FBI Helping Australian Authorities Investigate Massive Optus Data Breach: Reports

Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API.

Microsoft Rolls Out Passwordless Sign-on for Azure Virtual Desktop

Azure says cloud-native single sign-on with a passwordless option is most-requested new AVD feature in the product's history.

Samsung sued for gobbling up too much personal info that miscreants then stole

If you're gonna force everyone to register an account, at least protect that data, lawsuit argues A lawsuit has accused Samsung of failing to address a cyber-intrusion in early 2022, leading to the theft of US customers' personally identifiable informatio ...

Lessons from the GitHub Cybersecurity Breach: Protecting the Most Sensitive Data

This Tech Tip outlines three steps security teams should take to protect the information stored in Salesforce.

Alleged Optus Hacker Apologizes For Data Breach

Adversaries Continue Cyberattacks with Greater Precision and Innovative Attack Methods According to NETSCOUT Report

TCP-based, DNS water-torture, and carpet-bombing attacks dominate the DDoS threat landscape, while Ireland, India, Taiwan, and Finland are battered by DDoS attacks resulting from the Russia/Ukraine war.

Meta busts first Chinese campaign targeting US midterms

Russian cybercriminals were also caught targeting Europe with anti-Ukraine messages Meta says it has disrupted a misinformation network targeting US politics ahead of the 2022 midterm elections and one that sought to influence public opinion in Europe abo ...

Netography Upgrades Platform to Provide Scalable, Continuous Network Security and Visibility

Netography Fusion® gives security and cloud operations teams visibility and control of network traffic and context across users, applications, data, and devices.

Organizations Finding the Need For New Approaches On the Cybersecurity Front, CompTIA Research Reveals

Settling for "satisfactory" level of readiness may underestimate growing levels of risk.

MITRE Rolls Out FiGHT to Protect 5G Networks

MITRE's new FiGHT framework describes adversary tactics and techniques used against 5G systems and networks.

Fake Sites Siphon Millions of Dollars in 3-Year Scam

A crime syndicate based in Russia steals millions of dollars from credit card companies using fake dating and porn sites on hundreds of domains to rack up fraudulent charges.

Microsoft bets on hardware/software duo for Win11 security

But you'll need to buy lots of new hardware to get the benefit Analysis  As it rolled out the laundry list of new features in Windows 11, version 22H2 this week, Microsoft also unveiled the configuration baseline that systems will have to meet to take ad ...

NSW gov to help reissue driver's licences after Optus breach

May push other states and territories to follow suit.

CSC CISO describes the cost of improving digital experiences

RPA, AI and automation all increase the threat potential.

Introduction: a timely wake up call

The Optus breach demonstrates why the government hardened the critical infrastructure. More changes are coming

Ukraine fears 'massive' Russian cyberattacks on power, infrastructure

Will those be before or after the nuke strikes Putin keeps banging on about? Russia plans to conduct "massive cyberattacks" on Ukraine and its allies' critical infrastructure and energy sector, according to Kyiv.…

SQL Server admins warned about Fargo ransomware

From small town in North Dakota with a crime problem to file-scrambling nasty Organizations are being warned about a wave of attacks targeting Microsoft SQL Server with ransomware known as Fargo, which encrypts files and threatens victims that their data ...

Interpol Seeks Arrest Of Failed Crypto-Firm Boss Do Kwon

Noberus Ransomware Targets Veeam Backup Software

UK May Fine TikTok $29 Million For Failing To Protect Kids

We're Thinking About SaaS the Wrong Way

Many enterprise applications are built outside of IT, but we still treat the platforms they're built with as point solutions.

How do you run rings around ransomware?

Build data resilience in the cloud first Webinar  It's critical to protect data from infection or exposure to ransomware. The risks are all too clear and the consequences of inattention, weak foundations, and lack of strategic preparation can be catastro ...

Leaking Passwords through the Spellchecker

Sometimes browser spellcheckers leak passwords: When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Depending on the website you visit, th ...

An expert guide to securing APIs

How Web Application and API Protection (WAAP) can help you sleep at night Webinar  The application programming interface (API) has been around pretty much as long as computing itself, but it's perhaps only since the early years of the millennium that its ...

