News
Ivanti EPMM holes let miscreants plant shady listeners, CISA says
An unknown attacker has abused a couple of flaws in Ivanti Endpoint Manager Mobile (EPMM) and deployed two sets of malware against an unnamed organization, according to the US Cybersecurity and Infrastructure Security Agency.…
Ding ding: Fortra rings the perfect-10 bell over latest GoAnywhere MFT bug
Budding ransomware crooks have another shot at exploiting Fortra's GoAnywhere MFT product now that a new 10/10 severity vulnerability needs patching.…
Scattered Spider teen cuffed after buying games and meals with extortion bitcoin
Thalha Jubair, one of the two UK teens arrested on Tuesday and accused of being members of the notorious Scattered Spider cybercrime gang, allegedly played a role in bilking more than 100 organizations out of at least $115 million in ransom payments. The cops nabbed him after following a number of clues, including paying for gift cards from a wallet on the same server that also held wallets receiving extortion payments.…
One token to pwn them all: Entra ID bug could have granted access to every tenant
A security researcher claims to have found a flaw that could have handed him the keys to almost every Entra ID tenant worldwide.…
OpenAI plugs ShadowLeak bug in ChatGPT that let miscreants raid inboxes
ChatGPT's research assistant sprung a leak – since patched – that let attackers steal Gmail secrets with just a single carefully crafted email.…
Charities warn Ofcom too soft on Online Safety Act violators
As UK ministers continue to quiz stakeholders over the effectiveness of the Online Safety Act, one charity chief raised concerns over the robustness of Ofcom's enforcement of the controversial legislation.…
MI6 reveals 'Silent Courier' dark web portal upgrade it hopes will help it recruit new spies
The UK’s Secret Intelligence Service, aka MI6, has created a dark web portal called “Silent Courier” that it hopes would-be foreign informants will find a suitably secure means of sharing secrets.…
Google pushes emergency patch for Chrome 0-day - check your browser version now
Google pushed an emergency patch for a high-severity Chrome flaw, already under active exploitation. So it's time to make sure you're running the most recent version of the web browser.…
Crims bust through SonicWall to grab sensitive config data
SonicWall is telling some customers to reset passwords after attackers broke into its cloud backup service and accessed firewall configuration data.…
Cybercriminals pwn 850k+ Americans' healthcare data
Cybercriminals broke in and stole nearly a million Americans' data in the space of a week, in the course of three digital burglaries at healthcare providers.…
Two 'Scattered Spider' teens charged over attack on London’s transport network
Two teenagers are set to appear in court today after being charged with offences related to the cyberattack on Transport for London (TfL) in August 2024.…
Cloudflare DDoSed itself with React useEffect hook blunder
Cloudflare has confessed to a coding error using a React useEffect hook, notorious for being problematic if not handled carefully, that caused an outage for the platform's dashboard and many of its APIs.…
Insight Partners confirms ransomware hit, more than 12,000 caught in data dragnet
Venture capital giant Insight Partners has confirmed that a January ransomware attack compromised the personal data of more than 12,000 people, including employees, former staff, and the firm's usually-secretive limited partners.…
Panda-monium: China-backed cyber crew spoof Congressman to dig for dirt on US trade talks
Chinese state-aligned online attackers are back at it, targeting US trade policy wonks as Washington and Beijing spar over economic ties.…
Russian fake-news network, led by an ex-Florida sheriff's deputy, storms back into action with 200+ new sites
The Russian troll farm that in the lead-up to the 2024 US presidential election posted a bizarro video claiming Democratic candidate Kamala Harris was a rhino poacher, is back with hundreds of new fake news websites serving up phony political commentary with an AI assist.…
Scattered Spider gang feigns retirement, breaks into bank instead
Spiders don't change their stripes. Despite gang members' recent retirement claims, Scattered Spider hasn't exited the cybercrime business and instead has shifted focus to the financial sector, with a recent digital intrusion at a US bank.…
Axiom Space aims for orbit with its Orbital Data Center Node
Axiom Space and Spacebilt have announced plans to add optically interconnected Orbital Data Center (ODC) infrastructure to the International Space Station (ISS).…
BreachForums kingpin goes from walk-free deal to 3-year stretch
The founder of the popular cybercrime website BreachForums will spend three years in prison after previously being let off with a slap on the wrist.…
UK telco Colt’s recovery from August cyberattack pushes into November
Brit telco Colt Technology Services says its recovery from an August cyberattack might not be completed until late November.…
UEFI Secure Boot for Linux Arm64 – where do we stand?
Arm devices are everywhere today and many of them run Linux. The operating system also powers cloud computing and IT environments all over the world. However, x86 is still the dominant architecture of global computer hardware, where the Unified Extensible Firmware Interface (UEFI) with Secure Boot incorporated is a standard. But what does UEFI look like from an Arm perspective?…
Pages
