Starting today, millions living in the UK will receive email invitations to sign up for an e-visa account that will replace their physical immigration documents like Biometric Residence Permits (BRPs). The move is, according to the Home Office, "a key step in creating a modernised and digital border." [...]
Just doesn't believe it will sort out the mess that saw data leak from LINE messaging app Japan's government has considered the proposed security improvements developed by Yahoo !, found them wanting, and ordered the onetime web giant to take new measures.... [...]
Also warns of brute force attacks targeting its own VPNs, Check Point, Fortinet, SonicWall and more Cisco is fighting fires on a couple cybersecurity fronts this week involving its Duo multi-factor authentication (MFA) service and its remote-access VPN services.... [...]
Criminals are now texting T-Mobile and Verizon employees on their personal and work phones, trying to tempt them with cash to perform SIM swaps. [...]
The U.S. Federal Trade Commission has reached a settlement with telehealth firm Cerebral in which the company will pay $7,000,000 over allegations of mishandling people's sensitive health data. [...]
Enlarge (credit: Matejmo | Getty Images) Cisco’s Talos security team is warning of a large-scale credential compromise campaign that’s indiscriminately assailing networks with login attempts aimed at gaining unauthorized access to VPN, SSH, and web application accounts. The login attempts use both generic usernames and valid usernames targeted …
What a twist! MGM Resorts wants the FTC to halt a probe into last year's ransomware infection at the mega casino chain – because the watchdog's boss Lina Khan was a guest at one of its hotels during the cyberattack, apparently.... [...]
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. [...]
Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. [...]
No prizes for guessing the victims A Nebraska man will appear in court today to face charges related to allegations that he defrauded cloud service providers of more than $3.5 million in a long-running cryptojacking scheme.... [...]
Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide. [...]
No breach responsible for employee contact info getting out, says T-Mo T-Mobile US employees say they are being sent text messages that offer them cash to perform illegal SIM swaps for supposed criminals.... [...]
A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation. [...]
UnitedHealth Group reported an $872 million impact on its Q1 earnings due to the ransomware attack disrupting the U.S. healthcare system since February. [...]
Social engineering patterns spotted across range of popular projects Open source groups are warning the community about a wave of ongoing attacks targeting project maintainers similar to those that led to the recent attempted backdooring of a core Linux library.... [...]
There are things that you can do to make your web apps more resistant to social engineering. Learn more from Outpost24 on securing your web applications. [...]
Enlarge (credit: Joan Cros via Getty ) When Microsoft revealed in January that foreign government hackers had once again breached its systems, the news prompted another round of recriminations about the security posture of the world’s largest tech company. Despite the angst among policymakers, security experts, and competitors, Microsoft …
First glimpse at attack financials reveals huge pain UnitedHealth, parent company of ransomware-besieged Change Healthcare, says the total costs of tending to the February cyberattack for the first calendar quarter of 2024 currently stands at $872 million.... [...]
For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may …
Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL. So if …
$62 million settlement plan challenged over payments to progressive nonprofits Google's plan to pay $62 million to settle allegations that it tracked people even when their Location History setting was switched off may have to be renegotiated based on several objections.... [...]
Hard-coded credentials last thing you want in home security app Some smart locks controlled by Chirp Systems' software can be remotely unlocked by strangers thanks to a critical security vulnerability.... [...]
The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. [...]
A new campaign conducted by the TA558 hacking group is concealing malicious code inside images using steganography to deliver various malware tools onto targeted systems. [...]
Enlarge (credit: Getty Images) Federal prosecutors indicted a Nebraska man on charges he perpetrated a cryptojacking scheme that defrauded two cloud providers—one based in Seattle and the other in Redmond, Washington—out of $3.5 million. The indictment, filed in US District Court for the Eastern District of …
Microsoft has announced plans to fight spam by imposing a daily Exchange Online bulk email limit of 2,000 external recipients starting January 2025. [...]
The U.S. Department of Justice has announced the arrest and indictment of Charles O. Parks III, known as "CP3O," for allegedly renting large numbers of cloud servers to conduct crypto mining and then skipping out on paying the bills. [...]
