Yes, of course there’s now malware for Windows Subsystem for Linux
Once dismissed proof-of-concept attack on Microsoft OS through WSL detected in the wild Linux binaries have been found trying to take over Windows systems in what appears to be the first publicly identified malware to utilize Microsoft's Windows Subsystem...
Something phishy: Tech recruiters jabbed by fake COVID-19 Passport scam
Tells clients it is tackling the issue An IT recruitment agency says a "phishing scam" is behind a fake email sent to its customers with details on how to apply for a "Coronavirus Digital Passport."…
Is it OK to use stolen data? What if it’s scientific research in the public interest?
Not always, but Swiss team says you can manage the risks There's a fine line between getting hold of data that may be in the public interest and downright stealing data just because you can. And simply because the...
WTF? Microsoft makes fixing deadly OMIGOD flaws on Azure your job
Clouds usually fix this sort of thing before bugs go public. This time it's best to assume you need to do this yourself Microsoft Azure users running Linux VMs in the company's Azure cloud need to take action to...
Aviation-themed phishing campaign pushed off-the-shelf RATs into inboxes for 5 years
Not all promises of international flight itineraries are real, warns Cisco Talos A phishing campaign that mostly targeted the global aviation industry may be connected to Nigeria, according to Cisco Talos.…
Hack yourself before someone else does it for you
Breach and attack simulation tools help you raise your game, Keysight says Sponsored Stop me if you’ve heard this before, but something appears to be amiss with cybersecurity. The spectacular success of ransomware is only the latest and worst...
Ransomware-hit law firm secures High Court judgment against unknown criminals
You tell 'em, 4 New Square chambers The London law firm which secured a court injunction forbidding ransomware criminals from publishing data stolen from them has now gone a step further – by securing a default judgment from the...
Computer and data scientists should be as highly regarded as ‘warriors’ says top UK cybergeneral
Translation: Skills shortage here! DSEI 2021 Military computer scientists ought to be treated with the same regard as pilots and warship captains, the head of the Army's cyber command has said.…
De-identify, re-identify: Anonymised data’s dirty little secret
Jeffrey Singh, stamp-collecting bachelor (35) of Milwaukee, Wisconsin – is that you? Feature Publishing data of all kinds offers big benefits for government, academic, and business users. Regulators demand that we make that data anonymous to deliver its benefits...
It’s time to delete that hunter2 password from your Microsoft account, says IT giant
And go passwordless, use auth app, keys, Windows Hello, or codes to login From this week, Microsoft won't require you, or your password manager, to come up with strings of letters, numbers, and special characters forming a silly sentence...
This is AUKUS for China – US, UK, Australia reveal defence tech-sharing pact
Will build nuke-powered subs together and share cyber, AI, quantum and mysterious 'undersea capabilities' tech Australia, the United States of America, and the United Kingdom have signed a new defence and technology-sharing pact.…
Ransomware crims saying ‘We’ll burn your data if you get a negotiator’ can’t be legally paid off anyway
Grief Corp are already under US sanctions, says Emsisoft A couple of ransomware gangs have threatened to start deleting files if targeted companies call in professional negotiators to help lower prices for decryption tools.…
Ex-US intel, military trio were cyber-mercenaries for UAE, say prosecutors
Three men charged, agree to deal after infiltrating smartphones with zero-click exploits Three former US intelligence and military operatives broke America's weapons export and computer security laws by, among other things, helping the United Arab Emirates hijack and siphon...
Microsoft’s end-of-summer software security cleanse crushes more than 80 bugs
Patch Tuesday fiesta also sees Adobe and SAP tidying up Patch Tuesday For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities, alongside 20 Chromium bugs in Microsoft Edge.…
Microsoft’s end-of-summer software security cleanse crushes more than 80 bugs
Patch Tuesday fiesta also sees Adobe and SAP tidying up Patch Tuesday For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities, alongside 20 Chromium bugs in Microsoft Edge.…
Krita art app users targeted by ransomware posing as paid ‘collaboration’ opportunities
Artists advised to delete emails asking them to download 'media bundle' Krita, an open-source cross-platform digital painting application, has become the latest victim of ransomware – but rather than being attacked directly, its name is being used to spread...
Security bods boost Apple iPhone hardware attack research with iTimed toolkit
'The first complete infrastructure to enable general-purpose hardware security experiments on the Apple iPhone SoCs,' they claim A trio of researchers at North Carolina State University (NC State) have released what they describe as a "novel research toolkit" for...
Brits open doors for tech-enabled fraudsters because they ‘don’t want to seem rude’
Impersonation scams and smishing rocket, say UK Finance and Which? Brits are too polite to tell phone scammers to "get stuffed", "take a hike" or "sling yer 'ook" when they impersonate so-called "trusted organisations" such as banks.…
Thousands of internet-connected databases contain high or critical CVEs, says report by cloud security biz
Put your data on someone else's computer to keep it safe, urges Imperva After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet.…
ExpressVPN bought for $1bn by Brit biz with an interesting history in ad-tech world
'Kape has moved on from those times' UK-headquartered Kape Technologies announced on Monday it has acquired ExpressVPN in a $936m (£675m) cash and stocks deal, a move it claims will double its customer base to at least six million.…...
The Biden administration plans to target exchanges supporting ransomware operations with sanctions
US Government is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware operations to cash out ransom payments.
The Biden administration is putting in place all the strategies to disrupt the operations of the ransomware...
Former US Intelligence Operatives Admit They Hacked for UAE
Plus: Remote learning spyware, an AT&T bribery scandal, and more of the week's top security news.
Expert discloses details and PoC code for Netgear Seventh Inferno bug
A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and take over impacted devices.
Researchers provided technical details about a recently addressed critical vulnerability, dubbed Seventh Inferno, in Netgear smart...
A new app helps Iranians hide messages in plain sight
Enlarge / An anti-government graffiti that reads in Farsi "Death to the dictator" is sprayed at a wall north of Tehran on September 30, 2009. (credit: Getty Images)
Amid ever-increasing government Internet control, surveillance, and censorship in...
Forget iPhone 13–Apple Suddenly Has A Critical New iPhone 14 Problem
How does Apple resolve the nightmare now awaiting its next iPhone...
