Meta and Twitter want a review of Australian government's social media laws next year

All testimonies before the Select Committee on Social Media and Online Safety on Tuesday called for social media companies to be held more responsible for the trolling that resides on their platforms.

Will 2022 Be the Year of the Software Bill of Materials?

Praise be & pass the recipe for the software soup: There's too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable.

IOC disputes Citizen Lab assessment of security concerns around Chinese Olympics app

Controversy has swirled around China's MY2022 Olympics due to several privacy and security vulnerabilities.

Researchers Explore Hacking VirusTotal to Find Stolen Credentials

VirusTotal can be used to collect large amounts of credentials without infecting an organization or buying them online, researchers found.

US examining Alibaba's cloud unit

For national security risks.

The Log4j Vulnerability Puts Pressure on the Security World

It's time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking.

2,300+ local governments, schools, healthcare providers impacted by ransomware in 2021

An Emsisoft report found that more than 1,000 schools were disrupted by ransomware incidents in 2021.

Kovrr Translates Cyber Risk into Business Impact with its Quantum Platform

On-demand cyber risk quantification platform enables C-suite to prioritize and justify cybersecurity investments through financial quantification.

International police shut down 15 server infrastructures as part of VPNLab.net's takedown

VPN service used by crims to support ransomware attacks and other illicit activity Some 15 server infrastructures used by crims to prepare ransomware attacks were seized by cops yesterday as part of an international sting to take down VPNLab.net.…

Name That Toon: Nowhere to Hide

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Microsoft Warns Of Destructive Disk Wiper Targeting Ukraine

Critical ManageEngine Desktop Server Bug Opens Orgs To Malware

5 Reasons Why M&A Is the Engine Driving Cybersecurity

Consistent acquisition of key technologies and talent is a proven strategy for growth.

More contractor pain: Parasol's sister firms, SJD Accountancy and Nixon Williams, confirm cyberattack

Ransomware suspected but not confirmed SJD Accountancy and Nixon Williams – both contractor-focused beancounting firms owned by the same corporate parent as cyber-attack-struck UK umbrella company Parasol – have been hit by online attackers.…

Organizations Face a ‘Losing Battle’ Against Vulnerabilities

Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said.

Singapore monetary authority threatens action on bank over widespread phishing scam

Scam has claimed 469 victims in December alone, of which OCBC has issued goodwill payments to 30 The Monetary Authority of Singapore says it is considering supervisory action against Southeast Asia's second largest bank, Oversea-Chinese Banking Corporatio ...

Microsoft patches the patch that broke VPNs, Hyper-V, and left servers in boot loops

Testing? Isn't that what users are for? Microsoft has patched the patch that broke chunks of Windows and emitted fixes for a Patch Tuesday cock-up that left servers rebooting and VPNs disconnected.…

UK government announces crackdown on cryptocurrency adverts

Officials want to ensure ads are "fair and clear".

This VPN service used by cyber criminals to deliver ransomware has just been taken down by police

Joint action supported by Europol has seized servers used by criminals and identified more than 100 businesses that have fallen victim to attacks.

Managers think their systems are unbreakable. Cybersecurity teams aren't so sure

The World Economic Forum warns about a significant gap in understanding between C-suites and information security staff - but it's possible to close the gap.

Polish commission told more phone-hacking victims likely

Using spyware developed by Israel-based NSO Group.

Singapore cautions against marketing of cryptocurrency services to public

Monetary Authority of Singapore warns again about the high risks involved in cryptocurrency trading and instructs providers of such services not to publicly promote or advertise their offerings, as doing so may encourage consumers to trade on impulse.

Bug in WebKit's IndexedDB implementation makes Safari 15 leak Google account info... and more

Glitch is spilling private data and there's not much Apple users can do about it An improperly implemented API that stores data on browsers has caused a vulnerability in Safari 15 that leaks user internet activity and personal identifiers.…

Ukraine blames Belarus for PC-wiping 'ransomware' that has no recovery method and nukes target boxen

And for last week's digital graffiti operations, too After last week's website defacements, Ukraine is now being targeted by boot record-wiping malware that looks like ransomware but with one crucial difference: there's no recovery method. Officials have ...

Mastering the Art of Cloud Tagging Using Data Science

Cloud tagging, the process of labeling cloud assets by certain attributes or operational values, can unlock behavioral insights to optimize and automate cyber asset management at scale.

Umbrella company Parasol Group confirms cyber attack as 'root cause' of prolonged network outage

'Malicious activity on our network' spotted, says CEO, as some contractors say they've still not been paid Umbrella company Parasol Group has confirmed why it shut down part of its IT last week: it found unauthorised activity from an intruder.…

Linux malware is on the rise. Here are three top threats right now

Internet of Things devices are driving up the number of Linux malware variants.

NYC school platform outage complicating COVID-19 tracing efforts

Illuminate Education said it is "working to restore service as soon as possible" after a security incident shut down the platform.

Transport for NSW's former CISO lands at Interactive

Leads cyber security practice.

For security alone, we could try paying open source projects properly

Instead of running around like headless chooks because a widely used piece of open source software is maintained by volunteers and has a massive hole in it, imagine paying someone to look after such software properly.

Microsoft says 'destructive malware' being used against Ukrainian organizations

Security teams at Microsoft said the malware first appeared on victim systems in Ukraine on January 13.

Microsoft observes destructive malware in Ukraine govt agency systems

After cyber attack.

Ukraine says more than 70 government websites were defaced, 10 were subjected to 'unauthorized interference'

Ukraine denied that any data was stolen during the attack and said there are signs that hackers associated with "Russian secret services" were behind the incident.

