but it will soon be ours if IT doesn’t move faster to prepare for it. Here’s what …
Welcome to the second Cloud CISO Perspectives for February 2025. Today, Christiane Peters from our Office of the CISO explains why post-quantum cryptography may seem like the future’s problem, but it will soon be ours if IT doesn’t move faster to prepare for it. Here’s what …
Serbian authorities have reportedly used an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware. [...]
Crew helped lowlifes generate X-rated celeb deepfakes using Redmond's OpenAI-powered cloud – claim Microsoft has named four of the ten people it is suing for allegedly snatching Azure cloud credentials and developing tools to bypass safety guardrails in its generative AI services – ultimately to generate deepfake smut videos of celebrities …
Microsoft’s Copilot AI assistant is exposing the contents of more than 20,000 private GitHub repositories from companies including Google, Intel, Huawei, PayPal, IBM, Tencent and, ironically, Microsoft. These repositories, belonging to more than 16,000 organizations, were originally posted to GitHub as public, but were later set …
A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. [...]
FYI: What NOT to search after committing a crime The US Army soldier accused of compromising AT&T and bragging about getting his hands on President Trump's call logs allegedly tried to sell stolen information to a foreign intel agent.... [...]
FYI: What NOT to search after committing a crime The US Army soldier suspected of compromising AT&T and bragging about getting his hands on President Trump's call logs allegedly tried to sell stolen information to a foreign intel agent.... [...]
Federal agents, open up... your browsers and see if you recognize any of these wallets The FBI has officially accused North Korea's Lazarus Group of stealing $1.5 billion in Ethereum from crypto-exchange Bybit earlier this month, and asked for help tracking down the stolen funds.... [...]
Privacy-focused email provider Tuta (previously Tutanota) and the VPN Trust Initiative (VTI) are raising concerns over proposed laws in France set to backdoor encrypted messaging systems and restrict internet access. [...]
Interesting research: “ Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs “: Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts …
Researchers discovered 49,000 misconfigured and exposed Access Management Systems (AMS) across multiple industries and countries, which could compromise privacy and physical security in critical sectors. [...]
The Belgian federal prosecutor's office is investigating whether Chinese hackers were behind a breach of the country's State Security Service (VSSE). [...]
A suspected cyber criminal believed to have extorted companies under the name "DESORDEN Group" or "ALTDOS" has been arrested in Thailand for leaking the stolen data of over 90 organizations worldwide. [...]
Model was fine-tuned to write vulnerable software – then suggested enslaving humanity Updated Computer scientists have found that fine-tuning notionally safe large language models to do one thing badly can negatively impact the AI’s output across a range of topics.... [...]
FBI has confirmed that North Korean hackers stole $1.5 billion from cryptocurrency exchange Bybit on Friday in the largest crypto heist recorded until now. [...]
A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” prosecutors in the case said Wednesday. The government disclosed the details in a …
Boffins poked around inside censorship engines for years before Beijing patched hole Smart folks investigating a memory-dumping vulnerability in the Great Firewall of China (GFW) finally released their findings after probing it for years.... [...]
United Kingdom water supplier Southern Water has disclosed that it incurred costs of £4.5 million ($5.7M) due to a cyberattack it suffered in February 2024. [...]
244M purloined passwords added to Have I Been Pwned thanks to govt tip-off A tip-off from a government agency has resulted in 284 million unique email addresses and plenty of passwords snarfed by credential-stealing malware being added to privacy-breach-notification service Have I Been Pwned (HIBP).... [...]
A recent social engineering campaign targeted job seekers in the Web3 space with fake job interviews through a malicious "GrassCall" meeting app that installs information-stealing malware to steal cryptocurrency wallets. [...]
Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it, has launched a bounty program to help recover its funds.... [...]
Microsoft has removed two popular VSCode extensions, 'Material Theme - Free' and 'Material Theme Icons - Free,' from the Visual Studio Marketplace for allegedly containing malicious code. [...]
Starting with Snapdragon 8 Elite and 'droid 15 It seems manufacturers are finally getting the message that people want to use their kit for longer without security issues, as Qualcomm has said it'll provide Android software updates, including vulnerability fixes, for its latest chipsets for eight years instead of …
A malicious PyPi package named 'automslc' has been downloaded over 100,000 times from the Python Package Index since 2019, abusing hard-coded credentials to pirate music from the Deezer streaming service. [...]
Forensic investigators have found that North Korean Lazarus hackers stole $1.5 billion from Bybit after hacking a developer's device at the multisig wallet platform Safe{Wallet}. [...]
The immensely popular memecoin generator Pump.fun had its X account hacked to promote a fake "PUMP" token cryptocurrency scam. [...]
A threat actor tracked as 'EncryptHub,' aka Larva-208, has been targeting organizations worldwide with spear-phishing and social engineering attacks to gain access to corporate networks. [...]
Windows Active Directory (AD) service accounts are prime cyber-attack targets due to their elevated privileges and automated/continuous access to important systems. Learn from Specops Software about five best practices to help secure your Active Directory service accounts. [...]
The Termite ransomware gang has claimed responsibility for stealing sensitive healthcare data in a recent breach of Genea, one of Australia's largest fertility services providers. [...]
Late last year, I published a long post that criticized the user unfriendliness of passkeys, the industry-wide alternative to logging in with passwords. A chief complaint was that passkey implementations tend to lock users into whatever platform they used to create the credential. An example: When using Chrome on …
Experts warned the UK’s recent 'victory' over Apple would kickstart something of a domino effect Signal CEO Meredith Whittaker says her company will withdraw from countries that force messaging providers to allow law enforcement officials to access encrypted user data, as Sweden continues to mull such plans.... [...]