News
FCC gets tough: Telcos must now tell you when your personal info is stolen
The FCC's updated reporting requirements mean telcos in America will have just seven days to officially disclose that a criminal has broken into their systems.…
Jet engine dealer to major airlines discloses 'unauthorized activity'
Willis Lease Finance Corporation has admitted to US regulators that it fell prey to a "cybersecurity incident" after data purportedly stolen from the biz was posted to the Black Basta ransomware group's leak blog.…
Europe's largest caravan club admits wide array of personal data potentially accessed
The Caravan and Motorhome Club (CAMC) and the experts it drafted to help clean up the mess caused by a January cyberattack still can't figure out whether members' data was stolen.…
Mon Dieu! Nearly half the French population have data nabbed in massive breach
Infosec In Brief Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week.…
Meet VexTrio, a network of 70K hijacked websites crooks use to sling malware, fraud
More than 70,000 presumably legit websites have been hijacked and drafted into a network that crooks use to distribute malware, serve phishing pages, and share other dodgy stuff, according to researchers.…
Ivanti discloses fifth vulnerability, doesn't credit researchers who found it
In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it.…
Fortinet's week to forget: Critical vulns, disclosure screw-ups, and <em>that</em> toothbrush DDoS attack claim
We've had to write the word "Fortinet" so often lately that we're considering making a macro just to make our lives a little easier after what the company's reps will surely agree has been a week sent from hell.…
The ever-present state of cyber security alert
Webinar As artificial intelligence (AI) technology becomes increasingly complex so do the threats from bad actors. It is like a forever war.…
India to make its digital currency programmable
The Reserve Bank of India (RBI) announced on Thursday it would make its digital currency programmable, and ensure it can be exchanged when citizens are offline.…
Crime gang targeted jobseekers across Asia, looted two million email addresses
Singapore-based infosec firm Group-IB has detected a group that spent the last two months of 2023 stealing personal info from websites operated by jobs boards and retailers websites across Asia.…
Uncle Sam sweetens the pot with $15M bounty on Hive ransomware gang members
The US government has placed an extra $5 million bounty on Hive ransomware gang members – its second such reward in a year. And it also comes a little over 11 months since the FBI said it had shut down the criminal organization's network.…
FBI: Give us warrantless Section 702 snooping powers – or China wins
Analysis The FBI's latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the Chinese government.…
Fake LastPass lookalike made it into Apple App Store
LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install.…
Raspberry Robin devs are buying exploits for faster attacks
Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks.…
Cybercrime duo accused of picking $2.5M from Apple's orchard
A cybersecurity researcher and his pal are facing charges in California after they allegedly defrauded an unnamed company, almost certainly Apple, out of $2.5 million.…
Rust can help make software secure – but it's no cure-all
Memory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they're not necessarily associated with the majority of vulnerabilities that actually get exploited.…
IT suppliers hacked off with Uncle Sam's demands in aftermath of cyberattacks
Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident.…
Volt Typhoon not the only Chinese crew lurking in US energy, critical networks
Volt Typhoon isn't the only Chinese spying crew infiltrating computer networks in America's energy sector and other critical organizations with the aim of wrecking equipment and causing other headaches, the US government has said.…
Half of polled infosec pros say their degree was less than useful for real-world work
Half of infosec professionals polled by Kaspersky said any cybersecurity knowledge they picked up from their higher education is at best somewhat useful for doing their day jobs. On the other hand, half said the know-how was at least very useful. We're a glass half-empty lot.…
US says China's Volt Typhoon is readying destructive cyberattacks
The US government today confirmed China's Volt Typhoon crew comprised "multiple" critical infrastructure org's IT networks in America – and Uncle Sam warned that the Beijing-backed spies are readying "disruptive or destructive cyberattacks" against those targets.…