News

Ransomware suspected but not confirmed

SJD Accountancy and Nixon Williams – both contractor-focused beancounting firms owned by the same corporate parent as cyber-attack-struck UK umbrella company Parasol – have been hit by online attackers.…

Scam has claimed 469 victims in December alone, of which OCBC has issued goodwill payments to 30

The Monetary Authority of Singapore says it is considering supervisory action against Southeast Asia's second largest bank, Oversea-Chinese Banking Corporation (OCBC), which was criticised for its incident response to a widespread phishing scheme across the island nation.…

‘If you don’t have Anycast it’s not a good DNS service’

Paid Feature  In October 2021, in an incident lasting more than six hours, Facebook disappeared from the Internet. This wasn’t a temporary .com outage on the company’s primary domain but a complete shutdown of its public existence that also dragged into the darkness WhatsApp, Instagram, and Messenger.…

Testing? Isn't that what users are for?

Microsoft has patched the patch that broke chunks of Windows and emitted fixes for a Patch Tuesday cock-up that left servers rebooting and VPNs disconnected.…

Glitch is spilling private data and there's not much Apple users can do about it

An improperly implemented API that stores data on browsers has caused a vulnerability in Safari 15 that leaks user internet activity and personal identifiers.…

And for last week's digital graffiti operations, too

After last week's website defacements, Ukraine is now being targeted by boot record-wiping malware that looks like ransomware but with one crucial difference: there's no recovery method. Officials have pointed the finger at Belarus.…

'Malicious activity on our network' spotted, says CEO, as some contractors say they've still not been paid

Umbrella company Parasol Group has confirmed why it shut down part of its IT last week: it found unauthorised activity from an intruder.…

Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

In brief  Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.…

Cybercrook gang has 'ceased to exist' says Putin's military service

Russia's internal security agency said today it had dismantled the REvil ransomware gang's networks and raided its operators' homes following arrests yesterday in Ukraine.…

Contractors say they haven't been paid, and are in the dark too

Contractors employed via umbrella company Parasol Group are increasingly nervous about a multi-day outage of some IT systems used to process payroll, with several suspecting a security attack as the root cause.…

Despite threatening messages nothing's been leaked, say victims

A "massive" cyber attack on Ukraine caught the world's eye this morning as the country's foreign ministry said its website, among others, had been taken down by unidentified hackers.…

This webinar shows how throwing up barricades isn’t enough anymore

Webinar  It’s a truism that your data is your organisation's most precious asset. Here’s another. Once data is backed up, many organisations tend to forget about it.…

Customers shouldn't need to wait seven days before being told

The US Federal Communications Commission is considering imposing stricter rules requiring telecommunications carriers to report data breaches to customers and law enforcement more quickly.…

Those critical AWS flaws that exposed data and broke tenant separation? All fixed!

Two serious security vulnerabilities were recently found in AWS services, but because they were responsibly reported and the cloud biz responded quickly, no harm appears to have been done.…

Tune in, turn on, run in the background, using Red Hat DevSecOps framework

Paid feature  Assessing what can go wrong in a hybrid cloud environment can be daunting. Applications can be poorly coded, security vulnerabilities may be present but hard to detect or manage, and applications and the IT infrastructure may not be designed for DevSecOps.…

Plus three other suspects nicked in raids today

Ukrainian police have arrested five people on suspicion of operating a ransomware gang, including a husband-and-wife team, following tipoffs from UK law enforcement.…

Schrems II ruling continues to trouble transatlantic data sharing

The Austrian data protection authority has ruled that use of Google Analytics by a German company is in breach of European law in light of the Schrems II EU-US data sharing ruling.…

Start as you mean to go on, Microsoft

Microsoft's first Patch Tuesday of 2022 has, for some folk, broken Hyper-V and sent domain controllers into boot loops.…

Huntress Labs tips some loose change into vuln-spotters' cup

The Dutch Initiative for Vulnerability Disclosure has scored $100k towards its founder's hope of a nationwide bug bounty available for anything at all.…

Bernalillo County's Metropolitan Detention Center still recovering from infection

Bernalillo County, New Mexico, has been unable to comply with the settlement terms of a 27-year-old lawsuit over prison conditions because of a ransomware attack last week that saw prisoners back under manual control.…