News

Factory resets and apply patches is the advice amid fortnight delay for other appliances

The cybersecurity industry is urging those in charge of defending their orgs to take mitigation efforts "seriously" as Ivanti battles two dangerous new vulnerabilities, one of which was already being exploited as a zero-day.…

Tricky attackers trying yet again to deceive the good guys on home territory

Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws.…

‘MirrorFace’ group found ways to run malware in the Windows sandbox, which is worrying

Japan’s National Police Agency and Center of Incident Readiness and Strategy for Cybersecurity have confirmed third party reports of attacks on local orgs by publishing details of a years-long series of attacks attributed to a China-backed source.…

Class act: Biz only serves 60M people across America, no biggie

A leading education software maker has admitted its IT environment was compromised in a cyberattack, with students and teachers' personal data – including some Social Security Numbers and medical info – stolen.…

In colossal surprise, ONCD boss Harry Coker says more work is needed

The outgoing leader of the United States' Office of the National Cyber Director has a clear message for whomever President-elect Trump picks to be his successor: There's a lot of work still to do.…

3 CVEs added to CISA's catalog

Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw – and a critical remote code execution vulnerability in Oracle WebLogic Server that has been abused for at least five years.…

Devices on six-year-old firmware vulnerable to takeover and destruction

Argentine cybersecurity shop Eclypsium claims security issues affecting leading DNA sequencing devices could lead to disruptions in crucial clinical research.…

Various data points compromised but no risk to flight security

The International Civil Aviation Organization (ICAO), the United Nations' aviation agency, has confirmed to The Register that a cyber crim did indeed steal 42,000 records from its recruitment database.…

Here's what $20 gets you these days

More than 4,000 unique backdoors are using expired domains and/or abandoned infrastructure, and many of these expose government and academia-owned hosts – thus setting these hosts up for hijacking by criminals who likely have less altruistic intentions than the security researchers who uncovered the backdoors.…

Security and cloud compute have so much more upside than the boring business of shifting bits

Akamai has decided to end its content delivery network services in China, but not because it’s finding it hard to do business in the Middle Kingdom.…

Telcos would effectively fund grants paid to protect national security

The outgoing boss of the FCC, Jessica Rosenworcel, has called on her colleagues to "quickly" adopt rules allowing the US regulator to stage a radio spectrum auction, the proceeds of which would fund the removal from American networks of equipment made by Chinese vendors Huawei and ZTE.…

Crime forum-dweller claims to have leaked 42,000 documents packed with personal info

The United Nations' aviation agency is investigating "a potential information security incident" after a cybercriminal claimed they had laid hands on 42,000 of the branch's documents.…

Marc Rogers is 'lucky to be alive'

Marc Rogers, DEF CON's head of security, faces tens of thousands of dollars in medical bills following an accident that left him with a broken neck and temporary quadriplegia.…

This could be the start of a saga to rival TikTok’s troubles, and embroil Tesla and Microsoft

The US Department of Defense has added Chinese messaging and gaming Tencent to its list of “Chinese military company”, a designation that won’t necessarily result in a ban but is nonetheless unpleasant.…

Slow drip of compromised telecom networks continues

The list of telecommunications victims in the Salt Typhoon cyberattack continues to grow as a new report names Charter Communications, Consolidated Communications, and Windstream among those breached by Chinese government snoops.…

Once installed, it helps itself to your data like it's a free buffet

Android malware dubbed FireScam tricks people into thinking they are downloading a Telegram Premium application that stealthily monitors victims' notifications, text messages, and app activity, while stealing sensitive information via Firebase services.…

Manufacturers should have had ample time to apply the fixes

MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code execution bug affecting 51 chipsets.…

If 40 years of faulty building gets blown down, don’t rebuild with the rubble

Opinion  When a typhoon devastates a land, it takes a while to understand the scale of the destruction. Disaster relief kicks in, communications rebuilt, and news flows out. Salt Typhoon is no different.…

More evidence of Beijing’s liking for gray zone warfare, or a murky claim with odd African entanglements?

Taiwanese authorities have asserted that a China-linked ship entered its waters and damaged a submarine cable.…

PLUS: DoJ bans data sale to enemy nations; Do Kwon extradited to US; Tenable CEO passes away; and more

Infosec in Brief  Welcome to 2025: hopefully you enjoyed a pleasant holiday season and returned to the security operations center without incident - unlike Volkswagen, which last week admitted it exposed data describing journeys made by some of its electric vehicles, plus info about the vehicle’s owners.…