A hacker has breached Mobile Guardian, a digital classroom management platform used worldwide, and remotely wiped data from at least 13,000 student's iPads and Chromebooks. [...]
Stolen credentials are a big problem, commonly used to breach networks in attacks. Learn more from Specops Software about checking the password hygiene of your Active Directory. [...]
This blog post demonstrates how to use Amazon Bedrock with a detailed security plan to deploy a safe and responsible chatbot application. In this post, we identify common security risks and anti-patterns that can arise when exposing a large language model (LLM) in an application. Amazon Bedrock is built …
That one weird thing in Outlook that gives phishers and scammers an in to an inbox Users are urging Microsoft to rethink how it shows sender email addresses in Outlook because phishing criminals are taking advantage, using helpful, friendly names to serve up emails loaded with malicious intent.... [...]
When an airplane crashes, impartial investigatory bodies leap into action, empowered by law to unearth what happened and why. But there is no such empowered and impartial body to investigate CrowdStrike’s faulty update that recently unfolded, ensnarling banks, airlines, and emergency services to the tune of billions of …
Proton VPN has announced a series of updates to its Windows and Android apps to help users combat censorship, circumvent blocks, and protect themselves from authoritarian governments due to using forbidden tools. [...]
Chap named 'Roman Boss' accused of being just that at a cryptocash laundering outfit Users of Cryptonator – an online digital wallet and cryptocurrency exchange – received an unpleasant surprise last weekend after the service was shuttered in a combined operation run by the FBI, the US Internal Revenue Service (IRS …
Singapore Ministry of Education orders software removed after string of snafus UK-based mobile device management vendor Mobile Guardian has admitted that on August 4 it suffered a security incident that involved unauthorized access to iOS and ChromeOS devices managed by its tools, which are currently unavailable. In Singapore, the …
Some scowl, some smile, as fines no longer apply every time your mugshot or fingerprint is shared The US state of Illinois has reduced penalties for breaches of its tough Biometric Information Privacy Act (BIPA).... [...]
Smile for the camera to get in, or buy a beer without lining up The National Football League and all 32 of its teams will use tech from facial recognition software vendor Wicket to verify the identity of thousands of staff, media and fans as part of its credentialing …
Enlarge (credit: Marco Verch Professional Photographer and Speaker ) Hackers delivered malware to Windows and Mac users by compromising their Internet service provider and then tampering with software updates delivered over unsecure connections, researchers said. The attack, researchers from security firm Volexity said, worked by hacking routers or similar types …
Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. [...]
The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. [...]
The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices. [...]
A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. Security experts say the Dark Angels have been around since 2021, but the group doesn’t get …
A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. [...]
Background check biz accused of negligence A lawsuit has accused a Florida data broker of carelessly failing to secure billions of records of people's private information, which was subsequently stolen from the biz and sold on an online criminal marketplace.... [...]
South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. [...]
Electronic manufacturing services provider Keytronic has revealed that it suffered losses of over $17 million due to a May ransomware attack. [...]
Amazon Cognito is a customer identity and access management (CIAM) service that can scale to millions of users. Although the Cognito documentation details which multi-tenancy models are available, determining when to use each model can sometimes be challenging. In this blog post, we’ll provide guidance on when to …
A previously undocumented Android malware named 'LightSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. [...]
Watch this video to learn how Palo Alto Networks is using GenAI to automate and simplify cybersecurity Sponsored Post Cyber security is complex right, particularly when you're tyring to monitor and configure multiple tools across a host of different on- and off-premise IT environments?... [...]
Malware logs users' keystrokes, pilfers credentials, exfiltrates data Criminals are preying on Windows users yet again, this time in an effort to hit them with a keylogger that can also steal credentials and take screenshots.... [...]
There is only a few days left to get $300 off the standard conference price at mWISE. Learn more from mWise 2024 about how to get the discount and the upcoming cybersecurity sessions. [...]
