What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-01 14:30:05 | Government by Gmail catches up with UK minister... who is reappointed anyway (lien direct) | Home Secretary 'nominally in charge' of nation's security apologizes for breach of tech protocols The UK's Home Secretary – the minister in charge of policing and internal security – has been forced to apologize for breaching IT security protocols in government.… | |||
|
2022-10-31 17:30:09 | The White House\'s global ransomware summit couldn\'t come at a better time (lien direct) | As cyber threats ramp up, businesses and organizations will be hoping for more than platitudes The White House has begun its second annual International Counter Ransomware Summit in which Biden administration officials will convene with representatives of three dozen nations, the EU, and private business to discuss the growing threat posed by data-destroying cyber attacks.… | Ransomware Threat | ||
|
2022-10-31 16:30:08 | Ordinary web access request or command to malware? (lien direct) | Cranefly group unleashes nasty little technique using Microsoft Internet Information Services (IIS) logs A threat group that targets corporate emails is delivering dropper malware through a novel technique that uses Microsoft Internet Information Services (IIS) logs to send commands disguised as web access requests.… | Malware Threat | ||
|
2022-10-28 11:15:05 | Apple boosts bug bounties but may not fix some bugs in past operating systems (lien direct) | Where's your spirit of Ventura? Apple has opened up a bit about its product security, though the iGiant's slightly chattier demeanor, via a new security blog, may be appreciated less than its bug bounty upgrade.… | |||
|
2022-10-28 06:26:12 | Ubuntu continues expanding RISC-V support – now, the $17 Sipeed LicheeRV (lien direct) | As progress revealed on Android port to the open ISA Canonical has brought its Ubuntu Linux operating system to another RISC-V system: this week, Sipeed's LicheeRV single board computer.… | |||
|
2022-10-27 16:45:13 | KDE 5.26 gets a second point release (yes, already) (lien direct) | It's worth it, though. And it's easy to install the latest KDE on the latest Kubuntu KDE 5.26.2 is out with an emergency fix for a memory leak – so if you already have the new version, you should update. If you don't have 5.26, we're here to tell you how.… | |||
|
2022-10-27 05:02:15 | India fines Google another $114 million, demands Play open to third party payments (lien direct) | Ad and search giant protests even though it's already made the same changes in other countries Fresh from fining Google $162 million for abusing its Android monopoly, India's Competition Commission has announced it will fine Google another ₹936.44 crore ($114 million) for anti-competitive practices in relation to its Play store.… | |||
|
2022-10-26 23:06:26 | Feds accuse Ukrainian of renting out PC-raiding Raccoon malware to fiends (lien direct) | Separately, charges slapped on alleged operator of dark market, The Real Deal Mark Sokolovsky, 26, a Ukrainian national, is being held in the Netherlands while he awaits extradition to America on cybercrime charges, the US Justice Department said on Tuesday.… | Malware | ||
|
2022-10-26 20:31:23 | Cisco AnyConnect Windows client under active attack (lien direct) | Make sure you're patched – and update VMware Cloud Foundation, too, by the way Cisco says miscreants are exploiting two vulnerabilities in its AnyConnect Secure Mobility Client for Windows, which is supposed to ensure safe VPN access for remote workers.… | |||
|
2022-10-26 04:27:05 | If someone tries ransacking your Windows network, it\'s a bit easier now to grok in Microsoft 365 Defender (lien direct) | Blinking, beeping, and flashing lights, blinking and beeping and flashing... Microsoft is bringing Azure Active Directory Identity Protection alerts to Microsoft 365 Defender to seemingly help IT folks thwart criminals infiltrating corporate networks via compromised users.… | |||
|
2022-10-26 03:45:08 | Health insurer Medibank\'s data breach diagnosis keeps getting worse (lien direct) | All four million customers at risk of having records of medical treatments exposed Australian health insurer Medibank's data breach was today revealed to be even worse than first thought, with a regulatory filing stating that info describing all four million customers has been accessed.… | Data Breach | ||
|
2022-10-25 22:55:07 | Meta met a programming language it likes better than Java (lien direct) | Goggles giant on how it gave its Android apps a Kotlin makeover Meta, parent of Facebook, is in the midst of migrating its Android app Java code to Kotlin, a younger programming language that also relies on the Java Virtual Machine, or JVM.… | |||
|
2022-10-25 08:30:06 | Gone phishing: UK data watchdog fines construction biz £4.4m for poor infosec hygiene (lien direct) | Staff member bit on lure, ultimately exposed up to 113,000 colleagues' personal information Britain's data watchdog has slapped construction business Interserve Group with a potential £4.4 million ($4.98M) fine after a successful phishing attack by criminals exposed the personal data of up to 113,000 employees.… | |||
