News

Back of the nyet!

Russian soldiers are being targeted with an Android app specially altered to pinpoint their location and scan their phones for files, with the ability to exfiltrate sensitive documents if instructed.…

Biggest threat to America's critical infrastructure? Ransomware

Digital scammers and extortionists bilked businesses and individuals in the US out of a "staggering" $16.6 billion last year, according to the FBI — the highest losses recorded since bureau’s Internet Crime Complaint Center (IC3) started tracking them 25 years ago.…

Tech giants don't need smartphone mics to target adverts – your insurer just gives your data away, anyway

US health insurance giant Blue Shield of California handed sensitive health information belonging to as many as 4.7 million members to Google's advertising empire, likely without these individuals' knowledge or consent.…

A mystery thief and a critical CVE involved in crypto cash grab

Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.…

All aboard the hype train

The security industry loves its buzzwords, and this is always on full display at the annual RSA Conference event in San Francisco. Don't believe us? Take a lap on the expo floor, and you'll be bombarded with enough acronyms and over-the-top claims to send you straight to the nearest bar, which will likely serve specialty cocktails with names like The Great CASB and Firewall Fizz.…

Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get

Criminals used stolen credentials more frequently than email phishing to gain access into their victims' IT systems last year, marking the first time that compromised login details claimed the number two spot in Mandiant's list of most common initial infection vectors.…

Bake in security now or pay later, says Mike Rogers

AI engineers should take a lesson from the early days of cybersecurity and bake safety and security into their models during development, rather than trying to bolt it on after the fact, according to former NSA boss Mike Rogers.…

The CVE system nearly dying shows that someone has lost the plot

Opinion  We almost lost the Common Vulnerabilities and Exposures (CVE) database system, but that's only the tip of the iceberg of what President Trump and company are doing to US cybersecurity efforts.…

Chrome will keep third-party cookies, a win for web giant's ad rivals

After six years of work, Google's Privacy Sandbox, technology for delivering ads while protecting privacy, looks like dust in the wind.…

As cyber-agency faces cuts, makes noises about switching up program

Two top officials have resigned from Uncle Sam's Cybersecurity and Infrastructure Security Agency, aka CISA, furthering fears of a brain drain amid White House cuts to the federal workforce.…

In effect: 'Ha ha – the government is borked and so are you'

Ransomware scumbags - potentially those behind the Fog gang - are channeling their inner Elon Musk with their latest ransom note, spotted by researchers at Trend Micro.…

Security bods can earn up to $10K per report

Ransomware threat hunters can now collect rewards of $10,000 for each piece of intel they file under a new bug bounty that aims to squash extortionists.…

Retailer tight-lipped on details as digital hiccup disrupts customer orders

UK high street mainstay Marks & Spencer told the London Stock Exchange this afternoon it has been managing a "cyber incident" for "the past few days."…

What used to be a serious issue mainly in Southeast Asia is now the world’s problem

Scam call centers are metastasizing worldwide "like a cancer," according to the United Nations, which warns the epidemic has reached a global inflection point as syndicates scale up and spread out.…

10 other certificates 'were mis-issued and have now been revoked'

Certificate issuer SSL.com’s domain validation system had an unfortunate bug that was exploited by miscreants to obtain, without authorization, digital certs for legit websites.…

Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours

The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative AI models.…

It's now hitting govt, enterprise targets

On March 11 - Patch Tuesday - Microsoft rolled out its usual buffet of bug fixes. Just eight days later, miscreants had weaponized one of the vulnerabilities, using it against government and private sector targets in Poland and Romania.…

AI-spoofed Mark joins fellow billionaires as the voice of the street – here's how it was probably done

Video  Crosswalk buttons in various US cities were hijacked over the past week or so to – rather than robotically tell people it's safe to walk or wait – instead emit the AI-spoofed voices of Jeff Bezos, Elon Musk, and Mark Zuckerberg.…

Using LLMs to pick programs, people, contracts to cut is bad enough – but doing it with Musk's Grok? Yikes

A group of 48 House Democrats is concerned that Elon Musk's cost-trimmers at DOGE are being careless in their use of AI to help figure out where to slash, creating security risks and giving the oligarch's artificial intelligence lab an inside track to train its models on government info.…

Some in the infosec world definitely want to see Big Red crucified

CISA – the US government's Cybersecurity and Infrastructure Security Agency – has issued an alert for those who missed Oracle grudgingly admitting some customer data was stolen from the database giant's public cloud infrastructure.…