News
COVID-19 test lab accused of exposing 1.3 million patient records to open internet
A password-less database containing an estimated 1.3 million sets of Dutch COVID-19 testing records was left exposed to the open internet, and it's not clear if anyone is taking responsibility.…
GCHQ's NCSC warns of 'realistic possibility' AI will help state-backed malware evade detection
The idea that AI could generate super-potent and undetectable malware has been bandied about for years – and also already debunked. However, an article published today by the UK National Cyber Security Centre (NCSC) suggests there is a "realistic possibility" that by 2025, the most sophisticated attackers’ tools will improve markedly thanks to AI models informed by data describing successful cyber-hits.…
CISA boss swatted: 'While my own experience was certainly harrowing, it was unfortunately not unique'
CISA Director Jen Easterly has confirmed she was the subject of a swatting attempt on December 30 after a bogus report of a shooting at her home.…
Accused PII seller faces jail for running underground fraud op
A Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud.…
UK water giant admits attackers broke into system as gang holds it to ransom
Southern Water confirmed this morning that criminals broke into its IT systems, making off with a "limited amount of data."…
Australia imposes cyber sanctions on Russian it says ransomwared health insurer
Australia's government has used the "significant cyber incidents" sanctions regime it introduced in 2021 for the first time, against a Russian named Aleksandr Gennadievich Ermakov whom authorities have deemed responsible for the 2022 attack on health insurer Medibank Private.…
Atlassian Confluence Server RCE attacks underway from 600+ IPs
More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 – a critical bug in out–of-date versions of Atlassian Confluence Data Center and Server – according to non-profit security org Shadowserver.…
Slug slimes aerospace biz AerCap with ransomware, brags about 1TB theft
AerCap, the world's largest aircraft leasing company, has reported a ransomware infection that occurred earlier this month, but claims it hasn't yet suffered any financial losses yet and all its systems are under control.…
EFF adds Street Surveillance Hub so Americans can check who's checking on them
For a country that prides itself on being free, America does seem to have an awful lot of spying going on, as the new Street Surveillance Hub from the Electronic Frontier Foundation shows.…
Ivanti and Juniper Networks accused of bending the rules with CVE assignments
Critics are accusing major tech companies of not sticking to the rules when it comes to registering vulnerabilities with the appropriate authorities.…
Subway's data torpedoed by LockBit, ransomware gang claims
The LockBit ransomware gang is claiming an attack on submarine sandwich slinger Subway, alleging it has made off with a platter of data.…
ICO fines spam slinging financial services biz
A financial services company that illegally dispatched tens of thousands of spam messages promising to help the recipients magically wipe away their debts is itself now a debtor to the UK’s data regulator.…
Safeguarding against the global ransomware threat
Sponsored Feature Ransomware is used by cybercriminals to steal and encrypt critical business data before demanding payment for its restoration. It represents one of, if not the most, serious cybersecurity threat currently facing governments, public/private sector organizations and enterprises around the world.…
BreachForums admin 'Pompourin' sentenced to 20 years of supervised release
in brief Conor Brian Fitzpatrick – aka "Pompourin," a former administrator of notorious leak site BreachForums – has been sentenced to 20 years of supervised release.…
Russians invade Microsoft exec mail while China jabs at VMware vCenter Server
A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news.…
Five ripped off IT giant with $7M+ in bogus work expenses, prosecutors claim
Five people have been accused of pulling off a "brazen" scam that involved submitting more than $7 million in fake work expense claims to an IT consultancy to bankroll hotel stays, a cruise, visits to strip clubs, and more.…
Thieves steal 35.5M customers’ data from Vans sneakers maker
VF Corporation, parent company of clothes and footwear brands including Vans and North Face, says 35.5 million customers were impacted in some way when criminals broke into their systems in December.…
IT consultant fined for daring to expose shoddy security
A security researcher in Germany has been fined €3,000 ($3,300, £2,600) for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records.…
US agencies warn made-in-China drones might help Beijing snoop on the world
Two US government agencies, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI), warned on Wednesday that drones made in China could be used to gather information on critical infrastructure.…
JPMorgan exec claims bank repels 45 billion cyberattack attempts per day
The largest bank in the United States repels 45 billion – yes, with a B – cyberattack attempts per day, one of its leaders claimed at the World Economic Forum in Davos. …