News

Feds propose $7.8M payment and ban on revealing 'sensitive' data to settle complaint

Even if you don't know anyone who has used BetterHelp's services, podcast fans will recognize it from its annoying adverts for its online therapists. American regulators, however, allege the company's relationship with the advertising industry is more perverse than a mere irritating jingle, claiming it betrayed loyalties that should lie with customers by passing on their mental health info to Facebook, Snapchat and others.…

Crime-as-a-service vendors mix and match components as needed by client

A malicious package discovered in the Python Package Index (PyPI) is the latest example of what threat hunters from Kroll called the continued "democratization of cybercrime," with the bad guys creating malware variants from the code of others.…

Industry hasn't 'improved much at all'

SCSW  Back in 2020, Eric Scales led the incident response team investigating a nation-state hack that compromised his company's servers along with those at federal agencies and tech giants including Microsoft and Intel.…

Proposal to break encryption to scan messages for abuse material challenged as illegal and unworkable

Europe's proposed "Chat Control" legislation to automatically scan chat, email, and instant message communications for child sexual exploitation material (CSEM) ran up against broad resistance at a meeting of the German Parliament's (Bundestag) Digital Affairs Committee on Wednesday.…

Outlawing cybersecurity hype

Webinar  Trying to keep on top of all the hype and complexity in cybersecurity can be more than an just an uphill struggle and more like a veritable mountain to climb every morning.…

Just-revealed US cybersecurity strategy 'has fangs' for catching crafty criminals and crummy coders

Analysis  Technology providers can expect more regulations, while cyber criminals can look for US law enforcement to step up their efforts to disrupt ransomware gangs and other illicit activities, under the Biden administration's computer security plan announced on Thursday.…

With great speed comes great insecurity

SCSW  CI/CD over the past decade has become the cornerstone of modern software development.…

Less than a year after Funky Pigeon sprayed details of greetings cards biz

Less than a year after its online greetings card subsidiary Funky Pigeon was attacked, WH Smith has admitted someone broke into its systems.…

Infosec also needs to widen its tlent pool or miss out

Interview  It's a tough economy to ask for a bigger security team or larger budget to buy technology to protect against cyberattacks. …

The myth 'is now a reality'

BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.…

DLL side-loading does the trick, again

Cybercriminals are disguising the PlugX remote access trojan as a legitimate open-source Windows debugging tool to evade detection and compromise systems.…

Personal Gmail users still out of luck

Google continued its client-side encryption rollout, the feature generally available to some Gmail and Calendar users who can now send and receive encrypted messages and meeting invites.…

Last chance to film yourself doing a ByteDance, in the US and abroad

The White House has ordered all federal government employees to delete TikTok from work devices, over fears the video-sharing app could be used to spy on Americans. …

Who apart from Microsoft is happy with the ship now, oh just fix it later approach?

What's more dangerous than Chinese spy balloons? Unsafe software and other technology products, according to America's Cybersecurity and Infrastructure Agency (CISA) Director Jen Easterly.…

Outage-hit telco still won't confirm ransomware infection, or if it's paying up

Dish has confirmed what everyone was suspecting, given the ongoing downtime experienced by some of its systems, that the US telco was hit by criminal hackers.…

All the news that's fit to pwn

The miscreants who infiltrated News Corporation's corporate IT network spent two years in the media monolith's system before being detected early last year.…

Not that we're urging them to try harder or anything

A series of distributed-denial-of-service (DDoS) attacks shut down nine Danish hospitals' websites for a few hours on Sunday, but did not have any life-threatening impact on the medical centers' operations or digital infrastructure.…

It’s not just another data breach when the victim oversees witness protection programs

The US Marshals Service, the enforcement branch of the nation’s federal courts, has admitted to a “major” breach of its information security defenses allowed a ransomware infection and exfiltration of “law-enforcement sensitive information”.…

Chainguard CEO explains how to secure code given crims know to poison it at the source

SCSW  The vast majority of off-the-shelf software is composed of imported components, whether that's open source libraries or proprietary code. And that spells a security danger: if someone can subvert one of those components, they can infiltrate every installation of applications using those dependencies.…

Techies 'hard at work' and all of that

US telco Dish said it is investigating a multi-day network "issue" that knocked some of its systems offline, leaving customers stranded from the web.…