News

No matter how deep you are in Apple's 'ecosystem,’ there are ways to stay encrypted in the UK

Apple customers, privacy advocates, and security sleuths have now had the weekend to stew over the news of the iGadget maker's decision to bend to the UK government and disable its Advanced Data Protection (ADP) feature.…

PLUS: SEC launches new crypto crime unit; Phishing toolkit upgraded; and more

Infosec in brief  Apple has responded to the UK government's demand for access to its customers’ data stored in iCloud by deciding to turn off its Advanced Data Protection (ADP) end-to-end encryption service for UK users.…

Researchers say there's dissent in the ranks. Plus: An AI tool lets you have a go yourself at analysing the data

Hundreds of thousands of internal messages from the Black Basta ransomware gang were leaked by a Telegram user, prompting security researchers to bust out their best Russian translations post haste.…

PoC exploit code shows why this is a patch priority

Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven't already installed patches released in January extra incentive to revisit their to-do lists.…

It comes amid a major crackdown on the abusive industry that started during COVID

Thailand is preparing to receive thousands of people rescued from scam call centers in Myanmar as the country launches a major crackdown on the pervasive criminal activity across its border.…

Nobody wants memory bugs. Penguinistas continue debate on how to squish 'em

Some Linux kernel maintainers remain unconvinced that adding Rust code to the open source project is a good idea, but its VIPs are coming out in support of the language's integration.…

Said bugs 'can have significant implications' – glad to hear that from Redmond

Microsoft is so concerned about security in its Copilot products for folks that it’s lifted bug bounty payments for moderate-severity vulnerabilities from nothing to a maximum of $5,000, and expanded the range of vulnerabilities it will pay people to find and report.…

Don't think this is SaaS and you can relax: Redmond wants a few of you to check your websites

Microsoft has fixed a security flaw in its Power Pages website-building SaaS, after criminals got there first – and urged users to check their sites for signs of exploitation.…

A painful loss for young company that's yet to generate revenue

A NASDAQ-listed US minerals company says cybercriminals broke into its systems on Valentine's Day and paid themselves around $500,000 – money earmarked for a vendor.…

Bugs fixed, updating to the latest version is advisable

Security sleuths found two critical vulnerabilities in a third-party library that MongoDB relies on, which means bad guys can potentially steal data and run code.…

The latest in a long line of fraud stings worth billions each year

Two men are in police custody after being arrested in connection with a July cryptocurrency fraud involving a man in his seventies.…

FBI and CISA issue reminder - deep sigh - about the importance of patching and backups

The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities and some basic infosec actions, according to a joint advisory issued Wednesday by the FBI and US Cybersecurity and Infrastructure Security Agency.…

2.3 TB held to ransom as biz formerly known as Virgin Care tells us it's probing IT 'security incident'

Exclusive  HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what's claimed to be stolen internal records unless a substantial ransom is paid.…

That's the way the cookie melts

A US Army soldier suspected of hacking AT&T and Verizon has admitted leaking online people's private call records.…

Hey, at least Katie Arrington brings a solid resume

Donald Trump's nominee for a critical DoD cybersecurity role sports a resume that outshines many of his past picks, despite previously suspended security clearance.…

You can find out if your GitHub codebase is leaking keys ... but so can miscreants

A free automated tool that lets anyone scan public GitHub repositories for exposed AWS credentials has been released.…

15GB of sensitive files traced back to former software biz

Typically shoppers can expect to find tie-dye t-shirts, broken lamps and old disco records at flea markets, now it seems storage drives filled with huge volumes of sensitive data can be added to that list.…

Showbiz members' passport scans already plastered online

A London talent agency has reported itself to the UK's data protection watchdog after the Rhysida ransomware crew last week claimed it had attacked the business, which represents luminaries of stage and screen.…

If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help

An alleged security SNAFU that occurred during the Obama administration has finally been settled under the second Trump administration.…

If you want to avoid urgent patches, stop exposing management consoles to the public internet

A flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two older vulnerabilities, allows attackers to gain root access to affected systems.…