News

You didn't really trust the crims to keep their word, did you?

Spiders don't change their stripes. Despite gang members' recent retirement claims, Scattered Spider hasn't exited the cybercrime business and instead has shifted focus to the financial sector, with a recent digital intrusion at a US bank.…

But will the International Space Station still be there to host its node?

Axiom Space and Spacebilt have announced plans to add optically interconnected Orbital Data Center (ODC) infrastructure to the International Space Station (ISS).…

Prosecutors say Conor Fitzpatrick's crimes caused 'incalculable' damage

The founder of the popular cybercrime website BreachForums will spend three years in prison after previously being let off with a slap on the wrist.…

Pentesters confirm key system is safe but core products remain unavailable

Brit telco Colt Technology Services says its recovery from an August cyberattack might not be completed until late November.…

Still exotic for now, but moves are afoot

Arm devices are everywhere today and many of them run Linux. The operating system also powers cloud computing and IT environments all over the world. However, x86 is still the dominant architecture of global computer hardware, where the Unified Extensible Firmware Interface (UEFI) with Secure Boot incorporated is a standard. But what does UEFI look like from an Arm perspective?…

Google and ETH Zurich found problems with AMD/SK Hynix combo, will probe other hardware

Researchers from Google and Swiss university ETH Zurich have found a new class of Rowhammer vulnerability that could allow attackers to access info stored in DDR5 memory.…

Suggests using multiple overlapping approaches and being kind to kids who get kicked off

Australia’s eSafety commissioner has told social media operators it expects them to employ multiple age assurance techniques and technologies to keep children under sixteen off social media, as required by local law from December 10th.…

Redmond names alleged ringleader, claims 5K+ creds stolen and $100k pocketed

Microsoft has seized 338 websites associated with RaccoonO365 and identified the leader of the phishing service - Joshua Ogundipe - as part of a larger effort to disrupt what Redmond's Digital Crimes Unit calls the "fastest-growing tool used by cybercriminals to steal Microsoft 365 usernames and passwords."…

Talk about an inside job

Google confirmed that miscreants created a fraudulent account in its Law Enforcement Request System (LERS) portal, which police and other government agencies use to ask for data about Google users.…

May have been used in 'extremely sophisticated' attacks against 'specific targeted individuals'

Apple backported a fix to older iPhones and iPads for a serious bug it patched last month – but only after it may have been exploited in what the company calls "extremely sophisticated" attacks.…

Intrusions bear the same hallmarks as recent Nx mess

The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.…

Tech evolved from PoC to global campaign in under two months

An attack called FileFix is masquerading as a Facebook security alert before ultimately dropping the widely used StealC infostealer and malware downloader.…

Latest extension to factory closures takes incident response into fourth week

Jaguar Land Rover (JLR) has announced a further extension to its multi-site global shutdown, bringing its cyber-related downtime to nearly four weeks.…

Cyberspace watchdog tightens reporting regime, leaving little time to hide incidents

Beijing will soon expect Chinese network operators to 'fess up to serious cyber incidents within an hour of spotting them – or risk penalties for dragging their feet.…

Cautionary tale from the recent SonicWall attacks

Failing to encrypt sensitive data leaves you wide open to attack. During the recent SonicWall attack spree, intruders bypassed multi-factor authentication (MFA) in at least one case, because a user's recovery codes were left sitting in a plaintext file on their desktop.…

Who has access to what? Without centralized governance, orgs struggle to answer this simple question.

Partner Content  From the moment users log onto their machines, access rights shape their experience. Access rights determine which apps they can run, which directories they can open, and what information they can retrieve.…

Bank says incident went undetected for over a year before discovery in June

A US fintech biz is writing to nearly 700,000 customers because a former employee may have accessed or acquired their data after leaving the company.…

Kimsuky gang proves that with the right wording, you can turn generative AI into a counterfeit factory

North Korean spies used ChatGPT to generate a fake military ID for use in an espionage campaign against a South Korean defense-related institution, according to new research.…

Chip giant accused of breaching conditions of $6.9B Mellanox takeover

China has dealt Nvidia another blow, finding the chipmaker in violation of the country's anti-monopoly Law and escalating a long-running regulatory headache into a full investigation.…

As post-cyberattack layoffs begin, labor org argues UK goverment should step in

The UK's chief automotive workers' union is calling on the government to establish a Covid-esque furlough scheme for the thousands of individuals who face losing their jobs due to the cyber-related downtime at Jaguar Land Rover.…