As organizations rush to adopt generative AI-driven chatbots and agents, it’s important to reduce the risk of exposure to threat actors who force AI models to create harmful content. We want to highlight two powerful capabilities of Vertex AI that can help manage this risk — content filters and …
Senator, Congressman tell DNI to threaten infosec agreements if Blighty won't back down US lawmakers want newly confirmed Director of National Intelligence Tulsi Gabbard to back up her tough talk on backdoors. They're urging her to push back on the UK government's reported order for Apple to weaken iCloud …
A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavors, has been observed using in a ransomware attack a toolset previously attributed to espionage actors. [...]
In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications …
Yet another cash grab from Kim's cronies and an intel update from Microsoft North Korea has changed tack: its latest campaign targets the NPM registry and owners of Exodus and Atomic cryptocurrency wallets.... [...]
There’s a growing collaboration between hacking groups engaging in espionage on behalf of nation-states and those seeking financial gains through ransomware and other forms of cybercrime, researchers noted this week. There has always been some level of overlap between these two groups, but it has become more pronounced …
Limited-edition hotfix to get wider release before end of month Administrators of Palo Alto Networks' firewalls have complained the equipment falls over unexpectedly, and while a fix has bee prepared, it's not yet generally available.... [...]
‘What are customers actually getting from resellers other than massive price markups?’ asks Troy Hunt Troy Hunt, proprietor of data breach lookup site Have I Been Pwned, is likely to ban resellers from the service.... [...]
FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff US authorities have labelled buffer overflow vulnerabilities "unforgivable defects”, pointed to the presence of the holes in products from the likes of Microsoft and VMware, and urged all software developers to …
De-dupes some roles, hints others aren't needed as the infosec scene shifts Nine days after completing its $859 million acquisition of managed detection and response provider Secureworks, Sophos has laid off around six percent of its staff.... [...]
Decentralized money lender zkLend suffered a breach where threat actors exploited a smart contract flaw to steal 3,600 Ethereum, worth $9.5 million at the time. [...]
Increased hacker activity has been observed in attempts to compromise poorly maintained devices that are vulnerable to older security issues from 2022 and 2023. [...]
GOP lawyer Sean Cairncross will be learning on the fly, as we also say hi to new intelligence boss Tulsi Gabbard President Trump has reportedly chosen a candidate for National Cyber Director — another top tech appointee with no professional experience in that role.... [...]
300+ US companies, 70+ individuals hit by the fraudsters An Arizona woman who created a "laptop farm" in her home to help fake IT workers pose as US-based employees has pleaded guilty in a scheme that generated over $17 million for herself... and North Korea.... [...]
Analysts tell El Reg why Russia's operators aren't that careful, and why North Korea wants money AND data Feature Ransomware gangsters and state-sponsored online spies fall on opposite ends of the cyber-crime spectrum.... [...]
A relatively new ransomware operation named 'Sarcoma' has claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan. [...]
February 12, 2025: This post was republished to include new services and features that have launched since the original publication date of June 11, 2020. Encryption is a critical component of a defense-in-depth security strategy that uses multiple defensive mechanisms to protect workloads, data, and assets. As organizations look …
North Korean state actor 'Kimsuky' (aka 'Emerald Sleet' or 'Velvet Chollima') has been observed using a new tactic inspired from the now widespread ClickFix campaigns. [...]
Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems. [...]
'Near-global' initial access campaign active since 2021 An initial-access subgroup of Russia's Sandworm last year wriggled its way into networks within the US, UK, Canada and Australia, stealing credentials and data from "a limited number of organizations," according to Microsoft.... [...]
A subgroup of the Russian state-sponsored hacking group APT44, also known as 'Seashell Blizzard' and 'Sandworm', has been targeting critical organizations and governments in a multi-year campaign dubbed 'BadPilot.' [...]
Google Cloud Next 2025 is coming up fast, and it's shaping up to be a must-attend event for the cybersecurity community and anyone passionate about learning more about the threat landscape. We're going to offer an immersive experience packed with opportunities to connect with experts, explore innovative technologies, and …
Cloud-based RDP Remote Desktop Protocol solutions offer a centralized dashboard to manage user access, security policies, and monitor usage from one location. Learn more from TruGrid about how their SecureRDP platform provides a secure, scalable, and cost-efficient alternative to VPN-based RDP implementations. [...]
