News

Regulator makes various additional demands over alleged cybersecurity failings

In proposing a settlement agreement, the Federal Trade Commission (FTC) says that Illusory Systems must repay users funds lost in a 2022 cyberattack.…

Buckle up to innovate at speed, says PwC

Sponsored Post  As AI spreads across the enterprise, so too do the security and compliance risks. Regulations are evolving, risk postures are shifting, and organizations must find a way to innovate responsibly without slowing down.…

Build a digital backbone faster than adversaries can evovle or lose the information war

NATO is in an existential race to develop sovereign cloud based technologies to underpin its mission, the alliance’s Assistant Secretary General for Cyber and Digital Transformation told an audience at the Royal United Services Institute last week.…

Folder permission changes cause queue failures and misleading error messages, no real fix yet

Microsoft has good news for administrators: while some organizations now pay for security updates on older Windows versions, the inconsistent quality remains free.…

Regulator proposes strict limits on screen-based testing, cites infrastructure concerns and lack of evidence for benefits

Most students taking school and college GCSE, A-level, and AS-level exams in England will continue to use pen and paper, according to proposals from the sector's regulator for a very limited expansion of screen-based assessments.…

Misconfigured servers are in, 0-days out

Chinese espionage crew Ink Dragon has expanded its snooping activities into European government networks, using compromised servers to create illicit relay nodes for future operations.…

An employee of the adult site could be responsible.

Analytics vendor Mixpanel says it is not the source of data stolen from Pornhub and says the info was last accessed by an employee of the adult site.…

More than 8 million people have installed extensions that eavesdrop on chatbot interactions

Ad blockers and VPNs are supposed to protect your privacy, but four popular browser extensions have been doing just the opposite. According to research from Koi Security, these pernicious plug-ins have been harvesting the text of chatbot conversations from more than 8 million people and sending them back to the developers.…

All I want for Christmas … is all of your data

A new, modular infostealer called SantaStealer, advertised on Telegram with a basic tier priced at $175 per month, promises to make criminals' Christmas dreams come true. It boasts that it can run "fully undetected" even on systems with the "strictest AntiVirus" and those belonging to governments, financial institutions, and other prime targets.…

Adult site, streaming platform, and Japanese retailer expose user info, but not credentials

Three very different companies have now confirmed data breaches affecting millions of users – each insisting the damage stopped well short of passwords and payment details.…

New spy boss says officers must master code alongside tradecraft as agency navigates 'space between peace and war'

MI6's new chief Blaise Metreweli outlined her vision for technology-augmented intelligence gathering in her first public speech on 15 December, warning that the UK operates "in a space between peace and war."…

PwC supports clients across the full cyber lifecycle

Sponsored Post  Managing cybersecurity risk has never been simple, but in today's threat landscape it can also become a source of strength. PwC believes that AI is now central to that transformation, helping organizations not just react faster to attacks, but evolve their defences with greater confidence.…

Bum note for 20 percent of users whose data leaked

Music hosting and streaming service SoundCloud has admitted it suffered a cyberattack.…

'Sustained focus on Western critical infrastructure'

Russia's Main Intelligence Directorate (GRU) is behind a years-long campaign targeting energy, telecommunications, and tech providers, stealing credentials and compromising misconfigured devices hosted on AWS to give the Kremlin's snoops persistent access to sensitive networks, according to Amazon's security boss.…

Who hasn't exploited this max-severity flaw?

At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking React2Shell, a maximum-severity flaw in the widely used React JavaScript library, according to Google.…

Watchdog links schedule change to replanning of UK payments system overhaul

The European Central Bank's (ECB) decision to delay its move to a new messaging standard in 2022 ended up costing the Bank of England £23 million as it was forced to adjust migration to a new settlement system to avoid compounding risks.…

Automaker admits raid that crippled its factories in August led to the theft of sensitive info

Jaguar Land Rover (JLR) has reportedly told staff the cyber raid that crippled its operations in August didn't just bring production to a screeching halt – it also walked off with the personal payroll data of thousands of employees.…

Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse

Apple and Google have both issued emergency patches after zero-day bugs were caught being actively exploited in what the companies describe as "sophisticated" real-world attacks.…

Minister insists 'modest' bill is not an assault on privacy-preserving tech

The Danish government wants the public to weigh in on its proposed laws restricting use of VPNs to access certain corners of the internet.…

I'm dreaming of a white hat mass

Opinion  It was 40 years ago that four young British hackers set about changing the law, although they didn't know it at the time. It was a cross-platform attack including a ZX Spectrum, a BBC Micro, and a Tatung Einstein slamming British Telecom's Prestel service over dial-up modems at 75 bits per second.…