News

Google revises Chrome Vulnerability Rewards Program with higher payouts for bug hunters

Google's Chrome Vulnerability Rewards Program (VRP) is now significantly more rewarding – with a top payout that's at least twice as substantial.…

French police reckon financial system targeted during Summer Games

Nearly four weeks after the cyberattack on dozens of French national museums during the Olympic Games, the Brain Cipher ransomware group claims responsibility for the incident and says 300 GB of data will be leaked later today.…

Total revenue for Q2 grew 32 percent

CrowdStrike's major meltdown a month ago doesn't look like affecting the cyber security vendor's market dominance anytime soon, based on its earnings reported Wednesday.…

CrowdStrike, other vendors, friendly govt reps…but not anyone would can tell you what happened

op-ed  Microsoft will host a security summit next month with CrowdStrike and other "key" endpoint security partners joining the fun — and during which the CrowdStrike-induced outage that borked millions of Windows machines will undoubtedly be a top-line agenda item. …

If you haven't deployed August's patches, get busy before others do

Windows users who haven't yet installed the latest fixes to their operating systems will need to get a move on, as code now exists to exploit a critical Microsoft vulnerability announced by Redmond two weeks ago.…

The government-backed crew also enjoys ransomware as a side hustle

Iranian government-backed cybercriminals have been hacking into US and foreign networks as recently as this month to steal sensitive data and deploy ransomware, and they're breaking in via vulnerable VPN and firewall devices from Check Point, Citrix, Palo Alto Networks and other manufacturers, according to Uncle Sam.…

Authorities probing unwanted intrusion; hard questions ahead

Dick's Sporting Goods, America's largest retail chain for outdoorsy types, has admitted that it suffered a cyberattack last week.…

Prompt injection, ASCII smuggling, and other swashbuckling attacks on the horizon

Microsoft has fixed flaws in Copilot that allowed attackers to steal users' emails and other personal data by chaining together a series of LLM-specific attacks, beginning with prompt injection.…

Sword or plowshare? That depends on whether you're an attacker or a defender

Sponsored Feature  Artificial intelligence: saviour for cyber defenders, or shiny new toy for online thieves? As with most things in tech, the answer is a bit of both.…

Phew! Consumer-grade tracking devices are good for more than finding your keys and stalking

Theft of packages is an ongoing problem, so one California woman tried a high tech solution to the problem – and her use of Apple’s consumer-grade AirTags tracking devices led to two arrests.…

Ground stations are the perfect place for the Great Firewall to block things China finds unpleasant

The multiple constellations of broadband-beaming satellites planned by Chinese companies could conceivably run the nation's "Great Firewall" content censorship system, according to think tank The Australian Strategic Policy Institute. And if they do, using the services will be dangerous.…

More of a storm in a teacup

Today's news that Intel's Software Guard Extensions (SGX) security system is open to abuse may be overstated.…

The same Beijing-backed cyber spy crew the feds say burrowed into US critical infrastructure

It looks like China's Volt Typhoon has found a new way into American networks as Versa has disclosed a nation-state backed attacker has exploited a high-severity bug affecting all of its SD-WAN customers using Versa Director.…

Cracked Labs examines how workplace surveillance turns workers into suspects

Software designed to address legitimate business concerns about cyber security and compliance treats employees as threats, normalizing intrusive surveillance in the workplace, according to a report by Cracked Labs.…

Legitimate emails misclassified in software snafu

Updated  Many administrators have had a trying Monday after getting spammed out with false malware reports by Microsoft.…

National security data up for grabs, Office of the Inspector General finds

update  The FBI has made serious slip-ups in how it processes and destroys electronic storage media seized as part of investigations, according to an audit by the Department of Justice Office of the Inspector General.…

No word yet on if ransomware is to blame

The Port of Seattle, which operates the Seattle-Tacoma International Airport, is investigating a "possible cyberattack" after computer outages disrupted the airport's operations and delayed flights.…

Second sensitive info theft claimed by the same crims since June

Digital data thieves have reportedly breached AMD's internal communications and are offering the allegedly stolen goods for sale. …

Unprotected database with 12 years of biz records yanked offline

Exclusive  Nearly 2.7 TB of sensitive data — 31.5 million invoices, contracts, HIPPA patient consent forms, and other business documents regarding numerous companies across industries — has been exposed to the public internet in a non-password protected database for an unknown amount of time.…

Sueball suggests outsourcer went out of bounds by developing competing product

A subsidiary of IT outsourcer Cognizant filed a lawsuit on Friday in Texas federal court alleging that rival Infosys was involved in stealing trade secrets and engaging in anticompetitive behavior.…