News

Experts say that the way you handle things after the criminals break in can make things better or much, much worse

Feature  Experiencing a ransomware infection or other security breach ranks among the worst days of anyone's life — but it can still get worse.…

Insiders say board members must be held accountable and drive positive change from the top down

Analysis  Walk into any hospital and ask the same question – "Which security system should we invest in?" – to both a doctor and a board member, and you may get different answers. The doctor chooses the system that leads to the most positive patient outcomes, while the board member chooses whichever solution is best for their increasingly stretched budget.…

Likening memory safety bugs to smallpox may not soothe sensitive C coders

Rust is alive and well in the Linux kernel and is expected to translate into noticeable benefits shortly, though its integration with the largely C-oriented codebase still looks uneasy.…

Also, phone cleaner apps are a data-sucking scam, Singapore considering the literal rod for scammers, and more

Infosec in Brief  Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information thieves.…

PLUS: Malaysia teams with Arm for local chip designs; NTT warns of possible breach; Samsung strikers settle; and more

Asia in Brief  India’s government has proposed giving its tax authorities sweeping powers to access private email systems and applications.…

iPhone giant compartmentalizes OS for the sake of security

Apple has been working to harden the XNU kernel that powers its various operating systems, including iOS and macOS, with a feature called "exclaves."…

IsDavisLuEnabledInActiveDirectory? Not any more. IsDavisLuGuilty? Yes. IsDavisLuFacingJail? Also yes

A federal jury in Cleveland has found a senior software developer guilty of sabotaging his employer's systems – and he's now facing a potential ten years behind bars.…

$96B in transactions, some even labeled 'dirty funds,' since 2019, say prosecutors

The Feds today revealed more details about the US Secret Service-led Garantex takedown, a day after seizing websites and freezing assets belonging to the Russian cryptocurrency exchange in coordination with German and Finnish law enforcement agencies.…

I knew you were trouble, Queens DA might have said

Police have made two arrests in their quest to start a cybercrime crew's prison eras, alleging the pair stole hundreds of Taylor Swift tickets and sold them for huge profit. …

Which is why taking down chiefs and infra behind big name brand operations isn't working

Interview  There's a handful of cybercriminal gangs that Jason Baker, a ransomware negotiator with GuidePoint Security, regularly gets called in to respond to these days, and a year ago only one of these crews — Akira — was on threat hunters' radars and infecting organizations with the same ferocity as it is today.…

Best not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort

Human Security’s Satori research team says it has found a new variant of the remote-controllable Badbox malware, and as many as a million infected Android devices running it to form a massive botnet.…

Did US Secret Service not get the memo, or?

A coalition of international law enforcement has shut down Russian cryptocurrency exchange Garantex, a favorite of now-defunct ransomware crew Conti and others criminals for money laundering.…

President ordered officials to ramp up vetting 'to the maximum degree'

The US government's Citizenship and Immigration Service (USCIS) is considering monitoring not just the social media posts of non-citizens coming into the country, but also all those already in America going through an immigration or citizenship process.…

Akira really wasn't horsing around with this one

Toronto Zoo's final update on its January 2024 cyberattack arrived this week, revealing that visitor data going back to 2000 had been compromised.…

Attacks strike, facilities go bust, patients die. But it's preventable

It will cost upward of $75 million to address the cybersecurity needs of rural US hospitals, Microsoft reckons, as mounting closures threaten the lives of Americans.…

Complaint alleges 13 funding proposals foundered amid battle for control

Eric Gan is no longer CEO of AI security biz Cybereason after what appears to have been a protracted and unpleasant fight with investors, including the SoftBank Vision Fund and Liberty Strategic Capital.…

Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox

US government agencies announced Wednesday criminal charges against alleged members of China's Silk Typhoon gang, plus internet domain seizures linked to a long-term Chinese espionage campaign that saw Beijing hire miscreants to compromise US government agencies and other major orgs.…

Would 'destroy a pipeline of top talent essential for hunting' Chinese spies in US networks, Congress told

Video  Looming staffing cuts to America's security and intelligence agencies, if carried out, would "have a devastating effect on cybersecurity and our national security," former NSA bigwig Rob Joyce has told House representatives.…

They're good at zero-day exploits, too

Silk Typhoon, the Chinese government crew believed to be behind the December US Treasury intrusions, has been abusing stolen API keys and cloud credentials in ongoing attacks targeting IT companies and state and local government agencies since late 2024, according to Microsoft Threat Intelligence.…

A first-of-its-kind legal challenge set to be heard this month, per reports

Apple has reportedly filed a legal complaint with the UK's Investigatory Powers Tribunal (IPT) contesting the UK government's order that it must forcibly break the encryption of iCloud data.…