News

The MOVEit breach and ransomware weren’t kind to the Feds last year

The number of cybersecurity incidents reported by US federal agencies rose 9.9 percent year-on-year (YoY) in 2023 to a total of 32,211, per a new White House report, which also spilled the details on the most serious incidents suffered across the government.…

Dutch intelligence says at least 20,000 firewalls pwned in just a few months

The Netherlands' cybersecurity agency (NCSC) says the previously reported attack on the country's Ministry of Defense (MoD) was far more extensive than previously thought.…

Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack

Patch Tuesday  Microsoft kicked off our summer season with a relatively light June Patch Tuesday, releasing updates for 49 CVE-tagged security flaws in its products – including one bug deemed critical, a fairly terrifying one in wireless networking, and one listed as publicly disclosed.…

Secure storage company hasn't spilled details on how they got in

Pure Storage is the latest company to confirm it's a victim of mounting Snowflake-related data breaches.…

Customers, partners, operations remain uncompromised, BlackBerry says

BlackBerry-owned cybersecurity shop Cylance says the data allegedly belonging to it and being sold on a crime forum doesn't endanger customers, yet it won't say where the information was stored originally.…

Three-pronged approach aims to uncover any malpractice at the Silicon Valley biotech biz

The data protection watchdogs of the UK and Canada are teaming up to hunt down the facts behind last year's 23andMe data breach.…

Mandiant warns criminal gang UNC5537, which may be friendly with Scattered Spider, is on the rampage

An unknown financially motivated crime crew has swiped a "significant volume of records" from Snowflake customers' databases using stolen credentials, according to Mandiant.…

Total rebuild needed after four days off the air

Japanese media conglomerate Kadokawa and several of its properties have been offline for four days after a major cyber attack.…

A far cry from the half-million claim that crims originally boasted

Auction house to the wealthy Christie's says 45,798 people were affected by its recent cyberattack and resulting data theft.…

Also, industry begs Uncle Sam for infosec reg harmony, dueling container-compromise campaigns, and crit vulns

infosec in brief  Cloud data analytics platform Snowflake said it is going to begin forcing customers to implement multi-factor authentication to prevent more intrusions. …

Thousands of dodgy SMS messages bypassed network filters in UK-first case

British police have arrested two individuals following an investigation into illegal homebrew phone masts used for SMS-based phishing campaigns.…

Scott Small tells us gang's 'intent and capability' should get the attention of CSOs

Interview  It might not be as big a name as BlackCat or LockBit, but the Akira ransomware is every bit as dangerous, says one cybersecurity researcher – and it's poised to make a big impact. …

Lessons learned from the infosec chief convicted and punished for covering up theft of data from taxi app maker

Interview  Joe Sullivan – the now-former Uber chief security officer who was found guilty of covering-up a theft of data from Uber in 2016 – remembers sitting down and thinking through the worst-case scenarios he faced following that guilty verdict in 2022.…

Breaking breaking-news news

A 4chan user claims to have leaked 270GB of internal New York Times data, including source code, via the notorious image board.…

How's your RPKI-based security plan coming along? Feds want to know

US broadband providers will soon have to provide proof to Uncle Sam that they are taking steps to prevent Border Gateway Protocol (BGP) hijacking and locking down internet routing in general.…

Windows maker acknowledges 'clear signal' from everyone, then mostly ignores it

Microsoft is not giving up on its controversial Windows Recall, though says it will give customers an option to opt in instead of having it on by default, and will beef up the security of any data the software stores.…

Company says just names and SSNs affected, watering down RansomHub’s claims

Frontier Communications has confirmed more than 750,000 individuals were affected in an April cyberattack on its systems, according to a regulatory filing.…

Meeting the challenges of managing risk for cyber-physical systems

Webinar  The risk of cyber attack hangs over every digital environment but cyber physical systems (CPS) tend to be more vulnerable - after all, they weren't usually designed with security in mind.…

Researchers were able to glean data from 10,000 meetings held by top Dutch gov officials

Cisco squashed some bugs this week that allowed anyone to view WebEx meeting information and join them, potentially opening up security and privacy concerns for highly sensitive meets.…

But do they get to wear 'I DDoSed' stickers?

A Russian hacktivist crew has threatened to attack European internet infrastructure as four days of EU elections begin on Thursday.…