News

Forecasting the flux and flow of threats to the cloud

Webinar  The cloud is floating around everywhere and with the rapid expansion of IT always comes new complexities that alter the threat landscape.…

No, the irony isn't lost on us either

Capita, which is still dealing with a digital break-in that exposed customers' data to criminals, has scored a £50 million contract with the City of London police to run contact and engagement services for the force's fraud reporting service.…

As identity management becomes the new security perimeter, cyber risk underwriters want to see resilient IAM control ID sprawl

Sponsored Feature  Many organizations are suffering from an identity crisis. Not in the psychological sense, nor in respect to their branding or culture. But in how their IT systems enable employees to access the applications and data they need for work.…

Populist politician pleads not guilty at Miami arraignment

A Florida man and his valet appeared in a Miami federal courtroom on Tuesday to respond to criminal charges of document hoarding and related claims.…

Plus: Adobe, SAP and Android push updates

Microsoft has released security updates for 78 flaws for June's Patch Tuesday, and luckily for admins, none of these are under exploit.…

Banking trojan still going strong as feds put bulletproof hosting point man behind bars

The last of the three men said to be responsible for infecting Windows computers with the banking trojan Gozi has been sentenced to three years.…

Rubrik Zero Lab’s ‘The Hard Truths’ annual report into the state of data security

Webinar  It seems no longer possible to imagine whether it's just a case of if a security breach will occur within your organization, or if malicious actors will exploit a vulnerability to play havoc with your data. Rather, it's just a question of when.…

Turns out it's easy to forge documents relying on OOXML

Office Open XML (OOXML) Signatures, an Ecma/ISO standard used in Microsoft Office applications and open source OnlyOffice, have several security flaws and can be easily spoofed.…

Conflict could be first shooting war to deploy armies of ‘citizen hackers’ that cause at-risk organisations to rethink their defensive strategies

Sponsored Feature  When military historians come to chronicle the first 15 months of the Russian invasion of Ukraine, they won't find any shortage of battlefront bulletins to inform their accounts.…

As another CVE is assigned

Two more organizations hit in the mass exploitation of the MOVEit file-transfer tool have been named – the Minnesota Department of Education in the US, and the UK's telco regulator Ofcom – just days after security researchers discovered additional flaws in Progress Software's buggy suite.…

Resilience against threats needs a boost

China's cyber-ops against the US have shifted from espionage activities to targeting infrastructure and societal disruption, the director of the Cybersecurity and Infrastructure Security Agency (CISA) Jen Easterly told an Aspen Institute event on Monday.…

PLUS: Vietnam's free domain names for youngsters; China's Cuba spy base; Hyundai and Samsung team for car chips; and more

Asia In Brief  India's government has denied its Co-WIN COVID-19 vaccination management platform has leaked data, but ordered an investigation into the program's security.…

What a blast from the past, the past being a year before the pandemic

American prosecutors have unsealed an indictment against two Russians who allegedly had a hand in the ransacking and collapse of Mt Gox a decade ago, an implosion that cost the cryptocurrency exchange's thousands of customers most of their digital coins.…

And it's already being exploited in the wild, probably

Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN that can be exploited to hijack the equipment.…

First the interview, then the phishing attack

Miscreants targeting Discord and Twitter accounts have stolen more than $3.3 million in cryptocurrency from 2,300 victims so far in an ongoing campaign that started in April and saw the highest spike in activity earlier this month.…

Suit claims Redmond took far more than allowed from Hold's 360M-credential database

Microsoft stands accused by cyber intelligence firm Hold Security of violating an agreement between the pair by misusing Hold's database of more than 360 million sets of credentials culled from the dark web.…

Freelance agency exposed personal details that would be highly valuable in the wrong hands

A UK agency for freelance doctors has potentially exposed personal details relating to 3,200 individuals via unsecured S3 buckets, which one expert said could be used to launch ID theft attacks or blackmail.…

Also, the FBI's $180k investment in AN0M keeps paying off, and this week's critical vulnerabilities

Infosec in brief  Security firms helping Progress Software dissect the fallout from a ransomware attack against its MOVEit file transfer suite have discovered more issues that the company said could be used to stage additional exploits.…