News

As months go by without fixes, hotels take the scenic route to securing rooms

Around 3 million doors protected by popular keycard locks are thought to be vulnerable to security flaws that allow miscreants to quickly slip into locked rooms.…

Short of rearchitecting hardware, the fix will seriously degrade performance

Apple is having its own Meltdown/Spectre moment with a new side-channel vulnerability found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys. …

Security world reacts as NIST does a lot less of oft criticized, 'almost always thankless' work

Opinion  The United States National Institute of Standards and Technology (NIST) has almost completely stopped adding analysis to Common Vulnerabilities and Exposures (CVEs) listed in the National Vulnerability Database. That means big headaches for anyone using CVEs to maintain their security. …

The device that makes it possible is required in all American big rigs, and has poor security

Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University.…

You better watch out, you better not cry, better not pout, they're telling you why

The US government has recommended a series of steps that critical infrastructure operators should take to prevent distributed-denial-of-service (DDoS) attacks.…

Redmond says it does what it's told, but still thinks users are better off

Microsoft is the subject of growing criticism in the US over allegations that its Bing search engine censors results for users in China that relate to sensitive subjects the state wants blocked.…

At least we can all agree on something

The US House of Representatives has passed a bill that would prohibit data brokers from selling Americans' data to foreign adversaries with an unusual degree of bipartisan support: It passed without a single opposing vote.…

MarineMax may be in choppy waters after 'stolen data' given million-dollar price tag

The Rhysida ransomware group claims it was responsible for the cyberattack at US luxury yacht dealer MarineMax earlier this month.…

Security experts insist ransomware is involved but Leicester zips its lips

Leicester City Council continues to battle a suspected ransomware attack while keeping schtum about the key details.…

Operators pack twenty phones into a chassis – then rack 'em and stack 'em ready to do evil

Chinese upstarts are selling smartphone motherboards – and kit to run and manage them at scale – to operators of outfits that use them to commit various scams and crimes, according to an undercover investigation by state television broadcaster China Central Television (CCTV) revealed late last week.…

New infostealer may indicate a shift in tactics – and maybe targets too, beyond Asia

North Korea's notorious Kimsuky cyber crime gang has commenced a campaign using fresh tactics, according to infosec tools vendor Rapid7.…

Phishing season started early with crims intent on the hooking early filers

As the digital wolves dress in sheep's tax forms, Microsoft has thrown a spotlight on a crafty 2024 phishing expedition, unraveled in January, that preys on the unsuspecting herd of early tax filers.…

From a trickle to a flood, threats now seen as too great to ignore

US government is urging state officials to band together to improve the cybersecurity of the country's water sector amid growing threats from foreign adversaries.…

First: not being able buy a meat pie with a credit card. Now this.

The London Clinic where the Princess of Wales had surgery at the start of this year says it is investigating claims that an employee had tried to access her medical records.…

Robert Purbeck even went as far as threatening a dentist with the sale of his child’s data

A cyberattacker and extortionist of a medical center has pleaded guilty to federal computer fraud and abuse charges in the US.…

At least 31,031 people affected last year

Stalkerware has reached "pandemic proportions," according to Kaspersky, which documented a total of 31,031 people affected by the intrusive software in 2023 – up almost six percent on the prior year.…

Unless you want to be the next Change Healthcare, that is

The Feds and friends yesterday issued yet another warning about China's Volt Typhoon gang, this time urging critical infrastructure owners and operators to protect their facilities against destructive cyber attacks that may be brewing.…

Also down under, researchers find security-cleared workers leaking details of their gigs

An Australian IT contractor has been sentenced to 30 months jail for ripping off the National Maritime Museum.…

Plus potential links to I-Soon, researchers say

Chinese cyberspies have compromised at least 70 organizations, mostly government entities, and targeted more than 116 victims across the globe, according to security researchers.…

Latest figures paint grim picture of how viciously the elderly are targeted

The FBI says investment fraud was the form of cybercrime that incurred the greatest financial loss for Americans last year.…