|
2022-10-24 22:11:11 | Payment terminal malware steals $3.3m worth of credit card numbers – so far (lien direct) | With shops leaving VNC and RDP open, quelle surprise Cybercriminals have used two strains of point-of-sale (POS) malware to steal the details of more than 167,000 credit cards from payment terminals. If sold on underground forums, the haul could net the thieves upwards of $3.3 million.… | Malware | ||
|
2022-10-24 17:00:13 | CISA, FBI warn healthcare organizations of Daixin ransomware (lien direct) | Gang was behind the attack on OakBend Medical Center Federal agencies are warning of a threat group called Daixin Team that is using ransomware and data extortion tactics to target US healthcare organizations.… | Ransomware Threat | ||
|
2022-10-24 00:15:05 | Blazing South Korean datacenter operator raided by cops, blames its own batteries (lien direct) | PLUS: Australia boosts data breach fines; India outlet drops Meta allegations; AWS spices up Thailand's cloud; and more Asia In Brief South Korean police have reportedly raided the premises of SK C&C, the operator of the datacenter that caught fire on the weekend of October 15 and disrupted the operations of local web giants Naver and Kakao.… | Data Breach | ||
|
2022-10-22 22:53:26 | Russia wages disinformation war. Ukraine\'s cyber chief calls for global anti-fake news fight (lien direct) | 'Completely new approaches should be developed to prevent the influence of this propaganda' As a hybrid offline and online war wages on in Ukraine, Viktor Zhora, who leads the country's cybersecurity agency, has had a front-row seat of it all.… | Guideline | ||
|
2022-10-21 10:28:06 | Good news, URSNIF no longer a banking trojan. Bad news, it\'s now a backdoor (lien direct) | And one designed to slip ransomware and data-stealing code onto infected machines URSNIF, the malware also known as Gozi that attempts to steal online banking credentials from victims' Windows PCs, is evolving to support extortionware.… | Ransomware Malware | ||
|
2022-10-21 04:59:12 | Windows Subsystem for Android declared ready for prime time (lien direct) | Works well, but selection of available apps is meagre First Look Microsoft has decided the Windows Subsystem for Android (WSA) – its offering that runs Android VMs which behave just like another application in Windows – is sufficiently stable that it can be designated version 1.0 and made available to all.… | |||
|
2022-10-21 01:58:07 | India fines Google $162 million for abusing Android monopoly (lien direct) | That's a whole six hours of revenue, but requirements to open the Android ecosystem will hit harder India's Competition Commission has announced it will fine Google ₹1,337.76 crore (₹13,377,600,000 or $161.5 million) for abusing its dominant position in multiple markets in the Android Mobile device ecosystem and ordered the company to open the Android ecosystem to competition.… | |||
|
2022-10-20 15:00:10 | BlueBleed: Microsoft customer data leak claimed to be \'one of the largest\' in years (lien direct) | SOCRadar says sensitive information from 150,000 companies was exposed but Redmond disputes findings Microsoft has confirmed a data leak linked to a misconfigured server for a cloud storage service but is disputing the extent of the problem.… | |||
|
2022-10-20 09:30:14 | Biden administration wants standard cyber security labelling for smart devices (lien direct) | May follow Finland and Germany in adopting Singapore's standard The Biden administration has accelerated its efforts to add cyber security labelling for consumer Internet of Things (IoT) devices, and may join other nations in adopting the scheme pioneered by Singapore.… | |||
|
2022-10-19 22:04:12 | Verizon prepaid accounts hijacked by SIM swap crooks (lien direct) | Nightmare for those with one-time security codes texted to their phones Verizon has notified some prepaid customers that their accounts were compromised and their phone numbers potentially hijacked by crooks via SIM swaps.… | |||
|
2022-10-19 07:30:12 | Germany stands down cyber boss over Russian ties (lien direct) | Involvement with lobby group that welcomed Putin's pals presses buttons Germany's government has stood down the president of its Federal Office for Information Security, Arne Schönbohm, over his links to Russia.… | |||
|
2022-10-19 06:58:09 | Kakao CEO resigns, South Korean gov hits Cyber Emergency button, after disruptive data centre fire (lien direct) | Almost, but not quite, that moment of Big Tech accountability you've been waiting for One of the CEOs of South Korean super-app Kakao has resigned in the wake of the data centre fire that disrupted it and other web giants.… | |||
|
2022-10-18 11:44:09 | (Déjà vu) Upstart Ransom Cartel linked to REvil veterans (lien direct) | Lesser of two REvils? There's a relationship, say infosec bods, but not enough to say one evolved into the other It has been almost a year since the ransomware gang Ransom Cartel was first detected and the crew over that time has racked up a steady drumbeat of victims in such countries as the United States and France and from a broad array of industry sectors.… | Ransomware | ||
