News

That would explain this 440GB leak, then

Fortinet has admitted that bad actors accessed cloud-hosted data about its customers, but insisted it was a "limited number" of files. The question is: how limited is "limited"?…

Nastyware seeks creds, mines crypto, and plants ransomware that isnt deployed - for now?

An unknown attacker is exploiting weak passwords to break into Oracle WebLogic servers and deploy an emerging Linux malware called Hadooken, according to researchers from cloud security outfit Aqua.…

Allegedly pilfered database has source code, private keys, staff info, T-Mobile VM logs, more

A miscreant claims to have broken into Capgemini and leaked a large amount of sensitive data stolen from the technology services giant – including source code, credentials, and T-Mobile's virtual machine logs.…

The startup is already the go-to intel shop for 45 govs and half the Fortune 100

Mastercard has added another security asset to its growing portfolio, laying down $2.65 billion for threat intelligence giant Recorded Future.…

SaaS seller sets severity to 'critical'

Adobe's patch for a remote code execution (RCE) bug in Acrobat doesn't mention that the vulnerability is considered a zero-day nor that a proof-of-concept (PoC) exploit exists, a researcher warns.…

Browser becomes more proactive about trimming unneeded permissions and deceptive notifications

Google has enhanced Chrome's Safety Check so that it can make some security decisions on the user's behalf.…

NCA confirms arrest of 17-year-old 'on suspicion of Computer Misuse Act offences' – now bailed

Breaking  Transport for London's ongoing cyber incident has taken a dark turn as the organization confirmed that some data, including bank details, might have been accessed, and 30,000 employees' passwords will need to be reset via in-person appointments.…

Privacy regulator taking a closer look at data privacy and PaLM 2

The European Union's key regulator for data privacy, Ireland's Data Protection Commission (DPC), has launched a cross-border inquiry into Google's AI model to ascertain if it complies with the bloc's rules.…

What kind of OS can be hijacked by clicking a link at just the right time? Microsoft's

In this week's Patch Tuesday Microsoft alerted users to, among other vulnerabilities, a flaw in Windows Installer that can be exploited by malware or a rogue user to gain SYSTEM-level privileges to hijack a PC.…

It could lead to a costly BEC situation

Palo Alto's Unit 42 threat intel team wants to draw the security industry's attention to an increasingly common tactic used by phishers to harvest victims' credentials.…

Get essential insights for IT security compliance and effectiveness from SANS

Webinar  As cybersecurity threats evolve, so do the regulations designed to protect businesses.…

Academically interesting technique for poking holes in paywalled tech specs

An anti-piracy system to protect online video streams from unauthorized copying is flawed – and can be broken to allow streamed media from Amazon, Netflix, and others to be saved, replayed, and spread at will, we're told.…

Augmented reality meets warped reality

A defense ministry official from Belarus has claimed augmented reality game Pokémon GO was a tool of Western intelligence agencies.…

Would paying a ransom - or better security - have been cheaper and safer?

A US healthcare giant will pay out $65 million to settle a class-action lawsuit brought by its own patients after ransomware crooks stole their data – including their nude photographs – and published at least some of them online.…

No class: Black Suit ransomware gang boasts of 200GB haul from one raid

Cybercriminals closed some schools in America and Britain this week, preventing kindergarteners in Washington state from attending their first-ever school day and shutting down all internet-based systems for Biggin Hill-area students in England for the next three weeks.…

You hate to see it

The Meow ransomware group has grabbed the second most active gang spot in an unexpected surge in activity following a major brand overhaul.…

Allegedly swiped more than 5.2M files and threatens to publish the lot

Ransomware gang Hunters International reportedly claims to have stolen more than 5.2 million files belonging to the London branch of the Industrial and Commercial Bank of China (ICBC), a Chinese state-owned bank and financial service corporation, and set a deadline of September 13 to release all the data.…

A really big oh sh*t moment, for sure

For C-suite execs and security leaders, discovering your organization has been breached, your critical systems locked up and your data stolen, then receiving a ransom demand, is probably the worst day of your professional life.…

What happens at Black Hat…

While trying to escape the Las Vegas heat during Black Hat last month, watchTowr Labs researchers decided to poke around for weaknesses in the WHOIS protocol. They claim to have found a way to undermine certificate authorities, which the world trusts to keep the internet safe by verifying the identity of websites.…

ISC2 argues security training needs to steer toward what hiring managers want

The shortfall between the number of working security professionals and the number of security job openings has reached 4.8 million – a new high, according to cyber security non-profit ISC2.…