Australian law enforcement found to have issues with data destruction

Commonwealth Ombudsman found data destruction issues with the AFP, SA Police, and ACIC.

79% of Third-Party Libraries in Apps Are Never Updated

A lack of contextual information and concerns over application disruption among contributing factors.

VMs Help Ransomware Attackers Evade Detection, But It's Uncommon

Some ransomware attackers use virtual machines to bypass security detection, but adoption is slow for the complicated technique.

John McAfee Reportedly Dead From Suspected Suicide In Spanish Jail

New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies

Researchers found a "novel" class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step.

Survey Seeks to Learn How 2020 Changed Security

Respondents to a new Dark Reading/Omdia survey will be entered into a drawing for a Black Hat Black Card.

Iran Media Websites Seized by U.S. in Disinformation Campaign

DoJ uses sanctions laws to shut down an alleged Iranian government malign influence campaign.

When Will Cybersecurity Operations Adopt the Peter Parker Principle?

Having a prevention mindset means setting our prevention capabilities to "prevent" instead of relying on detection and response.

Unpatched Linux Marketplace Bugs Allow RCE

EU Wants Emergency Team For Nightmare Cyber-Attacks

Six Flags To Pay $36 Million Over Collection Of Fingerprints

Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access

Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.

IT leaders say cybersecurity funding being wasted on remote work support: survey

JumpCloud gained insights from surveying 401 IT decision-makers.

Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE

A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts -- with no patches in sight.

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Wired is reporting on a company called Mollitiam Industries: Marketing materials left exposed online by a third-party claim Mollitiam’s interception products, dubbed “Invisible Man” and “Night Crawler,” are capable of remotely accessing a target ...

SonicWall ‘Botches’ October Patch for Critical VPN Bug

Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.

MyRepublic targets enterprise, cybersecurity markets in Singapore

Singapore internet services provider says it sees significant growth potential in the enterprise space and plans to ramp up its service offerings for this customer sector to include cybersecurity.

Sure looks like someone's pirating the REvil ransomware, tweaking the binary in a hex editor for their own crimes

It's a crook-eat-crook world out there It appears someone is pirating the infamous REvil ransomware by tweaking its files for their own purposes.…

SEC still digging into SolarWinds fallout, nudges undeclared victims

US markets watchdog sniffs around potential insider trading, data violations relating to hack US markets watchdog the Securities and Exchanges Commission (SEC) has begun a probe into last year's SolarWinds cyberattack, in a bid to find out who else might ...

Despite Heightened Cyber-Risks, Few Security Leaders Report to CEO

A new report suggests that top management at most companies still don't get security.

Biden Is Worried About Cybersecurity. Japan Says Watch Cartoons.

Ransomware Gang Cl0p Announces New Victim After Police Bust

SEC Probing SolarWinds Clients Over Cyber Breach Disclosures

Lexmark Printers Open To Arbitrary Code Execution Zero Day

Identity Eclipses Malware Detection at RSAC Startup Competition

All 10 finalists in the Innovation Sandbox were focused on identity, rather than security's mainstay for the last 20 years: Malware detection.

Majority of Web Apps in 11 Industries Are Vulnerable All the Time

Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.

Amazon Prime Day 2021, Day 2: Last chance deals on smart home devices

Here are the very best smart home device deals, including security cameras and smart bulbs, for Amazon Prime Day 2021.

Kids’ Apps on Google Play Rife with Privacy Violations

One in five of the most-popular apps for kids under 13 on Google Play don't comply with COPPA regulations on how children's information is collected and used.

Zephyr OS Bluetooth vulnerabilities left smart devices open to attack

The 'S' in 'IoT' stands for 'security' Vulnerabilities in the Zephyr real-time operating system's Bluetooth stack have been identified, leaving a wide variety of Internet of Things devices open to attack – unless upgraded to a patched version of the OS. ...

