Worried your data protection strategy is dated? Don’t let a ransomware infection prove you right

Trust us – you need to tune into this Webcast  Some say the best form of defense is offense. But when it comes to modern ransomware from cyber-crime orgs that are well-funded, possibly have state actor backing, and have your data under their control, j ...

The Graph Foundation launches bug bounty program

Bugs in scope include RCE and those leading to the loss of user funds.

SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break

Company says it didn't skimp on security before everything went wrong SolarWinds is urging a US federal judge to throw out a lawsuit brought against it by aggrieved shareholders who say they were misled about its security posture in advance of the infamou ...

Phishing Campaign Dangles SharePoint File-Shares

Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered.

Iranian APT Lures Defense Contractor In Catfishing-Malware Scam

Google: Linux kernel and its toolchains are underinvested by at least 100 engineers

Security not good enough, claims Chocolate Factory engineer Google's open security team has claimed the Linux kernel code is not good enough, with nearly 100 new fixes every week, and that at least 100 more engineers are needed to work on it.…

Qualys partners with Red Hat to improve Linux and Kubernetes security

Security company Qualys is partnering with Red Hat to bring built-in Cloud Agent security to Red Hat Enterprise Linux CoreOS and Red Hat OpenShift.

Google's One Tap lets you sign into websites and apps without a password

Google One Tap makes sign-ups and sign-in easier but it's not available on Safari or any other mobile browser for iOS.

Kaseya ransomware attack sets off race to hack service providers

"This is going to happen again and again."

Facebook brings Snapchat-like view once photo and video feature to WhatsApp

WhatsApp's view once mode is being touted by the social media giant as a move to give users more privacy.

PwC Australia is on a cyber security hiring spree

Nabs TransGrid's CISO in latest intake.

Iranian APT Lures Defense Contractor in Catfishing-Malware Scam

Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456.

Do you have a grip on the lifecycle security of your AWS-deployed applications?

Learn how to manage the risks of cloud native environments with Aqua and AWS Promo  There’s no doubt that adopting DevOps methodologies and CI/CD pipelines, and extending cloud native technologies like containerization can massively accelerate your app ...

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery

Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.

Bugs in Chrome's JavaScript engine can lead to powerful exploits. This project aims to stop them

Additional protections for one key part of Chrome could stop attacks faster.

UK's Ministry of Defence coughs up bug bounties for public-facing web pentesting

Small steps could lead to bigger strides The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed its websites for vulnerabilities, according to a cheery missive from HackerOne.…

Google Cloud Security joins Exabeam-led cybersecurity alliance

The cybersecurity companies will help SecOps teams integrate new applications and technologies while ensuring interoperability across the XDR security vendor solutions set.

Raccoon stealer-as-a-service will now try to grab your cryptocurrency

The malware has been upgraded to target even more financial information.

Get a lifetime VPN subscription and 10TB of cloud backup for under $65

Now you can protect everything on your computer and get the utmost in online protection, permanently.

DeadRinger: Chinese APTs strike major telecommunications companies

Previously unknown campaigns center around "Chinese state interests."

Auditor finds WA Police accessed SafeWA data 3 times and the app was flawed at launch

WA Health released SafeWA check-in information for purposes other than COVID-19 contact tracing, with six requests being made by the police despite government messaging that the information would only be used to support contact tracing.

Constant review of third-party security critical as ransomware threat climbs

Lulled into complacency, businesses face risks of supply chain attacks even after they have done their due diligence in assessing their third-party suppliers' security posture before establishing a partnership.

Regulations against ransomware payment not ideal solution

With ransomware attacks increasing, legislations have been mooted as a way to bar companies from paying up and further fuelling such activities, but such policies can be difficult to enforce and may result in more dire consequences.

Credit-card-stealing, backdoored packages found in Python's PyPI library hub

Plus: SolarWinds cyber-spies hit US prosecutors' email systems, and more In brief  Malicious libraries capable of lifting credit card numbers and opening backdoors on infected machines have been found in PyPI, the official third-party software repository ...

New Normal Demands New Security Leadership Structure

At the inaugural Omdia Analyst Summit, experts discuss where the past year has created gaps in traditional security strategy and how organizations can fill them.

