Five current and former employees file formal charges with US employment watchdog Exclusive Kyndryl, the IT services firm spun out of IBM, has been accused by multiple employees within its CISO Defense security group of discrimination on the basis of age, race, and disability, in both internal complaints and …
No word on how this backdoor was installed: A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software …
More cybercrime means more problems as understaffed teams stretched to the limit Managed Service Partners (MSPs) say cybersecurity dwarfs all other main concerns about staying competitive in today's market.... [...]
Requests for pricing will soon be encrypted, after implementation deadline was extended India's Bombay Stock Exchange (BSE) has told market participants they need to adopt encryption – which, shockingly, isn't already implemented – for certain messages sent to its trading platforms when using its Enhanced Trading Interface (ETI).... [...]
The notorious ShinyHunters collective is claiming hack of personal details of 560 million global customers Follow our Australia news live blog for latest updates Get our morning and afternoon news emails, free app or daily news podcast Ticketmaster is yet to confirm whether it has experienced a major data …
DoJ says 911 S5 crew earned $100M from 19 million PCs pwned by fake VPNs US authorities have arrested the alleged administrator of what FBI director Christopher Wray has described as "likely the world's largest botnet ever," comprising 19 million compromised Windows machines used by its operators to reap …
All that data allegedly going for a song on revived BreachForums Updated Ticketmaster is believed to have had its IT breached by cybercriminals who claim to have stolen 1.3TB of data on 560 million of the corporation's customers – and are now selling all that info for $500,000 …
A data perimeter on Amazon Web Services (AWS) is a set of preventive controls you can use to help establish a boundary around your data in AWS Organizations. This boundary helps ensure that your data can be accessed only by trusted identities from within networks you expect and that …
Think this is bad? See what Big Media wants to do to us, warns founder Updated The Internet Archive has been under a distributed-denial-of-service (DDoS) attack since Sunday, and is trying to keep services going.... [...]
The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called “likely the world’s largest botnet ever.” The arrest coincided with the seizure of the 911 …
Amazon Web Services (AWS) is pleased to announce the successful renewal of the United Kingdom Cyber Essentials Plus certification. The Cyber Essentials Plus certificate is valid for one year until March 22, 2025. Cyber Essentials Plus is a UK Government–backed, industry-supported certification scheme intended to help organizations demonstrate …
Enlarge (credit: Flavio Coelho/Getty Images) Two years ago when “Michael,” an owner of cryptocurrency, contacted Joe Grand to help recover access to about $2 million worth of bitcoin he stored in encrypted format on his computer, Grand turned him down. Michael, who is based in Europe and asked …
RSA Conference 2024 drew 650 speakers, 600 exhibitors, and thousands of security practitioners from across the globe to the Moscone Center in San Francisco, California from May 6 through 9. The keynote lineup was diverse, with 33 presentations featuring speakers ranging from WarGames actor Matthew Broderick, to public and …
Microsoft says Kim’s hermit nation is pivoting to latest tools as it evolves in cyberspace A brand-new cybercrime group that Microsoft ties to North Korea is tricking targets using fake job opportunities to launch malware and ransomware, all for financial gain.... [...]
Brian Krebs reports on research into geolocating routers: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geolocate devices. Researchers from the University of Maryland say they relied on publicly available data …
Enlarge (credit: Getty Images) The US Treasury Department has sanctioned three Chinese nationals for their involvement in a VPN-powered botnet with more than 19 million residential IP addresses they rented out to cybercriminals to obfuscate their illegal activities, including COVID-19 aid scams and bomb threats. The criminal enterprise, the …
Theft happened in October, only now are details coming to light Sav-Rx has started notifying about 2.8 million people that their personal information was likely stolen during an IT intrusion that happened more than seven months ago.... [...]
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of …
Website whack-a-mole getting worse BreachForums is back online just weeks after the notorious dark-web marketplace for stolen data was seized by law enforcement.... [...]
One tricky cluster is causing outrage among longstanding customers Over a month after an April datacenter upgrade coincided with problems with some of its customers' backups, secure storage biz SpiderOak still isn't fully operational, and some angry users say they're ready to cut ties.... [...]
This blog post is the first of a two-part series that will demonstrate the value of Amazon Security Lake and how you can use it and other resources to accelerate your incident response (IR) capabilities. Security Lake is a purpose-built data lake that centrally stores your security logs in …
Centuries-old institution dodges questions on how it happened as ransomware gang claims credit International auctioning giant Christie's has confirmed data was stolen during an online attack after a top-three ransomware group claimed credit.... [...]
