They say the tooth will set you free… so Brit dentist trade union tells members: ‘Bad news; we’ve been hacked’
Bank account numbers and sort codes may have been accessed by intruders Hackers who accessed the servers of the British Dental Association (BDA) may have made off with members' bank account numbers and sort codes, according to reports.…
Uncle Sam blames best pal China as Taidoor crew’s dirty RAT takes aim at Western orgs, but others are less sure
Hello, 2009 called, they said they've got an email for you A Chinese state-backed hacking crew named Taidoor is deploying a custom remote access trojan (RAT) against Western organisations, according to US authorities.…
Doctor, doctor, got some sad news, there’s been a bad case of hacking you: UK govt investigates email fail
Former trade minister Dr. Liam Fox named as source of leaked trade docs Former UK trade minister and current Conservative MP Dr. Liam Fox has been named as the source of hacked trade documents released during last year's British...
Leaky S3 buckets have gotten so common that they’re being found by the thousands now, with lots of buried secrets
When will this madness end? The massive amounts of exposed data on misconfigured AWS S3 storage buckets is a catastrophic network breach just waiting to happen, say experts.…
Days after Trump suggests pausing election over security, US House passes $500m for states to do just that
Chances of it getting enacted in time for the election - slim to almost nil The US House of Representatives has passed a spending bill which includes a $500m election security provision.…
Days after President Trump suggests pausing election over security, US House passes $500m for states to shore up election security
Chances of it getting enacted in time for November – slim to almost nil The US House of Representatives has passed a spending bill which includes a $500m election security provision.…
UK Defence Committee chair muses treating TikTok like Huawei: So eyeball its code then ban it from the country?
Chinese-owned vid app reportedly moving HQ to London The chairman of UK Parliament's Defence Committee has suggested making popular app TikTok subject to Huawei-style code reviews by GCHQ, if its reported move to a new London HQ comes true.…
Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns
OpenSSF to take projects from CII and OSSC under its umbrella The Linux Foundation has formed the Open Source Security Foundation (OpenSSF) with founding board members representing companies including IBM, GitHub, Google, JPMorgan Chase, Microsoft, NCC Group, and Red...
‘We stopped ransomware’ boasts Blackbaud CEO. And by ‘stopped’ he means ‘got insurance to pay off crooks’
CRM biz doesn't 'anticipate any kind of material financial impact' but can't say same for those whose data was nicked "We discovered and stopped a sophisticated attempted ransomware attack," Blackbaud CEO Michael Gianoni has told financial analysts – failing...
Oh cool, more Cisco patches to apply. Happy Monday
Meanwhile, Linux KDE desktops can be pwned by evil archives In Brief Cisco customers once again find themselves needing to patch critical vulnerabilities in Switchzilla's gear.…
Who was behind that stunning Twitter hack? State spies? Probably this Florida kid, say US prosecutors
Alleged 17-year-old mastermind among trio charged over account mass hijackings Three individuals were charged on Friday for allegedly hijacking a string of high-profile Twitter accounts after hoodwinking the social network's staff.…
First rule of Ransomware Club is do not pay the ransom, but it looks like Carlson Wagonlit Travel didn’t get the memo
$4.5m may have gone into crims' pockets after bookings biz hit by Ragnar Locker nasty Exclusive US corporate travel management firm Carlson Wagonlit Travel has suffered an intrusion and it is believed the company paid a $4.5m ransom to...
Burn baby burn, plastic inferno! Infosec researchers turn 3D printers into self-immolating suicide machines
Inflammatory findings from deadly serious investigation Some 3D printers can be flashed with firmware updates downloaded directly from the internet – and an infosec research firm says it has discovered a way to spoof those updates and potentially make...
In the market for a second-hand phone? Check it’s still supported by the vendor – almost a third sold are not
That means no security updates, which puts users at risk of compromise An investigation by consumer watchdog Which? has found that nearly a third of all phones sold on second-hand sites are no longer supported by the vendor, leaving...
EU tries to get serious on cybercrime with first sanctions against Wannacry, NotPetya, CloudHopper crews
Russian, Chinese, Nork groups named in bank asset freeze The European Union has, for the first time ever, slapped sanctions on hacking crews.…
Fun fact: If you noticed a while ago Zoom’s web client going AWOL for a week, it’s because someone found a passcode-cracking hole
Story behind the hasty teardown and repairing of a brute-force vulnerability Zoom has confirmed it fixed a vulnerability that could have been exploited by miscreants to crack the passcodes needed to access strangers' private chin-wagging.…
Twitter says spear-phishing attack hooked its staff and led to celebrity account hijack
Attack came in waves that probed for staff with access to the creds crims craved Twitter has offered further explanation of the celebrity account hijack hack that saw 130 users’ timelines polluted with a Bitcoin scam.…
Infosec bod: I’ve found zero-day flaws in Tor’s bridge relay defenses. Tor Project: Only the zero part is right
Warnings either not new or need more study, says open-source dev team Neal Krawetz, a computer forensics expert, has published details on how to detect Tor bridge network traffic that he characterizes as "zero-day exploits"... which the Tor Project...
If you own one of these 45 Netgear devices, replace it: Firm won’t patch vulnerable gear despite live proof-of-concept code
That's one way of speeding up the tech refresh cycle Netgear has quietly decided not to patch more than 40 home routers to plug a remote code execution vulnerability – despite security researchers having published proof-of-concept exploit code.…
DXC says ransomware attack disrupted customer operations at insurance services arm but barely left a scratch
No data loss or evidence of extended intrusions, but standalone limb Xchanging did suffer DXC has recovered from a ransomware attack that hit its independent services-for-insurers operation Xchanging.…
6 Dangerous Defaults Attackers Love (and You Should Know)
Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
GreyNoise Raises $4.8 Million in Seed Funding to Combat Alert Fatigue
GreyNoise Intelligence, a startup focused on helping security teams reduce alert fatigue, has raised nearly $5 million in seed investment to help the company expand its intelligence service that helps teams “prioritize alerts that matter by quieting ones that...
Tampa Teenager Accused in Twitter Hack Pleads Not Guilty
A Florida teen identified as the mastermind of a scheme that gained control of Twitter accounts of prominent politicians, celebrities and technology moguls pleaded not guilty on Tuesday to multiple counts of fraud.
read more
Google Patches Over 50 Vulnerabilities in Android With August 2020 Updates
Google on Monday announced the August 2020 security updates for the Android operating system, with patches for a total of more than 50 vulnerabilities.
read more
EU launching deep probe into Google’s planned $2.1 billion Fitbit buy
Enlarge / Logo of Google is displayed on a smartphone by logo of Fitbit in Brussels, Belgium on August 4, 2020. (credit: Dursun Aydemir | Andalou Agency | Getty Images)
Regulators in the European Union are launching...
