News

'Many dozens' targeted in ongoing campaign, CheckPoint researcher tells The Reg

Cybercriminals are targeting critical US manufacturers and supply-chain companies, looking to steal sensitive IP and other data while deploying ransomware. Their attack involves a novel twist on phishing — and a photo of White House butlers. …

Criminals already abusing its latest zero-days

Citrix has pushed out fixes for three fresh NetScaler holes – and yes, they've already been used in the wild before the vendor got around to patching.…

Remy Ra St Felix led a vicious international crime ring

A violent home invader and gunpoint cryptocurrency thief will now spend more than 50 years behind bars after being found guilty of assaulting a witness.…

Crims raided third-party systems and lifted personal data, including license numbers and partial SSNs

US insurance giant Farmers Insurance says more than a million customers had personal data nicked after a third-party vendor was compromised.…

Everything's fine, the ad slinger assures us

Cloud security vendor Zscaler says customers of Google’s Play Store have downloaded more than 19 million instances of malware-laden apps that evaded the web giant’s security scans.…

PLUS: India bans ‘money’ games; SK Hynix cranks out 321-layer SSDs; Fastly re-thinking CDNs for Asia; and more!

Asia In Brief  Australia’s University of Melbourne last year used Wi-Fi location data to identify student protestors.…

PLUS: Comet AI browser fooled; Microsoft sets sail for quantum safety; Sailor sent down for espionage

Infosec in brief  PLUS…

For incentives remember the three Fs – finance, fame, and fixing it

feature  Thirty years ago, Netscape kicked off the first commercial bug bounty program. Since then, companies large and small have bought into the idea, with mixed results.…

Amazon, Apple, Google, and Microsoft among major customers

Data I/O, a major electronics manufacturer whose customers include Amazon, Apple, Google, and Microsoft, notified federal regulators that it fell victim to a ransomware infection on August 16 that continues to disrupt its business operations.…

Health details, tax ID numbers, even images of checks were stolen, reportedly by the Interlock gang

Ransomware scum breached kidney dialysis firm Davita's labs database in April and stole about 2.4 million people's personal and health-related information.…

The attack first affected an upstream provider of bespoke software

Exclusive  A leading UK provider of criminal record checks for employers is handling a data breach stemming from a third-party development company.…

ClickFix tricks

Microsoft's security team has published an in-depth report into ClickFix, the social engineering attack which tricks users into executing malicious commands in the guise of proving their humanity.…

Crypto mines, BEC scams, fake passports, and a $300M fraud empire allegedly brought down during Serengeti 2.0

Interpol's latest clampdown on cybercrime resulted in 1,209 arrests across the African continent, from ransomware crooks to business email compromise (BEC) scammers, the agency says.…

Pro tip: When taking revenge, don't use your real name

A US court sentenced a former developer at power management biz Eaton to four years in prison after he installed malware on the company’s servers.…

Because savvy terrorists always use public internet services to plan their mischief, right?

Anthropic says it has scanned an undisclosed portion of conversations with its Claude AI model to catch concerning inquiries about nuclear weapons.…

Better late than never after SharePoint assault?

Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month's SharePoint zero-day attacks, which appear to be related to a leak in Redmond's early-bug-notification program.…

Underground forums now recruiting English-speaking social engineers

English speakers adept at social engineering are a hot commodity in the cybercrime job market.…

Google’s Gemini-powered tools tripped up by image-scaling prompt injection

Security researchers with Trail of Bits have found that Google Gemini CLI and other production AI systems can be deceived by image scaling attacks, a well-known adversarial challenge for machine learning systems.…

Bill would let US President commission white hat hackers to go after foreign threats, seize assets on the online seas

It's been more than 200 years since the United States issued a letter of marque allowing privateers to attack the vessels of foreign nations, but those letters may return to empower cyber operators if a bill introduced in Congress actually manages to pass. …

Everything a criminal needs for targeted attacks exposed, but telco insists 'no critical data compromised'

A significant data theft at Orange Belgium has opened hundreds of thousands of its customers to serious cybersecurity risks.…