Only lawmakers can stop them. Plus: software needs to be more secure, but what's in it for us? Google says the the world's lawmakers must take action against the increasing links between criminal and state-sponsored cyber activity.... [...]
Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize that they have been abandoned, and still ping them …
Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously. [...]
Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name …
Don't relax just yet: Redmond has made some certificate-handling changes that could trip unprepared admins Patch Tuesday Microsoft’s February patch collection is mercifully smaller than January’s mega-dump. But don't get too relaxed – some deserve close attention, and other vendors have stepped in with plenty more fixes.... [...]
Numerous systemic vulnerabilities could scuttle $5.4T industry Despite the escalating cyber threats targeting America's maritime transportation system, the US Coast Guard still lacks a comprehensive strategy to secure this critical infrastructure - nor does it have reliable access to data on cybersecurity vulnerabilities and past attacks, the Government Accountability …
Which is why Cisco is adding these Pensando DPUs to more switches Cisco is cramming into more of its switches Pensando data processing units (DPUs) from AMD, which will be dedicated to handling security, storage, and other tasks.... [...]
Rustaceans could just wait for unwelcoming C coders to slowly SIGQUIT... The Rust for Linux project is alive and well, despite suggestions to the contrary, even if not every Linux kernel maintainer is an ally.... [...]
In the nascent field of AI hacking, indirect prompt injection has become a basic building block for inducing chatbots to exfiltrate sensitive data or perform other malicious actions. Developers of platforms such as Google's Gemini and OpenAI's ChatGPT are generally good at plugging these security holes, but hackers keep …
These crooks have no chill A previously unknown gang dubbed Triplestrength poses a triple threat to organizations: It infects victims' computers with ransomware, then hijacks their cloud accounts to illegally mine for cryptocurrency.... [...]
Today is Microsoft's February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks. [...]
Fortinet has disclosed a second authentication bypass vulnerability that was fixed as part of a January 2025 update for FortiOS and FortiProxy devices. [...]
Huge if true: Brit Foreign Sec says Putin running a 'corrupt mafia state' One of the bulletproof hosting (BPH) providers used by the LockBit ransomware operation has been hit with sanctions in the US, UK, and Australia (AUKUS), along with six of its key allies.... [...]
Generative AI applications often involve a combination of various services and features—such as Amazon Bedrock and large language models (LLMs)—to generate content and to access potentially confidential data. This combination requires strong identity and access management controls and is special in the sense that those controls need …
The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. [...]
Said to have asked search engine 'What are some signs that the FBI is after you?' An Alabama man is pleading guilty after being charged with SIM swapping the Securities and Exchange Commission's (SEC) X account in January last year.... [...]
Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that allows bypassing the authentication mechanism in certain versions of the SonicOS SSLVPN application. [...]
The U.S. Justice Department announced the names of two Phobos ransomware affiliates arrested yesterday in Thailand, charging them on 11 counts due to their involvement in more than a thousand cyberattacks. [...]
The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang. [...]
Remote position, webcam not working, then glitchy AI face... Red alert! Twice, over the past two months, Dawid Moczadło has interviewed purported job seekers only to discover that these "software developers" were scammers using AI-based tools — likely to get hired at a security company also using artificial intelligence, and …
Really good—and detailed— survey of Trusted Encryption Environments (TEEs.) [...]
Really good—and detailed— survey of Trusted Execution Environments (TEEs.) [...]
Cupertino mostly uses bland language when talking security, so this sounds nasty Apple has warned that some iPhones and iPads may have been targeted by an “extremely sophisticated attack” and has posted patches that hopefully prevent it.... [...]
Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. [...]
Dark web site seized, four cuffed in Thailand An international police operation spanning the US, Europe, and Asia has shuttered the 8Base ransomware crew's dark web presence and resulted in the arrest of four European suspects accused of stealing $16 million from more than 1,000 victims worldwide.... [...]
In 2021, Amazon Web Services (AWS) introduced the AWS Secrets and Configuration Provider (ASCP) for the Kubernetes Secrets Store Container Storage Interface (CSI) Driver, offering a reliable way to manage secrets in Amazon Elastic Kubernetes Service (Amazon EKS). Today, we’re excited to announce the integration of ASCP with …
Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and "extremely sophisticated" attacks. [...]