News
India contemplates compulsory dynamic 2FA for digital payments
India's central bank on Wednesday proposed a requirement for dynamically generated second authentication factors for most digital payments.…
US sends cybercriminals back to Russia in prisoner swap that freed WSJ journo, others
At least two Russian cybercriminals are among those being returned to their motherland as part of a multinational prisoner exchange deal announced Thursday.…
Too late now for canary updates, says pension fund suing CrowdStrike
CrowdStrike, after suggesting canary testing as a way to ensure it avoids future blunders leading to global computer outages, has been sued in federal court by investors for not using a phased approach in rolling out updates to customers in the first place.…
FBI, CISA remind US voters that DDoS attacks can't touch election systems
US law enforcement and cybersecurity agencies are reminding the public that the country's voting systems will remain unaffected by distributed denial of service (DDoS) attacks as the next presidential election fast approaches.…
How to counter adversarial AI
Sponsored Hackers and cyber criminals are busy finding new ways of using AI to launch attacks on businesses and organisations often unprepared to deal with the speed, scale and sophistication of the assaults directed against them.…
Mozilla follows Google in losing trust in Entrust's TLS certificates
Mozilla is following in Google Chrome's footsteps in officially distrusting Entrust as a root certificate authority (CA) following what it says was a protracted period of compliance failures.…
Germany names China as source of attack on government geospatial agency
Germany's government has named China-controlled actors as the perpetrators of a 2021 cyber attack on the Federal Office of Cartography and Geodesy (BKG) – the official mapping agency.…
Ransomware infection cuts off blood supply to 250+ hospitals
A ransomware attack against blood-donation nonprofit OneBlood, which services more than 250 American hospitals, has "significantly reduced" the org's ability to take, test, and distribute blood.…
More than 83K certs from nearly 7K DigiCert customers must be swapped out now
As the DigiCert drama continues, we now have a better idea of the size and scope of the problem – with the organization's infosec boss admitting the SSL/TLS certificate revocation sweep will affect tens of thousands of its customers, some of which have warned that the short notice may have real-world safety implications and disrupt critical services.…
Russia takes aim at Sitting Ducks domains, bags 30,000+
Dozens of Russia-affiliated criminals are right now trying to wrest control of web domains by exploiting weak DNS services.…
Chrome adopts app-bound encryption to stymie cookie-stealing malware
Google says it's enhancing the security of sensitive data managed by Chrome for Windows users to fight the scourge of infostealer malware targeting cookies.…
Embedding AI security from the get go
Sponsored Post The dawn of artificial intelligence is upon us, but its development has only just begun.…
'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage
Do you have problems configuring Microsoft's Defender? You might not be alone: Microsoft admitted that whatever it's using for its defensive implementation exacerbated yesterday's Azure instability.…
UK Electoral Commission slapped for basic cybersecurity fails
The UK's Electoral Commission has received a formal slap on the wrist for a litany of security failings that led to the theft of personal data belonging to around 40 million voters.…
DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder
DigiCert has given some unlucky customers 24 hours to replace their SSL/TLS security certificates it previously issued them – due to a five-year-old blunder in its backend software.…
Delta Air Lines dials up Microsoft's legal nemesis over CrowdStrike losses
Delta Air Lines lost hundreds of millions of dollars due to the CrowdStrike outage earlier this month – and it has hired a high-powered law firm to claw some of those lost funds back, potentially from the Falcon maker and Microsoft itself.…
'LockBit of phishing' EvilProxy used in more than a million attacks every month
Insight The developers of EvilProxy – a phishing kit dubbed the "LockBit of phishing" – have produced guides on using legitimate Cloudflare services to disguise malicious traffic. This adds to the ever-growing arsenal of tools offering criminals who lack actual technical expertise to get into the digital thievery biz.…
Ransomware gangs are loving this dumb but deadly make-me-admin ESXi vulnerability
Do you have your VMware ESXi hypervisor joined to Active Directory? Well, the latest news from Microsoft serves as a reminder that you might not want to do that given the recently patched vulnerability that has security experts deeply concerned.…
Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others
A huge phishing campaign exploited a security blind-spot in Proofpoint's email filtering systems to send an average of three million "perfectly spoofed" messages a day purporting to be from Disney, IBM, Nike, Best Buy, and Coca-Cola – all of which are Proofpoint customers.…
Malaysia is working on an internet 'kill switch', says minister
Legislation for an internet "kill switch" will reach Malaysia’s Parliament in October, according to the country's minister for Law and Institutional Reform.…