News
'Alarming' bugs lay low in Ubuntu Server utility for 10 years
Researchers at Qualys refuse to release exploit code for five bugs in Ubuntu Server's needrestart utility that allow unprivileged attackers to gain root access without any user interaction.…
Now Online Safety Act is law, UK has 'priorities' – but still won't explain 'spy clause'
The UK government has set out plans detailing how it will use the new law it has created to control online platforms and social media – with one telling exception.…
Put your usernames and passwords in your will, advises Japan's government
Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it.…
Five Scattered Spider suspects indicted for phishing spree and crypto heists
The US Department of Justice has issued an indictment that names five people accused of stealing millions in cryptocurrency – and we are told they are suspected members of cyber-gang Scattered Spider.…
Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator
A senior US senator has warned that American tech companies’ activities in China represent a national security risk, in a hearing that saw infosec biz CrowdStrike testify it has identified another cyber-espionage crew it believes is backed by Beijing.…
Mega US healthcare payments network restores system 9 months after ransomware attack
Still reeling from its February ransomware attack, Change Healthcare confirms its clearinghouse services are back up and running, almost exactly nine months since the digital disruption began.…
Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed
Google's OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities, including a critical flaw in the widely used OpenSSL library.…
D-Link tells users to trash old VPN routers over bug too dangerous to identify
Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.…
Data is the new uranium – incredibly powerful and amazingly dangerous
I recently got to play a 'fly on the wall' at a roundtable of chief information security officers. Beyond the expected griping and moaning about funding shortfalls and always-too-gullible users, I began to hear a new note: data has become a problem.…
Healthcare org Equinox notifies 21K patients and staff of data theft
Equinox, a New York State health and human services organization, has begun notifying over 21 thousand clients and staff that cyber criminals stole their health, financial, and personal information in a "data security incident" nearly seven months ago.…
China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer
Chinese government-linked snoops are exploiting a zero-day bug in Fortinet's Windows VPN client to steal credentials and other information, according to memory forensics outfit Volexity.…
Russian suspected Phobos ransomware admin extradited to US over $16M extortion
A Russian citizen has been extradited from South Korea to the United States to face charges related to his alleged role in the Phobos ransomware operation.…
America's drinking water systems have a hard-to-swallow cybersecurity problem
Nearly a third of US residents are served by drinking water systems with cybersecurity shortcomings, the Environmental Protection Agency's Office of Inspector General found in a recent study – and the agency lacks its own system to track potential attacks. …
Palo Alto Networks tackles firewall-busting zero-days with critical patches
Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week.…
Navigating third-party risks
Webinar As organizations increasingly rely on third-party contractors, vendors, and service providers, the security risks associated with third-party access can become a top priority.…
Crook breaks into AI biz, points $250K wire payment at their own account
A Maryland AI company has confirmed to the Securities and Exchange Commission (SEC) that it lost $250,000 to a misdirected wire payment.…
Join in the festive cybersecurity fun
Sponsored Post Are you ready to pit your wits against the cyber exercises featured in the Holiday Hack Challenge 2024: Snow-maggedon?…
iOS 18 added secret and smart security feature that reboots iThings after three days
Apple's latest mobile operating system, iOS 18, appears to have added an undocumented security feature that reboots devices if they’re not used for 72 hours.…
Ford 'actively investigating' after employee data allegedly parked on leak site
Ford Motor Company says it is looking into allegations of a data breach after attackers claimed to have stolen an internal database containing 44,000 customer records and dumped the info on a cyber crime souk for anyone to "enjoy."…
Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble
Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in attacks after Broadcom’s first attempt to fix the flaws fell short.…
Pages
