News

Criminals targeted the hospital and physician network’s Detroit cancer clinic this time

McLaren Health Care is in the process of writing to 743,131 individuals now that it fully understands the impact of its July 2024 cyberattack.…

Cyber Monitoring Centre issues first severity assessment since February launch

Britain's Cyber Monitoring Centre (CMC) estimates the total cost of the cyberattacks that crippled major UK retail organizations recently could be in the region of £270-440 million ($362-591 million).…

PLUS: 5.4M healthcare records leak; AI makes Spam harder to spot; Many nasty Linux vulns; and more

Infosec in brief  A former US Army sergeant has admitted he attempted to sell classified data to China.…

Don’t trust mystery digits popping up in your search bar

Scammers are hijacking the search results of people needing 24/7 support from Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal in an attempt to trick victims into handing over personal or financial info, according to Malwarebytes senior director of research Jérôme Segura.…

If it looks like a duck and walks like a duck...

Aflac is the latest insurance company to disclose a security breach following a string of others earlier this week, all of which appear to be part of Scattered Spider's most recent data theft campaign.…

It's a marketing move to lure more affiliates, says infosec veteran

The latest marketing ploy from the ransomware crooks behind the Qilin operation involves offering affiliates access to a crack team of lawyers to ramp up pressure in ransom negotiations.…

Services coming back online after legacy systems compromised

Oxford City Council says a cyberattack earlier this month resulted in 21 years of data being compromised.…

To stop AI scam callers, break automatic speech recognition systems

Researchers based in Israel and India have developed a defense against automated call scams.…

Feds told they can't demand a haystack to find a needle

The United States is requesting [PDF] a month-long extension to the deadline for its final decision regarding an appeal against a judge's ruling that obtaining tower dumps is unconstitutional.…

Experts note 'major red flags' in donut giant's security as 161,676 staff and families informed of attack details

Krispy Kreme finally revealed the number of people affected by its November cyberattack, and it's easy to see why analyzing the incident took the well-resourced company several months.…

Good to see government that values its academics (cough cough). Plus: New board criticized for lacking 'ops' people

Cybersecurity experts have started a formal review into the UK cybersecurity market, at the government's request, to identify future growth opportunities as it looks to grow the industry that's core to the country's Industrial Strategy.…

Phishing, Python and RATs, oh my

A sneaky malware campaign slithers through Cloudflare tunnel subdomains to execute in-memory malicious code and give unknown attackers long-term access to pwned machines.…

Bank and crypto outfits hit after Israeli commander mentioned attacks expanding to ‘other areas’

The government of Iran appears to have shut down the internet within its borders, perhaps in response to Israel-linked cyberattacks.…

Infostealers posing as popular cheat tools are cropping up on GitHub

Trojanized Minecraft cheat tools hosted on GitHub have secretly installed stealers that siphon credentials, crypto wallets, and other sensitive data when executed by players.…

New MCP server was shut down for nearly two weeks

Asana has fixed a bug in its Model Context Protocol (MCP) server that could have allowed users to view other organizations' data, and the experimental feature is back up and running after nearly two weeks of downtime to fix the issue.…

Version 13 can’t come soon enough

Veeam Backup & Replication users are urged to apply the latest patches that fix another critical bug leading to remote code execution (RCE) on backup servers.…

If a credential is worth protecting, it's worth protecting well.

Sponsored feature  What do flossing and multi-factor authentication (MFA) have in common? Each is highly beneficial, yet far too few people do them consistently. MFA helps protect organizations from credential-based attacks, but according to the Cyber Readiness Institute, only 35% of businesses globally bother with it.…

Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI

Interview  Iran's state-sponsored cyber operatives and hacktivists have all increased their activities since the military conflict with Israel erupted last week – but not necessarily in the way that Amazon chief information security officer CJ Moses expected.…

Quick reminder: The law that banned the app is called ‘Protecting Americans from Foreign Adversary Controlled Applications Act’

The Trump administration is set to again waive the 2024 law that requires the made-in-China social network TikTok to either sell its US operations to a local company or stop operating on US soil.…

Plus adds a ton more security capabilities for cloud customers at re:Inforce

Amazon Web Services hit a major multi-factor authentication milestone, achieving 100 percent MFA enforcement for root users across all types of AWS accounts.…