Threat intelligence that can fend off security threats before they happen requires not just smarts, but the speed and worldwide scale that only AWS can offer. Organizations around the world trust Amazon Web Services (AWS) with their most sensitive data. One of the ways we help secure data on …
Vendor plans to aggressively defend its case before listing catalog of shortcomings at the airline CrowdStrike says it is "highly disappointed" and rejects the claims made by Delta and its lawyers that the vendor exhibited gross negligence in the events that led to the global IT outage a little …
Ford has a new patent application for a system where cars monitor each other’s speeds, and then report then to some central authority. Slashdot thread. [...]
Eighty-one apps signed up to pilot facial recognition and real name ID system Chinese app developers have signed up to beta test a national cyberspace ID system that will use facial recognition technology and the real names of users, according to Chinese media.... [...]
Plus: CISA's AI hire; and claimed Canuck SIM swappers busted Infosec in brief Scammers have been using Google's own ad system to fool people into downloading a borked copy of the Chocolate Factory's Authenticator software.... [...]
[...]
A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers. [...]
A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. [...]
Paul Givan says details of 407 people mistakenly sent out included names, addresses and personal comments The education minister in Northern Ireland has “unreservedly” apologised after the personal details of more than 400 people who had offered to contribute to a review of special education needs were breached. The …
Who wants to make a TRACTOR pull request? To accelerate the transition to memory safe programming languages, the US Defense Advanced Research Projects Agency (DARPA) is driving the development of TRACTOR, a programmatic code conversion vehicle.... [...]
A newly discovered parasite that attacks squid eggs has been treated. Blog moderation policy. [...]
The U.S. Department of Justice has filed a lawsuit against social media platform TikTok and its parent company, ByteDance, alleging widespread violations of children's privacy laws. [...]
A Facebook malvertising campaign targets users searching for AI image editing tools and steals their credentials by tricking them into installing fake apps that mimic legitimate software. [...]
U.S. and German law enforcement seized the domain of the crypto wallet platform Cryptonator, used by ransomware gangs, darknet marketplaces, and other illicit services, and indicted its operator. [...]
WeRedEvils alleges successful attack on infrastructure, including data theft Israel-based hacktivists are taking credit for an ongoing internet outage in Iran.... [...]
Privacy-focused search engine DuckDuckGo has been blocked in Indonesia by its government after citizens reportedly complained about pornographic and online gambling content in its search results. [...]
Hear how AI runtime security secures applications in the complete journey from design to build to run Sponsored Post Ensuring access to mission critical, AI-enabled applications is important for modern businesses keen on boosting employee productivity and transforming customer operations. But not if it compromises data security.... [...]
Amazon Web Services (AWS) is pleased to announce the completion of our annual Outsourced Service Provider’s Audit Report (OSPAR) audit cycle on July 1, 2024. The 2024 OSPAR certification cycle includes the addition of 10 new services in scope, bringing the total number of services in scope to …
They say crime doesn't pay. They're right – it's the victims doing the paying An unnamed Fortune 50 corporation paid a stonking $75 million to a ransomware gang to stop it leaking terabytes of stolen data.... [...]
Here’s a disaster that didn’t happen : Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation …
Work aims to build on the success of NCSC's 2016 initiative – and private sector will play a part The UK's National Cyber Security Centre (NCSC) says it's in the planning stages of bringing a new suite of services to its existing Active Cyber Defence (ACD) program.... [...]
Suspected devs behind Russian Coms cuffed – now to find the users of the nastyware The UK's National Crime Agency (NCA) has shut down an outfit called Russian Coms – a call-spoofing service believed to have swindled hundreds of thousands of victims.... [...]
First delays, then data leaks – now fraud detection needed at point of use The Japanese government has released details of of an app that verifies the legitimacy of its troubled My Number Card – a national identity document.... [...]
SMS OTPs are overused, so bring on the tokens and biometrics India's central bank on Wednesday proposed a requirement for dynamically generated second authentication factors for most digital payments.... [...]
Techno-crooks greeted by grinning Putin after landing At least two Russian cybercriminals are among those being returned to their motherland as part of a multinational prisoner exchange deal announced Thursday.... [...]
Twenty-four prisoners were freed today in an international prisoner swap between Russia and Western countries. Among the eight Russians repatriated were several convicted cybercriminals. In return, Russia has reportedly released 16 prisoners, including Wall Street Journal reporter Evan Gershkovich and ex-U.S. Marine Paul Whelan. Among the more notable …