Average time to fix critical cybersecurity vulnerabilities is 205 days: report

More than 66% of all applications used by the utility sector had at least one exploitable vulnerability open throughout the year, according to the report.

Apple Will Offer Onion Routing for iCloud/Safari Users

At this year’s Apple Worldwide Developer Conference, Apple announced something called “iCloud Private Relay.” That’s basically its private version of onion routing, which is what Tor does. Privacy Relay is built into both the forthcoming iOS and M ...

Have we reached peak ransomware? How the internet's biggest security problem has grown and what happens next

A string of high-profile cyberattacks has made ransomware an impossible issue to ignore - in fact, even world leaders are talking about it. Will this be enough to make cyber criminals think twice?

US Air Force announces plan to assassinate molluscs with hypersonic missile

No word on whether top brass considered just shelling them into submission The United States Air Force (USAF) has issued a strangely specific threat to certain mollusc species living in the area of an upcoming weapons test.…

To CAPTCHA or not to CAPTCHA? Gartner analyst says OK — but don’t be robotic about it

Picking street signs from a matrix of images is out, cleverer challenges are OK Poll  Analyst firm Gartner has advised in favour of the use of CAPTCHAs — but recommends using the least-annoying CAPTCHAs you can find.…

South Australia splashes out on space, defence, and cybersecurity in 2021-22 Budget

The South Australian government believes tech-focused sectors such as defence, space, and cybersecurity will have a key role to play in the state's future.

Digital initiatives across NSW gain funding boost from 2021-22 Budget

In handing down its 2021-22 Budget, the NSW government has credited the state's economic recovery from COVID-19 to its digital platform, otherwise referred to as its 'secret weapon'.

Software-Container Supply Chain Sees Spike in Attacks

Attackers target companies' container supply chain, driving a sixfold increase in a year, aiming to steal processing time for cryptomining and compromise cloud infrastructure.

Wegmans Exposes Customer Data in Misconfigured Databases

Cleanup in aisle "Oops": The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny.

Data Leaked in Fertility Clinic Ransomware Attack

Reproductive Biology Associates says the data of 38,000 patients may have been compromised in the April cyberattack.

Ping Identity acquires SecuredTouch for bot detection

The company also expanded its PingOne platform, providing access to the entire Ping Identity portfolio from a unified cloud admin for both workforce and customer identity use cases.

Baltimore County Public Schools' Ransomware Recovery Tops $8M

The school district has spent seven months and a reported $8.1 million recovering from the November attack.

Ex-NSA bigwig Chris Inglis appointed America's national cyber director by Senate

Plus: Impact of ransomware payments, CVS database not secured In brief  Chris Inglis was last week appointed America’s national cyber director, responsible for coordinating the government’s computer security strategy and defending its networks. The f ...

Embryology Data Breach Follows Fertility Clinic Ransomware Hit

Approximately 38,000 of RBA's customers had their embryology data stolen by a ransomware gang.

Georgia fertility clinic discloses breach of patient SSNs and medical info after ransomware attack

Reproductive Biology Associates said the medical information of nearly 40,000 patients had been stolen.

Are Ransomware Attacks the New Pandemic?

Ransomware has been a problem for decades, so why is government just now beginning to address it?

The Future of Machine Learning and Cybersecurity

The Center for Security and Emerging Technology has a new report: “Machine Learning and Cybersecurity: Hype and Reality.” Here’s the bottom line: The report offers four conclusions: Machine learning can help defenders more accurately detect and tria ...

Best early Prime Day 2021 deals: Smart home devices

We're aggregating the very best smart home device deals, such as security cameras and video doorbells, on Amazon for Prime Day 2021.

Amazon Prime Day 2021 deals: Best smart home devices

Here are the very best smart home device deals, such as security cameras and video doorbells, on Amazon for Prime Day 2021.

Labor Bill would force Aussie organisations to disclose when they pay ransoms

The federal opposition has introduced a Bill to the House of Representatives that seeks to require organisations to disclose when they plan on paying criminals following a ransomware attack.

