Summary

Total Articles Found: 28

Top sources:

Top Keywords:

Top Authors

Top Articles:

  • RSAC branded a 'super spreader event' as attendees share COVID-19 test results
  • Microsoft confirms Russian spies stole source code, accessed internal systems
  • Critical hardcoded SolarWinds credential now exploited in the wild
  • Malwarebytes blocks Google, YouTube as malware
  • Thousands of websites run buggy WordPress plugin that allows complete takeover
  • That doomsday critical Linux bug: It's CUPS. Could lead to remote hijacking of devices
  • SCOTUS judges 'doxxed' after overturning Roe v Wade
  • Codebreakers decipher Mary, Queen of Scots' secret letters 436 years after her execution
  • Warning on SolarWinds-like supply-chain attacks: 'They're just getting bigger'
  • Squid games: 35 security holes still unpatched in proxy after 2 years, now public

Suspected bosses of $430M dark-web Empire Market charged in US

Published: 2024-06-17 20:13:02

Popularity: 9

Author: Jessica Lyons

🤖: "Dark web bust"

Dopenugget and Zero Angel may face life behind bars if convicted The two alleged administrators of Empire Market, a dark-web bazaar that peddled drugs, malware, digital fraud, and other illegal stuff, have been detained on charges related to owning and operating the illicit souk.…

...more

Hudson Rock yanks report fingering Snowflake employee creds snafu for mega-leak

Published: 2024-06-04 02:25:07

Popularity: 9

Author: Jessica Lyons

🤖: "Snowflaking fail"

Cloud storage giant lawyers up against infosec house Analysis  Hudson Rock, citing legal pressure from Snowflake, has removed its online report that claimed miscreants broke into the cloud storage and analytics giant's underlying systems and stole data from potentially hundreds of customers including Ticketmaster and Santander Bank.…

...more

Forget TikTok – Chinese spies want to steal IP by backdooring digital locks

Published: 2024-03-14 23:35:06

Popularity: 30

Author: Jessica Lyons

Uncle Sam can use this snooping tool, too, but that's beside the point Updated  There's another Chinese-manufactured product – joining the likes of TikTok, cars and semiconductors – that poses a national security risk to Americans: Electronic locks, such as those used in safes.…

...more

Microsoft confirms Russian spies stole source code, accessed internal systems

Published: 2024-03-08 16:56:46

Popularity: 115

Author: Jessica Lyons

Still 'no evidence' of any compromised customer-facing systems, we're told Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems. The Redmond giant also characterized the intrusion as "ongoing."…

...more

SolarWinds slams SEC lawsuit against it as 'unprecedented' victim blaming

Published: 2024-01-29 20:52:28

Popularity: 11

Author: Jessica Lyons Hardcastle

18,000 customers, including the Pentagon and Microsoft, may have other thoughts SolarWinds – whose network monitoring software was backdoored by Russian spies so that the biz's customers could be spied upon – has accused America's financial watchdog of seeking to "revictimise the victim" after the agency sued it over the 2020 attack.…

...more

Lapsus$ teen sentenced to indefinite detention in hospital for Nvidia, GTA cyberattacks

Published: 2023-12-21 22:15:10

Popularity: 23

Author: Jessica Lyons Hardcastle

Arion Kurtaj will remain hospitalized until a mental health tribunal says he can leave Two British teens who were members of the Lapsus$ gang have been sentenced for their roles in a cyber-crime spree that included compromising Uber, Nvidia, and fintech firm Revolut, and also blackmailing Grand Theft Auto maker Rockstar Games.…

...more

Bug hunters on your marks: TETRA radio encryption algorithms to enter public domain

Published: 2023-11-14 08:00:09

Popularity: 18

Author: Jessica Lyons Hardcastle

Emergency comms standard had five nasty flaws but will be opened to academic research A set of encryption algorithms used to secure emergency radio communications will enter the public domain after an about-face by the European Telecommunications Standards Institute (ETSI).…

...more

Squid games: 35 security holes still unpatched in proxy after 2 years, now public

Published: 2023-10-13 00:21:34

Popularity: 37

Author: Jessica Lyons Hardcastle

We'd like to say don't panic … but maybe? 35 vulnerabilities in the Squid caching proxy remain unfixed more than two years after being found and disclosed to the open source project's maintainers, according to the person who reported them.…

