News
Super-spreader FluBot squashed by Europol
FluBot, the super-spreader Android malware that infected tens of thousands of phones globally, has been reportedly squashed by an international law enforcement operation.…
ExpressVPN moves servers out of India to escape customer data retention law
Virtual private network operator ExpressVPN will pull its servers from India, citing the impossibility of complying with the nation's incoming requirement to record users' identities and activities.…
US ran offensive cyber ops to support Ukraine, says general
America's military conducted offensive cyber operations to support Ukraine in its response to Russia's illegal invasion, US Cyber Command chief General Paul Nakasone has said.…
Watch out for phishing emails that inject spyware trio
An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information.…
Hospitals are for healing humans. But protecting and healing hospitals needs machines
Sponsored Feature Browse through a selection of hospital mission statements and common themes quickly emerge: putting patients and community first, acting with integrity, pushing the bounds of medical research.…
What if ransomware evolved to hit IoT in the enterprise?
Forescout researchers have demonstrated how ransomware could spread through an enterprise from vulnerable Internet-of-Things gear.…
EnemyBot malware adds enterprise flaws to exploit arsenal
The botnet malware EnemyBot has added exploits to its arsenal, allowing it to infect and spread from enterprise-grade gear.…
Cops' Killer Bee stings credential-stealing scammer
An Interpol-led operation code-named Killer Bee has led to the arrest and conviction of a Nigerian man who was said to have used a remote access trojan (RAT) to reroute financial transactions and steal corporate credentials. Two suspected accomplices were also nabbed.…
Microsoft's identity services huddle under Entra umbrella
Microsoft has whipped out the rebranding team once more, and chosen the name "Entra" as a catch-all for the company's identity and access capabilities.…
CIOs largely believe their software supply chain is vulnerable
Ask 1,000 CIOs whether they believe their organizations are vulnerable to cyberattacks targeting their software supply chains and about 82 percent can be expected to say yes.…
Australian digital driving licenses can be defaced in minutes
An Australian digital driver's license (DDL) implementation that officials claimed is more secure than a physical license has been shown to easily defaced, but authorities insist the credential remains secure.…
Zero-day vuln in Microsoft Office: 'Follina' will work even when macros are disabled
Infosec researchers have idenitied a zero-day code execution vulnerability in Microsoft's ubiquitous Office software.…
That critical vulnerability might <em>not</em> be the first you should patch
Enterprise security teams being overrun by the rising numbers of vulnerabilities uncovered each day could vastly reduce their patching workload by changing how they prioritize the flaws, according to recent research from vulnerability startup Rezilion.…
Indian authorities issue conflicting advice about biometric ID card security
The Unique Identification Authority of India (UIDAI) has backtracked on advice about how best to secure the "Aadhaar" national identity cards that enable access to a range of government and financial serivces.…
Global tech industry objects to India’s new infosec reporting regime
Eleven significant tech-aligned industry associations from around the world have reportedly written to India’s Computer Emergency Response Team (CERT-In) to call for revision of the nation’s new infosec reporting and data retention rules, which they criticise as inconsistent, onerous, unlikely to improve security within India, and possibly harmful to the nations economy.…
Ransomware attack sends US county back to 1977
In brief Somerset County, New Jersey, was hit by a ransomware attack this week that hobbled its ability to conduct business, and also cut off access to essential data.…
Stolen university credentials up for sale by Russian crooks, FBI warns
Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.…
Cloud security unicorn cuts 20% of staff after raising $1.3b
Cloud security company Lacework has laid off 20 percent of its employees, just months after two record-breaking funding rounds pushed its valuation to $8.3 billion.…
Talos names eight deadly sins in widely used industrial software
A researcher at Cisco's Talos threat intelligence team found eight vulnerabilities in the Open Automation Software (OAS) platform that, if exploited, could enable a bad actor to access a device and run code on a targeted system.…
GitHub saved plaintext passwords of npm users in log files, post mortem reveals
GitHub has revealed it stored a "number of plaintext user credentials for the npm registry" in internal logs following the integration of the JavaScript package registry into GitHub's logging systems.…
Pages
