News
Mitigating AI security risks
Webinar It has become possible to swiftly and inexpensively train, validate and deploy AI models and applications, yet while we embrace innovation, are we aware of the security risks?…
Zoom stomps critical privilege escalation bug plus 6 other flaws
Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a critical privilege escalation flaw.…
Cybercriminals are stealing Face ID scans to break into mobile banking accounts
Cybercriminals are targeting iOS users with malware that steals Face ID scans to break into and pilfer money from bank accounts – thought to be a world first.…
Miscreants turn to ad tech to measure malware metrics
Cyber baddies have turned to ad networks to measure malware deployment and to avoid detection, according to HP Wolf Security.…
European Court of Human Rights declares backdoored encryption is illegal
The European Court of Human Rights (ECHR) has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights – a decision that may derail European data surveillance legislation known as Chat Control.…
North Korea running malware-laden gambling websites as-a-service
North Korea's latest money-making venture is the production and sale of gambling websites that come pre-infected with malware, according to South Korea's National Intelligence Service (NIS).…
OpenAI shuts down China, Russia, Iran, N Korea accounts caught doing naughty things
OpenAI has shut down five accounts it asserts were used by government agents to generate phishing emails and malicious software scripts as well as research ways to evade malware detection.…
China's Volt Typhoon spies broke into emergency network of 'large' US city
The Chinese government's Volt Typhoon spy team has apparently already compromised a large US city's emergency services network and has been spotted snooping around America's telecommunications' providers as well.…
US Air Force's new cyber, IT skill recruitment plan: Bring back warrant officer ranks
Skilled IT professionals considering a career change have a new option, as the US Air Force is reintroducing warrant officer ranks exclusively "within the cyber and information technology professions." …
Prudential Financial finds cybercrims lurking inside its IT systems
Prudential Financial, the second largest life insurance company in the US and eight largest worldwide, is dealing with a digital break-in that exposed some internal company and customer records to a criminal group.…
Romanian hospital ransomware crisis attributed to third-party breach
The Romanian national cybersecurity agency (DNSC) has pinned the outbreak of ransomware cases across the country's hospitals to an incident at a service provider.…
Southern Water cyberattack expected to hit hundreds of thousands of customers
UK utilities giant Southern Water admits between 5 and 10 percent of its customers have had their data stolen during a January cyberattack.…
Bumblebee malware wakes from hibernation, forgets what year it is, attacks with macros
The Bumblebee malware loader seemingly vanished from the internet last October, but it's back and - oddly - relying on a vintage vector to try and gain access.…
Australian Tax Office probed 150 staff over social media refund scam
One hundred and fifty people who worked for the Australian Taxation Office (ATO) have been investigated – and some prosecuted – for participating in a tax refund scam promoted on Facebook and TikTok.…
Crims found and exploited these two Microsoft bugs before Redmond fixed 'em
Patch Tuesday Microsoft fixed 73 security holes in this February's Patch Tuesday, and you better get moving because two of the vulnerabilities are under active attack.…
Just one bad DNS packet can bring down a public DNSSEC server
A 20-plus-year-old security vulnerability in the design of DNSSEC could allow a single DNS packet to exhaust the processing capacity of any server offering the system for domain-name resolution, effectively disabling the machine.…
QNAP vulnerability disclosure ends up an utter shambles
Network-attached storage (NAS) specialist QNAP has disclosed and released fixes for two new vulnerabilities, one of them a zero-day discovered in early November.…
ALPHV blackmails Canadian pipeline after 'stealing 190GB of vital info'
Canada's Trans-Northern Pipelines has allegedly been infiltrated by the ALPHV/BlackCat ransomware crew, which claims to have stolen 190 GB of data from the oil distributor.…
Crooks hook hundreds of exec accounts after phishing in Azure C-suite pond
The number of senior business executives stymied by an ongoing phishing campaign continues to rise with cybercriminals registering hundreds of cloud account takeovers (ATOs) since spinning it up in November.…
Meta says risk of account theft after phone number recycling isn't its problem to solve
Meta has acknowledged that phone number reuse that allows takeovers of its accounts "is a concern," but the ad biz insists the issue doesn't qualify for its bug bounty program and is a matter for telecom companies to sort out.…