18,000 customers, including the Pentagon and Microsoft, may have other thoughts SolarWinds – whose network monitoring software was backdoored by Russian spies so that the biz's customers could be spied upon – has accused America's financial watchdog of seeking to "revictimise the victim" after the agency sued it over the 2020 attack.…

Arion Kurtaj will remain hospitalized until a mental health tribunal says he can leave Two British teens who were members of the Lapsus$ gang have been sentenced for their roles in a cyber-crime spree that included compromising Uber, Nvidia, and fintech firm Revolut, and also blackmailing Grand Theft Auto maker Rockstar Games.…

Emergency comms standard had five nasty flaws but will be opened to academic research A set of encryption algorithms used to secure emergency radio communications will enter the public domain after an about-face by the European Telecommunications Standards Institute (ETSI).…

We'd like to say don't panic … but maybe? 35 vulnerabilities in the Squid caching proxy remain unfixed more than two years after being found and disclosed to the open source project's maintainers, according to the person who reported them.…

Momentary lapse in VPN led to stretch in the cooler, $1.6m bill Nickolas Sharp has been sentenced to six years in prison and ordered to pay almost $1.6 million to his now-former employer Ubiquiti – after stealing gigabytes of corporate data from the biz and then trying to extort almost $2 million from his bosses while posing as an anonymous hacker.…

Industry hasn't 'improved much at all' Mandiant's Eric Scales tells us SCSW  Back in 2020, Eric Scales led the incident response team investigating a state-backed software supply-chain attack that compromised application build servers and led to infections at government agencies and tech giants including Microsoft and Intel.…

Personal Gmail users still out of luck Google continued its client-side encryption rollout, the feature generally available to some Gmail and Calendar users who can now send and receive encrypted messages and meeting invites.…

Chainguard CEO explains how to secure code given crims know to poison it at the source SCSW  The vast majority of off-the-shelf software is composed of imported components, whether that's open source libraries or proprietary code. And that spells a security danger: if someone can subvert one of those components, they can infiltrate every installation of applications using those dependencies.…

Digital sleuths chop through crypto challenge in 'surreal' search A team of codebreakers discovered – and then cracked – more than 50 secret letters written by Mary Stuart, Queen of Scots while she was imprisoned in England by her cousin, Queen Elizabeth I. …

This is why we don't reuse passwords, kids Parents and teachers received a link to an "inappropriate image" this week via Seesaw after miscreants hijacked accounts in a credential stuffing attack against the popular school messaging app.…

Sounds like fair comment Updated  Google and its Youtube domains are being flagged as malicious by Malwarebytes as of Wednesday morning, blocking users from accessing a whole range of websites.…

Grab and deploy this backend update if you offer even repo read access A critical command-injection vulnerability in multiple API endpoints of Atlassian Bitbucket Server and Data Center could allow an unauthorized attacker to remotely execute malware, and view, change, and even delete data stored in repositories.…

All versions are susceptible, there's no patch, so now's a good time to remove this add-on Miscreants have reportedly scanned almost 1.6 million websites in attempts to exploit an arbitrary file upload vulnerability in a previously disclosed buggy WordPress plugin.…

Physical and IP addresses as well as credit card info revealed in privacy breach The US Supreme Court justices who overturned Roe v. Wade last month may have been doxxed – had their personal information including physical and IP addresses, and credit card info revealed – according to threat intel firm Cybersixgill.…

That, and Black Hat, are about to reveal risk assessment skills of our cyber-risk experts RSA Conference  Quick show of hands: who came home from this year's RSA Conference without COVID-19?…

So. Many. BIOS. Bugs Intel has disclosed high-severity bugs in its firmware that's used in datacenter servers, workstations, mobile devices, storage products, and other gear. These flaws can be exploited to escalate privileges, leak information, or stop things from working.…