News

Rising number of RaaS baddies drive global attack numbers up 200%

Microsoft research says that 80-90 percent of ransomware attacks over the past year originated from unmanaged devices.…

Data leakers become data leakees

The Lorenz ransomware group leaked the details of every person who contacted it via its online contact form over the course of the last two years.…

Kim Jong-un looks at industry's progress with green eyes, says South Korea's spy agency

South Korea's National Intelligence Service (NIS) has warned North Korea is attacking its shipbuilding sector.…

'Handful' of customers hit so far, public-facing instances at risk

Atlassian today said miscreants have exploited a critical bug in on-premises instances of Confluence Server and Confluence Data Center to create and abuse admin accounts within the enterprise colab software.  …

What's up, Doc? Try elevated permissions

Grab security updates for your Linux distributions: there's a security hole that can be fairly easily exploited by rogue users, intruders, and malicious software to gain root access and take over the box.…

'No impact on missions,' military powerhouse insists

NATO is "actively addressing" multiple IT security incidents after a hacktivist group claimed it once again breached some of the military alliance's websites, this time stealing what's claimed to be more than 3,000 files and 9GB of data.…

Rules apply to cyber vigilantes and their home nations, but experts cast doubt over potential benefits

New guidelines have been codified to govern the rules of engagement concerning hacktivists involved in ongoing cyber warfare.…

The 5th Circuit's re-ruling adds CISA to a list of alleged first-amendment violators. Next stop: Supreme Court

The US Fifth Circuit Court of Appeals has modified a ruling from last month to add the Cybersecurity and Infrastructure Security Agency (CISA) to a list of US government entities prohibited from working with social media firms to curtail the spread of misinformation. …

Meta, the project's maintainer, shrugs

A trio of now-patched security issues in TorchServe, an open-source tool for scaling PyTorch machine-learning models in production, could lead to server takeover and remote code execution (RCE), according to security researchers.…

After netizens' funds go up in smoke, ex-CEO seeks cash to foot legal bills

The first of two US government prosecutions of former FTX CEO Sam Bankman-Fried commenced in New York on Monday, only a day after the cryptocurrency tycoon sued his own insurance company for failing to cover his legal costs.…

Chrome’s second zero-day of the month puts fed security at 'significant risk'

The US's Cybersecurity and Infrastructure Security Agency (CISA) has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) Catalog.…

Plus: Philippine state health insurance knocked offline by ransomware, China relaxes data export laws, and more

Asia in brief  Zhu Su, co-founder of fallen crypto business Three Arrows Capital (3AC), was arrested last Friday at Changi Airport in Singapore as he attempted to leave the country.…

Better late than never, we guess

An urgent ransomware warning from the Feds has some industry analysts scratching their heads and wondering if Uncle Sam's noggin has been buried in the sand for too long.…

Early signs emerge after Progress Software said there were no active attempts last week

Security researchers have spotted what they believe to be a "possible mass exploitation" of vulnerabilities in Progress Software's WS_FTP Server.…

Security exec Mark Ryland spills the tea on hush-hush threat intel tool

Interview  AWS has unveiled MadPot, its previously secret threat-intelligence tool that one of the cloud giant's security execs tells us has thwarted Chinese and Russian spies – and millions of bots.…

No, that does not mean you can leave it at home just yet

Last week the internet was abuzz with talk that Singapore's commercial Changi airport was no longer going to require passports for clearance at immigration. Although it is true the paper documentation will be replaced by biometric measures, it's not quite time to pack the document away.…

Plus: Johnson Controls hit by IT 'incident', Exim and Chrome security updates, and more

Infosec in brief  Progress Software, maker of the mass-exploited MOVEit document transfer tool, is back in the news with more must-apply security patches, this time for another file-handling product: WS_FTP.…

From AI to just plain aaaiiiee!

Microsoft introduced its Bing Chat AI search assistant in February and a month later began serving ads alongside it to help cover costs.…

'Research purposes' excuse didn't fly

A PhD student has been found guilty of building a potentially deadly drone for Islamic State terrorists, in part using his home 3D printer.…

But Meta was just about to start asking people for their permission!

Norway has told the European Data Protection Board (EDPB) it believes a countrywide ban on Meta harvesting user data to serve up advertising on Facebook and Instagram should be made permanent and extended across Europe.…