Japanese | Korean | Spanish We continue to listen to our customers, regulators, and stakeholders to understand their needs regarding audit, assurance, certification, and attestation programs at Amazon Web Services (AWS). We are pleased to announce that for the first time an AWS System and Organization Controls (SOC) 1 report is …
Dutch chipmaker Nexperia confirmed late last week that hackers breached its network in March 2024 after a ransomware gang leaked samples of allegedly stolen data. [...]
Streamer says access came via credential stuffing Streaming giant Roku is making 2FA mandatory after attackers accessed around 591,000 customer accounts earlier this year.... [...]
The Daixin Team ransomware gang claimed a recent cyberattack on Omni Hotels & Resorts and is now threatening to publish customers' sensitive information if a ransom is not paid. [...]
Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication (MFA) messages in a cyberattack on their telephony provider. [...]
The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical …
Google Cloud is on a mission to help everyone build the skills they need for in-demand cloud jobs. Today, we're excited to announce new learning opportunities that will help you gain these in-demand skills through new courses and certificates in AI, data analytics, and cybersecurity. Even better, we’re …
Attackers could nab an org's most sensitive keys if left unaddressed Updated Customers of Delinea's Secret Server are being urged to upgrade their installations "immediately" after a researcher claimed a critical vulnerability could allow attackers to gain admin-level access.... [...]
In an ever-changing security landscape, teams must be able to quickly remediate security risks. Many organizations look for ways to automate the remediation of security findings that are currently handled manually. Amazon CodeWhisperer is an artificial intelligence (AI) coding companion that generates real-time, single-line or full-function code suggestions in …
Fears of low-cost invasion and data spies spark call for ban Electric vehicles may become a new front in America's tech war with China after a US senator called for Washington DC to block Chinese-made EVs to protect domestic industries and national security.... [...]
Palo Alto Networks has started releasing hotfixes for a zero-day vulnerability that has been actively exploited since March 26th to backdoor PAN-OS firewalls. [...]
A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer reviewed …
Enlarge / The Framework Laptop 13. (credit: Andrew Cunningham) Since Framework showed off its first prototypes in February 2021, we've generally been fans of the company's modular, repairable, upgradeable laptops. Not that the company's hardware releases to date have been perfect—each Framework Laptop 13 model has had quirks and …
The prima facie case for real-time threat intelligence Webinar Cybercriminals are always on the hunt for new ways to breach your privacy, and busy supply chains often look like a good way to get in under the wire.... [...]
PLUS: Chinese chipmaker Nexperia attacked; A Microsoft-signed backdoor; CISA starts scanning your malware; and more Infosec in brief US Congress nearly killed a reauthorization of FISA Section 702 last week over concerns that it would continue to allow warrantless surveillance of Americans, but an amendment to require a warrant …
OpenTable has reversed its decision to show members' first names and profile pictures in past anonymous reviews after receiving backlash from members who felt it was a breach of privacy. [...]
This is a current list of where and when I am scheduled to speak: I’m speaking twice at RSA Conference 2024 in San Francisco. I’ll be on a panel on software liability on May 6, 2024 at 8:30 AM, and I’m giving a keynote on …
Enlarge (credit: iStock / Getty Images Plus ) For months, Change Healthcare has faced an immensely messy ransomware debacle that has left hundreds of pharmacies and medical practices across the United States unable to process claims. Now, thanks to an apparent dispute within the ransomware criminal ecosystem, it may have just …
A joint police operation between the Australian Federal Police (AFP) and the FBI has led to the arrest and charging of two individuals who are believed to be behind the development and distribution of the "Firebird" remote access trojan (RAT), later rebranded as "Hive." [...]
Canadian retail chain Giant Tiger disclosed a data breach in March 2024. A threat actor has now publicly claimed responsibility for the data breach and leaked 2.8 million records on a hacker forum that they claim are of Giant Tiger customers. [...]
Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials. [...]
Royal Mail, the British postal and courier service began switching all snail mail stamps to barcoded stamps last year. The purpose of the barcode was to enhance security, deter stamp reuse, and possibly prevent forgeries—which it has failed to do. [...]
Out of the PAN-OS and into the firewall, a Python backdoor this way comes Palo Alto Networks on Friday issued a critical alert for an under-attack vulnerability in the PAN-OS software used in its firewall-slash-VPN products.... [...]