A full conference pass is $1,099. Register today with the code flashsale150 to receive a limited time $150 discount, while supplies last. We’re counting down to AWS re:Inforce, our annual cloud security event! We are thrilled to invite security enthusiasts and builders to join us in …
Quantum computers are probably coming, though we don’t know when—and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The National Institute for Standards and Technology (NIST …
In evolving smarter security, open source is the missing link Opinion Some ideas work better than others. Take DARPA, the US Defense Advanced Research Projects Agency. Launched by US President Dwight Eisenhower in 1957 response to Sputnik, its job is to create and test concepts that may be useful …
Former Pentagon deputy CIO Rob Carey tells us guardrails should steer Feds away from bad ML Interview President Biden's October executive order encouraging the safe use of AI included a ton of requirements for federal government agencies that are developing and deploying machine learning technologies.... [...]
Plus: US water systems fail at cyber security Infosec in brief More than a dozen big pharmaceutical suppliers have begun notifying people that their medical records were stolen when US drug wholesaler Cencora was breached in February.... [...]
FCC wants to hit this political genius with first-of-a-kind punishment The political consultant who admitted paying $150 to create a deepfake anti-Biden robocall has been indicted on charges of felony voter suppression and misdemeanor impersonation of a candidate.... [...]
But criminals posing as Microsoft workers scored the most ill-gotten gains The Federal Trade Commission (FTC) has shared data on the most impersonated companies in 2023, which include Best Buy, Amazon, and PayPal in the top three.... [...]
Enlarge (credit: Getty Images ) A previously unknown piece of ransomware, dubbed ShrinkLocker, encrypts victim data using the BitLocker feature built into the Windows operating system. BitLocker is a full-volume encryptor that debuted in 2007 with the release of Windows Vista. Users employ it to encrypt entire hard drives to …
Fantastic footage of a Dana squid attacking a camera at a depth of about a kilometer. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. [...]
An open and shut case, but the perps remain at large – whoever they are Justice is served... or should that be saved now that audio-visual software deployed in more than 10,000 courtrooms is once again secure after researchers uncovered evidence that it had been backdoored for weeks.... [...]
Google Cloud's commitment to empower federal agencies with advanced technology reached a significant milestone this week with the addition of more than 100 new FedRAMP High authorized cloud services. Customers in the U.S. government and commercial organizations supplying the U.S. government can now use popular Google Cloud …
A Google Cloud incident earlier this month impacted our customer, UniSuper, in Australia. While our first priority was to work with our customer to get them fully operational, soon after the incident started, we publicly acknowledged the incident in a joint statement with the customer. With our customer’s …
New paper: “ Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market “: Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so …
We know IT admins have busy schedules but c'mon An improper access control bug in Apache Flink that was fixed in January 2021 has been added to the US government's Known Exploited Vulnerabilities Catalog, meaning criminals are right now abusing the flaw in the wild to compromise targets.... [...]
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation …
Enlarge (credit: JAVS) A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer …
ShrinkLocker throws steel and vaccine makers into the hurt locker Updated Yet more ransomware is using Microsoft BitLocker to encrypt corporate files, steal the decryption key, and then extort a payment from victim organizations, according to Kaspersky.... [...]
Mandiant CTO chats to The Reg about the looming fate of this ransomware crew Interview The cyberattacks against Las Vegas casinos over the summer put a big target on the backs of prime suspects Scattered Spider, according to Mandiant CTO Charles Carmakal.... [...]
Current approaches aren't working and demonize security teams A Google security bigwig has had enough of federally mandated phishing tests, saying they make colleagues hate IT teams for no added benefit.... [...]
Enlarge For more than four days, a server at the very core of the Internet’s domain name system was out of sync with its 12 root server peers due to an unexplained glitch that could have caused stability and security problems worldwide. This server, maintained by Internet carrier …
It's still a rough one, so patch up Veeam says the recent critical vulnerability in its Backup Enterprise Manager (VBEM) can't be used by cybercriminals to delete an organization's backups.... [...]
Wait, why do you want this job again? Chief information security officers around the globe "are nervously looking over the horizon," according to a survey of 1,600 CISOs that found more than two thirds (70 percent) worry their organization is at risk of a material cyber attack over …
Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called “Recall” for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records …
Massive discount applied to save cop shop’s helicopter budget Following a data leak that brought "tangible fear of threat to life", the UK's data protection watchdog says it intends to fine the Police Service of Northern Ireland (PSNI) £750,000 ($955,798).... [...]
SpaceX is smart on this, Cupertino and GL.iNet not so much In-depth Academics have shown how Apple's Wi-Fi Positioning System (WPS) can be abused to create a global privacy nightmare.... [...]
You shouldn't – Indian infosec researchers warn you'll get random junk instead Indian infosec firm CloudSEK warned on Wednesday that scammers are selling counterfeit code advertised as the NSO Group's notorious Pegasus spyware.... [...]
Unfading Sea Haze adept at staying under the radar Bitdefender says it has tracked down and exposed an online gang that has been operating since 2018 nearly without a trace – and likely working for Chinese interests.... [...]
Vague ML definitions subject to change – yeah, great The House Foreign Affairs Committee voted Wednesday to advance a law bill expanding the White House's authority to police exports of AI systems – including models said to pose a national security threat to the United States.... [...]