News

SMS OTPs are overused, so bring on the tokens and biometrics

India's central bank on Wednesday proposed a requirement for dynamically generated second authentication factors for most digital payments.…

Techno-crooks greeted by grinning Putin after landing

At least two Russian cybercriminals are among those being returned to their motherland as part of a multinational prisoner exchange deal announced Thursday.…

That horse has not just bolted, it's trampled all over kernel space

CrowdStrike, after suggesting canary testing as a way to ensure it avoids future blunders leading to global computer outages, has been sued in federal court by investors for not using a phased approach in rolling out updates to customers in the first place.…

PSA comes amid multiple IT services crises in recent days

US law enforcement and cybersecurity agencies are reminding the public that the country's voting systems will remain unaffected by distributed denial of service (DDoS) attacks as the next presidential election fast approaches.…

Using Precision AI to stop cyber threats in real time

Sponsored  Hackers and cyber criminals are busy finding new ways of using AI to launch attacks on businesses and organisations often unprepared to deal with the speed, scale and sophistication of the assaults directed against them.…

Compliance failures and unsatisfactory responses mount from the long-time certificate authority

Mozilla is following in Google Chrome's footsteps in officially distrusting Entrust as a root certificate authority (CA) following what it says was a protracted period of compliance failures.…

Meanwhile, US apparently considers further AI hardware sanctions

Germany's government has named China-controlled actors as the perpetrators of a 2021 cyber attack on the Federal Office of Cartography and Geodesy (BKG) – the official mapping agency.…

Scumbags go for the jugular

A ransomware attack against blood-donation nonprofit OneBlood, which services more than 250 American hospitals, has "significantly reduced" the org's ability to take, test, and distribute blood.…

Small stay of execution in 'exceptional circumstances' promised as lawsuits start to fly

As the DigiCert drama continues, we now have a better idea of the size and scope of the problem – with the organization's infosec boss admitting the SSL/TLS certificate revocation sweep will affect tens of thousands of its customers, some of which have warned that the short notice may have real-world safety implications and disrupt critical services.…

Eight-year-old domain hijacking technique still claiming victims

Dozens of Russia-affiliated criminals are right now trying to wrest control of web domains by exploiting weak DNS services.…

Windows users now get macOS-grade secret security

Google says it's enhancing the security of sensitive data managed by Chrome for Windows users to fight the scourge of infostealer malware targeting cookies.…

Watch this Palo Alto Networks keynote to understand the importance of visibility, control and governance in AI application and service development

Sponsored Post  The dawn of artificial intelligence is upon us, but its development has only just begun.…

A playbook full of strategies and someone fumbles the implementation

Do you have problems configuring Microsoft's Defender? You might not be alone: Microsoft admitted that whatever it's using for its defensive implementation exacerbated yesterday's Azure instability.…

It took 13 months to notice 40 million voters' data was compromised

The UK's Electoral Commission has received a formal slap on the wrist for a litany of security failings that led to the theft of personal data belonging to around 40 million voters.…

For the want of an underscore

DigiCert has given some unlucky customers 24 hours to replace their SSL/TLS security certificates it previously issued them – due to a five-year-old blunder in its backend software.…

Oh, Boies, here we go again

Delta Air Lines lost hundreds of millions of dollars due to the CrowdStrike outage earlier this month – and it has hired a high-powered law firm to claw some of those lost funds back, potentially from the Falcon maker and Microsoft itself.…

Leaves a trail of ransomware infections, data theft, business email compromise in its wake

Insight  The developers of EvilProxy – a phishing kit dubbed the "LockBit of phishing" – have produced guides on using legitimate Cloudflare services to disguise malicious traffic. This adds to the ever-growing arsenal of tools offering criminals who lack actual technical expertise to get into the digital thievery biz.…

Get those patches applied – all the big dogs are abusing it

Do you have your VMware ESXi hypervisor joined to Active Directory? Well, the latest news from Microsoft serves as a reminder that you might not want to do that given the recently patched vulnerability that has security experts deeply concerned.…

They DKIM here, they DKIM there

A huge phishing campaign exploited a security blind-spot in Proofpoint's email filtering systems to send an average of three million "perfectly spoofed" messages a day purporting to be from Disney, IBM, Nike, Best Buy, and Coca-Cola – all of which are Proofpoint customers.…

Follows requirement for social media and messaging platforms to get a license

Legislation for an internet "kill switch" will reach Malaysia’s Parliament in October, according to the country's minister for Law and Institutional Reform.…