News

Cozy Bear may have had access to the green rectangular email and SharePoint cloud for six months

HPE has become the latest tech giant to admit it has been compromised by Russian operatives.…

Judge says anti-hacking laws fits Pegasus case "to a T"

A US court has rejected spyware vendor NSO Group's motion to dismiss a lawsuit filed by Apple that alleges the developer violated computer fraud and other laws by infecting customers' iDevices with its surveillance software.…

1 million members still searching for answers as IT issues floor primary digital services

The UK's Caravan and Motorhome Club (CAMC) is battling a suspected cyberattack with members reporting widespread IT outages for the past five days.…

Ancient path traversal exploit offers remote attackers admin access

Security experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago.…

Senator Wyden tells The Reg this latest security lapse is 'inexcusable'

Comment  For most organizations – especially security vendors – disclosing a corporate email breach, in which executives' internal messages and attachments were stolen, would noticeably ding their stock prices.…

Now that's a Dutch crunch

A password-less database containing an estimated 1.3 million sets of Dutch COVID-19 testing records was left exposed to the open internet, and it's not clear if anyone is taking responsibility.…

That means Brit spies want the ability to do exactly that, huh?

The idea that AI could generate super-potent and undetectable malware has been bandied about for years – and also already debunked. However, an article published today by the UK National Cyber Security Centre (NCSC) suggests there is a "realistic possibility" that by 2025, the most sophisticated attackers’ tools will improve markedly thanks to AI models informed by data describing successful cyber-hits.…

Election officials, judges, politicians, and gamers are in swatters' crosshairs

CISA Director Jen Easterly has confirmed she was the subject of a swatting attempt on December 30 after a bogus report of a shooting at her home.…

More than 5,000 victims claimed over a 3-year period but filing reckons accused didn't even use a VPN

A Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud.…

Comes mere months after Western intelligence agencies warned of attacks on water providers

Southern Water confirmed this morning that criminals broke into its IT systems, making off with a "limited amount of data."…

'Aleksandr Ermakov' isn't allowed down under after being linked to ten-million-record leak

Australia's government has used the "significant cyber incidents" sanctions regime it introduced in 2021 for the first time, against a Russian named Aleksandr Gennadievich Ermakov whom authorities have deemed responsible for the 2022 attack on health insurer Medibank Private.…

If you're still running a vulnerable instance then 'assume a breach'

More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 – a critical bug in out–of-date versions of Atlassian Confluence Data Center and Server – according to non-profit security org Shadowserver.…

Loanbase admits massive loss of customer data to thieves, too

AerCap, the world's largest aircraft leasing company, has reported a ransomware infection that occurred earlier this month, but claims it hasn't yet suffered any financial losses yet and all its systems are under control.…

'The federal government has almost entirely abdicated its responsibility'

For a country that prides itself on being free, America does seem to have an awful lot of spying going on, as the new Street Surveillance Hub from the Electronic Frontier Foundation shows.…

Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE

Critics are accusing major tech companies of not sticking to the rules when it comes to registering vulnerabilities with the appropriate authorities.…

Fast food chain could face a footlong recovery process if allegations are true

The LockBit ransomware gang is claiming an attack on submarine sandwich slinger Subway, alleging it has made off with a platter of data.…

It's all very well offering 'Free Debt Help,' but recipients were unwilling, says watchdog...

A financial services company that illegally dispatched tens of thousands of spam messages promising to help the recipients magically wipe away their debts is itself now a debtor to the UK’s data regulator.…

How Object First’s Ootbi delivers ransomware-proof and immutable backup storage that can be up and running in minutes

Sponsored Feature  Ransomware is used by cybercriminals to steal and encrypt critical business data before demanding payment for its restoration. It represents one of, if not the most, serious cybersecurity threat currently facing governments, public/private sector organizations and enterprises around the world.…

ALSO: Another UEFI flaw found; Kaspersky discovers iOS log files actually work; and a few critical vulnerabilities

in brief  Conor Brian Fitzpatrick – aka "Pompourin," a former administrator of notorious leak site BreachForums – has been sentenced to 20 years of supervised release.…

Plus: Uncle Sam says Ivanti exploits 'consistent with PRC' snoops

A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news.…