News

Mitigating the threat of bot-driven DDoS attacks

Webinar  It's sometimes easy to be lulled into a sense of false security and imagine that your organization or business will not become a target of highly professional cybercriminals, hacktivists and even nation-state actors. But the threat posed by DDoS attacks is very much on the rise.…

Came in wake of the force publishing their own people's data in botched FoI

Nearly four weeks after the Police Service of Northern Ireland (PSNI) published data on 10,000 employees in a botched response to a Freedom of Information request, another two men, aged 21 and 22, have been released on bail after being arrested under the Terrorism Act.…

ALSO: Brazilian stalkerware database ripped by the short hairs, a fast fashion breach, and this week's critical vulns

Infosec in brief  The latest round of Apple's Security Research Device (SRD) program is open, giving security researchers a chance to get their hands on an unlocked device – and Apple's blessing to attack it and test its security capabilities.…

Big blow to blighters' blow-by-the-boatload blueprint

Video  Efforts by cops to seize and shut down encrypted messaging apps favored by criminals, and then mine their conversations for evidence, appear to have led to more arrests — plus the seizure of about 2.7 tonnes of cocaine.…

Oktapus phishing campaign criminals are back in action

Customers of cloudy identification vendor Okta are reporting social engineering attacks targeting their IT service desks in attempts to compromise user accounts with administrator permissions.…

Defeating a DDoS swarm

Webinar  Any organization can lose service, revenue, and reputation as a result. If you are particularly unlucky, a DDoS attack can defenestrate your network defences. You may find yourself facing an cyber criminal who wants to take your business for everything it's got - not an attractive prospect in anybody's book.…

That's what we call a static shock

Even ransomware operators make mistakes, and in the case of ransomware gang the Key Group, a cryptographic error allowed a team of security researchers to develop and release a decryption tool to restore scrambled files.…

Five Eyes nations warn of hit against Ukrainian military systems

Russia's Sandworm crew is using an Android malware strain dubbed Infamous Chisel to remotely access Ukrainian soldiers' devices, monitor network traffic, access files, and steal sensitive information, according to a Five Eyes report published Thursday.…

Backdoors detailed, plus CISA releases more IOCs for IT depts to check

Nearly a third of organizations compromised by Chinese cyberspies via a critical bug in some Barracuda Email Security Gateways were government units, according to Mandiant.…

It could be used to put ethical hackers, and citizens, behind bars

A controversial United Nations proposal has a new foe, Microsoft, which has joined the growing number of organizations warning delegates that the draft version of the UN cybercrime treaty only succeeds in justifying state surveillance — not stopping criminals, as originally intended.…

Malfunction took 14 plants offline for 36 hours. Oh, what a … nah, too obvious

Toyota Japan has recovered from what it's described as a "malfunction in the production order system" that halted production on 28 lines across 14 plants starting on Monday evening.…

Claims to have taken down two colossal networks, with 'Secondary Infektion' schooling 'Spamouflage'

Russia appears to be "better" at running online trolling campaigns aimed at pushing its political narratives than China, according to Meta's latest Adversarial Threat Report.…

Halls of learning are stuck offline, but go Wolverines!

The University of Michigan has isolated itself from the internet but, hey, everything's fine!…

'We will continue fighting this case' global chief's lawyer tells us

An appeals court has reversed a 2021 decision to drop a bribery charge against Apple's head of global security, who is accused of donating iPads worth up to $80,000 to a sheriff's office in exchange for giving his Cupertino agents concealed carry weapon licenses.…

Malware crooks' infrastructure well and truly plucked, for now

Uncle Sam today said an international law enforcement effort dismantled Qakbot, aka QBot, a notorious botnet and malware loader responsible for losses totaling hundreds of millions of dollars worldwide, and seized more than $8.6 million in illicit cryptocurrency.…

All 47,000 Met Police officers and staff reportedly accessed in break-in

London's Metropolitan Police has said a third-party data breach exposed staff and officers' names, ranks, photos, vetting levels, and salary information.…

Meal delivery biz leaves bitter taste

Purfoods has notified more than 1.2 million people that their personal and medical data — including payment card and bank account numbers, security codes, and some protected health information — may have been stolen from its servers during what sounds like a ransomware infection earlier this year.…

Top of the list to trip sensors

Three malware loaders — QBot, SocGholish, and Raspberry Robin — are responsible for 80 percent of observed attacks on computers and networks so far this year.…

ALSO: Euro chip maker breached, crims plan to undermine cyber insurance, and this week's critical vulnerabilities

Infosec in Brief  No one likes malware, but malicious code that tracks your location is particularly unlovable.…

PLUS: India calls for global action on AI and crypto; Vietnam seeks cybersecurity independence; China bans AI prescribing drugs

Asia In Brief  Taiwan-based infosec consultancy Team T5 has disputed Microsoft's alleged timeline of just when a Beijing-linked attack group named Flax Typhoon commenced its campaigns.…