News

Door was opened but nobody stepped inside, luckily

Autodesk, makers of computer-aided design (CAD) software for manufacturing, has told the US stock market it was targeted as part of the the supply chain attack on SolarWinds' Orion software.…

Miscreants hacking vulnerable orbital hardware could set living standards back by decades in seconds

"Space is an invaluable domain, but it is also increasingly crowded and particularly susceptible to a range of cyber vulnerabilities and threats."…

One firm hit with at least 2 attacks as outages continue

Two UK VoIP operators have had their services disrupted over the last couple of days by ongoing, aggressive DDoS attacks.…

Sophos gazes into the abyss

A dropper-as-a-service, which cyber-crime newbies can use to easily get their malware onto thousands of victims' PCs, has been dissected and documented this week.…

Access should have been revoked ... but wasn't, court told

On Tuesday, a woman from Brooklyn, New York, pleaded guilty to destroying computer data at an unidentified credit union from which she had recently been fired.…

Then again, it would say that

America's National Security Agency has published an FAQ about quantum cryptography, saying it does not know "when or even if" a quantum computer will ever exist to "exploit" public-key cryptography.…

Someone didn't secure an Elasticsearch database, researchers allege

Indonesia's Ministry of Communications and Informatics is investigating a leak of over a million records from the nation's COVID-19 quarantine management app.…

HackerOne gets the gig

Singapore's governmental digital services arm, GovTech, has launched a "rewards programme" to further crowdsource tests of the nation's cybersecurity.…

Plus: T-Mobile US apologizes, security holes found in medical pumps, and more

In brief  The massive attack on Microsoft Exchange servers in March may have been China harvesting information to train AI systems, according to US government officials and computer-security experts who talked to NPR.…

Bang out of order

The names and home addresses of 111,000 British firearm owners have been dumped online as a Google Earth-compatible .csv file that pinpoints domestic homes as likely firearm storage locations – a worst-case scenario for victims of the breach.…

Dive deep into key topics – and still have time for lunch

Sponsored  Tapping into leading edge cyber security knowledge can be like listening to the radio. There’s a lot of great stuff out there, the trick is tuning out the noise.…

Partial credit card numbers appear and, worse still, passengers' meal preferences

Bangkok Airways has revealed it was the victim of a cyberattack from ransomware group LockBit on August 23rd, resulting in the publishing of stolen data.…

Chip biz's fix involves performance-inhibiting LFENCE, if warranted

Computer scientists at TU Dresden in Germany have found that AMD's Zen processor family is vulnerable to a data-bothering Meltdown-like attack after all.…

Some tactics never change much

Microsoft has warned that it has been tracking a widespread credential-phishing campaign that relies on open redirector links, while simultaneously suggesting it can defend against such schemes.…

Two 'historic' incidents nearly a decade ago, says statement

British infosec firm NCC Group has been rapped over the knuckles after infosec accreditation body CREST found it was "vicariously responsible" for employees who helped staff cheat certification exams.…

Microsoft today warns thousands of customers of ChaosDB security hole that lay dormant for months

Infosec outfit Wiz has revealed that Microsoft’s flagship Azure database Cosmos DB could have been exploited to grant any Azure user full admin access – including the ability to read, write, and delete data – to any Cosmos DB instance on Azure. Without authorization. For months.…

Excession chief exec testifies in High Court of England and Wales

A company is suing the Police Digital Service (PDS) over a framework worth up to £18m after losing a bid to provide a mass surveillance platform, claiming police managers broke laws on the awarding of public contracts.…

After White House summit, AWS promises MFA tokens, Google and Microsoft spray money, IBM 'announces' snapshots against ransomware

US President Joe Biden staged a cyber security summit at the White House, and it's produced quick results in the form of big tech making vague promises about stuff they think will improve the nation's security…

9.8-rated bug allows arbitrary code execution – possibly without authentication

Atlassian has warned users of its Confluence Server that they need to patch the product to remedy a Critical-rated flaw.…

This one has it all: a leaky VPN, creepy proxy networks, 8Chan, clouds hosting wonky workloads, and Swedish digital rights org Qurium

Looks like a case of abuse of the service and/or being careless with what your customers get up to. Swedish digital rights organisation Qurium has alleged that an Israeli company called Bright Data has helped the government of the Philippines to DDOS local human rights organisation Karapatan.…