News
HPE joins the 'our executive email was hacked by Russia' club
HPE has become the latest tech giant to admit it has been compromised by Russian operatives.…
US judge rejects spyware developer NSO's attempt to bin Apple's spyware lawsuit
A US court has rejected spyware vendor NSO Group's motion to dismiss a lawsuit filed by Apple that alleges the developer violated computer fraud and other laws by infecting customers' iDevices with its surveillance software.…
Major IT outage at Europe's largest caravan and RV club makes for not-so-happy campers
The UK's Caravan and Motorhome Club (CAMC) is battling a suspected cyberattack with members reporting widespread IT outages for the past five days.…
Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug
Security experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago.…
What Microsoft's latest email breach says about this IT security heavyweight
Comment For most organizations – especially security vendors – disclosing a corporate email breach, in which executives' internal messages and attachments were stolen, would noticeably ding their stock prices.…
COVID-19 test lab accused of exposing 1.3 million patient records to open internet
A password-less database containing an estimated 1.3 million sets of Dutch COVID-19 testing records was left exposed to the open internet, and it's not clear if anyone is taking responsibility.…
GCHQ's NCSC warns of 'realistic possibility' AI will help state-backed malware evade detection
The idea that AI could generate super-potent and undetectable malware has been bandied about for years – and also already debunked. However, an article published today by the UK National Cyber Security Centre (NCSC) suggests there is a "realistic possibility" that by 2025, the most sophisticated attackers’ tools will improve markedly thanks to AI models informed by data describing successful cyber-hits.…
CISA boss swatted: 'While my own experience was certainly harrowing, it was unfortunately not unique'
CISA Director Jen Easterly has confirmed she was the subject of a swatting attempt on December 30 after a bogus report of a shooting at her home.…
Accused PII seller faces jail for running underground fraud op
A Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud.…
UK water giant admits attackers broke into system as gang holds it to ransom
Southern Water confirmed this morning that criminals broke into its IT systems, making off with a "limited amount of data."…
Australia imposes cyber sanctions on Russian it says ransomwared health insurer
Australia's government has used the "significant cyber incidents" sanctions regime it introduced in 2021 for the first time, against a Russian named Aleksandr Gennadievich Ermakov whom authorities have deemed responsible for the 2022 attack on health insurer Medibank Private.…
Atlassian Confluence Server RCE attacks underway from 600+ IPs
More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 – a critical bug in out–of-date versions of Atlassian Confluence Data Center and Server – according to non-profit security org Shadowserver.…
Slug slimes aerospace biz AerCap with ransomware, brags about 1TB theft
AerCap, the world's largest aircraft leasing company, has reported a ransomware infection that occurred earlier this month, but claims it hasn't yet suffered any financial losses yet and all its systems are under control.…
EFF adds Street Surveillance Hub so Americans can check who's checking on them
For a country that prides itself on being free, America does seem to have an awful lot of spying going on, as the new Street Surveillance Hub from the Electronic Frontier Foundation shows.…
Ivanti and Juniper Networks accused of bending the rules with CVE assignments
Critics are accusing major tech companies of not sticking to the rules when it comes to registering vulnerabilities with the appropriate authorities.…
Subway's data torpedoed by LockBit, ransomware gang claims
The LockBit ransomware gang is claiming an attack on submarine sandwich slinger Subway, alleging it has made off with a platter of data.…
ICO fines spam slinging financial services biz
A financial services company that illegally dispatched tens of thousands of spam messages promising to help the recipients magically wipe away their debts is itself now a debtor to the UK’s data regulator.…
Safeguarding against the global ransomware threat
Sponsored Feature Ransomware is used by cybercriminals to steal and encrypt critical business data before demanding payment for its restoration. It represents one of, if not the most, serious cybersecurity threat currently facing governments, public/private sector organizations and enterprises around the world.…
BreachForums admin 'Pompourin' sentenced to 20 years of supervised release
in brief Conor Brian Fitzpatrick – aka "Pompourin," a former administrator of notorious leak site BreachForums – has been sentenced to 20 years of supervised release.…
Russians invade Microsoft exec mail while China jabs at VMware vCenter Server
A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news.…