News

Christmas comes early for attackers this year

Two high-severity Android bugs were exploited as zero-days before Google issued a fix, according to its December Android security bulletin. …

Ivy League school warns more than 1,400 people after attackers siphon data via zero-day

The University of Pennsylvania has become the latest victim of Clop's smash-and-grab spree against Oracle's E-Business Suite (EBS) customers, with the Ivy League school now warning more than a thousand individuals that their personal data was siphoned from its systems.…

Operation Olympia pulls Swiss servers offline and scoops up 12TB of data in latest crime infrastructure crackdown

Law enforcement agencies in Germany and Switzerland have shut down cryptocurrency laundering platform Cryptomixer in Europe's latest pushback against cybercrime infrastructure.…

Borough says attackers copied 'historical' info as three-council cyber woes drag on

Kensington and Chelsea Council has admitted that data was quietly lifted from its systems during last week's cyber meltdown, confirming that the outage was not just an IT faceplant but a bona fide data breach.…

Regulator says Illuminate ignored years of warnings, stored kids' data in plain text, and kept districts in the dark

US edtech provider Illuminate Education just got dinged by the Federal Trade Commission for allegedly failing to keep an attacker from pilfering data on 10 million students.…

'Sanchar Saathi' shares data to help fight fraud and protect carrier security

India’s government has issued a directive that requires all smartphone manufacturers to install a government app on every handset in the country and has given them 90 days to get the job done – and to ensure users can’t remove the code.…

And some are still active in the Microsoft Edge store

A seven-year malicious browser extension campaign infected 4.3 million Google Chrome and Microsoft Edge users with malware, including backdoors and spyware sending people's data to servers in China. And, according to Koi researchers, five of the extensions with more than 4 million installs are still live in the Edge marketplace.…

Plus: Aussie Wi-Fi phisher and Brit dark web dealer nailed

Cybercrime suspects and offenders across three continents have been rounded up this week, with cases spanning hacked IP cameras in South Korea, evil twin Wi-Fi traps in Australia, and a dark web drug empire in rural England.…

Only a select few continue into later life, mainly for the love of the game

Young threat actors may be rebels without a cause. These cybercriminals typically grow out of their offending ways by the time they turn 20, according to data published by the Dutch government.…

Coupang confirms internationally routed intrusion compromised more than half of the country's population

South Korean retail behemoth Coupang has admitted to a data breach that exposed the personal details of 33.7 million customers, turning the company's famed "Rocket Delivery" logistics empire into an express shipment for personal information.…

Zut alors! Cybercrooks scored names, numbers, and license IDs

The French Football Federation (FFF) has conceded that attackers broke into its member management software using a compromised account, scoring a match sheet's worth of player data in the process.…

PLUS: India wants to build big airliners; Half of South Koreans caught in data leak; Minimum wage for gig workers in Oz; And more!

Asia in Brief  Singapore’s government last week told Google and Apple to prevent fake government messages.…

PLUS: Exercise app tells spies to stop mapping; GitLab scan reveals 17,000 secrets; Leak exposes Iran’s Charming Kitten; And more!

Infosec In Brief  Switzerland’s Conference of Data Protection Officers, Privatim, last week issued a resolution calling on Swiss public bodies to avoid using hyperscale clouds and SaaS services due to security concerns.…

Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm

PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials.…

Crims claim to know which customers are marked 'vulnerable'

British telco Brsk is investigating claims that it was attacked by cybercriminals who made off with more than 230,000 files.…

Project cites fears of state access as cloud sovereignty row deepens

French cloud outfit OVHcloud took another hit this week after GrapheneOS, a mobile operating system, said it was ditching the company's servers over concerns about France's approach to digital privacy.…

Training outfit scrambles to fix all-male lineup before December kickoff

Cybersecurity training provider TryHackMe is scrambling to recruit women infosec pros to help with its Christmas challenge following backlash concerning a lack of gender diversity.…

Ex-NCSC chief Ciaran Martin asked to examine how forecast ended up online ahead of schedule

The Office for Budget Responsibility (OBR) has drafted in former National Cyber Security Centre (NCSC) chief Ciaran Martin to sniff out how its Budget day forecast wandered onto the open internet before the Chancellor had even reached the dispatch box.…

OBR says the scheme will cost £600M a year with no identified savings

The UK government has finally put a £1.8 billion price tag on its digital ID plans – days after the minister responsible refused to name a figure.…

Talk about buyer’s remorse

South Korean web giant Naver has had an interesting week, after it acquired a cryptocurrency exchange that the next day revealed it had suffered a serious cyberattack.…