News

Cupertino kicks off the year with a zero-day

Apple has plugged a security hole in the software at the heart of its iPhones, iPads, Vision Pro goggles, Apple TVs and macOS Sequoia Macs, warning some miscreants have already exploited the bug.…

Uncle Sam will 'no longer blindly dole out money,' State Dept says

US Secretary of State Marco Rubio has frozen nearly all foreign aid cash for a full-on government review, including funds to defend America's allies from cyberattacks as well as steer international computer security policies.…

Chinese AI startup grapples with consequences of sudden popularity

China's DeepSeek, which shook up US AI companies with the debut of its R1 model family, has limited new signups due to ongoing cyberattack.…

Latest trope is tricky enough to fool even the technical crowd… almost

Google says it's now hardening defenses against a sophisticated account takeover scam documented by a programmer last week.…

NATO increasing patrols in the Baltic as region awaits navy drones

Swedish authorities have "seized" a vessel – believed to be the cargo ship Vezhen – "suspected of carrying out sabotage" after a cable running between Sweden and Latvia in the Baltic Sea was damaged on the morning of January 26.…

Also, Subaru web portal spills user deets, Tornado Cash sanctions overturned, a Stark ransomware attack, and more

Infosec in brief  Using a custom-built tool, a 15-year-old hacker exploited Cloudflare's content delivery network to approximate the locations of users of apps like Signal, Discord, and others.…

Former freelancer cuffed a week after being dismissed by UK's top visitor attraction

The British Museum was forced to temporarily close some galleries and exhibitions this weekend after a disgruntled former tech contractor went rogue and shuttered some onsite IT systems.…

Who could be so interested in chips, manufacturing, and more, in the US, UK, Europe, Russia...

Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023.…

Spinner says crim's claims 'very significantly overstated'

UK broadband and TV provider TalkTalk says it's currently investigating claims made on cybercrime forums alleging data from the company was up for grabs.…

GameOn? It's looking more like game over for that biz

The co-founder and former CEO of AI startup GameOn is in a pickle. After exiting the top job last year under a cloud, he's now in court – along with his wife – for allegedly bilking his company and its investors out of more than $60 million.…

SYSTEM-level command injection via API parameter *chef's kiss*

A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster, and thus fully take over those systems, according to Akamai researcher Tomer Peled.…

5 indicted as FBI warns North Korea dials up aggression, plus Russian devs allegedly get in on the act

The US is indicting yet another five suspects it believes were involved in North Korea's long-running, fraudulent remote IT worker scheme – including one who changed their last name to "Bane" and scored a gig at a tech biz in San Francisco.…

Paint a target on Myanmar, pledge more info-sharing to get the job done

A group established by six Asian nations to fight criminal cyber-scam slave camps that infest the region claims it’s made good progress dismantling the operations.…

'Public interest alone does not justify warrantless querying' says judge

It was revealed this week a court in New York made a landmark ruling that sided against the warrantless state surveillance of people's private communications in America.…

But we mean, you've had nearly four years to patch

One of the critical security flaws exploited by China's Salt Typhoon to breach US telecom and government networks has had a patch available for nearly four years - yet despite repeated warnings from law enforcement and private-sector security firms, nearly all public-facing Microsoft Exchange Server instances with this vulnerability remain unpatched.…

No in-the-wild exploits … yet

Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices.…

Big organizations and governments are main users of these gateways

SonicWall is warning customers of a critical vulnerability that was potentially already exploited as a zero-day.…

Company 'strongly disagrees' with law infringement allegations

Meta has again come under fire for its pay-or-consent model in the EU.…

Experts warn not to take leaks lightly as years-long compromises could remain undetected

Thousands of email addresses included in the Belsen Group's dump of FortiGate configs last week are now available online, revealing which organizations may have been impacted by the 2022 zero-day exploits.…

Plus: 'Largest-ever' duff traffic tsunami clocks in at 5.6 Tbps

In addition to Chinese spies invading organizations' networks and ransomware crews locking up sensitive files, botnets blasting distributed denial of service (DDoS) attacks can still cause a world of hurt — and website downtime — and it's quite likely your competitors are to blame.…