News

Industrial giants, cybersec vendors collect under OTCSA banner

A number of the world's largest manufacturing and cybersecurity companies are getting behind a new consortium aimed at protecting industrial systems from threats.…

Guarding against the forever almost-here crypto-cracking tech

OpenSSH 9 is here, with updates aimed at dealing with cryptographically challenging quantum computers.…

CVSS 9.8 flaws are not what you want in a hospital robot

Mobile robot maker Aethon has fixed a series of vulnerabilities in its Tug hospital robots that, if exploited, could allow a cybercriminal to remotely control thousands of medical machines.…

Outfits that can rummage around inside customer systems need to prove they're up to the job - and accountable

Cybersecurity service providers must for licenses to operate in Singapore, under new regulations launched by the country’s Cyber Security Agency (CSA) on Monday.…

Traditional endpoint security isn't working, says Darktrace

Sponsored feature  Remember the good old days, when the only devices a company had to worry about were the PCs on its own network? Today, security teams must yearn for those times as they struggle to protect endpoint devices everywhere.…

Same biometric used for different people, no archives, lousy infosec among the issues

India’s Comptroller and Auditor General has published a performance audit of the nation’s Unique Identification Authority and found big IT problems – some attributable to Indian services giant HCL and to HP, but others due to poor government decisions.…

Pegasus software maker faces mounting lawsuits, investigations in the US and EU

Someone at least tried to use NSO Group's surveillance software to spy on European Commission officials last year, according to a Reuters report. …

Trend Micro says vulnerable systems in Singapore have been compromised

There has been a land rush of sorts among threat groups trying to use the vulnerability discovered in the open-source Spring Framework last month, and now researchers at Trend Micro are saying it's being actively exploited to execute the Mirai botnet.…

Learn how to live with that by joining this session

Webinar  Are there any cast iron guarantees when it comes to ransomware? Well, you can guarantee that your organization will come under attack sooner or later. Probably sooner.…

That's what Thoma Bravo is paying for SailPoint in a mid-pandemic market

A $6.9 billion acquisition is putting a hard number on the value of Identity and Access Management (IAM). …

Plus: Fox News learns to use database passwords, Autodesk patches high-severity bugs, and CISA says retire old D-Link routers

In brief  Google pulled a slew of Android apps with more than 46 million downloads from its Google Play Store after security researchers notified the cloud giant that the code contained some sneaky data-harvesting code.…

Online attacks follow suspected airspace violation by Russian aircraft

Cyberattacks took down Finnish government websites on Friday while Ukrainian President Volodymyr Zelenskyy addressed Finland's members of parliament (MPs).…

Software giant sinkholes systems used by Russian gang

Microsoft this week seized seven internet domains run by Russia-linked threat group Strontium, which was using the infrastructure to target Ukrainian institutions as well as think tanks in the US and EU, apparently to support Russian's invasion of its neighbor.…

Learn from the best in this session

Webinar  The Log4j vulnerability put everyone in cybersecurity through the mill last December. So, is it OK to relax now?…

Beijing may have had a hand in attacks in Ukraine, too

China has been accused of conducting a long-term cyber attack on India's power grid, and has been implicated in cyber attacks against targets in Ukraine.…

UK NCSC founder in conversation with Rubrik EMEA CTO

Paid post  When’s the ideal time to reexamine your cybersecurity and data-protection guidelines?…

He's the third FIN7 gangster to face time behind bars

Another member of notorious cybercrime ring FIN7 is headed to jail after the gang breached major companies' networks across the US and stole more than $1 billion from these businesses' customers.…

Plus more financially motivated miscreants try to monetize invasion

Facebook is fighting a surge in cyber-espionage attempts and misinformation campaigns related to the Russian invasion of Ukraine, according to a new report by parent group Meta.…

Bundled version of Node.js simplifies executing downloaded code

Adobe Creative Cloud Experience, a service installed via the Creative Cloud installer for Windows, includes a Node.js executable that can be abused to infect and compromise a victim's PC.…

Fintech provider flaw could have hit dozens of U.S. banks, says Salt Security

Salt Security spotted a vulnerability in a large fintech company's digital platform that would have granted attackers admin access to banking systems in addition to allowing them to transfer funds to their own accounts.…