India seeks verified IDs to register email accounts

PLUS: Warnings on Chinese payment schemes; AWS brushes up its Cantonese; Hong Kong ponders digital dollar; and more! Asia In Brief  India's government last week released a draft telco law that defines all over-the-top services as telecoms providers and t ...

Bosses spying on you? Here's the most disastrous truth about surveillance software

With remote and hybrid working, many companies have resorted to instant, constant surveillance of their employees. But does it work?

Noberus ransomware gets info-stealing upgrades, targets Veeam backup software

'One of the most dangerous and active malware developers operating at the moment' Crooks spreading the Noberus ransomware are adding weapons to their malware to steal data and credentials from compromised networks.…

Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach

This one has chewed-up tentacles. (Note that this is a different squid than the one that recently washed up on a South African beach.) As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read ...

Jit and ZAP: Improving programming security

Simon Bennetts, the founder of the world's famous web app security scanner, OWASP ZAP, has joined the Jit code security company. Both will be the better for it.

Significant customer data exposed in attack on Australian telco

Subscribers have questions – like 'When were you going to tell us?' Australian telecommunications company Optus has fallen victim to a significant cyberattack and data breach.…

Is Amazon about to ruin Alexa answers with ads?

Because nothing is more comforting than a robot in your bedroom or kitchen pitching you to buy more stuff at all times of the day and night.

Iran blocks Whatsapp, Instagram as citizens protest death of Mahsa Amini

Also: New 'magnet of threats' attackers and FBI has details on Iran's online incursion into Albania Iran is experiencing a near-total internet service disruption in the west and intermittent interruptions nationwide, with access to Instagram, Whatsapp and ...

Sony Reintroduced A PS4 Bug On PS5 Which Could Have Led To A Jailbreak

Apparently Europol Is Hoarding Personal Data

Insider Threats Play A Larger Role In Security Incidents

Hackathon Finds Dozens Of Ukrainian Refugees Trafficked Online

Keeping secrets safe off prem

Harness the power of hardware with Confidential Computing in the cloud Webinar  Keeping data confidential in a cloud environment requires the highest possible privacy levels. It's only then that your most sensitive workloads can survive the burgeoning ri ...

Privacy watchdog steps up fight against Europol's hoarding of personal data

If you could stop storing records on people unconnected to any crimes, that would be great An EU watchdog says rules that allow Europol cops to retain personal data on individuals with no links to criminal activity go against Europe's own data privacy pro ...

Portugal's airline TAP hacked, passenger data stolen

Published on the dark web.

Optus CEO says attack may have been launched from Europe

Customers will now where they stand 'over the next few days'.

Time to Quell the Alarm Bells Around Post-Quantum Crypto-Cracking

Quantum computing's impact on cryptography is not a cliff that we'll all be forced to jump off of, according to Deloitte.

Feds Sound Alarm on Rising OT/ICS Threats From APT Groups

NSA and CISA release guidance on protecting against cybersecurity threats to operational technology and industrial control systems.

Malicious npm Package Poses as Tailwind Tool

Branded as a components library for two popular open source resources, Material Tailwind instead loads a Windows .exe that can run PowerShell scripts.

Chainguard releases Wolfi, a Linux 'undistribution'
;

Chainguard takes a new approach to building a container Linux with all the security you'd need already baked in.

Pro-Ukraine Hacktivists Claim To Have Hacked Notorious Russian Mercenary Group

Fake Sites Fool Zoom Users Into Downloading Deadly Code

Cambodian authorities crack down on cyber slavery amid international pressure

Lured by fake jobs, victims are isolated abroad and forced to carry out crypto, romance scams and more Authorities in Sihanoukville, Cambodia announced on Sunday that a raid last week uncovered evidence of forced labor cybercrime syndicates that participa ...

Allurity Acquires Spanish Multinational Aiuken Cybersecurity

.

This Windows 11 security feature makes your PC 'very unattractive' to password hackers

Microsoft rolls out a new security feature that should significantly slow down password attacks against Windows devices.

Prompt Injection/Extraction Attacks against AI Systems

This is an interesting attack I had not previously considered. The variants are interesting, and I think we’re just starting to understand their implications.

