News

Never mind software supply chain attacks, lawyers are the new soft target?

Uber has had more of its internal data stolen from a third party that suffered a security breach. This time, the personal info of the app's drivers was swiped by miscreants from the IT systems of law firm Genova Burns.…

Tactical#Octopus: Don't let users click on that zip file

The last few days of America's tax season are stressful enough, dealing with deadlines and, increasingly, online scams. Now comes another one, a sophisticated and ongoing phishing campaign by a threat group dubbed "Tactical#Octopus" that is using tax-related lures to spread malware.…

Staff regain access to Microsoft apps but biz still working to restore services for some

Capita – everyone's favorite outsourcing badass – is still working to restore services for some customers after admitting the IT outage of certain services on Friday was caused by a cyber attack and efforts to contain the spread.…

How to implement robust secret and identity management

Webinar  Keeping digital authentication credentials safe is a highly sensitive task in an ever-evolving IT landscape, made more difficult when you consider the ongoing shift from static to dynamic applications aligned with increasingly distributed teams of workers.…

Thinks information from internal systems 'obtained' by 3rd party, unsure of nature or scope data

Western Digital is today dealing with a "network security incident" after detecting a break-in into its internal systems by an unauthorized third party.…

'It's not unusual for VoIP apps' says CEO

The CEO of VoiP software provider 3CX said his team tested its products in response to recent alerts notifying it of a supply chain attack, but assessed reports of a malware infestation were a false positive.…

To scupper scams, account-holders must hand over personal info or else

Almost two million mobile phone subscribers in Vietnam are at risk of having their services severed, thanks to a new government policy that seeks to curb spam.…

ALSO: DJI forgets the 'B' in 'BCC,' and this week's critical known exploits

In Brief  The principal of a Florida science and technology charter school has resigned after allegedly writing a $100,000 check to an Elon Musk impersonator using school funds.…

If the price looks too good to be true, it probably is

Ukrainian cops have arrested two suspects and detained 10 others for their alleged roles in a cybercrime gang that used phishing scams and phony online marketplaces to steal more than $4.3 million from over 1,000 victims across Europe.…

Who watches the watchmen? The Office of the Inspector General

Back in July 2020, then New York City Mayor Bill de Blasio signed the Public Oversight of Surveillance Technology (POST) Act into law, which required the New York Police Department to reveal how it uses surveillance technology and to formulate surveillance policies.…

Juicy private sector job vs … money off a season travel ticket

Given the importance of the Treasury department's function to Britain, Reg readers might expect the Head of Cyber Security vacancy currently being advertised would come with a salary that reflects its criticality.…

'Serious breach of trust' says ICO, 'stakes too high' for mistakes in cases like this

In a classic email snafu NHS Highland sent messages to 37 patients infected with HIV and inadvertently used carbon copy (CC) instead of Blind Carbon Copy meaning the recipients could see each other’s email addresses.…

Winter is coming for NATO countries

A cyber spy gang supporting Russia is targeting US elected officials and their staffers, in addition to European lawmakers, using unpatched Zimbra Collaboration software in two campaigns spotted by Proofpoint.…

Snowden-esque 'Vulkan' dossier links Moscow firm to FSB, GRU, SRV

An unidentified whistleblower has provided several media organizations with access to leaked documents from NTC Vulkan – a Moscow IT consultancy – that allegedly show how the firm supports Russia's military and intelligence agencies with cyber warfare tools.…

'BingBang' boo-boo affected other internal Microsoft apps, too

A misconfiguration in Microsoft's Azure Active Directory (AAD) could have allowed miscreants to subvert Microsoft's Bing search engine – even changing search results. User information including Outlook emails, calendars and Teams messages was also vulnerable.…

Malicious toolkit targets misconfigured hosts in AWS and Office 365

A fast-evolving toolkit that can be used to compromise email and web hosting services represents a disturbing evolution of attacks in the cloud, which for the most part have previously been confined to mining cryptocurrencies.…

Miscreants hit downstream customers with infostealers

Two security firms have found what they believe to be a supply chain attack on communications software maker 3CX – and the vendor's boss is advising users to switch to the progressive web app until the 3CX desktop client is updated.…

If you need extra time to dump RPS, OK, but email from unsupported Exchange servers is blocked till they’re up to date

Some Exchange Online users who have the RPS feature turned off by Microsoft can now have it re-enabled – at least until September when the tool is retired.…

Securing your business against BEC

Webinar  Business email compromise (BEC) is possibly the worst of cybercrimes because it abuses trust. It feeds on relationships carefully nurtured over decades and erodes a confidence which is foundational to cooperation, and progress.…

How someone can nab buffered info, by hook or by kr00k

Ambiguity in the Wi-Fi specification has left the wireless networking stacks in various operating systems vulnerable to several attacks that have the potential to expose network traffic.…