interview The more cybersecurity news you read, the more often you seem to see a familiar phrase: Software supply chain (SSC) vulnerabilities. Varun Badhwar, founder and CEO at security firm Endor Labs, doesn't believe that's by coincidence.Β β¦
A Europol-led operation dubbed βPandoraβ has shut down a dozen phone scam centers, and arrested 21 suspects. The cops reckon the action prevented criminals from bilking victims out of more than β¬10 million (Β£8.6 million, $11 million).β¦
Indonesia has acquired spyware and surveillance technologies through a "murky network" that extends into Israel, Greece, Singapore and Malaysia for equipment sourcing, according to Amnesty International.β¦
Exclusive Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week.β¦
Microsoft today said it will now let us common folk β not just commercial subscribers β signΒ into their Microsoft accounts and apps using passkeys with their face, fingerprint, or device PIN.β¦
Miami resident Onur Aksoy has been sentenced to six and a half years in prison for running a multi-million-dollar operation selling fake Cisco equipment that ended up in the US military.β¦
Network admins are being urged to patch a bundle of critical vulnerabilities in ArubaOS that lead to remote code execution as a privileged user.β¦
The US Cybersecurity and Infrastructure Security Agency (CISA) is forcing all federal agencies to patch a critical vulnerability in GitLab's Community and Enterprise editions, confirming it is very much under "active exploit."β¦
Chinese tech companies that serve as important links in the world's digital supply chains are helping Beijing to execute and refine its propaganda strategy, according to an Australian think tank.β¦
A Ukrainian man has been sentenced to almost 14 years in prison and ordered to pay more than $16 million in restitution for his role in infecting thousands of victims with REvil ransomware.β¦
Updated Over a million records describing Australians who visited local pubs and clubs have apparently been posted online.β¦
Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.β¦
Fintech biz Block is reportedly under investigation by US prosecutors over claims by a former employee that lax compliance checks mean its Square and Cash App services may have been used by terrorists β or in countries that US orgs are not permitted to do business.β¦
Jack Blount, the now-ex CEO of Intrusion, has settled with the SEC over allegations he made false and misleading statements about his infosec firm's product as well as his own background and experience.β¦
Sixteen people are facing charges from US prosecutors for allegedly preying on the elderly and scamming them out of millions of dollars.β¦
Aussie airline Qantas says its app is now stable following a data breach that saw boarding passes take off from passengers' accounts.β¦
Updated The open source R programming language β popular among statisticians and data scientists for performing visualization, machine learning, and suchlike β has patched an arbitrary code execution hole that scored a preliminary CVSS severity rating of 8.8 out of 10.β¦
A cyber-thief who snatched tens of thousands of patients' sensitive records from a psychotherapy clinic before blackmailing them and then leaking their files online has been caged for six years and three months.β¦
Updated UnitedHealth CEO Andrew Witty will tell US lawmakers Wednesday the cybercriminals who hit Change Healthcare with ransomware used stolen credentials to remotely access a Citrix portal that didn't have multi-factor authentication enabled.β¦
A former NSA employee has been sentenced to 262 months in prison for attempting to freelance as a Russian spy.β¦
The European Commission has launched formal proceedings against Meta, alleging failure to properly monitor distribution by "foreign actors" of political misinformation before June's European elections.β¦
Apple's grudging accommodation of European antitrust rules by allowing third-party app stores on iPhones has left users of its Safari browser exposed to potential web activity tracking.β¦
The FCC on Monday fined four major US telcos almost $200 million for "illegally" selling subscribers' location information to data brokers.β¦
Google says it stopped 2.28 million Android apps from being published in its official Play Store last year because they violated security rules.β¦
Updated Canadian pharmacy chain London Drugs closed all of its stores over the weekend until further notice following a "cybersecurity incident."β¦
The French government has tabled an offer to buy key assets of ailing IT giant Atos after the company late last week almost doubled its estimate of the cash it will need to stay afloat in the near future.β¦
Smart device manufacturers will have to play by new rules in the UK as of today, with laws coming into force to make it more difficult for cybercriminals to break into hardware such as phones and tablets.β¦
The UK Competition and Markets Authority (CMA) still has privacy and competition concerns about Google's Privacy Sandbox advertising toolkit, which explains why the ad giant recently again delayed its plan to drop third-party cookies in Chrome until 2025.β¦
Sponsored Feature As business enters the 2020s, organizations find themselves protecting fast-expanding digital estates using security concepts that are decades old.β¦
Updated - Infosec in brief They say sunlight is the best disinfectant, and that appears to have been true in the case of Discord data harvesting site Spy.pet β as it was recently and swiftly dismantled after its existence and purpose became known.β¦
Millions of Kaiser Permanente patients' data was likely handed over to Google, Microsoft Bing, X/Twitter, and other third-parties, according to the American healthcare giant.β¦
