News

‘Cyber-attack’ on ticketing outfit Collins and cable cuts at Dallas ground hundreds of flights

Technology problems hit the commercial aviation industry hard over the weekend, leading to hundreds of cancelled flights and myriad delays on both sides of the Atlantic.…

PLUS: Luxury brands under fire; FBI warns crims are spoofing it again; ICE buys phone cracking software

Infosec in brief  Online criminals prefer to deal in digital assets, but a side effect of a ransomware attack has seen a French museum robbed of $705,000 in physical gold nuggets.…

Could this bot-prevention technique now be obsolete?

ChatGPT can be tricked via cleverly worded prompts to violate its own policies and solve CAPTCHA puzzles, potentially making this human-proving security mechanism obsolete, researchers say.…

Unnamed org compromised with two malware sets

An unknown attacker has abused a couple of flaws in Ivanti Endpoint Manager Mobile (EPMM) and deployed two sets of malware against an unnamed organization, according to the US Cybersecurity and Infrastructure Security Agency.…

Outside experts say the vulnerability has probably already been exploited

Budding ransomware crooks have another shot at exploiting Fortra's GoAnywhere MFT product now that a new 10/10 severity vulnerability needs patching.…

Bad opsec

Thalha Jubair, one of the two UK teens arrested on Tuesday and accused of being members of the notorious Scattered Spider cybercrime gang, allegedly played a role in bilking more than 100 organizations out of at least $115 million in ransom payments. The cops nabbed him after following a number of clues, including paying for gift cards from a wallet on the same server that also held wallets receiving extortion payments.…

Until Microsoft lobbed it into a virtual volcano

A security researcher claims to have found a flaw that could have handed him the keys to almost every Entra ID tenant worldwide.…

Radware says flaw enabled hidden email prompts to trick Deep Research agent into exfiltrating sensitive data

ChatGPT's research assistant sprung a leak – since patched – that let attackers steal Gmail secrets with just a single carefully crafted email.…

Another blow for the legislation as Parliament continues to hear stakeholder views

As UK ministers continue to quiz stakeholders over the effectiveness of the Online Safety Act, one charity chief raised concerns over the robustness of Ofcom's enforcement of the controversial legislation.…

YouTube vids explain digital tradecraft to reach spooks over Tor or VPN without blowing your cover

The UK’s Secret Intelligence Service, aka MI6, has created a dark web portal called “Silent Courier” that it hopes would-be foreign informants will find a suitably secure means of sharing secrets.…

Sixth such Chrome flaw this year spotted by the Chocolate Factory, already in play

Google pushed an emergency patch for a high-severity Chrome flaw, already under active exploitation. So it's time to make sure you're running the most recent version of the web browser.…

Vendor pulls plug on cloud backup feature, urges admins to reset passwords and re-secure devices

SonicWall is telling some customers to reset passwords after attackers broke into its cloud backup service and accessed firewall configuration data.…

Three US medical centers fess up to serious breaches

Cybercriminals broke in and stole nearly a million Americans' data in the space of a week, in the course of three digital burglaries at healthcare providers.…

Decisive action comes nearly a year after the attack and first arrest took place

Two teenagers are set to appear in court today after being charged with offences related to the cyberattack on Transport for London (TfL) in August 2024.…

Dashboard loop caused API outage that was hard to troubleshoot

Cloudflare has confessed to a coding error using a React useEffect hook, notorious for being problematic if not handled carefully, that caused an outage for the platform's dashboard and many of its APIs.…

VC giant rebuilt boxes, patched holes, and says it’s beefed up security – but won’t say who did it

Venture capital giant Insight Partners has confirmed that a January ransomware attack compromised the personal data of more than 12,000 people, including employees, former staff, and the firm's usually-secretive limited partners.…

Proofpoint spots efforts to spy on US economic policy nerds

Chinese state-aligned online attackers are back at it, targeting US trade policy wonks as Washington and Beijing spar over economic ties.…

As the Trump administration guts efforts to counter election disinfo

The Russian troll farm that in the lead-up to the 2024 US presidential election posted a bizarro video claiming Democratic candidate Kamala Harris was a rhino poacher, is back with hundreds of new fake news websites serving up phony political commentary with an AI assist.…

You didn't really trust the crims to keep their word, did you?

Spiders don't change their stripes. Despite gang members' recent retirement claims, Scattered Spider hasn't exited the cybercrime business and instead has shifted focus to the financial sector, with a recent digital intrusion at a US bank.…

But will the International Space Station still be there to host its node?

Axiom Space and Spacebilt have announced plans to add optically interconnected Orbital Data Center (ODC) infrastructure to the International Space Station (ISS).…