News

Kim’s cyber cronies becoming more active, sophisticated in attempts to pwn global orgs

The national cybersecurity organizations of the UK and the Republic of Korea (ROK) have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. …

Customers complain of poor comms during huge outage that’s sparked payroll fears

A ransomware attack and resulting outages at direct debit collection company London & Zurich has forced at least one customer to take out a short-term loan as six-figure backlogs continue to cause cash flow mayhem.…

How Secure Service Desk thwarts social engineering attacks and secures user verification

Sponsored Post  Ransomware can hit any organization at any time, and hackers are proving adept at social engineering techniques to gain access to sensitive data in any way they can.…

Akamai sounds the alarm – won't name the vendors yet, but there is a fix coming

Akamai has uncovered two zero-day bugs capable of remote code execution, both being exploited to distribute the Mirai malware and built a botnet army for distributed denial of service (DDoS) attacks.…

Users told to hold tight and await instructions as investigation continues

Web tracking and analytics outfit New Relic has issued a scanty security advisory warning customers it has experienced a scary cyber something.…

That GitHub repo an interviewer wants you to work on could be malware

Palo Alto Networks' Unit 42 has detailed a pair of job market hacking schemes linked to state-sponsored actors in North Korea: one in which the threat actors pose as job seekers, the other as would-be employers.…

Not that we're encouraging anyone to defeat this fingerprint authentication

Hardware security hackers have detailed how it's possible to bypass Windows Hello's fingerprint authentication and login as someone else – if you can steal or be left alone with their vulnerable device.…

Staff records swiped, leaked by gang who probably read one too many comics, sorry, graphic novels

The self-described "gay furry hackers" of SiegedSec are back: this time boasting they've broken into America's biggest nuclear power lab's IT environment and stolen records on thousands of employees. Some of that data has already been leaked, it appears.…

Crims drain wallets of marks after letting them in on 'awesome crypto scheme secret'

The US has seized nearly $9 million in proceeds generated by exploiting more than 70 victims across the nation in so-called "pig butchering" scams.…

Katie Moussouris, who pioneered Redmond's program, says folks are focusing on the wrong thing

Interview  Microsoft's bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade – with $60 million awarded to bug hunters in the past five years alone, according to Redmond.…

30 days to get compliant with tracking rules or face enforcement action

The UK's Information Commissioner's Office (ICO) is getting tough on website design, insisting that opting out of cookies must be as simple as opting in.…

Chief quits, pays own penalty after helping crooks launder cash, aiding sanctions evaders

The world's largest cryptocurrency exchange just got a little smaller, with the US Department of Justice announcing Binance and its CEO Changpeng Zhao have both pleaded guilty to a multitude of financial crimes. As a result Binance will fork out $10 billion to Uncle Sam in fines and settlements.…

Compromised AWS account led to fears that user info could have been exposed to cybercriminals

Sumo Logic has confirmed that no customer data was compromised as a result of the potential security breach it discovered on November 3.…

Why an eXtended Software Bill of Materials could be the next step up in cybersecurity

Webinar  A Software Bill of Materials (SBOM) has become a non-negotiable requirement to meet regulatory and buyer requirements. But does this provide enough protection if it can give only a partial view into interconnected and ever-changing application attack surfaces?…

Any govt staffers who used relocation services over past 24 years could be at risk

The government of Canada has confirmed its data was accessed after two of its third-party service providers were attacked.…

Continuous training can help improve EMEA organisations’ ability to fend off the cyber criminals in 2024

Sponsored Post  You can never afford to drop your guard when it comes to cyber security – hackers never do.  Any weakness in your organisation's defence is certain to be tested at some point.…

Real-life impact of buggy software laid bare – plus: Avast tries to profit from being caught up in attacks

Quick show of hands: whose data hasn't been stolen in the mass exploitation of Progress Software's vulnerable MOVEit file transfer application? Anyone?…

Admits to taking phones used for 'code blue' emergencies offline and more

An Atlanta tech company's former COO has pleaded guilty to a 2018 incident in which he deliberately launched online attacks on two hospitals, later citing the incidents in sales pitches.…

Crims post passport scans and internal forms up for 'auction' to prove it

The Rhysida ransomware group says it's behind the highly disruptive October cyberattack on the British Library, leaking a snippet of stolen data in the process.…

ALSO: FCC cracks down on SIM-swap scams, old ZeroLogon targeted by new ransomware, and critical vulnerabilities

Infosec in brief  It's that time of year again – NordPass has released its annual list of the most common passwords. And while it seems some of you took last year's chiding to heart, most of you arguably swapped bad for worse.…