Viry a Červi

Feds claim sniper scope displays sold in sanctions-busting move

A Russian national helped smuggle, via shell companies in Hong Kong, more than $1.6 million in microelectronics to Moscow potentially to support its war against Ukraine, it is claimed.…

Back to 'manual' order processing for $7B household cleaning biz, financial impact will be 'material'

The Clorox Company, makers of bleach and other household cleaning products, doesn't expect operations to return to normal until near month end as it combs over "widescale disruption to operations" caused by cyber baddies.…

Local corporate regulator warns boards that cyber is totally a directorial duty

Australia will build "six cyber shields around our nation" declared home affairs minister Clare O'Neill yesterday, as part of a national cyber security strategy.…

Unauthenticated and remote code execution possible without dropping a file on disk

About 79 percent of public-facing Juniper SRX firewalls remain vulnerable to a single security flaw can allow an unauthenticated attacker to remotely execute code on the devices, according to threat intelligence platform provider VulnCheck.…

Now-NASA boffin not impressed

Last October, Pennsylvania State University (Penn State) was sued by a former chief information officer for allegedly falsifying government security compliance reports.…

Included secrets, private keys, passwords, 30,000+ internal Teams messages

A Microsoft employee accidentally exposed 38 terabytes of private data while publishing a bucket of open-source AI training data on GitHub, according to Wiz security researchers who spotted the leaky account and reported it to the Windows giant.…

Also, LockBit gets a new second stringer, AirTag owners find yet another illicit use, and this week's critical vulns

Infosec in brief  Californians may be on their way to the nation's first "do not broker" list with the passage of a bill that would create a one-stop service for residents of the Golden State who want to opt out of being tracked by data brokers. …

AMBERSQUID operation takes AWS's paths less travelled in search of compute

As cloud native computing continues to gain popularity, so does the risk posed by criminals seeking to exploit the unwary. One newly spotted method targets services on the AWS platform, but not necessarily the ones you might think.…

Oh s#!t, Sherlock

Israeli software maker Insanet has reportedly developed a commercial product called Sherlock that can infect devices via online adverts to snoop on targets and collect data about them for the biz's clients.…

Mandiant warns casino raiders are doubling down on 'monetization strategies'

Scattered Spider, the crew behind at least one of the recent Las Vegas casino IT security breaches, has already hit some 100 organizations during its so-far brief tenure in the cybercrime scene, according to Mandiant.…

Half a percent of last quarter's net income? That'll teach 'em

Google has been hit with another lawsuit alleging it deceived users about its collection, storage, and use of their location data, this time from the state of California. Yet it's over before it really began.…

Are you the weakest link?

The UK's Greater Manchester Police (GMP) has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked.…

NoEscape promises 'colossal wave of problems' if IJC doesn't pay up

The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization.…

Zero-days are so 2022. Why not just social engineer the help desk?

Updated  Casino giant Caesars Entertainment has confirmed miscreants stole a database containing customer info, including driver license and social security numbers for a "significant number" of its loyalty program members, in a social engineering attack earlier this month.…

Company noticed data warehouse break-in via compromised account a month later

Cloud-based bug tracking and monitoring platform Rollbar has warned users that attackers have rifled through their data.…

Homeland Security told to mind costs, fix up privacy controls

Twice delayed and over budget, the US Department of Homeland Security (DHS) has been told by the Government Accountability Office (GAO) that it needs to correct shortcomings in its biometric identification program.…

No, your CEO is not on Teams asking you to transfer money

Deepfakes are coming for your brand, bank accounts, and corporate IP, according to a warning from US law enforcement and cyber agencies.…

Ransomware group nicked info from employee of airline, say researchers

Aerospace giant Airbus has fallen victim to a data breach, thanks in part to the inattention of a third party.…

Cut and shut is so last century, now it's copy and clone

Researchers have found almost 15,000 automotive accounts for sale online and pointed at a credential-stuffing attack that targeted car makers.…

Fun technique – but how practical is it?

Some smart cookies at institutions in China and Singapore have devised a technique for reading keystrokes and pilfering passwords or passcodes from Wi-Fi-connected mobile devices on public networks, without any hardware hacking.…