Top

Tag: Featured


Threats & Malware, Virus & Malware

Russia’s FIN7 is peddling its EDR-nerfing malware to ransomware gangs

July 18, 2024

Via: The Register

Prolific Russian cybercrime syndicate FIN7 is using various pseudonyms to sell its custom security solution-disabling malware to different ransomware gangs. AvNeutralizer malware was previously thought to be solely linked to the Black Basta group, but fresh research has uncovered various […]


Application security, Security

Firms skip security reviews of major app updates about half the time

July 18, 2024

Via: The Register

Cyber security workers only review major updates to software applications only 54 percent of the time, according to a poll of tech managers. That figure comes from CrowdStrike, which recently published [PDF] its 2024 State of Application Security Report. It’s […]


Application security, Security

Kaspersky gives US customers six months of free updates as a parting gift

July 17, 2024

Via: The Register

Embattled Russian infosec shop Kaspersky is giving US customers six months of security updates for free as a parting gift as Uncle Sam kicks the antivirus maker out of the American market. In a farewell note to US users, the […]


Cyber-crime, Malware

Ransomware continues to pile on costs for critical infrastructure victims

July 17, 2024

Via: The Register

Costs associated with ransomware attacks on critical national infrastructure (CNI) organizations skyrocketed in the past year. According to Sophos’ latest figures, released today, the median ransom payments rose to $2.54 million – a whopping 41 times last year’s sum of […]


Access control, Security

Google removes enrollment barrier for prospective Advanced Protection Program users

July 10, 2024

Via: Help Net Security

Google has removed a potential obstacle for high-risk users who want to enroll in the company’s Advanced Protection Program (APP): they can now do it just by setting a passkey. Users already enrolled in APP have been provided the option […]


Cyber-crime, Malware

Evolve Bank & Trust confirms LockBit stole 7.6 million people’s data

July 9, 2024

Via: The Register

Evolve Bank & Trust says the data of more than 7.6 million customers was stolen during the LockBit break-in in late May, per a fresh filing with Maine’s attorney general. The filing lists the total number of persons affected (including […]


Threats & Malware, Virus & Malware

Houthi rebels are operating their own GuardZoo spyware

July 9, 2024

Via: The Register

When it comes to surveillance malware, sophisticated spyware with complex capabilities tends to hog the limelight – for example NSO Group’s Pegasus, which is sold to established governments. But it’s actually less polished kit that you’ve never heard of, like […]


Data loss, Threats & Malware

Not-so-OpenAI allegedly never bothered to report 2023 data breach

July 8, 2024

Via: The Register

It’s been a week of bad cyber security revelations for OpenAI, after news emerged that the startup failed to report a 2023 breach of its systems to anybody outside the organization, and that its ChatGPT app for macOS was coded […]


Access control, Security

Selfie-based authentication raises eyebrows among infosec experts

July 8, 2024

Via: The Register

The use of selfies to verify identity online is an emerging trend in some parts of the world since the pandemic forced more business to go digital. Some banks – and even governments – have begun requiring live images over […]


Network security, Security

Ensuring Data Security in Global Talent Outsourcing: Strategies for Mitigating Risks

July 3, 2024

Via: SecureWorld

Organizations increasingly rely on global talent outsourcing to bolster their cybersecurity capabilities. By tapping into a vast pool of skilled professionals worldwide, companies can address skill shortages, optimize costs, and gain access to specialized expertise. However, this trend also introduces […]


Data loss, Threats & Malware

Affirm admits customer info pwned in ransomware raid at Evolve Bank

July 2, 2024

Via: The Register

The number of financial institutions caught up in the ransomware attack on Evolve Bank & Trust continues to rise as fintech businesses Wise and Affirm both confirm they have been materially affected. News of Evolve being compromised by extortionists broke […]


Threats & Malware, Vulnerabilities

Thousands of servers could be at risk due to major OpenSSH security flaw

July 2, 2024

Via: TechRadar

OpenSSH, regarded as one of the “most secure software implementations in the world” has a “glaring gap” that allows threat actors to completely take over Linux systems that have it installed, experts have warned. A report from Qualys claims the […]


Network security, Security

Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk

July 1, 2024

Via: The Register

Glibc-based Linux systems are vulnerable to a new bug (CVE-2024-6387) in OpenSSH’s server (sshd) and should upgrade to the latest version. Infosec researchers at Qualys published their findings today, revealing that sshd is vulnerable to a race condition that could […]


Network security, Security

Polyfill.io claims reveal new cracks in supply chain, but how deep do they go?

July 1, 2024

Via: The Register

Libraries. Hushed temples to the civilizing power of knowledge, or launchpads of global destruction? Yep, another word tech has borrowed and debased. Code libraries are essential for adding just the right standard tested functionality to a project. They’re also a […]


Data loss, Threats & Malware

Microsoft blamed for million-plus patient record theft at US hospital giant

June 26, 2024

Via: The Register

American healthcare provider Geisinger fears highly personal data on more than a million of its patients has been stolen – and claimed a former employee at a Microsoft subsidiary is the likely culprit. Geisinger on Monday announced the results of […]


Threats & Malware, Vulnerabilities

CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities

June 25, 2024

Via: The Register

US cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool (CSAT) portal. CSAT is used by industry facilities that house chemicals of interest, of which there are […]


Cyber-crime, Malware

Ransomware thieves beware

June 25, 2024

Via: The Register

You know that a technology problem is serious when the White House holds a summit about it. Ransomware is no longer a simple nerd-borne irritation; it’s an organized criminal scourge. Research from the Enterprise Systems Group (ESG) found 79 percent […]


Data loss, Threats & Malware

Levi’s and more affected in pants-dropping week of data breaches

June 24, 2024

Via: The Register

There were data breaches galore in the US last week with various major incidents reported to state attorneys general, some in good time, some not. We’ve got our top picks here for you, starting with the US’s most legendary denim […]


Network security, Security

Meta, Microsoft SQL Server make strange bedfellows on a couch of cyber-pain

June 24, 2024

Via: The Register

When two stories from opposite ends of the IT universe boil down to the same thing, sound the klaxons. At the uber-fashionable AI end of tech, Meta has grudgingly complied with a ruling not to feed European social media crap […]


Cyber warfare, Cyber-crime

Russia’s cyber spies still threatening French national security, democracy

June 20, 2024

Via: The Register

A fresh report into the Nobelium offensive cyber crew published by France’s computer emergency response team (CERT-FR) highlights the group’s latest tricks as the country prepares for a major election and to host this year’s Olympic and Paralympic Games. Most […]