News

Filling in a form at 4am improves infosec or privacy how, exactly?

Opposition is building to India's recently introduced rules on reporting computer security breaches, which have come under fire for being impractical, ineffective, and impinging on privacy.…

All part of a larger push by the Feds to improve cybersecurity reporting

US President Joe Biden has signed into law a bill that aims to improve how the federal government tracks and prosecutes cybercrime.…

Budget-friendly tool breaks the you-get-what-you-pay-for rule

A budget-friendly remote access trojan (RAT) that's under active development is selling on underground Russian forums for about $7 for a two-month subscription, according to BlackBerry researchers today. …

The State Department notice comes in wake of the cybercrims’ attack on Costa Rican government

The US government is offering up to $15 million for information about key leaders of the notorious Conti ransomware group and any individual participating in an attack using a variant of Conti's malware.…

John Deere rival says it may be days or 'potentially longer' before some production facilities are back in action

US agricultural machinery maker AGCO is the latest high-profile organization to fall victim to ransomware, which it says affects operations at some of its worldwide production facilities.…

"We live this fight ourselves everyday," Microsoft says of enterprise attacks

Microsoft is rolling out its "Security Experts" managed service with an eye on stomping down threats and malware.…

Plus: Unpatched DNS bug puts IoT devices at risk, SolarWinds hackers set up new digs, and a CEO faces hard time for massive mining fraud

In Brief  Colonial Pipeline is facing an almost $1 million fine for control room management failures after the US Department of Transportation alleged they contributed to the nation's fuel disruption in the wake of the 2021 ransomware attack.…

Internet regulator puts a few practices in place – including viewing curfews and bans on tips

China's internet regulator, the Cyberspace Administration of China (CAC), has published guidelines that aim to stop minors from giving tips or other forms of payment to livestreamers, watching after 10pm, or livestreaming themselves.…

Stallled law satisfies few and has even been identifed as likely to damage growth

Analysis  NSO Group's Pegasus spyware-for-governments keeps returning to the headlines thanks to revelations such as its use against Spain's prime minister and senior British officials. But there's one nation where outrage about Pegasus has been constant for nearly a year and shows little sign of abating: India.…

NSA director says he doesn't know of a 'big one' that was successful

False-flag cyberattacks represent a red line that even nation states like Russia and China don't want to cross, according to Mandiant CEO Kevin Mandia.…

Helping North Korea? Uncle Sam would like a word

The US Treasury has sanctioned cryptocurrency mixer Blender for its role in helping North Korea's Lazarus Group launder stolen digital assets. …

Hear how from Wendi Whitmore and more at Rubrik’s FORWARD conference

Sponsored Post  These days, keeping your data secure isn’t just a question of keeping the mice from getting to the cheese. It’s a prerequisite for ensuring your organisation can thrive in an increasingly challenging global and business environment.…

Wants Big Tech to butt out, and return control to individuals

The Bank for International Settlements (BIS) – a meta bank for the world's central banks and facilitator of cross-border payments – has advocated new governance systems that promote owner control of data and transparency over its use.…

BIG-IP iControl authentication bypass, NFV VM escape, and more

F5 Networks and Cisco this week issued warnings about serious, and in some cases critical, security vulnerabilities in their products.…

Another banner year for criminals. For everyone else, not so much

Cyber-scams cost victims around the globe at least $6.9 billion last year, according to the FBI's latest Internet Crime Report.…

Passphrases put on PIP

Analysis  Microsoft, Apple and Google – all longtime proponents of doing away with passwords for authentication purposes – are throwing their support behind standards developed by the FIDO Alliance and the World Wide Web Consortium (W3C) that could eliminate the passphrases completely.…

Woos European firms who don't want their data caught in the US Cloud Act dragnet

Google is joining Microsoft in its attempts to tackle EU concerns regarding data sovereignty but some privacy experts are yet to be convinced by the move.…

You've won $2m! Now just send me a small fee

A phishing operation compromised over one hundred UK National Health Service (NHS) employees' Microsoft Exchange email accounts for credential harvesting purposes, according to email security shop Inky.…

Domestic action and international collaboration to make sure you-know-who – OK, China – doesn't get ahead of the game

US president Joe Biden issued two directives on Wednesday aimed at ensuring the nation – and like-minded friends – remain ahead of other countries in the field of quantum computing. Especially as applied to cryptography.…

Infosec outfit says group avoided detection by hiding payloads in undocumented Windows logs

Infosec outfit Cybereason says it's discovered a multi-year – and very successful – Chinese effort to steal intellectual property.…