News

Plus, spoiler alert: ransomware is gonna get a lot worse

Black Hat  It turns out that ex-CIA chief information security officers don't spill secrets at bars in Vegas. Or via Zoom, while pretending to be at a Black Hat cocktail party.…

Identity of a real person was used to lend credence to a package that dropped cryptominer in memory

Sonatype has unearthed yet more malware lurking on PyPI, this time a fileless Linux nasty designed to mine Monero and using the identity of a real person to lend credibility to the package.…

Stop ransomware with Zero Trust security networks in place

Webinar  Faced with relentless cyberattacks organizations need the kind of defenses usually reserved for small states. And everything that Zero Trust principles can pull into play will help safeguard against the nimble nastiness of the dark actors intent on doing harm.…

Failing to fix flaws, a crowded threat group scene, RaaS, and dependencies among crooks are fueling the trend

Security experts spent years warning enterprises to expect cyberattacks and to plan their defenses accordingly, now Sophos researchers are saying organizations shouldn't be surprised if they get attacked multiple times.…

Get advice from experts on how to nail cloud native security in a multi-cloud world

Sponsored Post  Protecting sensitive data and mission critical applications spread across multiple on- and off-prem cloud environments and different service providers is a tough gig for busy security professionals. So a chance to hear from experts and peers on how best to stop hackers from making hay will be welcome.…

Voice-phished their way in, but Switchzilla claims no damage done

Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee's personal Google account was compromised – an act a ransomware gang named "Yanluowang" has now claimed as its work.…

Ethical hackers, but for privacy programs

Black Hat  Miscreants aren't only working to exploit flaws in an enterprise's security posture, they're also looking for holes in organizations' privacy programs to steal user data, according to Meta's Scott Tenaglia.…

Guess what? Open source security still has gaps

The Open Source Security Foundation (OpenSSF), as its name plainly states, aims to help make open source software more secure, but improvements flowing from its efforts are hard to find.…

Black Hat kicks off with call for single infosec agency with real clout and less confused crossover

Black Hat  It's time to reorganize the US government and create a new agency focused solely on on digital risk management services, according to former CISA director Chris Krebs.…

Katie Moussouris tells it like it is

Black Hat interview  With the world's largest collection of security folk gathering in Las Vegas for Black hat there are encouraging signs that the US government might actually be getting smarter about hiring.…

Attack origins point to April 2021 first strike on Japanese target

The Maui ransomware that has been used against US healthcare operations has been linked to Andariel, a North Korean state-sponsored threat with links to the notorious Lazarus Group.…

Disclosing exploits, however, will earn you $100k

Simply finding vulnerabilities and patching them "is totally useless," according to Google's Eduardo Vela, who heads the cloud giant's product security response team.…

Attack was foiled by content delivery network's hardware security keys

Cloudflare says it was subject to a similar attack to one made on comms company Twilio last week, but in this case it was thwarted by hardware security keys that are required to access applications and services.…

It makes perfect sense for enterprises as well as enthusiasts. Just ask GitLab

Opinion  I've been preaching the gospel of the Linux desktop for more years than some of you have been alive. However, unless you argue that the Linux desktop includes Android smartphones and ChromeOS laptops, there will be no year of the Linux desktop.…

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too

August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …

AMD Zen chips, meanwhile, are vulnerable to side-channel data scrying

A group of computer scientists has identified an architectural error in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys.…

Plus: Crooks swimming around your network, looking for a way in, says Incident Response Threat Report

Security teams are facing down more cyberattacks following Russia's invasion of Ukraine, and sophisticated crooks are using double-extortion techniques and, increasingly, deepfakes in their strikes.…

'AES-based operations might be two times slower' without latest updates

Microsoft has warned that Windows devices with the newest supported processors might be susceptible to data damage, noting the initial fix might have slowed operations down for some.…

Cyberspace regulator's fraud report finds all is not well behind the Great Firewall

Fraudsters in China have targeted a child with promises of allowing them to get around the nation's time limits on playing computer games – for a mere $560, according to the nation's cyberspace administration. Yesterday the CAC detailed some of the 12,000 acts of online fraud perpetrated against minors it handled this year.…

We're 'highly likely' to see similar attacks, Kaspersky warned

Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions, according to Kaspersky researchers.…