News

WhatsApp messages possibly the worst Father's Day present in the world

There's no such thing as free beer for Father's Day — at least not from Heineken. The brewing giant confirmed that a contest circulating on WhatsApp, which promises a chance to win one of 5,000 coolers full of green-bottled lager, is a frothy fraud.…

Brains to be added to the Customer Security and Trust in defense against 'foreign adversaries'

Microsoft has opened its wallet once more to pick up New York-based cyber-threat analyst Miburo.…

Just what we needed: a threat to rival Anonymous

A Malaysia-linked hacktivist group has attacked targets in India, seemingly in reprisal for a representative of the ruling Bharatiya Janata Party (BJP) making remarks felt to be insulting to the prophet Muhammad.…

Microsoft details this ransomware-as-a-service

Two of the more prolific cybercriminal groups, which in the past have deployed such high-profile ransomware families as Conti, Ryuk, REvil and Hive, have started adopting the BlackCat ransomware-as-as-service (RaaS) offering.…

Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

Patch Tuesday  Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.…

Pair's multimillion-dollar contract caper unraveled

A former Maryland Cabinet-level official and a former IT executive have pleaded guilty to involvement in a bribery and extortion scheme related to technology contracts about a decade ago.…

26m requests a second? Not legit traffic, not even Bill Gates doing $1m giveaways could manage that

Cloudflare said it this month staved off another record-breaking HTTPS-based distributed denial-of-service attack, this one significantly larger than the previous largest DDoS attack that occurred only two months ago.…

Over 2,000 customers with malice on their minds

A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.…

Redmond kicks off Patch Tuesday with a months-old flaw fix

Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.…

Over a year after discussions began, National Data Guardian continues to pursue transparency in health data use

More than two years after England launched a COVID data store, keeping details of National Health Service (NHS) patients, the country's National Data Guardian (NDG) remains unsatisfied with who is accessing the data.…

We mingle with the vendors so you don't have to

RSA Conference  Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. …

Broadens targets from telecoms to finance and government orgs

The Gallium group, believed to be a Chinese state-sponsored team, is going on the warpath with an upgraded remote access trojan (RAT) that threat hunters say is difficult to detect.…

Russian-based group doubles the extortion by exfiltrating the corporate data before encrypting it.

Windows and Linux systems are coming under attack by new variants of the HelloXD ransomware that includes stronger encryption, improved obfuscation and an additional payload that enables threat groups to modify compromised systems, exfiltrate files and execute commands.…

All the news you may have missed from RSA this week

RSA Conference in brief  Researchers from Wiz, who previously found a series of four serious flaws in Azure's Open Management Infrastructure (OMI) agent dubbed "OMIGOD," presented some related news at RSA: Pretty much every cloud provider is installing similar software "without customer's awareness or explicit consent."…

Will cyber crimes shrug off Atlas Initiative? Objectively, yes

RSA Conference  An ambitious project spearheaded by the World Economic Forum (WEF) is working to develop a map of the cybercrime ecosystem using open source information.…

Well, we'll see in a week or so

RSA Conference  For the first time in over two years the streets of San Francisco have been filled by attendees at the RSA Conference and it seems that the days of physical cons are back on.…

'Performing live forensics on an infected machine may not turn anything up' warn researchers

Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team have analyzed an unusual piece of Linux malware they say is unlike most seen before - it isn't a standalone executable file.…

MIT CSAIL boffins devise PACMAN attack to let existing exploits avoid pointer authentication

Apple's M1 chip has been found to contain a hardware vulnerability that can be abused to disable one of its defense mechanisms against memory corruption exploits, giving such attacks a greater chance of success.…

Crimeware groups are re-inventing themselves

The criminals behind the Emotet botnet – which rose to fame as a banking trojan before evolving into spamming and malware delivery – are now using it to target credit card information stored in the Chrome web browser.…

Researcher spots it targeting Asian government and telco targets, probably with Beijing's approval

Threat researcher Joey Chen of Sentinel Labs says he's spotted a decade worth of cyber attacks he's happy to attribute to a single Chinese gang.…