News

Digital end of life planning saves your loved ones from a little extra anguish

Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it.…

DoJ also shutters allleged crimeware and credit card mart PopeyeTools

The US Department of Justice has issued an indictment that names five people accused of stealing millions in cryptocurrency – and we are told they are suspected members of cyber-gang Scattered Spider.…

Meet Liminal Panda, which prowls telecom networks in South Asia and Africa

A senior US senator has warned that American tech companies’ activities in China represent a national security risk, in a hearing that saw infosec biz CrowdStrike testify it has identified another cyber-espionage crew it believes is backed by Beijing.…

Change Healthcare’s $2 billion recovery is still a work in progress

Still reeling from its February ransomware attack, Change Healthcare confirms its clearinghouse services are back up and running, almost exactly nine months since the digital disruption began.…

OSS-Fuzz is making a strong argument for LLMs in security research

Google's OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities, including a critical flaw in the widely used OpenSSL library.…

Vendor offers 20% discount on new model, but not patches

Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.…

CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value

I recently got to play a 'fly on the wall' at a roundtable of chief information security officers. Beyond the expected griping and moaning about funding shortfalls and always-too-gullible users, I began to hear a new note: data has become a problem.…

Ransomware scum LockBit claims it did the dirty deed

Equinox, a New York State health and human services organization, has begun notifying over 21 thousand clients and staff that cyber criminals stole their health, financial, and personal information in a "data security incident" nearly seven months ago.…

No word on when or if the issue will be fixed

Chinese government-linked snoops are exploiting a zero-day bug in Fortinet's Windows VPN client to steal credentials and other information, according to memory forensics outfit Volexity.…

This malware is FREE for EVERY crook ($300 decryption keys sold separately)

A Russian citizen has been extradited from South Korea to the United States to face charges related to his alleged role in the Phobos ransomware operation.…

More than 100 million rely on systems rife with vulnerabilities, says EPA OIG

Nearly a third of US residents are served by drinking water systems with cybersecurity shortcomings, the Environmental Protection Agency's Office of Inspector General found in a recent study – and the agency lacks its own system to track potential attacks. …

Amazing that these two bugs got into a production appliance, say researchers

Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week.…

Strategies for mitigating external access vulnerabilities and safeguarding sensitive data

Webinar  As organizations increasingly rely on third-party contractors, vendors, and service providers, the security risks associated with third-party access can become a top priority.…

Fastidious attacker then tidied up email trail behind them

A Maryland AI company has confirmed to the Securities and Exchange Commission (SEC) that it lost $250,000 to a misdirected wire payment.…

Get hands-on cybersecurity training this seasonal challenge

Sponsored Post  Are you ready to pit your wits against the cyber exercises featured in the Holiday Hack Challenge 2024: Snow-maggedon?…

Security researcher's reverse engineering effort reveals undocumented reboot timer that will make life harder for attackers

Apple's latest mobile operating system, iOS 18, appears to have added an undocumented security feature that reboots devices if they’re not used for 72 hours.…

Plus: Maxar Space Systems confirms employee info stolen in digital intrusion

Ford Motor Company says it is looking into allegations of a data breach after attackers claimed to have stolen an internal database containing 44,000 customer records and dumped the info on a cyber crime souk for anyone to "enjoy."…

If you didn't fix this a month ago, your to-do list probably needs a reshuffle

Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in attacks after Broadcom’s first attempt to fix the flaws fell short.…

Un-carrier said to be among those hit by Salt Typhoon, including AT&T, Verizon

T-Mobile US said it is "monitoring" an "industry-wide" cyber-espionage campaign against American networks – amid fears Chinese government-backed spies compromised the un-carrier among with various other telecommunications providers.…

First in six years is nearly three times the size of the older, pre-NATO version

Residents of Sweden are to receive a handy new guide this week that details how to prepare for various types of crisis situations or wartime should geopolitical events threaten the country.…