News
VMware warns of critical remote code execution flaw in vSphere HTML5 client
VMware has revealed a critical-rated bug in the HTML5 client for its flagship vSphere hybrid cloud suite.…
They break into your network but do nothing themselves: 'Initial access brokers' resell stolen creds for $7k a pop
A growing category of cyber-crime consists of breaking into corporate networks and doing nothing else – except selling that illicit access to others for about $7,000 a go, says infosec biz Digital Shadows.…
Clop ransomware gang leaks online what looks like stolen Bombardier blueprints of GlobalEye radar snoop jet
The Clop ransomware gang claims to have stolen documents from aerospace giant Bombardier’s defense division – and has leaked what appears to be a CAD drawing of one of its military aircraft products, raising fears over what else they’ve got.…
Linux Mint users in hot water for being slow with security updates, running old versions
Linux Mint founder Clem Lefebvre has complained that too many users are slow to apply updates or run unsupported versions of the operating system.…
The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made public
A zero-day exploit said to have been developed by the NSA was cloned and used by Chinese government hackers on Windows systems years before the cyber-weapon was leaked online, it is claimed.…
NurseryCam hacked, company shuts down IoT camera service
Daycare camera product NurseryCam was hacked late last week with the person behind the digital break-in coming forward to tip us off.…
Planespotters’ weekends turn traumatic as engine pieces fall from the sky in the Netherlands and the US
In what can only be described as a bad day for Boeing, not one but two of its planes suffered engine fire and began shedding parts along their respective flight paths.…
Brave browser leaks visited Tor .onion addresses in DNS traffic, fix released after bug hunter raises alarm
In brief Brave has patched up its privacy-focused web browser after it was spotted leaking its Tor users' dark-web habits.…
Malware monsters target Apple’s M1 silicon with ‘Silver Sparrow’
US security consultancy Red Canary says it’s found MacOS malware written specifically for the shiny new M1 silicon that Apple created to power its post-Intel Macs.…
Happy birthday, Python, you're 30 years old today: Easy to learn, and the right tool at the right time
Feature February 20, 2021, the 30th anniversary of Python, finds the programming language at the top of its game but not without challenges.…
Atheists warn followers of unholy data leak, hint dark deeds may have tried to make it go away
The Atheist Alliance International, an organisation that works to demystify atheism and advocate for secular governance, has warned members their personal information appears to have been leaked.…
Microsoft admits some Azure, Exchange, Intune source code snaffled in SolarWinds schemozzle
Microsoft has admitted that as a result of installing backdoored SolarWinds tools in some parts of its corporate network, portions of its source code was obtained and exfiltrated by parties unknown.…
Just 2.6% of 2019's 18,000 tracked vulnerabilities were actively exploited in the wild
While the infosec industry is used to reading (and pumping out) FUD about software vulnerabilities, eye-catching research suggests about 500 vulns were exploited in 2019 – despite 18,000 new CVEs being created.…
Nurserycam horror show: 'Secure' daycare video monitoring product beamed DVR admin creds to all users
Updated A parental webcam targeted at nursery schools was so poorly designed that anyone who downloaded its mobile app gained access to admin credentials, bypassing intended authentication, according to security pros – with one dad saying its creators brushed off his complaints about insecurities six years ago.…
Has your cloud app suite left you feeling insecure? There’s a reason for that
Webcast You’ve seen large parts of your workforce take to the hills over the past year with nothing but a laptop and a Microsoft 365 account for company.…
Cred-stealing trojan harvests logins from Chromium browsers, Outlook and more, warns Cisco Talos
Cisco Talos has uncovered a credential-stealing trojan that lifts your login details from the Chrome browser, Microsoft's Outlook and instant messengers.…
Uncle Sam accuses three suspected North Korean govt hackers of stealing $1.3bn+ from banks, crypto orgs
Three suspected North Korean military intelligence hackers have been charged with, among other things, conspiring to loot more than $1.3bn (£938m) from banks, ATMs, and cryptocurrency companies, according to an indictment unsealed by the US Department of Justice on Wednesday.…
You’ve got millions of open-source software components to choose from... and so do cybercriminals
Sponsored In November 2020, the JavaScript registry npm flashed a security advisory that a library called twilio-npm harboured malicious code which could backdoor any machine it was downloaded to. Perhaps the most troubling aspect of this tale is that this was the seventh such malicious package found on npm within a month, a stark illustration of the effort that cybercriminals are making to insert themselves into the open source software supply chain.…
You don't have clearance for that: Microsoft ups the paranoia with a preview of Azure Firewall Premium
Microsoft has unveiled a preview of Azure Firewall Premium, aimed at highly sensitive and regulated environments.…
Think your backups will protect you from ransomware? What do you think the malware attacked first?
Webcast If you think your backup strategy means you’re protected from the worst that cyber-criminals can throw at you, we’ve got some bad news. Ransomware creators know all about backups, too.…
Pages