|
2022-10-18 11:44:09 | Ransom Cartel linked to Colonial Pipeline attacker REvil, says infosec crew (lien direct) | The lesser of two REvils? There's a relationship there, but not enough to say one evolved into the other It has been almost a year since the emerging ransomware gang Ransom Cartel was first detected and the group over that time has racked up a steady drumbeat of victims in such countries as the United States and France and from a broad array of industry sectors.… | Ransomware | ||
|
2022-10-18 07:31:14 | Imagine surviving a wiper attack only for ransomware to scramble your restored files (lien direct) | Then again, imagine being invaded by Russia Organizations hit earlier by the HermeticWiper malware have reportedly been menaced by ransomware unleashed this month against transportation and logistics industries in Ukraine and Poland.… | Ransomware Malware | ||
|
2022-10-18 06:27:06 | Cops swoop after crooks use wireless keyfob hack to steal cars (lien direct) | Hotwiring is so 2021 Europol this week said it has arrested 31 people in a crackdown on a car-theft ring that developed and used a technique to steal keyless vehicles.… | Hack | ||
|
2022-10-17 05:58:14 | Loathsome eighties ladder-climber levelled by a custom DOS prompt (lien direct) | This wasn't WarGames – it was far more serious Who, Me? The working week is upon us again, so what better way to mark it than with another of The Reg's weekly tales of readers getting away with it after perhaps not having done their very best work.… | |||
|
2022-10-16 22:46:14 | Xi Jinping hails \'improved cyber ecology\', says state to direct strategic tech research (lien direct) | Samsung and TSMC hit with chip tech patent suit; Ant Group's DB hits AWS; PayPal drops Hong Kong rights group; and more Asia In Brief Chinese president Xi Jinping has opened the 20th Congress of the Chinese Communist Party with a call for the nation he leads to win the race for development of “core technologies” and to become self-reliant in strategic tech.… | Guideline | ||
|
2022-10-14 08:32:11 | LockBit 3.0 malware forced NHS tech supplier to shut down hosted sites (lien direct) | Managed software provider Advanced admits some customer data 'exfiltrated' in August ransomware attack Advanced, a managed software provider to the UK National Health Service, has confirmed that customer data was indeed lifted as part of the attack by cyber baddies that has disrupted operations for months.… | Ransomware Malware | ||
|
2022-10-13 23:35:05 | Banks face their \'darkest hour\' as malware steps up, maker of antivirus says (lien direct) | When I saw it, I had to reverse engineer it, Kaspersky's lead security researcher tells us Interview Crimeware targeting banks and other financial-services organizations today features sophisticated capabilities and evasion tools, according to Kaspersky's lead security researcher Sergey Lozhkin.… | Malware Guideline | ||
|
2022-10-11 14:00:11 | Samsung\'s Ukraine headquarters damaged by Russian missile strike (lien direct) | R&D Center focuses on autonomous AI, otherwise known as On-Device AI Samsung's Ukraine headquarters were damaged during a Russian attack on Kyiv that began Monday morning and which killed at least 14, injuring others.… | |||
|
2022-10-11 10:32:14 | Fortinet warns of critical flaw in its security appliance OSes, admin panels (lien direct) | Naturally, they're already under attack – so you know what to do next Security appliance vendor Fortinet has become the subject of a bug report by its own FortiGuard Labs after the discovery of a critical-rated flaw in three of its products.… | |||
|
2022-10-11 04:57:05 | Optus data breach prompts pincer movement of twin regulatory probes (lien direct) | Data retention requirements to be considered alongside infosec failings Australian carrier Optus's recent data breach will be investigated by two regulators, the double trouble likely an indicator of the nation's displeasure at the incident – which saw almost ten million locals' personal data exposed online.… | Data Breach | ★★★ | |
|
2022-10-10 16:45:13 | Intel Alder Lake BIOS code leak may contain vital secrets (lien direct) | Gurus say source includes secret hardware info, private signing key for Boot Guard protection Source code for the BIOS used with Intel's 12th-gen Core processors has been leaked online, possibly including details of undocumented model-specific registers (MSRs) and even the private signing key for Intel's Boot Guard security technology.… | |||
|
2022-10-10 10:47:12 | Singtel confirms digital burglary at Dialog subsidiary (lien direct) | Second of Singapore telco's Australian businesses to be prised open by criminals in weeks Singtel has confirmed that another Australian business it owns, consulting unit Dialog, has fallen victim to a cyber burglary just weeks after the mammoth data leak at telco Optus was revealed.… | |||
|
