Facilities to receive greater protection in attempt to reduce potential impact of adverse incidents or attacks Datacentres in the UK are to be designated as critical national infrastructure in an effort to protect them from cyber-attacks and IT blackouts, the government has said. The buildings store much of the …
Academically interesting technique for poking holes in paywalled tech specs An anti-piracy system to protect online video streams from unauthorized copying is flawed – and can be broken to allow streamed media from Amazon, Netflix, and others to be saved, replayed, and spread at will, we're told.... [...]
Augmented reality meets warped reality A defense ministry official from Belarus has claimed augmented reality game Pokémon GO was a tool of Western intelligence agencies.... [...]
Would paying a ransom – or better security – have been cheaper and safer? A US healthcare giant will pay out $65 million to settle a class-action lawsuit brought by its own patients after ransomware crooks stole their data – including their nude photographs – and published at least some of them online …
Enlarge (credit: Getty Images) Microsoft has updated a key cryptographic library with two new encryption algorithms designed to withstand attacks from quantum computers. The updates were made last week to SymCrypt, a core cryptographic code library for handing cryptographic functions in Windows and Linux. The library, started in 2006 …
No class: Black Suit ransomware gang boasts of 200GB haul from one raid Cybercriminals closed some schools in America and Britain this week, preventing kindergarteners in Washington state from attending their first-ever school day and shutting down all internet-based systems for Biggin Hill-area students in England for the next …
Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. [...]
You hate to see it The Meow ransomware group has grabbed the second most active gang spot in an unexpected surge in activity following a major brand overhaul.... [...]
Allegedly swiped more than 5.2M files and threatens to publish the lot Ransomware gang Hunters International reportedly claims to have stolen more than 5.2 million files belonging to the London branch of the Industrial and Commercial Bank of China (ICBC), a Chinese state-owned bank and financial service …
Allegedly swiped more than 5.2M files and threatens to publish the lot Ransomware gang Hunters International reportedly claims to have stolen more than 5.2 million files belonging to the London branch of the Industrial and Commercial Bank of China (ICBC), a Chinese state-owned bank and financial service …
A cybersecurity researcher is urging users to upgrade Adobe Acrobat Reader after a fix was released yesterday for a remote code execution zero-day with a public in-the-wild proof-of-concept exploit. [...]
Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor authentication (2FA) on their accounts. [...]
AI SPERA announced today that its IP address intelligence engine, Criminal IP, has integrated with IPLocation.io. Learn more from Criminal IP about how this brings additional insights to Criminal IP's threat intelligence database. [...]
Six Chinese nationals and a Singaporean have been arrested on Monday in Singapore for their alleged role in malicious cyber activities committed in connection with a "global syndicate." [...]
A really big oh sh*t moment, for sure For C-suite execs and security leaders, discovering your organization has been breached by network intruders, your critical systems locked up, and your data stolen, and then receiving a ransom demand, is probably the worst day of your professional life.... [...]
New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “ SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract : Reinforcement Learning from Human Feedback (RLHF) aims to align language models …
What happens at Black Hat... While trying to escape the Las Vegas heat during Black Hat last month, watchTowr Labs researchers decided to poke around for weaknesses in the WHOIS protocol.... [...]
ISC2 argues security training needs to steer toward what hiring managers want The shortfall between the number of working security professionals and the number of security job openings has reached 4.8 million – a new high, according to cyber security non-profit ISC2.... [...]
Enlarge (credit: Aurich Lawson | Getty Images) It’s not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and the position to execute code of his choice on thousands of servers—all in a single blow that cost only $20 and …
Minister reckons dedicated cops necessary to protect digital transactions India has announced a plan to train a specialized wing of 5000 "Cyber Commandos" in the next five years, as part of its efforts to address cyber crime.... [...]
CISA wants you to leap on Citrix and Ivanti issues. Adobe, Intel, SAP also bid for patching priorities Patch Tuesday Another Patch Tuesday has dawned, as usual with the unpleasant news that there are pressing security weaknesses and blunders to address.... [...]
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against …
Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. [...]
A novel acoustic attack named 'PIXHELL' can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to. [...]
The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to disable endpoint detection and response (EDR) services on target systems. [...]
Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018. [...]
Today is Microsoft's September 2024 Patch Tuesday, which includes security updates for 79 flaws, including four actively exploited and one publicly disclosed zero-days. [...]
Elderly people report the greatest losses The FBI just dropped its annual report examining the costs of crypto-related cybercrime, painting a predictably grim picture as total losses in the US exceeded $5.6 billion in 2023 – a 45 percent year-on-year increase.... [...]
Understanding endpoint privilege management is key to defending organizations from advanced attacks. Learn more from ThreatLocker on using endpoint privilege management to better secure your org's systems. [...]
According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency. [...]
The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate. [...]
Beijing aimed research at immediate needs – like blocking leaks – while the US sought abstract knowledge China has an undeniable lead in quantum networking technology – a state of affairs that should give the US pause, despite its lead in quantum computing.... [...]
It promised vanishing messages, but now 'it's privacy theater' Video A popular privacy feature in WhatsApp is "completely broken and can be trivially bypassed," according to developers at cryptowallet startup Zengo.... [...]
Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks. [...]
The Quad7 botnet is expanding its targeting scope with the addition of new clusters and custom implants that now also target Zyxel VPN appliances and Ruckus wireless routers. [...]
US alarmed by heightened Kremlin naval activity worldwide Russia's naval activity near undersea cables is reportedly drawing the scrutiny of US officials, further sparking concerns that the Kremlin may be plotting to "sabotage" underwater infrastructure via a secretive, dedicated military unit called the General Staff Main Directorate for Deep …
New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks. [...]
Highline Public Schools, a K-12 district in Washington state, has shut down all schools and canceled school activities after its technology systems were compromised in a cyberattack. [...]
A privacy flaw in WhatsApp, an instant messenger with over 2 billion users worldwide, is being exploited by attackers to bypass the app's "View once" feature and view messages again. [...]
'Insider wrongdoing' to blame for the breach Avis Rent A Car System has alerted 299,006 customers across multiple US states that their personal information was stolen in an August data breach.... [...]
Criminals with plenty of time on their hands may now have credit card details Around 1.7 million people will receive a letter from Florida-based Slim CD, if they haven't already, after the company detected an intrusion dating back nearly a year.... [...]
Watch this webinar for tips on enhancing resilience with advanced protection strategies Webinar As cyberattacks like ransomware and malware grow more sophisticated, organizations need to ensure their enterprise storage systems are robust and resilient.... [...]
Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. [...]
While not very sophisticated, brute force password attacks pose a significant threat to an organization's security. Learn more from Specops Software about these types of attacks and how to defend against them. [...]
The latest of many attempts to stifle perceived threats to Putin's regime A pro-democracy NGO in Russia says it looks like the Kremlin-linked COLDRIVER group was behind last month's hack-and-leak job that saw files and inboxes dumped online.... [...]
In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance Requests (TARs …
Understanding new NIS2, DORA, and Tiber-EU legislation is essential to improving IT security, explains SANS Webinar As cybersecurity regulations tighten, organisations face new challenges that require more than just compliance checklists.... [...]
Plus: Trump family X accounts hijacked to promote crypto scam; Fog ransomware spreads; Hijacked PyPI packages; and more Infosec in brief After activating its chameleon field and going to ground following press attention earlier this year, the dangerous Predator commercial spyware kit is back – with upgrades.... [...]
Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device. [...]
A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. [...]