Ignored infosec rules, exfiltrated data... then the mysterious login attempts from a Russian IP address began – claim Democratic lawmakers are calling for an investigation after a tech staffer at the US National Labor Relations Board (NLRB) blew the whistle on the cost-trimming DOGE's activities at the employment watchdog – which …
Posted by Mateusz Jurczyk, Google Project Zero Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles …
Microsoft rewards those who patch early with bricks hurled through its operating system Keeping with its rich history of updates that break Windows in unexpected ways, Microsoft has warned that two recent patches for Windows 11 24H2 are triggering blue screen crashes.... [...]
Extraordinary rendition of data, or just dropped it out of a helicopter? CIA Director John Ratcliffe's smartphone has almost no trace left of the infamous Signalgate chat – the one in which he and other top US national security officials discussed a secret upcoming military operation in a group Signal …
Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. [...]
From noise to clarity: Why CISOs are shifting to adversarial exposure validation Partner content A vast majority of security teams are overwhelmed by the large number of security alerts and vulnerabilities.... [...]
Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones. [...]
Uncertainty is the new certainty In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) program.... [...]
Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal …
DPP Law is appealing against data watchdog's conclusions A law firm is appealing against a £60,000 fine from the UK's data watchdog after 32 GB of personal information was stolen from its systems.... [...]
Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Jira, Jira Service Management, Jira Work Management and Jira Product Discovery are among the impacted products. [...]
Your dashboards say you're secure—but 41% of threats still get through. Picus Security's Adversarial Exposure Validation uncovers what your stack is missing with continuous attack simulations and automated pentesting. [...]
CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. [...]
Vintage phishing varietal has improved with age Russia never stops using proven tactics, and its Cozy Bear, aka APT 29, cyber-spies are once again trying to lure European diplomats into downloading malware with a phony invitation to a lux event.... [...]
It involves a number close to three or six depending on the pickle you're in Ransomware operators jack up their ransom demands by a factor of 2.8x if they detect a victim has cyber-insurance, a study highlighted by the Netherlands government has confirmed.... [...]
MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. [...]
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program …
Because vulnerability management has nothing to do with national security, right? US government funding for the world's CVE program – the centralized Common Vulnerabilities and Exposures database of product security flaws – ends Wednesday.... [...]
Because vulnerability management has nothing to do with national security, right? Updated US government funding for the world's CVE program – the centralized Common Vulnerabilities and Exposures database of product security flaws – ends Wednesday.... [...]
800K? Make that double, and we'll need a double, too, for the pain A Texas firm that provides backend IT and other services for American insurers has admitted twice as many people had their info stolen from it than previously disclosed.... [...]
Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. [...]
Source code, moderator info, IP addresses, more allegedly swiped and leaked Thousands of 4chan users reported outages Monday night amid rumors on social media that the edgy anonymous imageboard had been ransacked by an intruder, with someone on a rival forum claiming to have leaked its source code, moderator …
Landmark Admin has issued an update to its investigation of a cyberattack it suffered in May 2024, increasing the number of impacted individuals to 1.6 million. [...]
OpenID Foundation’s AuthZEN Working Group is currently drafting a new specification (version 1.0, draft 03 at the time of publication) and associated standard mechanisms, protocols, and formats to communicate authorization-related information between components involved in access control and authorization. Today, we’re publishing an open-source reference implementation …
4chan, a notorious online forum, was taken offline earlier today after what appears to be a significant hack and has since been loading intermittently. [...]
Beijing claims NSA went for gold in offensive cyber, got caught in the act China's state-run press has taken its turn in trying to highlight alleged foreign cyber offensives, accusing the US National Security Agency of targeting the 2025 Asian Winter Games.... [...]
Login green-lit for lone staffer if he’s trained, papered up, won’t pull an Elez A federal judge has partly lifted an injunction against Elon Musk's Trump-blessed cost-trimming DOGE unit, allowing one staff member to access sensitive US Treasury payment systems. This access includes personally identifiable financial information …
Microsoft announced it will begin disabling all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 applications later this month. [...]
As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course. [...]
Let the espionage and access resale campaigns begin (again) A cyberspy crew or individual with ties to China's Ministry of State Security has infected global organizations with a remote access trojan (RAT) that's "even better" than Cobalt Strike, using this stealthy backdoor to enable its espionage and access resale …
Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state. [...]
Stopping users shooting themselves in the foot with last century's tech Microsoft has twisted the knife into ActiveX once again, setting Microsoft 365 to disable all controls without so much as a prompt.... [...]
Car hire biz takes your privacy seriously, though Car hire giant Hertz has confirmed that customer information was stolen during the zero-day data raids on Cleo file transfer products last year.... [...]
That would put America on the same level as China for espionage The European Commission is giving staffers visiting the US on official business burner laptops and phones to avoid espionage attempts, according to the Financial Times.... [...]
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security …
Copilot vibe coding for OS development? Why not Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured – it's perfectly benign. In fact, it's recommended you leave the directory there.... [...]
Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. [...]
IT admins, get ready to grumble CA/Browser Forum – a central body of web browser makers, security certificate issuers, and friends – has voted to cut the maximum lifespan of new SSL/TLS certs to just 47 days by March 15, 2029.... [...]
American business services giant and government contractor Conduent disclosed today that client data was stolen in a January 2025 cyberattack. [...]
Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on hacking forums to to spy on cybercriminals. [...]
What's the goal here, Homeland Insecurity or something? As drastic cuts to the US govt's Cybersecurity and Infrastructure Security Agency loom, Rep Eric Swalwell (D-CA), the ranking member of the House's cybersecurity subcommittee, has demanded that CISA brief the subcommittee "prior to any significant changes to CISA's workforce or …
The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. [...]
A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. [...]
This is a current list of where and when I am scheduled to speak: I’m giving an online talk on AI and trust for the Weizenbaum Institute on April 24, 2025 at 2:00 PM CEST (8:00 AM ET). The list is maintained on this page. [...]
Last week at Google Cloud Next 25, we announced Cloud WAN, a fully managed, reliable, and secure solution for enterprise wide area network (WAN) architectures that’s built on Google’s planet-scale network. Today, we begin a series of deep dives into the products that power Cloud WAN, starting …
Kidney dialysis firm DaVita disclosed Monday it suffered a weekend ransomware attack that encrypted parts of its network and impacted some of its operations. [...]
Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle. [...]
The Wall Street Journal has the story : Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate. The Chinese …
UK holds onto oversight by a whisker, but it's utterly barefaced on the other side of the pond Opinion The UK government's attempts to worm into Apple's core end-to-end encryption were set back last week when the country's Home Office failed in its bid to keep them secret on …
Brit retailer says troubled breakup with tech platform of former US owner nearing conclusion Two of the top team behind Asda's £1 billion ($1.31 billion) tech divorce from US retail giant Walmart — which has seen a number of setbacks — are departing the company.... [...]