News

The latest in a run of serious networking bugs gives attackers root if they have SNMP access

Cisco has confirmed a new IOS and IOS XE zero-day, the latest in a string of flaws that attackers have been quick to weaponize.…

Biometric Entry/Exit System phased in from October to 29 Schengen countries

Travelers including Britons and Americans visiting most European countries will have to register their fingerprints and faces under a system that goes live next month.…

Supermarket says the hack that shut down systems and emptied shelves has turned profits into losses

The Co-operative Group has revealed the cyberattack that knocked its systems offline earlier this year will leave it nursing an £80 million hangover. …

Guidance follows privacy complaints over sharp increase in police searches of travel doc and visa pic libraries

The Home Office has told police forces to check their own photo databases before asking it to search its libraries of passport and visa facial images, as well as avoiding urgent requests "unless it is absolutely necessary."…

Secure your data, avoid US sanctions, and stay compliant with European cybersecurity alternatives

Partner Content  What happens when your company's future depends on a service controlled by another country that loves trade fights, tariffs, and industrial-scale surveillance? That's the risk for European businesses relying on American providers; a single political move can disrupt operations overnight.…

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password

The Python Software Foundation warned users of a new string of phishing attacks using a phony Python Package Index (PyPI) website and asking victims to verify their account or face suspension, and advised anyone who did provide their credentials to change their password "immediately."…

Mandiant CTO anticipates 'hearing about this campaign for the next one to two years'

Unknown intruders – likely China-linked spies – have broken into "numerous" enterprise networks since March and deployed backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days, according to Google Threat Intelligence.…

After air passenger travel hit across the Atlantic, organized crime agency strikes

Breaking  The UK's National Crime Agency has arrested a man as part of an investigation into a ransomware attack that disrupted airports around the world last weekend.…

Attackers hit jackpot after targeting Boyd Gaming

Hotel and casino operator Boyd Gaming has disclosed a cyberattack to US regulators, warning that hackers may have stolen personal information belonging to employees and other individuals.…

Labour accused of sneaking in plans it denied before the general election

Seven campaign groups have written to UK prime minister Keir Starmer urging him to scrap plans for a mandatory digital identity system – a project that is expected to be announced imminently, as part an effort to tackle unauthorized migration.…

Covid-style financial support? Nothing to confirm yet, say MPs

The chair of the UK's business and trade committee says the situation at Jaguar Land Rover is likely to get "harder and harder over the next week or two," but stopped short of confirming that the government might intervene with financial support.…

AI attacks on the rise

A survey of cybersecurity bosses has shown that 62 percent reported attacks on their staff using AI over the last year, either by the use of prompt injection attacks or faking out their systems using phony audio or video generated by AI.…

Security vendor's no good, very bad week year

SonicWall on Monday released a firmware update that the security vendor says will remove rootkit malware deployed in recent attacks targeting Secure Mobile Access (SMA) 100 appliances.…

Or maybe 3 strikes, you're out?

SolarWinds on Tuesday released a hotfix - again - for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could allow a remote, unauthenticated attacker to run commands on a host machine. …

Rapid7 warns flaw could let any app peek at your SMS, but smartphone vendor won't pick up

Security researchers report that OnePlus smartphone users remain vulnerable to a critical bug that allows any application to read SMS and MMS data — a flaw that has persisted since late 2021.…

Secret Service seizes 300-server network allegedly tied to nation-state hackers

The US Secret Service has dismantled a network of SIM farms in and around New York City it claims was behind multiple incidents targeting senior government officials and had enough power to disrupt entire cellular networks.…

Old hotel scam gets an AI facelift, leaving travellers’ card details even more at risk

Kaspersky has raised the alarm over the resurgence of hotel-hacking outfit "RevengeHotels," which it claims is now using artificial intelligence to supercharge its scams.…

Foundations say billions of downloads rely on registries running on fumes – and someone's gotta pay the bills

The Open Source Security Foundation (OpenSSF) has had enough of being the unpaid janitor of the world's software supply chain.…

Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing

GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.…

President to announce details on Big Red’s storage and security deal for Chinese social media phenomenon later this week

The White House has promised that all US user data on TikTok will be stored on Oracle servers in the United States, according to a deal to be announced later this week.…