Login
Partner Content From the moment users log onto their machines, access rights shape their experience. Access rights determine which apps they can run, which directories they can open, and what information they can retrieve.β¦
A US fintech biz is writing to nearly 700,000 customers because a former employee may have accessed or acquired their data after leaving the company.β¦
North Korean spies used ChatGPT to generate a fake military ID for use in an espionage campaign against a South Korean defense-related institution, according to new research.β¦
China has dealt Nvidia another blow, finding the chipmaker in violation of the country's anti-monopoly Law and escalating a long-running regulatory headache into a full investigation.β¦
The UK's chief automotive workers' union is calling on the government to establish a Covid-esque furlough scheme for the thousands of individuals who face losing their jobs due to the cyber-related downtime at Jaguar Land Rover.β¦
The House of Lords is about to put the latest child-protection plans of UK regulator the Office of Communications (Ofcom) under the microscope.β¦
Asia in Brief Criminals appear to be moving cyber-scam centers to vulnerable countries.β¦
Infosec In Brief 15 ransomware gangs, including Scattered Spider and Lapsus$, have announced that they are going dark, and say no more attacks will be carried out in their name.β¦
With the end of Windows 10's regular support cycle fast approaching, and a good five years since the COVID pandemic spurred a wave of hardware replacements to support remote work, many IT departments are in the process of refreshing their fleets. But what they do with decommissioned systems is just as important as the shiny new ones they buy.β¦
A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked Windows systems, making it the fourth publicly known bootkit capable of punching through the feature and hijacking a PC before the operating system loads.β¦
Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices.β¦
The Cybersecurity and Infrastructure Security Agency (CISA) nearly let the Common Vulnerabilities and Exposures (CVE) program lapse earlier this year, but a new "vision" document it released this week signals that it now wants more control over the global standard for vulnerability identification.β¦
More than a thousand university students in the Netherlands must continue to travel to wash their clothes after their building management company failed to bring its borked smart laundry machines back online.β¦
A national digital ID could hand the government the tools for population-wide surveillance β and if history is anything to go by, ministers probably couldn't run it without cocking it up.β¦
The UK's data protection watchdog says more than half of cyberattacks in schools are caused by students, and that parents should act early to prevent their offspring from falling into the wrong crowds.β¦
Security outfit Huntress has been forced onto the defensive after its latest research β described by senior staff as "hilarious" β split opinion across the cybersecurity community.β¦
After years of being dominated by outsiders, the computer surveillance software industry is booming in the United States as investors rush into the ethically dodgy but highly lucrative field.β¦
Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have successfully stolen users' credentials, multi-factor authentication codes, and session tokens in real time, according to security researchers.β¦
Villager, a new penetration-testing tool linked to a suspicious China-based company and described by researchers as "Cobalt Strike's AI successor," has been downloaded about 10,000 times since its release in July.β¦
A DDoS mitigation provider was given a taste of the poison it tries to prevent, after being smacked by one of the largest packet-rate attacks ever recorded β a 1.5 billion packets per second (1.5 Gpps) flood that briefly threatened to knock it off the internet.β¦
If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient execution vulnerability that affects AMD Zen CPUs and Intel Coffee Lake processors by breaking virtualization boundaries.β¦
Microsoft is back in the firing line after US Senator Ron Wyden accused Redmond of shipping "dangerous, insecure software" that helped cybercrooks cripple one of America's largest hospital networks.β¦
Europe, long seen as a bastion of privacy and digital rights, will debate this week whether to enforce surveillance on citizens' devices.β¦
One of the UK's largest rail operators, LNER, is the latest organization to spill user data via a third-party data breach.β¦
Industry experts expressed both concern and sympathy for Ofcom, the Brit regulator that is overseeing the Online Safety Act, as questions mount over the effectiveness of the controversial legislation.β¦
Following a series of trials, defense biz BAE Systems says it is readying an autonomous military submarine for the end of next year.β¦
NASA has barred Chinese nationals from accessing its premises and assets, even those who hold visas that permit them to reside in the USA.β¦
Infosec outfit Bitdefender says itβs spotted a strain of in-memory malware that looks like the work of Chinese advanced persistent threat groups that wanted to achieve persistent access at a βmilitary companyβ in the Philippines.β¦
Affiliates of the Akira ransomware gang are again exploiting a critical SonicWall vulnerability abused last summer, after a suspected zero-day flaw actually turned out to be related to a year-old bug.β¦
ChillyHell, a modular macOS backdoor believed to be long dormant, has likely been infecting computers for years while flying under the radar, according to security researchers who spotted a malware sample uploaded to VirusTotal in May.β¦
