News

MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade

A US defense contractor will cough up $4.6 million to settle complaints it failed to meet cybersecurity requirements on military contracts and knowingly submitted false claims for payment.…

Victims' details at risk after criminals download 9,000 files from court database

Australian police are currently investigating the theft of "sensitive" data from a New South Wales court system after they confirmed approximately 9,000 files were stolen.…

Bad news about the Linux system monitor may be on the way

Veteran sysadmin and tech blogger Rachel Kroll posted a cryptic warning yesterday about a popular Linux system monitoring tool. Maybe it's better to be safe than sorry.…

Who knew social media stars had a role to play in building national cyber resilience?

The world's biggest brands have benefited from influencer marketing for years – now the UK's National Cyber Security Centre (NCSC) has hopped on the bandwagon to preach two-factor authentication (2FA) to the masses.…

Customers come forward claiming info was swiped from prod

Oracle Cloud's denial of a digital break-in is now in clear dispute. A infosec researcher working on validating claims that the cloud provider's login servers were compromised earlier this year says some customers have confirmed data allegedly stolen and leaked from the database giant is genuine.…

16,000 stolen records pertain to former and active mail subscribers

Infosec veteran Troy Hunt of HaveIBeenPwned fame is notifying thousands of people after phishers scooped up his Mailchimp mailing list.…

Just an FYI, like

Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.…

There's only one rule – don't attack Russia, duh

Check Point has spotted a fresh ransomware-as-a-service crew in town: VanHelsing, touting a cross-platform locker targeting Microsoft Windows, Linux, and VMware ESXi systems, among others. But so far, only Windows machines have fallen victim, we're told.…

Time to update your firmware, if you can, to one with the security fixes, cough cough

DrayTek router owners in the UK and beyond had a pretty miserable weekend after some ISPs began to notice a lot of their customers' gateways going offline.…

How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently

Cloudy infosec outfit Wiz has discovered serious vulnerabilities in the admission controller component of Ingress-Nginx Controller that could allow the total takeover of Kubernetes clusters – and thinks more than 6,000 deployments of the software are at risk on the internet.…

Kari, OK, we'll see you in court

An organization that bankrolls various internet security projects has asked a Washington DC court to prevent the Trump administration from cancelling its federal funding – and expressed fears that if the cash stops flowing, the tools it supports could become harder to access.…

Massive OPSEC fail from the side who brought you 'lock her up'

Senior Trump administration officials used the messaging app Signal to discuss secret government business – including detailed plans to attack Houthi rebels in Yemen - and accidentally invited a journalist to join the group in which they chatted.…

Be vewy vewy quiet, I'm hunting rackets

The FCC is investigating whether Chinese manufacturers black-listed on its so-called Covered List - including Huawei - are still somehow doing business in America, either by misreading the rules or willfully ignoring them.…

Ex-US Air Force officer says companies shouldn't wait for govt mandates

Interview  Former US Air Force cyber officer Sarah Cleveland worries about the threat of a major supply-chain attack from China or another adversarial nation. So she installed solar panels on her house: "Because what if the electric grid goes down?" …

Looking to sort through large volumes of security info? Redmond has your backend

Microsoft's Security Copilot is getting some degree of agency, allowing the underlying AI model to interact more broadly with the company's security software to automate various tasks.…

CEO steps down after multiple failed attempts to take the DNA testing company private

Beleaguered DNA testing biz 23andMe - hit by a massive cyber attack in 2023 - is filing for bankruptcy protection in the US following years of financial uncertainty.…

It's been a very busy week for Digicash Donald's administration

Analysis  Is the US retreating from its hardline stance on crypto? On Friday, the US Treasury Department lifted sanctions imposed on notorious crypto mixer Tornado Cash, once accused of washing billions in illicit crypto for criminals and nation-states alike.…

Throw a spanner in the works, best get good at fixing things. Now, where did you put that spanner?

Opinion  Never attribute to malice that which is adequately explained by stupidity. This works well in sane times, less so when "but it's both" is the default. Apply it to Microsoft's decision to make bug reports include not only a working example but a video of the same, and the meter oscillates wildly. What were they thinking? What did they expect?…

PLUS: Russian bug-buyers seeks Telegram flaws; Another WordPress security mess; NIST backlog grows; and more!

Infosec In Brief  Organized crime networks are now reliant on digital tech for most of their activities according to Europol, the European agency that fights international crime on the continent and beyond.…

PLUS: Zoho's Ulaa anointed India’s most patriotic browser; Typhoon-like gang targets Taiwan; Japan debates offensive cyber-ops; and more

Asia In Brief  China’s Cyberspace Administration and Ministry of Public Security have outlawed the use of facial recognition without consent.…