News

You're your own security team, remember?

If you run a small online business powered by the Magento ecommerce platform, Britain's National Cyber Security Centre (NCSC) is begging you to make sure it's fully patched ahead of Black Friday.…

Company data compromised but not systems containing customer or supplier information

Vestas Wind Systems, one of the world's largest makers of wind turbines, today confirmed company data has been compromised in a "cyber security incident" that forced the firm to isolate parts of its IT infrastructure.…

Privacy challenges and rushed implementation should make this cash alternative much less attractive

Opinion  Nigeria recently became the first African country to launch its central bank digital currency (CBDC), the eNaira. However, there are significant privacy challenges that could make eNaira a lot less attractive.…

Unexpected consequences of the SQL Slammer worm

Who, Me?  Do you check your emails before sending them? Re-read a dozen times but still that typo sneaks through? Welcome to a Who, Me? in which a reader learns that one mistyped letter can result in a visit from the legal department.…

Video app promises not to let naughty content cross the border, and to ban those who try

Pakistan has allowed TikTok to resume operations on its soil.…

Ganja believe it? Seller claimed to sell 'Stevia leaves', but shifted a tonne of wacky 'baccy before being busted

Police in the Indian state of Madhya Pradesh have charged Amazon India executives under narcotics laws, after uncovering a marijuana smuggling operation centered around the e-commerce website.…

AI can help thwart attacks before they affect operations

Paid Feature  Cyber-attacks aren't just about siphoning bank accounts. They're also targeting critical national infrastructure, warn experts – and we're not doing a very good job of preventing them. How can we stop the rot and protect the systems that funnel our oil, carry our electricity, and manage our water, among other things?…

Boffins measure the black hole of dubious certs and find it troubling

Security researchers have checked the web's public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities.…

Plus, US gov to sell off $56M of Bitcoin – the largest single sum recovered so far from a cryptocurrency fraud

A Canadian teenager has been arrested for allegedly stealing $37 million worth of cryptocurrency ($46M Canadian) via a SIM swap scam, making it the largest virtual cash heist affecting a single person yet, according to police.…

Smartphones now have lasers so we're gonna use them to find voyeurs

Recent model smartphones can be smarter still about finding hidden cameras in their vicinity, if they take advantage of time-of-flight (ToF) sensors.…

GitHub: 'Credentials exposed by our users are not in scope'

Thousands of Firefox cookie databases containing sensitive data are available on request from GitHub repositories, data potentially usable for hijacking authenticated sessions.…

Learn how to build a resilient disaster response plan

Webinar  You can’t predict when a disaster will strike your organisation, whether it’s extreme weather, workplace violence, or a cyber attack.…

RedDoorz.com left red-faced after leaving AWS access key in an APK

Singapore's Personal Data Protection Commission (PDPC) has issued a fine of SG$74,000 ($54,456) on travel company Commeasure, which operates a travel booking website named RedDoorz that exposed 5.9 million customers' data – the largest data breach handled by the Commission since its inception.…

Rapid7's 2022 Planning webinars are here to help

Paid Post  Is it too early to be thinking about cybersecurity in 2022? That’s an easy one ... of course not.…

National Security and Investment Act 2021 give ministers power to halt M&As

The UK government has published guidance describing what technologies may be caught within the National Security and Investment Act 2021, which is set to give ministers the power to halt mergers and acquisitions.…

Annual review boasts of fending off health org attacks

Britain's National Cyber Security Centre is prepared to share its cyber defence tech and threat intel feeds with British organisations in need of extra help, it said at the launch of its annual review today.…

You had one job …

South Korea's privacy watchdog leaked personal information relating to participants in a case that sought to probe Facebook's leak of personal information.…

Ongoing typosquatting attacks target kids as Discord drags its feet

Since early September, Josh Muir and five other maintainers of the noblox.js package, have been trying to prevent cybercriminals from distributing ransomware through similarly named code libraries.…

Nice to have nearly a year off from that malspam threat, but now it's returned

The Emotet malware delivery botnet is back, almost a year after law enforcement agencies bragged about shutting it down and arresting the operators.…

Flaw allowed 'an attacker to publish new versions of any npm package'

GitHub said it has fixed a longstanding issue with the NPM (Node Package Manager) JavaScript registry that would allow an attacker to update any package without proper authorisation.…