News

The RansomBoggs campaign is the Russia-linked group’s latest assault on the smaller country

The Russian criminal crew Sandworm is launching another attack against organizations in Ukraine, using a ransomware that analysts at Slovakian software company ESET are calling RansomBoggs.…

$155,000-a-month lifestyle ends in cuffs for suspected crim

Europol has arrested hundreds of fraudsters, money launderers and cocaine kingpins, and shut down thousands of websites selling pirated and counterfeit products in a series of raids over the past month.…

Maybe – just maybe – messages and calls from +91 might become more trustworthy

India's Telecom Regulatory Authority (TRAI) has announced a fresh crackdown on TXT spam – this time using artificial intelligence, after a previous blockchain-powered effort delivered mixed results.…

Microsoft outlines a workaround while pulling together a fix to LSASS memory leak

Updates to Windows Server released as part of this month's Patch Tuesday onslaught might cause some domain controllers to stop working or automatically restart, according to Microsoft.…

Register for this free SANS Holiday Hack Challenge to find out how

Sponsored Post  Christmas is a time for gift giving and spending time with your friends and family – but that doesn't have to be all. What if you could add to the fun by taking part in an entertaining free holiday-themed cyber security event that both builds your skills and gives you the chance of adding a stellar prize to the pile of gifts under your tree?…

Part bureaucratic box ticking, part crackdown that makes even Wi-Fi routers and smartphones off limits

The United States' Federal Communications Commission (FCC) has barred itself from authorizing the import or sale of Chinese telecoms and video surveillance products from Huawei, ZTE, Hytera Communications, Hikvision, and Dahua, on national security grounds.…

Listen in to our webinar on 30th November to find out

Webinar  Email provides us with an infinite number of possible exchanges. We send approximately 332 billion messages a day but having so much convenience and flexibility at our fingertips also brings security risks.…

Also, Another red team tool at risk of turning to the darkside, and Meta catches the US military behaving badly

In brief  NordPass has released its list of the most common passwords of 2022, and frankly we're disappointed in all of you.…

Promises restoration of suspended accounts, despite previous pledge to do no such thing

Twitter CEO Elon Musk has decided to allow suspended accounts back onto the micro-blogging service.…

Agencies told to rip 'em off core networks and replace 'em whenever and wherever possible

The United Kingdom has decided Chinese video cameras have no place in government facilities.…

Didn't say they were good, though – covert ops apparently got 'little to no engagement' from targets

In its latest quarterly threat report, Meta said it had detected and disrupted influence operations originating in the US, and it calls out those it believes are responsible: the American military.…

DDoS started not long after Russia was declared a state sponsor of terrorism

The European Parliament has experienced a cyber attack that started not long after it declared Russia to be a state sponsor of terrorism.…

Flaws in the open-source tool exploited – and India's power grid was a target

Microsoft is warning that systems using the long-discontinued Boa web server could be at risk of attacks after a series of intrusion attempts of power grid operations in India likely included exploiting security flaws in the technology.…

'We allege these fraudsters bled dry each of their victims' of $10m

The US government seized seven domain names used in so-called "pig butchering" scams that netted criminals more than $10 million.…

Users of the sports betting site rolled the dice on reusing passwords and lost

A credential stuffing attack over the weekend that affected sports betting biz DraftKings resulted in as much as $300,000 being stolen from customer accounts.…

Datadog security researchers found the flaw before miscreants did

Amazon Web Services (AWS) fixed a cross-tenant flaw in AWS AppSync that could allow miscreants to abuse that cloud service to assume identity and access management roles in other AWS accounts, and then gain access to and control over those resources. …

Emergency out-of-band updates to the rescue

Microsoft is rolling out fixes for problems with the Kerberos network authentication protocol on Windows Server after it was broken by November Patch Tuesday updates.…

That's where the money is

Phishing attempts targeting victims in the Middle East increased 100 percent last month in the lead up to the World Cup in Qatar, according to security shop Trellix.…

GAO says 2010 Deepwater Horizon disaster will look like a walk in the park

The US Government Accountability Office (GAO) has warned that the time to act on securing the US's offshore oil and natural gas installations is now because they are under "increasing" and "significant risk" of cyberattack.…

SANS’ 2023 cyber security training conferences provide the springboard to a new set of skills

Sponsored Post  Your skills as a cyber security professional are only as up to date as the threats designed to test them, so it's a good idea to stay ahead of the game and keep refreshing them as often as possible. That's what SANS cyber security training events, held across the US in 2023, are here to help you do. …