North Korean hacking group allegedly behind breach of South Korean nuclear institute

A high-profile North Korean hacking group has allegedly struck again in South Korea, this time breaching the security of its nuclear research institute.

Labor introduces bill to mandate ransomware payment reporting

After spate of high-profile attacks.

Only 50% of WA government entities get a pass mark for infosec

The state's auditor-general is having her audits fall on deaf ears, with 42% of the WA government entities probed not addressing her previous findings and continuing to allow weaknesses on their IT systems.

This Week in Database Leaks: Cognyte, CVS, Wegmans

Billions of records were found exposed this week due to unprotected databases owned by major corporations and third-party providers.

11 Security Certifications to Seek Out This Summer

The more you know, the more you grow. The Edge takes a fresh look at leading security certifications that can help advance your security career.

Racist malware blocks The Pirate Bay by tampering with victims' Windows hosts file

Hello, 2002 called with one of the oldest low-tech tricks in the book Malware laced with racial epithets tries to block Windows-based victims from visiting file-sharing sites associated with copyright infringement, according to new Sophos research.…

What’s Making Your Company a Ransomware Sitting Duck

What's the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps?

‘Oddball’ Malware Blocks Access to Pirated Software

Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads.

Faux ‘DarkSide’ Gang Takes Aim at Global Energy, Food Sectors

A DarkSide doppelganger mounts a fraud campaign aimed at extorting nearly $4 million from each target.

Peloton Vulnerability Found and Fixed

Researchers have discovered a vulnerability in Peloton stationary bicycles, one that would give the attacker complete control over the device. The attack requires physical access to the Peloton, so it’s not really a practical attack. President Biden’s ...

A deep dive into the operations of the LockBit ransomware group

Most victims are from the enterprise and are expected to pay an average ransom of $85,000.

Akamai apologises after outage left Australia's major banks and airline systems offline

A cyber attack was not the cause behind an Akamai outage that took down the systems of Commonwealth Bank of Australia, Australia Post, and Virgin Australia.

Data Breaches Surge in Food & Beverage, Other Industries

Six previously "under-attacked"
; vertical industries saw a surge in data breaches last year due to COVID-19 related disruptions and other factors, new data shows.

One in Five Manufacturing Firms Targeted by Cyberattacks

Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.

Carnival Cruise Line Reports Security Breach

The cruise ship operator says the incident affected employee and guest data.

Ex-Brave staffer launches GDPR sueball in Germany over tech giants' real-time bidding for ad inventory

Privacy browser's former chief policy officer calls web advertising ecosystem 'the Biggest. Data. Breach. Ever' Former Brave chief policy officer Johnny Ryan is continuing his crusade against the online advertising industry by filing a lawsuit against Goo ...

Serious privacy problems found in most health apps

Large survey of apps raises concerns.

Cisco Smart Switches Riddled with Severe Security Holes

The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.

Intentional Flaw in GPRS Encryption Algorithm GEA-1

General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining fu ...

Mission Critical: What Really Matters in a Cybersecurity Incident

The things you do before and during a cybersecurity incident can make or break the success of your response.

Ransomware: Too many firms are still willing to pay up if attacked

Survey indicates that six in ten organisations would pay the ransom to cyber criminals - despite warnings it only encourages further attacks

Threat Actors Use Google Docs to Host Phishing Attacks

Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.

This strange malware stops you from visiting pirate websites

An odd vigilante campaign is preventing victims from accessing pirate content online.

Why Cyber Gangs Won't Worry About US-Russia Talks

Millions Of Connected Cameras Open To Eavesdropping

Paul van Oorschot’s Computer Security and the Internet

Paul van Oorschot’s webpage contains a complete copy of his book: Computer Security and the Internet: Tools and Jewels. It’s worth reading.

Open-source security: Google has a new plan to stop software supply chain attacks

Can Google's 'salsa' make life harder for supply chain attackers?