2022-10-10 09:29:11 | Criminal multitool LilithBot arrives on malware-as-a-service scene (lien direct) | Bespoke botnet up for grabs from outfit praised for, er, customer service A Russia based threat group that set up a malware distribution shop earlier this year is behind a Swiss Army knife-like botnet that comes with a range of other malicious capabilities, from stealing information to mining cryptocurrency.… | Malware Threat | ||
|
2022-10-09 08:12:08 | When are we gonna stop calling it ransomware? It\'s just data kidnapping now (lien direct) | It's not like the good old days with iffy cryptography and begging for keys Comment It's getting difficult these days to find a ransomware group that doesn't steal data and promise not to sell it if a ransom is paid off. What's more, these criminals are going down the extortion-only route, and not even bothering to scramble your files with encryption.… | Ransomware | ||
|
2022-10-08 10:56:05 | Biden\'s Privacy Shield 2.0 order may not satisfy Europe (lien direct) | Also, Albania almost called in NATO over cyber attacks, and Facebook warns of account-stealing mobile apps In brief An executive order signed by President Biden on Friday to setting out fresh rules on how the US and Europe share people's private personal info may still fall short of the EU's wishes, says the privacy advocate who defeated the previous regulations in court.… | |||
|
2022-10-06 17:30:13 | FBI, CISA aren\'t worried about cyber threats to US midterms (lien direct) | Besides, authorities are plenty familiar with what foreign interference looks like The FBI and Cybersecurity and Infrastructure Security Agency (CISA) claim any foreign interference in the 2022 US midterm elections is unlikely to disrupt or prevent voting, compromise ballot integrity or manipulate votes at scale.… | |||
|
2022-10-06 07:22:07 | AI eye-scanner can tell whether you\'ll croak it from a heart attack (lien direct) | If and when this hits the mainstream, who's going to trust their retinas to random models? AI algorithms can predict whether a patient is at risk of suffering a stroke, heart attack, or dying from heart disease just by studying images of their retinas, according to research out of England.… | |||
|
2022-10-06 00:33:21 | Former Uber CSO convicted of covering up massive 2016 data theft (lien direct) | Passing off a ransom payment as a bug bounty? That's obstruction of justice Joe Sullivan, Uber's former chief security officer, has been found guilty of illegally covering up the theft of Uber drivers and customers' personal information.… | Uber Uber | ||
|
2022-10-05 05:31:06 | DoJ \'very disappointed\' with probation sentence for Capital One hacker Paige Thompson (lien direct) | 'This is not what justice looks like' says US attorney of sanction for leak of 100 million records Convicted wire fraud perpetrator Paige Thompson (aka "erratic") has been sentenced to time served and five years of probation with location and computer monitoring, prompting U.S. Attorney Nick Brown to label the sanctions unsatisfactory.… | |||
|
2022-10-05 02:15:05 | No Shangri-La for you: Top hotel chain confirms data leak (lien direct) | In Xanadu did Kubla Khan a stately pleasure-dome decree Hotel chain Shangri-La Group has admitted to its systems being attacked, and personal data describing guests accessed by unknown parties, over a timeframe that includes the dates on which a high-level international defence conference was staged at one of its Singapore properties.… | |||
|
2022-10-04 16:15:07 | Microsoft: Watch out for password spray attacks – especially you, Basic Auth (lien direct) | Exchange Online users should have authentication policies in place Microsoft is warning Exchange Online users about a rise in password spray attacks, urging those that have yet to disable Basic Authentication to at least set up authentication policies to protect their users and data.… | |||
|
2022-10-04 11:32:15 | Don\'t mind Facebook, just putting its own browser in its Android app (lien direct) | Totally not for data collection Analysis Meta's Facebook has been testing its own custom-browser engine within its Android app and plans to distribute the code more widely, ostensibly for the sake of better security and an improved user experience.… | |||
|
2022-10-04 05:56:10 | Japanese sushi chain boss resigns amid accusation of improper data access (lien direct) | Data theft stinks, says victim. Alleged perp claims he's getting a raw deal The president of casual Japanese chain restaurant Kappa Sushi resigned yesterday in the wake of a data-theft scandal that has rocked the world of sushi trains.… | |||
|
2022-10-03 10:00:10 | Between ransomware and month-long engagements, IR teams need a hug - and a nap (lien direct) | Here's what 1,100 incident responders say about their jobs, just in time for NSCAM Remember the good old days of cyber-incident response, when the job involved digital forensics and lots of stolen credit cards, as opposed to power-grid-breaking malware and multi-million-dollar ransom demands?… | Ransomware Malware |
To see everything:
