News

Critical authentication bypass revealed, older flaws under active attack

Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems.…

Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D

Analysis  Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.…

FBI and co blow lid off latest PHP tampering scam

The FBI and its friends have warned businesses of crooks scraping people's credit-card details from tampered payment pages on compromised websites.…

Irish Council on Civil Liberties said this is first time the scope of real-time bidding is being measured

The average American has their personal information shared in an online ad bidding war 747 times a day. For the average EU citizen, that number is 376 times a day. In one year, 178 trillion instances of the same bidding war happen online in the US and EU.…

June debut of zero trust GDAP tool should make it harder for crims to attack through MSPs and resellers

Microsoft has advised its reseller community it needs to pay attention to the debut of improve security tooling aimed at making it harder for attackers to worm their way into your systems through partners.…

According to this cybersecurity outfit that wants your business, anyway

The fraud industry, in some respects, grew in the first quarter of the year, with crooks putting more human resources into some attacks while increasingly relying on bots to carry out things like credential stuffing and fake account creation.…

Sysrv-K malware infects unpatched tin, Microsoft warns

The latest variant of the Sysrv botnet malware is menacing Windows and Linux systems with an expanded list of vulnerabilities to exploit, according to Microsoft.…

Looking for tech talent? Kim Jong-un's friendly freelancers, at your service

Pay close attention to that resume before offering that work contract.…

Anything that uses proximity-based BLE is vulnerable, claim researchers

Tesla Model 3 and Y owners, beware: the passive entry feature on your vehicle could potentially be fooled by a new form of relay attack.…

Java and Python packages are the first on the list

Google has a plan — and a new product plus a partnership with developer-focused security shop Snyk — that attempts to make it easier for enterprises to secure their open source software dependencies.…

Singapore's safety scheme measures scam-combatting capability

A newly implemented e-commerce rating system in the city-state of Singapore has rated Facebook's Marketplace as the least trustworthy e-commerce platform, behind Amazon and its Alibaba-owned Asian analogue Lazada.…

More types of biz fall under expanded rules – and fines for those who fall short

Europe has moved closer toward new cybersecurity standards and reporting rules following a provisional network and information systems agreement dubbed NIS2 by the European Council and Parliament. …

If his surgery was as bad as his opsec, this chap has caused a lot of trouble

The US Attorney’s Office has charged a 55-year-old cardiologist with creating and selling ransomware and profiting from revenue-share agreements with criminals who deployed his product.…

'Brushing' tops the list, as quantity of forbidden content continue to rise

China’s Ministry of Public Security has revealed the five most prevalent types of fraud perpetrated online or by phone.…

Citizen allegedly moved $10m-plus in BTC into banned nation

US prosecutors have accused an American citizen of illegally funneling more than $10 million in Bitcoin into an economically sanctioned country.…

Here’s how to tailor a security suite that suits you

Webinar  Some cyberattackers are out to cause mayhem, but the pros are really after one thing. Your data, whether that’s through exfiltration or encryption.…

Plus: Tech giants commit $30m to open-source security, miscreants breach DEA portal, and US signs cybercrime treaty

In brief  San Francisco police have been using driverless cars for surveillance to assist in law enforcement investigations.…

We take a look at low, low subscription prices – not that we want to give anyone any ideas

A Tor-hidden website dubbed the Eternity Project is offering a toolkit of malware, including ransomware, worms, and – coming soon – distributed denial-of-service programs, at low prices.…

Touting info on 6,700 compromised systems will get you four years behind bars

A Ukrainian man has been sentenced to four years in a US federal prison for selling on a dark-web marketplace stolen login credentials for more than 6,700 compromised servers.…

David Harville is seventh to cop to harassment campaign

David Harville, eBay's former director of global resiliency, pleaded guilty this week to five felony counts of participating in a plan to harass and intimidate journalists who were critical of the online auction business.…