Nuisance call-blocking firm fined £170,000 for making almost 200,000 nuisance calls

Irony, thy name is Yes Consumer Solutions Ltd A firm that sells nuisance call-blocking systems is itself nursing a £170,000 fine from the UK's data watchdog, ironically for cold calling almost 200,000 people registered with the Telephone Preference Servi ...

CDW acquires cybersecurity company Focal Point Data Risk

Terms of the deal were not disclosed.

Windows 11 is the COVID-19 vaccine for your PC

Vast segments of the PC population are unprotected. Upgrade your hardware and get the shot.

Multiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube System

"PwnedPiper" flaws could allow attackers to disrupt delivery of lab samples or steal hospital employee credentials, new research shows.

Stop ignoring this iPhone warning

Apple makes it seem like all updates are the same. They are not.

The cybersecurity jobs crisis is getting worse, and companies are making basic mistakes with hiring

Overworked cybersecurity employees are struggling to keep up with the challenges of the job, and employers are struggling to keep hold of them.

IoT: Security researchers warn of vulnerabilities in hospital pneumatic tube systems

PwnedPiper vulnerabilities affect pneumatic tube system (PTS) stations used throughout thousands of hospitial networks - and attackers could use them to crash systems, deliver ransomware and steal data, warn security researchers, so patch now.

SolarWinds attackers breached email of US prosecutors, says Department of Justice

Hackers - probably backed by Russia - had access to emails for over six months.

Ransomware operators love them: Key trends in the Initial Access Broker space

In a threat actor's mind, take out the legwork, reap the proceeds of blackmail.

Stop ignore this iPhone warning

Apple makes it seem like all updates are the same. They are not.

Zoom to pay $85m to set aside privacy violation and zoombombing allegations

Along with the financial relief, Zoom will make various privacy and security changes as part of its class action settlement.

University of South Australia creates CISO role

Looks to strengthen its cyber security.

Sysadmins: Why not simply verify there's no backdoor in every program you install, and thus avoid any cyber-drama?

Just 'validate third-party code before using it', says Euro body Half of publicly reported supply chain attacks were carried out by "well known APT groups", according to an analysis by EU infosec agency ENISA, which warned such digital assaults need to dr ...

Ransomware attempt volume sets record, reaches more than 300 million for first half of 2021: SonicWall

The US, UK, Germany, South Africa and Brazil topped the list of countries most impacted by ransomware attempts while states like Florida and New York struggled as well.

Novel Meteor Wiper Used in Attack that Crippled Iranian Train System

A July 9th attack disrupted service and taunted Iran’s leadership with hacked screens directing customers to call the phone of Iranian Supreme Leader Khamenei with complaints.

Vultur Bank Malware Infests Thousands Of Devices

Cisco Researchers Spotlight Solarmarker Malware

Security Team Finds Crimea Manifesto Buried In VBA Rat

Storing Encrypted Photos in Google’s Cloud

New paper: “Encrypted Cloud Photo Storage Using Google Photos“: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos ...

Microsoft warns: These attackers can go from first contact to launching ransomware in just 48 hours

Human operators make BazaCall malware harder than usual to detect malicious email. The group sometimes installs nasty Ryuk ransomware.

Malware and Trojans, but there's only one horse the boss man wants to hear about

The company's IT might be on fire, but my needs trump those of the many On Call  A call from the executive floor is rarely a harbinger of happiness, especially when one is wading knee-deep through the molasses of malware. Welcome to one Register reader's ...

New Aussie legislation to target use of personal information by social media

The Attorney-General's Department said the legislation, separate from its review of the Privacy Act, will target social media companies to ensure greater transparency about how personal information is being used and how consent is obtained.

Hikvision records 40% net profit uplift for 1H21 despite of COVID-19 and political conflict

One of China's video surveillance manufacturer Hikvision believes its R&D investments will help boost the company's financial position.

NSW Education says cyber attack may have compromised contact data

Forensic analysis now underway to "fully assess risk".

Cisco researchers spotlight Solarmarker malware

A new report said the Solarmarker campaign is being conducted by "fairly sophisticated" actors focusing their energy on credential and residual information theft.

Home Affairs asks for a rush on Critical Infrastructure Bill to allow ASD to act lawfully

The Critical Infrastructure Bill is urgently required, the Department of Home Affairs has argued, who noted the rules governing the individual designated sectors could be worked out later by the responsible minister.

CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer

There are patches or remediations for all of them, but they're still being picked apart. Why should attackers stop if the flaws remain unpatched, as so many do?

Israeli Government Agencies Visit NSO Group Offices

Authorities opened an investigation into the secretive Israeli security firm.

Spam is Chipotle's secret ingredient: Marketing email hijacked to dish up malware

More than 120 messages caught trying to filch credentials from customers of USAA Bank, Microsoft Between July 13 and July 16, someone took over the Mailgun account owned by restaurant chain Chipotle Mexican Grill and placed an order for login credentials ...

Upcoming Android privacy changes include ability to blank advertising ID, and 'safety section' in Play store

New policies give users more control, but ad tracking still on by default Google has shared details of upcoming changes to Android including the ability to blank a device's advertising ID, and a new safety section for apps in the Play store.…

Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them

Uptycs Threat Research outline how malicious Linux shell scripts are used to cloak attacks and how defenders can detect and mitigate against them.

AirDropped Gun Photo Causes Terrorist Scare

A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane — still at the gate — was evacuated and searche ...

Ransomware: These are the two most common ways hackers get inside your network

Two attack methods are the most popular - and most successful - techniques ransomware gangs are using to lay the foundations for their cyber-extortion campaigns.

Dump Google Chrome and keep (almost) all the benefits

Better performance, longer battery life, and none of the Google stuff.

Israeli authorities investigate NSO Group over Pegasus spyware abuse claims

Reason for probe unknown, but CEO claims it will vindicate company's claims Israel's Ministry of Defense says the nation's government has visited spyware-for-governments developer NSO Group to investigate allegations its wares have been widely – and per ...

Here's a list of the flaws Russia, China, Iran and pals exploit most often, say Five Eyes infosec agencies

And you've patched them all, haven't you, diligent readers? Western cybersecurity agencies have published a list of 30 of the most exploited vulnerabilities abused by hostile foreign states in 2020, urging infosec bods to ensure their networks and deploym ...

'Woefully insufficient': Biden administration's assessment of critical infrastructure protection

Memorandum details plans to turn that around with rapid development of security baselines, not mandates The Biden administration has issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems to address wh ...

Over 100 Taiwanese political figures' messages leaked outta LINE app

Attack turned off encryption function, which made snooping rather easier Law enforcement agencies in Taiwan are investigating a cyberattack on over 100 local political figures and dignitaries who used the messaging app LINE.…

White House calls on America's most critical companies to improve cyber defences

Potential regulation is on the horizon.

Hackers breach UC San Diego hospital, gaining access to SSNs and medical info of patients, employees, and students

The attackers gained access to personal data ranging from claims information to laboratory results, prescriptions, treatments, SSNs, payment card numbers or financial account information.

Cyber insurance rates fail to match catastrophe risk, says Chubb CEO

Against backdrop of rising prices.

Security breaches where working from home is involved are costlier, claims IBM report

Great, it's not like employers need more reasons to haul you back to the office Firms looking to save money by shifting to more flexible ways of working will need to think carefully about IT security and the additional cost of breaches linked to staff wor ...

Average organization targeted by over 700 social engineering attacks each year: report

According to a new Barracuda study, IT staffers receive an average of 40 targeted phishing attacks in a year.

Iranian state-backed hackers posed as flirty Scouser called Marcy to target workers in defence and aerospace

Recognise this one? Oh dear... Iranian state-backed hackers posed as a flirty Liverpudlian aerobics instructor in order to trick defence and aerospace workers into revealing secrets, according to a newly-published study.…

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers

LEAs, CISA Lobby For Breach Reporting Requirement

De-anonymization Story

This is important: Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops (USCCB), effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correl ...

Podcast: Why Securing Active Directory Is a Nightmare

Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam.

Biden: Major cyber attack could lead to a 'real shooting war'

Joe Biden sends a warning that 'a cyber breach of great consequence' could lead to a war with a major power.

These hackers posed as an aerobics instructor online to trick their targets into downloading malware

Cyber espionage campaign linked to the Iranian military drew victims in with fake social media profiles and messages in an attempt to steal usernames, passwords and other sensitive information.