News

If this is Kyiv's work, Russia can Crimea river

A cyber espionage campaign targeting organizations in Russian-occupied regions of Ukraine is using novel malware to steal data, according to Russia-based infosec software vendor Kaspersky.…

CERT-In was told its six-hour notification requirement was a bad idea – now it knows just how bad

India's rules requiring local organizations to report infosec incidents within six hours of detection have been observed by a mere 15 entities/…

'Technological sovereignty is the key to sustainability' states Russian despot

Russian president Vladimir Putin and his Chinese counterpart Xi Jinping have set themselves the goal of dominating the world of information technology.…

Admins decide reviving crime-mart is dangerous, hint at new chapter

BreachForums has reportedly shut down for good, just days after US authorities arrested the online criminal marketplace's alleged chief administrator.…

And Google Cloud is next

Microsoft has torn the wraps off its multi-cloud security benchmark (MCSB), which replaces the four-year-old Azure Security Benchmark. Crucially, as the name suggests, it now has usage and configuration guidance that reaches into rival environments.…

Beware of Greeks bearing GIFs

Meta's former security policy manager, who split her time between the US and Greece, is reportedly suing the Hellenic national intelligence service for hacking her phone.…

April Fools should use Russian or Chinese tech instead Kermlin advises

Advisors and staff to Russia's maximum leader have been told to ditch their iPhones by the end of the month. Or, for those who don't want to throw their Apple devices in the bin, the other option is to "give it to the kids," according to a local Kommersant report.…

Alleges it’s infected with malware – but not the version in its own digital tat bazaar

Google has suspended Chinese shopping app Pinduoduo from its Play store because versions of the software found elsewhere have included malware.…

Latitude blames a 'major vendor' for its woes. Is that a vendor? A cloud? Whoever they are, they're in trouble

Latitude Financial has blamed a supplier for leaking creds that caused vast PII leak Australian outfit Latitude Financial has taken itself offline, and even stopped serving customers, while it tries to clean up an attack on its systems.…

Speeds away from the very suggestion it would ever pay a ransom

Italian automaker Ferrari has warned its well-heeled customers that their personal data may be at risk.…

aCropalypse Now, starring any 2018-or-later device

If you've owned a Google Pixel smartphone since the 3 series came out in 2018, bad news: any screenshot that you've cropped or redacted on your Pixel can be potentially restored without much fuss.…

Those with sensitive BBC information told to contact Beeb's security team

The world's oldest national broadcaster, the venerable British Broadcasting Corporation, has told staff they shouldn't keep the TikTok app on a BBC corporate device unless there is a "justified business reason."…

Australian airline Qantas warns pilots to keep calm and carry on amid reports of satnav and altimeter jamming

Australian airline Qantas issued standing orders to its pilots last week advising them that some of its fleet experienced interference on VHF stations from sources purporting to be the Chinese Military.…

Crypto laundering service gets cleaned up by police and SVB mess draws in more criminals

In Brief  A man accused of being the head of one of the biggest criminal online souks, BreachForums, has been arrested in Peekskill, New York.…

ALSO: Japan ends chip supply crimp on South Korea, APAC infosec spending surges; Philippines SIM registration stalls

Asia In Brief  ByteDance, the Chinese developer of TikTok, "can no longer be accurately described as a private enterprise" and is instead intertwined with China's government, according to a report [PDF] submitted to Australia's Select Committee on Foreign Interference through Social Media.…

No good deed goes unpunished, or something like that

The BianLian gang is ditching the encrypting-files-and-demanding-ransom route and instead is going for full-on extortion.…

At the very least, with other costs on top

A Florida healthcare group has settled a class-action lawsuit after thieves stole more than 447,000 patients' names, Social Security numbers, and sensitive medical information, from its servers.…

Four flaws open mobiles, cars to remote-control at baseband level with just a phone number

Google security analysts have warned Android device users that several zero-day vulnerabilities in some Samsung chipsets could allow an attacker to completely hijack and remote-control their handsets knowing just the phone number.…

Gadget maker accused of 'corporate voyeurism' by gathering up footage against your wishes

A lawsuit filed against eufy security cam maker Anker Tech claims the biz assigns "unique identifiers" to the faces of any person who walks in front of its devices – and then stores that data in the cloud, "essentially logging the locations of unsuspecting individuals" when they stroll past.…

This one has it all: Donald Trump’s inner circle, a Beijing bot backlash, conspiracy theories, and more

Meet the newest member of the crypto rogues' gallery: Ho Wan Kwok, aka Guo Wengui, aka Miles Guo, whom the US Department of Justice on Wednesday arrested over what investigators have described as a "sprawling and complex scheme … to solicit investments in various entities and programs through false statements and representations to hundreds of thousands of Kwok's online followers."…