News

Code locker has figured out it's a giant honeypot for miscreants planning supply chain attacks

GitHub has announced that it will require two factor authentication for users who contribute code on its service.…

'Hunt forward' operations push US capabilities across borders

US Cyber Command chief General Paul Nakasone said has revealed the agency he leads conducted nine "hunt forward" operations last year, sending teams to different counties to help them improve their defensive security posture and hunt for cyberthreats. …

Users claim lack of transparency following compromise of Github tokens

Efforts by Salesforce-owned cloud platform Heroku to manage a recent security incident are turning into a bit of a disaster, according to some users.…

‘Certain organizations’ to be named in ten days and denied access to Russian resources

Russian president Vladimir Putin has authorized retaliatory sanctions against individuals and organizations that have taken action over the illegal invasion of Ukraine.…

If a network snoop probes like a Kremlin agent, exploits like a Kremlin agent, it might be...

A cyber-spy group is targeting Microsoft Exchange deployments to steal data related to mergers and acquisitions and large corporate transactions, according to Mandiant.…

Policing digital assets sounds more Mission Impossible than NCIS

The US Securities and Exchange Commission intends to fill an additional 20 positions in a special unit that polices cryptocurrency fraud and other cybercrimes.…

IT orgs need to adapt their procedures to make it all work, says Dell

Dell Technologies World  Zero-trust architectures have become a focus for enterprises trying to figure out how to secure an IT environment where data and applications are increasingly distributed outside of the traditional perimeter defenses of central datacenters.…

Security suite for the orgs unwilling to stump up for a Microsoft 365 Business Premium subscription

Microsoft has made a standalone version of Microsoft Defender for Business generally available, aimed at customers not keen on paying for one of its subscriptions.…

Airports, hospitals, hotels, and more need to deploy patches for hijack bugs

Five critical remote code execution vulnerabilities in millions Aruba and Avaya devices can be exploited by cybercriminals to take full control of network switches commonly used in airports, hospitals, and hotels, according to Armis researchers.…

If Sherlock was alive today, he’d pack a Pi next to pistol and pipe

Opinion  Almost exactly a month ago, we noted a splendid piece of academic research into Google's data-gathering and consent practises.…

Oh, serve me ads, lots of ads, under clouded eyes above, just fence me in

Google in the next few days plans to begin testing fenced frames, a proposed web API to help its Privacy Sandbox ad technologies meet commitments to privacy of a sort.…

Plus: Another university hit with malware, and more

In brief  The Black Basta crime gang has claimed it infected the American Dental Association with ransomware.…

Security Service Edge separates cloud-delivered defenses from SD-WAN as debate rages

Analysis  The emergence of secure access service edge (SASE) dominated the networking market for the last few years as enterprises sought to address increasingly distributed IT environments.…

Dell shows off full stack of cyber recovery SaaS, partners with Snowflake for data analytics

LAS VEGAS – Dell is giving enterprises new ways to protect the data they store in public clouds.…

Latest Spanish officials to detect Pegasus spyware on mobile devices

Spain's prime minister and defense minister are the latest elected officials to detect Pegasus spyware on their mobile phones, according to multiple media reports quoting Spanish authorities.…

Also: Occulus virtual reality apps fail to detail info collection

Meta's Facebook subsidiary has been collecting hashed personal data from students seeking US government financial aid, even from those without a Facebook account and those not logged into the student aid website, according to a research study published this week.…

Besides files being erased, another thing being deleted: Any sense this is a coincidence

Security researchers have detailed six significant strains of data-wiping malware that have emerged in just the first quarter of 2022, a huge surge over previous years.…

Only works with signed-in users, but could lure more into using the browser

Microsoft appears to be planning a VPN-like solution for its Edge browser judging by a support page for the upcoming feature.…

The cybercriminals trash files larger than 2MB, forever losing them to the void

Ransomware groups in recent years have ramped up the threats against victims to incentivize them to pay the ransom in return for their stolen and encrypted data. But a new crew is essentially destroying files larger than 2MB, so data in those files is lost even if the ransom is paid.…

Especially when gangs are better funded than local police

As cybercriminals become more sophisticated and their attacks more destructive and costly, private security firms and law enforcement need to work together, according to Interpol's Doug Witschi.…