PLUS: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns In Brief Protecting your privacy online is hard. So hard, in fact, that even a top Israeli spy who managed to stay incognito for 20…
What happened, how it was found, and what your vultures have made of it all Kettle It’s been about a week since the shock discovery of a hidden and truly sophisticated backdoor in the xz software library that ordinarily is…
In what other sphere does a bad supplier not feel pain for its foulups? Analysis You might think that when a government supplier fails in one of its key duties it would find itself shunned or at least feel financial…
Attacks could be completed in seconds, compromising customer safety A self-service check-in terminal used in a German Ibis budget hotel was found leaking hotel room keycodes, and the researcher behind the discovery claims the issue could potentially affect hotels around…
Just disabling Siri requires visits to five submenus A study has concluded that Apple’s privacy practices aren’t particularly effective, because default apps on the iPhone and Mac have limited privacy settings and confusing configuration options.… This article has been indexed…
Also makes components for chips, displays, and hard disks, and has spent four days groping for a fix If ever there was an incident that brings the need for good infosec into sharp focus, this is the one: Japan’s Hoya…
State Dept keeps schtum ‘for security reasons’ Updated Uncle Sam is investigating claims that some miscreant stole and leaked classified information from the Pentagon and other national security agencies.… This article has been indexed from The Register – Security Read…
State Dept keeps schtum ‘for security reasons’ Uncle Sam is investigating claims that a criminal stole and leaked classified information from the Pentagon and other national security agencies.… This article has been indexed from The Register – Security Read the…
CEO addresses whirlwind start to 2024 and how it plans to prevent a repeat Ivanti has committed to adopting a secure-by-design approach to security as it gears up for an organizational overhaul in response to the multiple vulnerabilities in Connect…
INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs Leicester City Council is finally admitting its “cyber incident” was carried out by a ransomware gang and that data was stolen, hours after the criminals forced…
Watch this webinar for a hair raising journey into the darkest depths of GenAI enabled cyber crime Sponsored Post Artificial intelligence (AI) offers enormous commercial potential but also substantial risks to data security if it is harnessed by cyber criminals…
Is there no cure for this cyber-plague? Nearly one million individuals’ personal details, financial account information, and medical records may have been stolen from City of Hope systems in the United States.… This article has been indexed from The Register…
As WhatsApp, Facebook Messenger, and more fall offline today Luxury resort chain Omni Hotels & Resorts has had its computer systems knocked offline since Friday in what it has described as a “disruption,” though sounds a lot like the MGM…
A man with a list of accolades long enough for several lifetimes, friends remember his brilliance Obituary Venerable computer scientist and information security expert Ross Anderson has died at the age of 67.… This article has been indexed from The…
Device Bound Session Credentials said to render cookie theft useless Google reckons that cookie theft is a problem for users, and is seeking to address it with a mechanism to tie authentication data to a specific device, rendering any stolen…
Web devs advised to do their part to limit UI redress attacks Web browsers still struggle to prevent clickjacking, an attack technique first noted in 2008 that repurposes web page interface elements to deceive visitors.… This article has been indexed…
CISA calls for ‘fundamental, security-focused reforms’ to happen ASAP, delaying work on other software A review of the June 2023 attack on Microsoft’s Exchange Online hosted email service – which saw accounts used by senior US officials compromised by a…
CISA calls for ‘fundamental, security-focused reforms’ to happen ASAP, delaying work on other software A review of the June 2023 attack on Microsoft’s Exchange Online hosted email service – which saw accounts used by senior US officials compromised by a…
And Diameter, too, for good measure The FCC appears to finally be stepping up efforts to secure decades-old flaws in American telephone networks that are allegedly being used by foreign governments and surveillance outfits to remotely spy on and monitor…
Irony alerts: Open Web Application Security Project Foundation suffers lapse A misconfigured MediaWiki web server allowed digital snoops to access members’ resumes containing their personal details at the Open Web Application Security Project (OWASP) Foundation.… This article has been indexed…