Private equity investor Thoma Bravo has successfully completed a second acquisition attempt of UK-based cybersecurity company Darktrace in a $5.3 billion deal.β¦
The UK's contentious Investigatory Powers (Amendment) Bill (IPB) 2024 has officially received the King's nod of approval and will become law.β¦
Sponsored Post Ever get nostalgic for the good old days of cybersecurity protection? When attacks were for the most part amateurish and infrequent, and perhaps more in the nature of an occasional nuisance rather than a daily existential threat?β¦
Many Chinese keyboard apps, some from major handset manufacturers, can leak keystrokes to determined snoopers, leaving perhaps three quarters of a billion people at risk according to research from the University of Torontoβs Citizen Lab.β¦
Baltimore police have arrested Dazhon Leslie Darien, the former athletic director of Pikesville High School (PHS), for allegedly impersonating the school's principal using AI software to make it seem as if he made racist and antisemitic remarks.β¦
The FTC today announced it would be sending refunds totaling $5.6 million to Ring customers, paid from the Amazon subsidiary's coffers.β¦
Two men alleged to be co-founders of cryptocurrency biz Samourai Wallet face serious charges and potentially decades in US prison over claims they owned a product that facilitated the laundering of over $100 million in criminal cash.β¦
It may come as a surprise to absolutely nobody that experts say, in revealing the most prevalent and likely tactics to meddle with elections this year, that state-sponsored cybercriminals pose the biggest threat.β¦
Webinar The UK government could be forgiven for wanting to forget March 2024 ever happened.β¦
Indiaβs central bank has banned Kotak Mahindra Bank from signing up new customers for accounts or credit cards through its online presence and app.β¦
The director general of Australiaβs lead intelligence agency and the commissioner of its Federal Police yesterday both called for social networks to offer more assistance to help their investigators work on cases involving terrorism, child exploitation, and racist nationalism.β¦
A previously unknown and "sophisticated" nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes β and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western governments.β¦
Collaboration software used by federal government agencies β this includes apps from Microsoft, Zoom, Slack, and Google β will be required to work together and be securely end-to-end encrypted, if legislation proposed by US Senator Ron Wyden (D-OR) passes.β¦
Microsoft has come under fire for charging for security add-ons despite the company's own patchy record when it comes to vulnerabilities and breaches.β¦
A company contracted to manage an Amarillo, Texas nuclear weapons facility has to pay US government $18.4 million in a settlement over allegations that its atomic technicians fudged their timesheets to collect more money from Uncle Sam.β¦
Google's plan to phase out third-party cookies in Chrome is being postponed to 2025 amid wrangling with the UK's Competition and Markets Authority (CMA) and Information Commissioner's Office (ICO).β¦
The US has charged and sanctioned four Iranian nationals for their alleged roles in various attacks on US companies and government departments, all of whom are claimed to have worked for fake companies linked to Iran's military.β¦
Exclusive At least 18 public-sector websites in the UK and US send visitor data in some form to various web advertising brokers β including an ad-tech biz in China involved in past privacy controversies, a security firm claims.β¦
The average time taken by global organizations to detect cyberattacks has dropped to its lowest-ever level of ten days, Mandiant revealed today.β¦
UnitedHealth Group, the parent of ransomware-struck Change Healthcare, delivered some very unwelcome news for customers today as it continues to recover from the massively expensive side and disruptive digital break-in.β¦
It's become somewhat clichΓ© in cybersecurity reporting to speculate whether an organization will have the resources to "keep the lights on" after an attack. But the opposite turns out to be true with Leicester City Council following its March ransomware incident.β¦
Neighbourhood Watch (NW) groups across the UK can now rest easy knowing the developers behind a communications platform fixed a web app bug that leaked their data en masse.β¦
A misconfigured cloud server that used a North Korean IP address has led to the discovery that film production studios including the BBC, Amazon, and HBO Max could be inadvertently using workers from the hermit kingdom for animation projects.β¦
Russian spies are exploiting a years-old Windows print spooler vulnerability and using a custom tool called GooseEgg to elevate privileges and steal credentials across compromised networks, according to Microsoft Threat Intelligence.β¦
US lawmakers on Saturday reauthorized a contentious warrantless surveillance tool for another two years β and added a whole bunch of people and organizations to the list of those who can be compelled to spy for Uncle Sam.β¦
Yet another international cop shop has come out swinging against end-to-end encryption - this time it's Europol which is urging an end to implementation of the tech for fear police investigations will be hampered by protected DMs.β¦
Germany has arrested three citizens who allegedly tried to transfer military technology to China, a violation of the country's export rules.β¦
The Dutch Data Protection Authority (AP) has warned that government organizations should not use Facebook to communicate with the country's citizens unless they can guarantee the privacy of data.β¦
Fresh US legislation to force the sale of TikTok locally was passed in Washington over the weekend after an earlier version stalled in the Senate.β¦