Programming languages: It's time to stop using C and C++ for new projects, says Microsoft Azure CTO

The industry should treat C and C++ languages as 'deprecated', says Azure CTO.

Optus security breach compromises customers' passport details

Australian operator says it is investigating "unauthorised access" of personal data belonging to its current and former customers, including dates of birth, phone numbers, and passport numbers.

Quantify Risk, Calculate ROI

SecurityScorecard's ROI Calculator helps organizations quantify cyber-risk to understand the financial impact of a cyberattack.

Threat Actor Abuses LinkedIn's Smart Links Feature to Harvest Credit Cards

The tactic is just one in a constantly expanding bag of tricks that attackers are using to get users to click on links and open malicious documents.

Sophisticated Hermit Mobile Spyware Heralds Wave of Government Surveillance

At the SecTor 2022 conference in Toronto next month, researchers from Lookout will take a deep dive into Hermit and the shadowy world of mobile surveillance tools used by repressive regimes.

Hackers Paralyze 911 Operations in Suffolk County, NY

Reduced to pen, paper, and phones, 911 operators ask NYPD for backup in handling emergency calls.

15-Year-Old Python Flaw Slithers into Software Worldwide

An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559.

'I Don't Care About Cookies' extension sold to Avast

Users of cookie-warning-buster add-on already forking off due to privacy concerns The lone developer of anti-cookie-warning browser add-on "I Don't Care About Cookies" has sold it to Avast, resulting in both concern – and new forks.…

Ransomware: The Latest Chapter

As ransomware attacks continue to evolve, beyond using security best practices organizations can build resiliency with extended detection and response solutions and fast response times to shut down attacks.

$35 Million Fine For Morgan Stanley After Unencrypted, Unwiped Harddrives Are Auctioned

WAAP it out for application security

APIs are everywhere, and WAAP can help you protect them Webinar  The latest Data Breach Investigations Report (DBIR) states that applications are the 'main attack vector,' responsible for over 80 percent of breaches. Hardly welcome news since APIs are in ...

ChromeLoader, what took you so long? Malvertising irritant now slings ransomware

Doesn't make cents, makes bigger bucks instead ... probably ChromeLoader – the malware that exploded onto the scene this year by hijacking browsers to redirect users to pages of ads – is apparently evolving into a more significant threat by deploying ...

Look who's fallen foul of Europe's data retention rules. France and Germany

'Indiscriminate'
; preemptive harvesting of personal info a big no-no. What a novel concept On Tuesday, the European Court of Justice (ECJ) issued rulings that limit indiscriminate data retention in France and Germany.…

USA adds two more Chinese carriers on 'probably a threat to national security' list

Pacific Network Corp and China Unicom join the likes of Huawei, Hytera, Hikvision on list of dangerous suppliers The US Federal Communications Commission (FCC) has added two Chinese companies to its list of communications equipment suppliers rated a threa ...

ChromeLoader Malware Evolves into Prevalent, More Dangerous Cyber Threat

Microsoft and VMware are warning that the malware, which first surfaced as a browser-hijacking credential stealer, is now being used to drop ransomware, steal data, and crash systems at enterprises.

Meta, Twitter, Apple, Google urged to up encryption game in post-Roe America

Tech giants 'throwing their users to the wolves' Facebook, Twitter, Google, Apple, and others today faced renewed pressure to protect the privacy of messaging app users seeking healthcare treatment.…

2-Step Email Attack Uses Powtoon Video to Execute Payload

The attack uses hijacked Egress branding and the legit Powtoon video platform to steal user credentials.

Tile's new QR stickers offer Bluetooth-free tracking for low-tech enthusiasts

Tile's techless stickers are designed to reunite users with their lost stuff while keeping sensitive information safe.

Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords

It's called "spell-jacking"
: Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services.

Survey Shows CISOs Losing Confidence in Ability to Stop Ransomware Attacks

Despite an 86% surge in budget resources to defend against ransomware, 90% of orgs were impacted by attacks last year, a survey reveals.

How to Dodge New Ransomware Tactics

The evolving tactics increase the threat of ransomware operators, but there are steps organizations can take to protect themselves.

No Enterprise Push for Quantum Without Regulatory Push

What's it going to take to prod organizations to implement a post-quantum security plan? Legislative pressure.