Jaguar Land Rover (JLR) says "some data" was affected after the luxury car maker suffered a digital break-in early last week.β¦
A Ukrainian national faces serious federal charges and an $11 million bounty after allegedly orchestrating ransomware operations that caused an estimated $18 billion in damages across hundreds of organizations worldwide.β¦
A clumsy data breach has affected hundreds of children at a Birmingham secondary school.β¦
Feature Jaguar Land Rover (JLR) is the latest UK household name to fall victim to a major cyberattack. IT systems across multiple sites have been offline for over a week after what the company described as a "severe disruption."β¦
Septemberβs Patch Tuesday wonβt require Microsoft users to rapidly repair rancid software, but SAP users need to move fast to address extremely dangerous bugs.β¦
During the two-hour window on Monday in which hijacked npm versions were available for download, malware-laced packages reached one in 10 cloud environments, according to Wiz researchers. But crypto-craving crims did little more than annoy defenders.β¦
It's about to get a lot harder for private companies that are lax on cybersecurity to get a contract with the Pentagon, as the Defense Department has finalized a rule requiring contractor compliance with its Cybersecurity Maturity Model Certification (CMMC) program.β¦
The US Department of Defense, up until this week, routinely left its social media accounts wide open to hijackers via stream keys - unique, confidential identifiers generated by streaming platforms for broadcasting content. If exposed, these keys can allow attackers to output anything they want from someone else's channel.β¦
Exclusive Sensitive info from hundreds of thousands of gym customers and staff β including names, financial details, and potentially biometric data in the form of audio recordings β was left sitting in an unencrypted, non-password protected database, according to a security researcher who shut it down.β¦
Streaming platform Plex is warning some users to reset their passwords after suffering yet another breach.β¦
Finnish phone maker HMD Global is launching a business unit called HMD Secure to target governments and other security-critical customers, and has its first device ready to go.β¦
App security outfit Checkmarx says automated reviews in Anthropic's Claude Code can catch some bugs but miss others β and sometimes create new risks by executing code while testing it.β¦
Tech companies will be legally required to prevent content involving self-harm from appearing on their platforms β rather than responding and removing it β in a planned amendment to the UK's controversial Online Safety Act.β¦
Updated Encrypted messaging app Signal is rolling out a free storage system for its users, with extra space if folks are willing to pay for it.β¦
WhatsApp's former head of security, Attaullah Baig, has filed a lawsuit against its parent company, Meta, alleging that the social media megalith retaliated against him for reporting security failings that violated legal commitments.β¦
The US federal government employs tens of thousands of cybersecurity professionals at a cost of billions per year β or at least it thinks it does, as auditors have found the figures are incomplete and unreliable.Β β¦
The Salesloft Drift breach that compromised "hundreds" of companies including Google, Palo Alto Networks, and Cloudflare, all started with miscreants gaining access to the Salesloft GitHub account in March.β¦
Crims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two-factor authentication protecting his npm account.β¦
Security researchers have uncovered dozens of domains used by Chinese espionage crew Salt Typhoon to gain stealthy, long-term access to victim organizations going back as far as 2020.β¦
US courts have warned of delays as PACER, the system for accessing court documents, struggles to support users enrolling in its mandatory MFA program.β¦
Infosec in brief The US Cybersecurity and Infrastructure Security Agency (CISA) has said two flaws in routers made by Chinese networking biz TP-Link are under active attack and need to be fixed β but there's another flaw being exploited as well.β¦
UK prime minister Sir Keir Starmer cleared out the officials in charge of tech and digital law in a dramatic cabinet reshuffle at the weekend.β¦
interview It all started as an idea for a research paper.Β β¦
A team of data thieves has doubled down by developing its CastleRAT malware in both Python and C variants. Both versions spread by tricking users into pasting malicious commands through a technique called ClickFix, which uses fake fixes and login prompts.β¦
A critical code-injection bug in SAP S/4HANA that allows low-privileged attackers to take over your SAP system is being actively exploited, according to security researchers.β¦
A major UK education trust has warned staff that their personal information may have been compromised following a cyberattack on software developer Intradev in August.β¦
Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping malware on infected machines.β¦
AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to transform application security through automation.β¦
A new China-aligned cybercrime crew named GhostRedirector has compromised at least 65 Windows servers worldwide - spotted in a June internet scan - using previously undocumented malware to juice gambling sites' rankings in Google search, according to ESET researchers.β¦
Free support is ending for many editions of Windows 10 on October 14, and enterprises unable to make the jump are on the hook for billions to keep the fixes flowing.β¦
FreshRSS