Top

Tag: Cybersecurity


Application security, Security

Firms skip security reviews of major app updates about half the time

July 18, 2024

Via: The Register

Cyber security workers only review major updates to software applications only 54 percent of the time, according to a poll of tech managers. That figure comes from CrowdStrike, which recently published [PDF] its 2024 State of Application Security Report. It’s […]


Application security, Security

Kaspersky gives US customers six months of free updates as a parting gift

July 17, 2024

Via: The Register

Embattled Russian infosec shop Kaspersky is giving US customers six months of security updates for free as a parting gift as Uncle Sam kicks the antivirus maker out of the American market. In a farewell note to US users, the […]


Cyber-crime, Malware

Ransomware continues to pile on costs for critical infrastructure victims

July 17, 2024

Via: The Register

Costs associated with ransomware attacks on critical national infrastructure (CNI) organizations skyrocketed in the past year. According to Sophos’ latest figures, released today, the median ransom payments rose to $2.54 million – a whopping 41 times last year’s sum of […]


Cyber-crime, Malware

Evolve Bank & Trust confirms LockBit stole 7.6 million people’s data

July 9, 2024

Via: The Register

Evolve Bank & Trust says the data of more than 7.6 million customers was stolen during the LockBit break-in in late May, per a fresh filing with Maine’s attorney general. The filing lists the total number of persons affected (including […]


Access control, Security

Selfie-based authentication raises eyebrows among infosec experts

July 8, 2024

Via: The Register

The use of selfies to verify identity online is an emerging trend in some parts of the world since the pandemic forced more business to go digital. Some banks – and even governments – have begun requiring live images over […]


Threats & Malware, Vulnerabilities

Traeger security bugs bad news for grillers with neighborly beef

July 5, 2024

Via: The Register

Keen meatheads better hope they haven’t angered any cybersecurity folk before allowing their Traeger grills to update because a new high-severity vulnerability could be used for all kinds of high jinks. With summer in full swing in the northern hemisphere, […]


Data loss, Threats & Malware

Affirm admits customer info pwned in ransomware raid at Evolve Bank

July 2, 2024

Via: The Register

The number of financial institutions caught up in the ransomware attack on Evolve Bank & Trust continues to rise as fintech businesses Wise and Affirm both confirm they have been materially affected. News of Evolve being compromised by extortionists broke […]


Network security, Security

Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk

July 1, 2024

Via: The Register

Glibc-based Linux systems are vulnerable to a new bug (CVE-2024-6387) in OpenSSH’s server (sshd) and should upgrade to the latest version. Infosec researchers at Qualys published their findings today, revealing that sshd is vulnerable to a race condition that could […]


Editorial

Blackbaud to pay $49.5 million in settlements for 2020 data breach

June 28, 2024

Via: Camila Mendes

With a hefty settlement fee of $49.5 million, Blackbaud’s cybersecurity nightmare has come to an end.  In a damning finding, the Federal Trade Commission concluded that Blackbaud’s “lax security” is what enabled the threat actors to gain access to sensitive […]


Data loss, Threats & Malware

Microsoft blamed for million-plus patient record theft at US hospital giant

June 26, 2024

Via: The Register

American healthcare provider Geisinger fears highly personal data on more than a million of its patients has been stolen – and claimed a former employee at a Microsoft subsidiary is the likely culprit. Geisinger on Monday announced the results of […]


Threats & Malware, Vulnerabilities

Batten down the hatches, it’s time to patch some more MOVEit bugs

June 26, 2024

Via: The Register

Thought last year’s MOVEit hellscape was well and truly behind you? Unlucky, buster. We’re back for round two after Progress Software lifted the lid on fresh vulnerabilities affecting MOVEit Transfer and Gateway. Progress Software initially contacted users on June 13 […]


Threats & Malware, Vulnerabilities

CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities

June 25, 2024

Via: The Register

US cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool (CSAT) portal. CSAT is used by industry facilities that house chemicals of interest, of which there are […]


Threats & Malware, Virus & Malware

Car dealer software bigshot CDK pulls systems offline twice amid ‘cyber incident’

June 21, 2024

Via: The Register

The vendor behind the software on which nearly 15,000 car dealerships across the US rely says an ongoing “cyber incident” has forced it to pull systems offline for a second time in as many days. CDK Global first shut down […]


Cyber warfare, Cyber-crime

Russia’s cyber spies still threatening French national security, democracy

June 20, 2024

Via: The Register

A fresh report into the Nobelium offensive cyber crew published by France’s computer emergency response team (CERT-FR) highlights the group’s latest tricks as the country prepares for a major election and to host this year’s Olympic and Paralympic Games. Most […]


Threats & Malware, Vulnerabilities

Security bug could have allowed anyone to spoof Microsoft employee emails

June 19, 2024

Via: TechRadar

Security researchers recently claimed to have found a flaw that could allow threat actors to spoof Microsoft corporate emails. A cybersecurity researcher with the alias Slonser (full name Vsevolod Kokorin, according to TechCrunch) recently posted on X with a telling […]


Data loss, Threats & Malware

Christie’s confirms RansomHub crooks stole data on 45K clients

June 10, 2024

Via: The Register

Auction house to the wealthy Christie’s says 45,798 people were affected by its recent cyberattack and resulting data theft. That’s according to public filings made with US state attorneys general on Friday, which also included template letters that are being […]


Network security, Security

26% of organizations lack any form of IT security training

June 7, 2024

Via: Help Net Security

26% of organizations don’t provide IT security training to end-users, according to Hornetsecurity. The Hornetsecurity survey, which compiled feedback from industry professionals worldwide, also reveals that 8% of organizations offer adaptive training that evolves based on the results of regular […]


Data loss, Threats & Malware

Cybercriminals raid BBC pension database, steal records of over 25,000 people

May 30, 2024

Via: The Register

The BBC has emailed more than 25,000 current and former employees on one of its pension schemes after an unauthorized party broke into a database and stole their personal data. Names, national insurance numbers, dates of birth, sexes, and home […]


Hacker, Threats & Malware

IT worker sued over ‘vengeful’ cyber harassment of policeman who issued a jaywalking ticket

May 30, 2024

Via: The Register

In an ongoing civil lawsuit, an IT worker is accused of launching a “destructive cyber campaign of hate and revenge” against a police officer and his family after being issued with a ticket for jaywalking. The allegations against John Christopher […]


Threats & Malware, Virus & Malware

Auction house Christie’s confirms criminals stole some client data

May 28, 2024

Via: The Register

The revelation follows an incident from earlier in May that forced the auction house’s online bidding system offline, an event which the company said at the time was due to a “technology security issue.” It also closely follows the RansomHub […]