...more

Ex-Ubiquiti dev jailed for 6 years after stealing internal corp data, extorting bosses

Published: 2023-05-12 20:28:05

Popularity: 16

Author: Jessica Lyons Hardcastle

Momentary lapse in VPN led to stretch in the cooler, $1.6m bill Nickolas Sharp has been sentenced to six years in prison and ordered to pay almost $1.6 million to his now-former employer Ubiquiti – after stealing gigabytes of corporate data from the biz and then trying to extort almost $2 million from his bosses while posing as an anonymous hacker.…

...more

Warning on SolarWinds-like supply-chain attacks: 'They're just getting bigger'

Published: 2023-03-03 11:33:13

Popularity: 38

Author: Jessica Lyons Hardcastle

Industry hasn't 'improved much at all' Mandiant's Eric Scales tells us SCSW  Back in 2020, Eric Scales led the incident response team investigating a state-backed software supply-chain attack that compromised application build servers and led to infections at government agencies and tech giants including Microsoft and Intel.…

...more

Google: You get crypto, you get crypto, almost everyone gets email crypto!

Published: 2023-03-01 01:38:14

Popularity: 6

Author: Jessica Lyons Hardcastle

Personal Gmail users still out of luck Google continued its client-side encryption rollout, the feature generally available to some Gmail and Calendar users who can now send and receive encrypted messages and meeting invites.…

...more

Feeling VEXed by software supply chain security? You’re not alone

Published: 2023-02-28 01:01:13

Popularity: 12

Author: Jessica Lyons Hardcastle

Chainguard CEO explains how to secure code given crims know to poison it at the source SCSW  The vast majority of off-the-shelf software is composed of imported components, whether that's open source libraries or proprietary code. And that spells a security danger: if someone can subvert one of those components, they can infiltrate every installation of applications using those dependencies.…

...more

Codebreakers decipher Mary, Queen of Scots' secret letters 436 years after her execution

Published: 2023-02-09 08:30:05

Popularity: 41

Author: Jessica Lyons Hardcastle

Digital sleuths chop through crypto challenge in 'surreal' search A team of codebreakers discovered – and then cracked – more than 50 secret letters written by Mary Stuart, Queen of Scots while she was imprisoned in England by her cousin, Queen Elizabeth I. …

...more

School chat app Seesaw abused to send 'inappropriate image' to parents, teachers

Published: 2022-09-16 21:45:39

Popularity: 31

Author: Jessica Lyons Hardcastle

This is why we don't reuse passwords, kids Parents and teachers received a link to an "inappropriate image" this week via Seesaw after miscreants hijacked accounts in a credential stuffing attack against the popular school messaging app.…

...more

Malwarebytes blocks Google, YouTube as malware

Published: 2022-09-21 15:56:01

Popularity: 96

Author: Jessica Lyons Hardcastle

Sounds like fair comment Updated  Google and its Youtube domains are being flagged as malicious by Malwarebytes as of Wednesday morning, blocking users from accessing a whole range of websites.…

...more

Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers

Published: 2022-08-29 18:08:14

Popularity: 13

Author: Jessica Lyons Hardcastle

Grab and deploy this backend update if you offer even repo read access A critical command-injection vulnerability in multiple API endpoints of Atlassian Bitbucket Server and Data Center could allow an unauthorized attacker to remotely execute malware, and view, change, and even delete data stored in repositories.…

...more

Thousands of websites run buggy WordPress plugin that allows complete takeover

Published: 2022-07-15 19:15:10

Popularity: 81

Author: Jessica Lyons Hardcastle

All versions are susceptible, there's no patch, so now's a good time to remove this add-on Miscreants have reportedly scanned almost 1.6 million websites in attempts to exploit an arbitrary file upload vulnerability in a previously disclosed buggy WordPress plugin.…

...more

SCOTUS judges 'doxxed' after overturning Roe v Wade

Published: 2022-07-13 18:28:12

Popularity: 51

Author: Jessica Lyons Hardcastle

Physical and IP addresses as well as credit card info revealed in privacy breach The US Supreme Court justices who overturned Roe v. Wade last month may have been doxxed – had their personal information including physical and IP addresses, and credit card info revealed – according to threat intel firm Cybersixgill.…