Friday Squid Blogging: The Evolution of Squid Eyes

New research: The researchers from the FAS Center for Systems Biology discovered a network of genes important in squid eye development that are known to also play a crucial role in limb development across animals, including vertebrates and insects. The sc ...

Russia Takes Down REvil Ransomware Operation, Arrests Key Members

Timing of the move has evoked at least some skepticism from security experts about the country's true motives.

The Cybersecurity Measures CTOs Are Actually Implementing

Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.

White House Meets With Software Firms and Open Source Orgs on Security

The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.

Real Big Phish: Mobile Phishing & Managing User Fallibility

Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.

Critical Cisco Contact Center Bug Threatens Customer-Service Havoc

Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers.

Multi-day IT systems outage whacks umbrella biz Parasol Group amid fears of a cyber attack

Contractors say they haven't been paid, and are in the dark too Contractors employed via umbrella company Parasol Group are increasingly nervous about a multi-day outage of some IT systems used to process payroll, with several suspecting a security attack ...

BioPlus Faces Class-Action Lawsuit Over Security Measures

Three Plugins With Same Bug Put 84k WordPress Sites At Risk

REvil Ransomware Gang Arrested In Russia

Russian authorities take down REvil ransomware gang

Action is taken following requests by the US.

Three Plugins with Same Bug Put 84K WordPress Sites at Risk

Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform.

Cold calling 02 scam artists are offering 40% plan discounts, free phone contracts for your security code

They don't seem to like it when you call them out, though.

Amazon fixes security flaw in AWS Glue service

Amazon Web Services fixes a flaw that could give an attacker access to data of other users on its Glue managed data integration service.

Dark web carding platform UniCC shuts up shop after making millions

The operators have apparently made enough to keep them happy in retirement.

A 'massive' hacking attack has hit government websites in Ukraine

The European Union says it will help Ukraine fight cyberattacks after 'provocative messages' left on ministry websites.

Visibility, immutability, security … a revolutionary approach to fighting off ransomware

This webinar shows how throwing up barricades isn’t enough anymore Webinar  It’s a truism that your data is your organisation's most precious asset. Here’s another. Once data is backed up, many organisations tend to forget about it.…

Singapore busts network hawking contraband e-vaporisers via Telegram

Health Sciences Authority says smugglers and peddlers have tapped messaging apps, such as Telegram and WeChat, to advertise and sell e-vaporisers, which are prohibited in the country.

TfNSW finds more customers, employees impacted by Accellion breach

But won’t say how many had data accessed.

New York Power Authority to beef up cybersecurity with new IronNet, AWS deal

New York Power Authority is the nation's largest state public power organization.

Federal Communications Commission proposed stricter rules on how telco carriers should report data breaches

Customers shouldn't need to wait seven days before being told The US Federal Communications Commission is considering imposing stricter rules requiring telecommunications carriers to report data breaches to customers and law enforcement more quickly.…

Cyberattack shuts down Albuquerque schools; county copes with ransomware incident

The FBI claimed the cyberattack on the public school system is not connected to the ransomware attack affecting Bernalillo County.

BlueNoroff Threat Group Targets Cryptocurrency Startups

A series of attacks against small and medium-sized businesses has led to major cryptocurrency losses for the victims.

How to Protect Your Phone from Pegasus and Other APTs

The good news is that you can take steps to avoid advanced persistent threats. The bad news is that it might cost you iMessage. And FaceTime.

Log4J: After White House meeting, Google and IBM call for list of critical open source projects

Google also proposed setting up an organization to serve as a marketplace for open source maintenance that would match volunteers from companies with the critical projects that most need support.

New Vulnerabilities Highlight Risks of Trust in Public Cloud

Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services.

Continuous security and compliance for hybrid cloud, the Red Hat way

Tune in, turn on, run in the background, using Red Hat DevSecOps framework Paid feature  Assessing what can go wrong in a hybrid cloud environment can be daunting. Applications can be poorly coded, security vulnerabilities may be present but hard to dete ...

Adobe Cloud Abused To Steal Office 365, Gmail Credentials

Ransomware Locks Down Prison, Knocks Systems Offline

Dozens Of Teslas Hacked Using A Flaw In Third Party App

Kim Kardashian Sued In Crypto Pump And Dump Case

Austrian watchdog rules German company's use of Google Analytics breached GDPR by sending data to US

Schrems II ruling continues to trouble transatlantic data sharing The Austrian data protection authority has ruled that use of Google Analytics by a German company is in breach of European law in light of the Schrems II EU-US data sharing ruling.…

Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking

The vulnerability was patched this week in Microsoft's set of security updates for January 2022.

Adobe Cloud Abused to Steal Office 365, Gmail Credentials

Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered.

When open-source developers go bad

JavaScript developer Marak Squires wasn't happy about not making money from his open-source libraries, so he deliberately corrupted them, leaving programmers and end-users with dead-in-the-water programs.

Volunteer Dutch flaw finders bag $100k to forward national bug bounty goal

Huntress Labs tips some loose change into vuln-spotters' cup The Dutch Initiative for Vulnerability Disclosure has scored $100k towards its founder's hope of a nationwide bug bounty available for anything at all.…

Fingers point to Lazarus, Cobalt, FIN7 as key hacking groups attacking finance industry

A deep dive into threats against this sector reveals the top threats organizations should keep in mind.

Telstra to flag recent SIM swaps when banks ask

Telco to provide a risk rating back to banks in an effort to prevent SIM swapping.

NSO spyware found targeting journalists and NGOs in El Salvador

Citizen Lab and Access Now find hacking was taking place while journalists were reporting on issues surrounding President Bukele.