News
FTC: BetterHelp pushed users to share mental health info then gave it to Facebook
Even if you don't know anyone who has used BetterHelp's services, podcast fans will recognize it from its annoying adverts for its online therapists. American regulators, however, allege the company's relationship with the advertising industry is more perverse than a mere irritating jingle, claiming it betrayed loyalties that should lie with customers by passing on their mental health info to Facebook, Snapchat and others.…
Frankenstein malware stitched together from code of others disguised as PyPI package
A malicious package discovered in the Python Package Index (PyPI) is the latest example of what threat hunters from Kroll called the continued "democratization of cybercrime," with the bad guys creating malware variants from the code of others.…
Warning on SolarWinds-like supply-chain attacks: 'They're just getting bigger'
SCSW Back in 2020, Eric Scales led the incident response team investigating a nation-state hack that compromised his company's servers along with those at federal agencies and tech giants including Microsoft and Intel.…
German Digital Affairs Committee hearing heaps scorn on Chat Control
Europe's proposed "Chat Control" legislation to automatically scan chat, email, and instant message communications for child sexual exploitation material (CSEM) ran up against broad resistance at a meeting of the German Parliament's (Bundestag) Digital Affairs Committee on Wednesday.…
Smart security
Webinar Trying to keep on top of all the hype and complexity in cybersecurity can be more than an just an uphill struggle and more like a veritable mountain to climb every morning.…
Crappy insecure software in Biden's crosshairs
Analysis Technology providers can expect more regulations, while cyber criminals can look for US law enforcement to step up their efforts to disrupt ransomware gangs and other illicit activities, under the Biden administration's computer security plan announced on Thursday.…
CI/CD: Necessary for modern software development, yet it carries a lot of risk
SCSW CI/CD over the past decade has become the cornerstone of modern software development.…
Intruder alert: UK retailer WH Smith hit by another data leak
Less than a year after its online greetings card subsidiary Funky Pigeon was attacked, WH Smith has admitted someone broke into its systems.…
Forget ChatGPT, the most overhyped security tool is technology itself, Wiz warns
Interview It's a tough economy to ask for a bigger security team or larger budget to buy technology to protect against cyberattacks. …
It's official: BlackLotus malware can bypass Secure Boot on Windows machines
BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.…
PlugX RAT masquerades as legit Windows debugger to slip past security
Cybercriminals are disguising the PlugX remote access trojan as a legitimate open-source Windows debugging tool to evade detection and compromise systems.…
Google: You get crypto, you get crypto, almost everyone gets email crypto!
Google continued its client-side encryption rollout, the feature generally available to some Gmail and Calendar users who can now send and receive encrypted messages and meeting invites.…
US government sets a 30-day deadline for wiping TikTok from feds' phones
The White House has ordered all federal government employees to delete TikTok from work devices, over fears the video-sharing app could be used to spy on Americans. …
US cybersecurity chief: Software makers shouldn't lawyer their way out of security responsibilities
What's more dangerous than Chinese spy balloons? Unsafe software and other technology products, according to America's Cybersecurity and Infrastructure Agency (CISA) Director Jen Easterly.…
Dish: Someone snatched our data, if you're wondering why our IT systems went down
Dish has confirmed what everyone was suspecting, given the ongoing downtime experienced by some of its systems, that the US telco was hit by criminal hackers.…
News Corp outfoxed by IT intruders for years
The miscreants who infiltrated News Corporation's corporate IT network spent two years in the media monolith's system before being detected early last year.…
Russian hacktivists DDoS hospitals, with pathetic results
A series of distributed-denial-of-service (DDoS) attacks shut down nine Danish hospitals' websites for a few hours on Sunday, but did not have any life-threatening impact on the medical centers' operations or digital infrastructure.…
US Marshals Service leaks ‘law enforcement sensitive information’ in ransomware incident
The US Marshals Service, the enforcement branch of the nation’s federal courts, has admitted to a “major” breach of its information security defenses allowed a ransomware infection and exfiltration of “law-enforcement sensitive information”.…
Feeling VEXed by software supply chain security? You’re not alone
SCSW The vast majority of off-the-shelf software is composed of imported components, whether that's open source libraries or proprietary code. And that spells a security danger: if someone can subvert one of those components, they can infiltrate every installation of applications using those dependencies.…
Dish multi-day outage rolls on as ransomware fears grow
US telco Dish said it is investigating a multi-day network "issue" that knocked some of its systems offline, leaving customers stranded from the web.…
Pages