...more

RSAC branded a 'super spreader event' as attendees share COVID-19 test results

Published: 2022-06-16 21:56:13

Popularity: 143

Author: Jessica Lyons Hardcastle

That, and Black Hat, are about to reveal risk assessment skills of our cyber-risk experts RSA Conference  Quick show of hands: who came home from this year's RSA Conference without COVID-19?…

...more

If you've got Intel inside, you probably need to get these security patches inside, too

Published: 2022-05-12 21:06:29

Popularity: 21

Author: Jessica Lyons Hardcastle

So. Many. BIOS. Bugs Intel has disclosed high-severity bugs in its firmware that's used in datacenter servers, workstations, mobile devices, storage products, and other gear. These flaws can be exploited to escalate privileges, leak information, or stop things from working.…

...more

Iran most likely to launch destructive cyber-attack against US – ex-Air Force intel analyst

Published: 2024-05-10 21:01:07

Popularity: 13

Author: Jessica Lyons

But China's the most technologically advanced Interview  China remains the biggest cyber threat to the US government, America's critical infrastructure, and its private-sector networks, the nation's intelligence community has assessed.…

...more

Infosec biz boss accused of BS'ing the world about his career, anti-crime product, customers

Published: 2024-05-01 18:58:08

Popularity: 14

Author: Jessica Lyons

Intrusion investors went through Blount farce trauma, says SEC Jack Blount, the now-ex CEO of Intrusion, has settled with the SEC over allegations he made false and misleading statements about his infosec firm's product as well as his own background and experience.…

...more

Kaspersky challenges US government to put up or shut up about Kremlin ties

Published: 2024-07-18 16:29:05

Popularity: 30

Author: Jessica Lyons

🤖: ""Bring it on!""

Stick an independent probe in our software, you won't find any Putin.DLL backdoor Kaspersky has hit back after the US government banned its products – by proposing an independent verification that its software is above board and not backdoored by the Kremlin.…

...more

Kaspersky says Uncle Sam snubbed proposal to open up its code for third-party review

Published: 2024-07-25 12:01:14

Popularity: 10

Author: Jessica Lyons

🤖: "Government secrecy 🤐"

Those national security threat claims? 'No evidence,' VP tells The Reg Exclusive  Despite the Feds' determination to ban Kaspersky's security software in the US, the Russian business continues to push its proposal to open up its data and products to independent third-party review – and prove to Uncle Sam that its code hasn't been and won't be compromised by Kremlin spies.…

...more

CrowdStrike's meltdown didn't dent its market dominance … yet

Published: 2024-08-29 02:27:08

Popularity: 12

Author: Jessica Lyons

🤖: "Server not found"

Total revenue for Q2 grew 32 percent CrowdStrike's major meltdown a month ago doesn't look like affecting the cyber security vendor's market dominance anytime soon, based on its earnings reported Wednesday.…

...more

NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great

Published: 2024-10-02 12:31:05

Popularity: 17

Author: Jessica Lyons

🤖: "bug backlog"

Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline NIST has made some progress clearing its backlog of security vulnerability reports to process – though it's not quite on target as hoped.…

...more

That doomsday critical Linux bug: It's CUPS. Could lead to remote hijacking of devices

Published: 2024-09-26 17:34:01

Popularity: 75

Author: Jessica Lyons

🤖: "" printer hack ""

Quick fix: Remove cups-browsed, block UDP port 631 Updated  After days of waiting and anticipation, what was billed as one or more critical unauthenticated remote-code execution vulnerabilities in all Linux systems was today finally revealed.…

...more

Critical hardcoded SolarWinds credential now exploited in the wild

Published: 2024-10-16 20:00:14

Popularity: 107

Author: Jessica Lyons

🤖: "Solar Flare"

Another blow for IT software house and its customers A critical, hardcoded login credential in SolarWinds' Web Help Desk line has been exploited in the wild by criminals, according to the US Cybersecurity and Infrastructure Security Agency, which has added the security blunder to its Known Exploited Vulnerabilities (KEV) Catalog.…

...more

end