News

SSNs, payment details, and health info too

The Pennsylvania State Education Association (PSEA) says a July 2024 "security incident" exposed sensitive personal data on more than half a million individuals, including financial and health info.…

Cyber-crime is officially getting out of hand

One of the world's largest sperm banks, California Cryobank, is in a sticky situation.…

Big Blue's workstation workhorse patches hole in network installation manager that could let the bad guys in

IBM "strongly recommends" customers running its Advanced Interactive eXecutive (AIX) operating system apply patches after disclosing two critical vulnerabilities, one of which has a perfect 10 severity score.…

Cue deepening existential European dread as Rest of World contemplates Trump turning off the info tap

If the United States stopped sharing cyber-threat intel with Ukraine, its European allies and the rest of the Five Eyes nations wouldn't be able to provide all the info Uncle Sam collects, according to former chief of US Cyber Command and the NSA General Paul Nakasone.…

One more time, with feeling ... Garbage in, garbage out, in training and inference

Researchers have found that large language models (LLMs) tend to parrot buggy code when tasked with completing flawed snippets.…

DOGE efficiency in action

The upheaval at the US government's Cybersecurity and Infrastructure Security Agency, aka CISA, took another twist on Tuesday, as it moved to reinstate staffers it had fired over the past few weeks - specifically those still in their probationary period - though they've been benched on paid leave for now.…

Hiring remains relatively strong as analysts warn of slowdown

A pair of reports on tech sector employment trends in the United States suggest out-of-work techies right now have relatively decent prospects, but economic uncertainty and rapid policy changes initiated by the Trump administration mean the future job market looks less rosy.…

'Only' a local access bug but important part of N Korea, Russia, and China attack picture

An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.…

Ad giant's cloudy arm to pay $30B in security shop deal

Wiz security researchers think they've found the root cause of the GitHub supply chain attack that unfolded over the weekend, and they say that a separate attack may have been to blame.…

Govt wants to learning mistakes of serially breached record holders so it can, er, liberalize data sharing regs under new law

The UK government is inviting experts to provide insights about the data brokerage industry and the potential risks it poses to national security as it moves to push new data-sharing legislation over the line.…

Don't laugh. This kind of warning shows crims are getting desperate

Dark web analysts at infosec software vendor Fortra have discovered an extortion crew named Ox Thief that threatened to contact Edward Snowden if a victim didn’t pay to protect its data – a warning that may be an indicator of tough times in the ransomware world for some, at least.…

One PUT request, one poisoned session file, and the server’s yours

A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the wild within a week of its disclosure.…

More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit

A now-former DOGE aide violated US Treasury policy by emailing an unencrypted database containing people's private information to two Trump administration officials, according to a court document filed Friday.…

Web souk says Echo hardware doesn't have the oomph for next-gen AI anyway

Come March 28, those who opted to have their voice commands for Amazon's AI assistant Alexa processed locally on their Echo devices will lose that option, with all spoken requests pushed to the cloud for analysis.…

Large organizations among those cleaning up the mess

It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.…

Technology Services 4 framework expands by £4B, with procurement to begin this week

UK government is set to crack open the pork barrel for up to £16 billion in contracts for a range of IT services. The buying framework was delayed by six months and the total pot of spending is now potentially 25 percent bigger than the previous proposal.…

Maddening techno loop, Zoolander reference, and 14 minutes of time wasted

A vulnerability analyst and prominent member of the infosec industry has blasted Microsoft for refusing to look at a bug report unless he submitted a video alongside a written explanation.…

PLUS: Alleged Garantex admin arrested in India; Google deletes more North Korean malware

Infosec In Brief  United States Federal Communications Commission chair Brendan Carr has unveiled plans to form a Council on National Security that will combat foreign threats to American tech and telecommunications infrastructure.…

National security defense being used to keep appeal behind closed doors

US politicians and privacy campaigners are calling for the private hearing between Apple and the UK government regarding its alleged encryption-busting order to be aired in public.…

It's March already and you haven't patched?

Researchers are tracking a newly discovered ransomware group with suspected links to LockBit after a series of intrusions were reported starting in January.…