Blighty’s latest stab at encryption? A secret order to pry open iCloud, sources claim The UK's Home Office refuses to either confirm or deny reports that it recently ordered Apple to create a backdoor allowing the government to access any user's cloud data.... [...]
Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. [...]
An attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour. [...]
Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more than 242,000 …
Microsoft has shared a workaround for users affected by a known issue that blocks Windows security updates from deploying on some Windows 11 24H2 systems. [...]
Freshly minted organization aims to take the guesswork out of incident severity for insurers and policy holders A world-first organization assembled to categorize the severity of cybersecurity incidents is up and running in the UK following a year-long incubation period.... [...]
OCR plugin great for extracting crypto-wallet secrets from galleries Kaspersky eggheads say they’ve spotted the first app containing hidden optical character recognition spyware in Apple’s App Store. Cunningly, the software nasty is designed to steal cryptocurrency.... [...]
35% drop in payments across the year as your backups got better and law enforcement made a difference Ransomware extortion payments fell in 2024, according to blockchain analyst biz Chainalysis this week.... [...]
Amazon Web Services (AWS) is pleased to announce the issuance of the Criteria to Assess the Information Security of Cloud Services (PiTuKri) Type II attestation report with 179 services in scope. The Finnish Transport and Communications Agency (Traficom) Cyber Security Centre published PiTuKri, which consists of 52 criteria that …
Amazon Web Services (AWS) is pleased to announce the issuance of the Swiss Financial Market Supervisory Authority (FINMA) Type II attestation report with 179 services in scope. The Swiss Financial Market Supervisory Authority (FINMA) has published several requirements and guidelines about engaging with outsourced services for the regulated financial …
Fourth time’s the harm? Gravy Analytics has been sued yet again for allegedly failing to safeguard its vast stores of personal data, which are now feared stolen. And by personal data we mean information including the locations of tens of millions of smartphones, coordinates of which were ultimately …
A little over two weeks ago, a largely unknown China-based company named DeepSeek stunned the AI world with the release of an open source AI chatbot that had simulated reasoning capabilities that were largely on par with those from market leader OpenAI. Within days, the DeepSeek AI assistant app …
New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending …
Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. [...]
Lawsuit: 'Scale of intrusion into individuals' privacy is massive and unprecedented' Updated Elon Musk's Department of Government Efficiency has had its access to US Treasury payment systems restricted - at least temporarily - following a lawsuit from advocacy groups and unions.... [...]
The North Korean hacking group known as Kimsuky was observed in recent attacks using a custom-built RDP Wrapper and proxy tools to directly access infected machines. [...]
Are cybersecurity roles included? Are Elon's enforcers vetted? Inquiring minds want to know Updated Elected officials are demanding answers as to whether the Trump administration and Elon Musk's Department of Government Efficiency (DOGE) are hamstringing US national security.... [...]
CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability. [...]
Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. [...]
Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root. [...]
An ongoing distributed denial of service (DDoS) attack targets Bohemia Interactive's infrastructure, preventing players of DayZ and Arma Reforger from playing the games online. [...]
British-based engineering firm IMI plc has disclosed a security breach after unknown attackers hacked into the company's systems. [...]
For much of the past year, the trail of destruction and mayhem left behind by ransomware hackers was on full display. Digital extortion gangs paralyzed hundreds of US pharmacies and clinics through their attack on Change Healthcare, exploited security vulnerabilities in the customer accounts of cloud provider Snowflake to …
Most people know that robots no longer sound like tinny trash cans. They sound like Siri, Alexa, and Gemini. They sound like the voices in labyrinthine customer support phone trees. And even those robot voices are being made obsolete by new AI-generated voices that can mimic every vocal nuance …
Are you trying to make this easy for China and Russia? Who bought it, who installed it, and what's happening with the data on it.... [...]
Don't laugh: The $4.5m fine proposed for carrier Telnyx shows how the Trump administration will run its comms regulator In its first enforcement action of the Trump presidency, the FCC has voted to propose fining Telnyx $4,492,500 – after scammers pretending to be the watchdog's staff started …
Don't laugh: The $4.5m fine proposed for carrier Telnyx shows how the Trump administration will run its comms regulator In its first enforcement action of the Trump presidency, the FCC has voted to propose fining Telnyx $4,492,500 – after scammers pretending to be the watchdog's staff started …
Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. [...]
Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. [...]
Some worry multi-lang codebase makes it harder to maintain open source uber-project, others disagree Developers trying to add Rust code to the Linux kernel continue to face opposition from kernel maintainers who believe using multiple languages is an unwelcome and risky complication.... [...]
Amazon Web Services (AWS) is pleased to announce the renewal of the Multi-Tier Cloud Security (MTCS) Level 3 certification under the SS584:2020 standard in December 2024 for the Asia Pacific (Singapore), Asia Pacific (Seoul), and United States AWS Regions, excluding AWS GovCloud (US) Regions. This achievement reaffirms our …
The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC "Fraud Prevention Team," by failing to comply with Know Your Customer (KYC) rules. However, Telnyx says the FCC is mistaken and denies the accusations …
Researchers said they recently discovered a zero-day vulnerability in the 7-Zip archiving utility that was actively exploited as part of Russia's ongoing invasion of Ukraine. The vulnerability allowed a Russian cybercrime group to override a Windows protection designed to limit the execution of files downloaded from the Internet. The …
Payments to ransomware actors decreased 35% year-over-year in 2024, totaling $813.55 million, down from $1.25 billion recorded in 2023. [...]
CEO of Cloud Software a 'special government employee' probing for Team Elon The US Treasury has revealed Tom Krause – the chief exec of Citrix and Netscaler owner Cloud Software Group – has "read-only" access to a vital federal government payment system that disburses trillions of dollars annually.... [...]
CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks. [...]
A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections. [...]
AMD has released mitigation and firmware updates to address a high-severity vulnerability that can be exploited to load malicious CPU microcode on unpatched devices. [...]
AWS Network Firewall is a managed, stateful network firewall and intrusion protection service that you can use to implement firewall rules for fine grained control over your network traffic. With Network Firewall, you can filter traffic at the perimeter of your virtual private cloud (VPC); including filtering traffic going …
The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies and large organizations to apply the available security updates as soon as possible. [...]
International security squads all focus on stopping baddies busting in through routers, IoT kit etc Netgear is advising customers to upgrade their firmware after it patched two critical vulnerabilities affecting multiple routers.... [...]
The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities. [...]
AWS S3 bucket names are global with predictable names that can be exploited in "S3 bucket namesquatting" attacks to access or hijack S3 buckets. In this article, Varonis explains how these attacks work and how you can prevent them. [...]
Mountain View clocked onto the scheme with days to spare A Chinese national faces a substantial stint in prison and heavy fines if found guilty of several additional charges related to economic espionage and theft of trade secrets at Google.... [...]
Money stolen falls from record $1.25bn to $813m as more victims refuse to pay off criminal gangs Ransomware payments fell by more than a third last year to $813m (£650m) as victims refused to pay cybercriminals and law enforcement cracked down on gangs, figures reveal. The decline in …
A mirror proxy Google runs on behalf of developers of the Go programming language pushed a backdoored package for more than three years until Monday, after researchers who spotted the malicious code petitioned for it to be taken down twice. The service, known as the Go Module Mirror, caches …
Microsoft’s AI Red Team just published “ Lessons from Red Teaming 100 Generative AI Products.” Their blog post lists “three takeaways,” but the eight lessons in the report itself are more useful: Understand what the system can do and where it is applied. You don’t have to compute …
Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least Googlers have not only figured out how to break AMD's security – allowing them to load unofficial microcode into its processors to modify the silicon's behavior as they wish – but also demonstrated this by producing a microcode patch that …
Zyxel has issued a security advisory about actively exploited flaws in CPE Series devices, warning that it has no plans to issue fixing patches and urging users to move to actively supported models. [...]
Five Eyes cybersecurity agencies in the UK, Australia, Canada, New Zealand, and the U.S. have issued guidance urging makers of network edge devices and appliances to improve forensic visibility to help defenders detect attacks and investigate breaches. [...]