News

And that's a bit odd, says Red Canary

A strain of Windows uses PowerShell to add a malicious extension to a victim's Chrome browser for nefarious purposes. A macOS variant exists that uses Bash to achieve the same and also targets Safari.…

Another day, another DDoS attack that tries to scare the victim into paying up with mention of dreaded gang

Akamai has spoken of a distributed denial of service (DDoS) assault against one of its customers during which the attackers astonishingly claimed to be associated with REvil, the notorious ransomware-as-a-service gang.…

Sure, they’re small Pacific nations, but they’re in very strategic locations

China has begun talking to ten nations in the South Pacific with an offer to help them improve their network infrastructure, cyber security, digital forensics and other capabilities – all with the help of Chinese tech vendors.…

Voltage glitch here, glitch there, now you can fiddle with location disc's firmware

At the Workshop on Offensive Technologies 2022 (WOOT) on Thursday, security researchers demonstrated how to meddle with AirTags, Apple's coin-sized tracking devices.…

Shut up and take ... poor kids to KFC?

In what is either a creepy, weird spin on Robin Hood or something from a Black Mirror episode, we're told a ransomware gang is encrypting data and then forcing each victim to perform three good deeds before they can download a decryption tool.…

Now we can say extortionware has jumped the shark

Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.…

Schrems III on the cards unless negotiators protect better oversight of US data access requests

European privacy campaigner Max Schrems is warning that enhancements to the EU-US Privacy Shield data-sharing arrangements might face a legal challenge if negotiators don't take a new approach.…

We're only here for DBIRs

The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.…

Interpol, cops swoop with intel from cybersecurity bods

Interpol and cops in Africa have arrested a Nigerian man suspected of running a multi-continent cybercrime ring that specialized in phishing emails targeting businesses.…

A 'Very English Coop (sic) d'Etat'

Emails between leading pro-Brexit figures in the UK have seemingly been stolen and leaked online by what could be a Kremlin cyberespionage team.…

Incident comes a week after 'SAP glitch' kept some planes on the taxiway

Indian budget airline SpiceJet on Wednesday attributed delayed flights to a ransomware attack.…

Meanwhile, Twitter coughs up $150m after using account security contact details for advertising

Miscreants have dumped on Telegram more than 142 million customer records stolen from MGM Resorts, exposing names, postal and email addresses, phone numbers, and dates of birth for any would-be identity thief.…

Occasional gaping hole and overprivileged users still blight the Beast of Redmond

Despite a record number of publicly disclosed security flaws in 2021, Microsoft managed to improve its stats, according to research from BeyondTrust.…

Car maker says miscreants used stolen logins to break into folks' accounts

Automaker General Motors has confirmed the credential stuffing attack it suffered last month exposed customers' names, personal email addresses, and destination data, as well as usernames and phone numbers for family members tied to customer accounts.…

Paper authors warn Elon Musk's 2,400 machines could be used offensively

A researcher from the Beijing Institute of Tracking and Telecommunications advocated for Chinese military capability to take out Starlink satellites on the grounds of national security in a peer-reviewed domestic journal.…

But think tank says its past attempts at working together haven't gone well

Leaders of the Quad alliance – Australia, India, Japan, and the USA – met on Tuesday and revealed initiatives to strengthen collaboration on emerging technologies and cybersecurity, with an unspoken subtext of neutralizing China.…

In detail: Ocean's Eleven-grade ruse in which victims' profiles are rigged from the start

Two security researchers have identified five related techniques for hijacking internet accounts by preparing them to be commandeered in advance.…

Another rush job for busy Indian IT shops

Indian IT shops have been handed another extraordinarily short deadline within which to perform significant infosec work.…

Or so says Google after tracking 30+ vendors peddling surveillance malware

Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm's Predator spyware in at least three campaigns in 2021, according to Google's Threat Analysis Group (TAG).…

Google Project Zero blows lid off bug involving that old chestnut: XML parsing

Zoom has fixed a security flaw in its video-conferencing software that a miscreant could exploit with chat messages to potentially execute malicious code on a victim's device.…