Movatterモバイル変換

Full scale of infections remains 'unknown'

Plus 3 new goon squads targeted critical infrastructure last year

Police say seized kit contained logins, passwords, and server IP addresses

Fashion brand latest to succumb to ShinyHunters' tricks

High-severity CSS flaw let malicious webpages run code inside the sandbox

Infosec in Brief PLUS: Fake ransomware group exposed; EC blesses Google's big Wiz deal; Alleged sewage hacker cuffed; And more

Names, addresses, bank account numbers accessed – but biz insists passwords and call data untouched

As if snooping on your workers wasn't bad enough

Flaw abused 'in an extremely sophisticated attack against specific targeted individuals'

Researchers say breaches link identity abuse, SaaS compromise, and ransomware into a cascading cycle

Meanwhile, IP-stealing 'distillation attacks' on the rise

Exclusive Attackers using social engineering to exploit business processes, rather than tunnelling in via tech

Operation Cyber Guardian involved 100-plus staff across government and industry

HR outsourcer Conduent confirms intruders accessed benefits-related records tied to US personnel

So many CVEs, so little time

Staff data belonging to the regulator and judiciary's governing body accessed

Officials explore issue affecting infrastructure after CERT-EU detected suspicious activity

Attackers may have snapped user locations and activity information, message warns

Contact details were accessed in an intrusion that went undetected for months, the blogging outfit says

And their toolkit includes a new, Linux kernel rootkit

Breach-tracking site flags dataset following impersonation-based intrusion

Right on cue, petulant hacktivists attempt to disrupt yet another global sporting event

UPDATED LLMs automated most phases of the attack

Gang walks away with nothing, victims are left with irreparable hypervisors

GreyNoise's Glenn Thorpe counts the cost of missed opportunities

DDoSer of 'strategically important' websites admitted to most charges

The group targets telecoms, critical infrastructure - all the usual high-value orgs

Ukraine’s CERT says the bug went from disclosure to active exploitation in days

Breach lingered for months before stronger signature checks shut the door

Opinion Don't be scared of the digital dark – learn how to keep the lights on

Parent company Cognizant hit with multiple lawsuits

The Chocolate Factory strikes again, targeting the infrastructure attackers use to stay anonymous

Extortion crew says it's found love in someone else's info as Match Group plays down the impact

Close call after an apparently deliberate attempt to starve a country of energy at the worst time

Cybercrime solved. The end

Russians, Chinese spies, run-of-the-mill crims …

Plus, the gang says it got in via Microsoft Entra SSO

Reports say Salt Typhoon attackers accessed handsets of senior govt folk

Atlassian, RingCentral, ZoomInfo also among tech targets

US sports brand launches probe after extortion crew WorldLeaks claims it stole huge dataset

Cyber sleuths believe Sandworm up to its old tricks with a brand-new sabotage toy

'A lot more' victims to come, we're told

Direct debits? Maybe February. Birth certificates? Dream on. Council tax bills? Oh, those are coming

Teach a crook to phish…

Logging in, not breaking in

Admins say attackers are still getting in despite recent patches

updated Phishing campaign tries to reel in master passwords

Have I Been Pwned reckons 72.7M customer accounts affected, sportswear firm remains silent

Group-IB says crims forking out for Dark LLMs, deepfakes, and more at subscription prices

Interview OG CDN boss says fighting illegal streams is about stopping criminals cashing in, not free speech

Feras Albashiti faces 10 years after $20,000 in sales to undercover agent exposed ransomware ties

They’re not the most sophisticated, but even simple attacks can lead to costly consequences

Maine filing confirms July attack affected 42,521 employees and job applicants

Kids return to classrooms after safety infrastructure knocked out

Ransomware kingpin who escaped Armenian custody is believed to be lying low back home

Check Point observes 40K+ attack attempts in 4 hours, with government organizations under fire

What's next for Venezuela? Click on the file and see

Redmond says cheap virtual desktops powered a global wave of phishing and fraud

Three major GDPR violations, including a lack of basic security controls, lead to hefty dent in profits

New crooks on the block get crafty with blockchain to evade defenses

Attack enters second day with major disruption to healthcare provision

Travel biz tells customers to change passwords beyond its own services

Endesa says payment info stolen after alleged crook boasted of 1 TB-plus haul

33-year-old was under surveillance for some time before returning home from the UAE

Dutchman fails to convince judges his trial was unfair because cops read his encrypted chats

Gang members 'systematically exploited children and young people,' cops say

Updated Website built around buying and selling stolen data has lost control of its own

infosec in brief PLUS: Veeam patches critical vuln; Crims bribing dark web insiders; UK school takedown; And more

ANALYSIS Ministers promise equivalent standards just without the legal obligation

Basketball player accused of aiding cybercrime gang extradition blocked in exchange for Swiss NGO consultant

State-backed attackers are using QR codes to slip past enterprise security and help themselves to cloud logins, the FBI says

Huntress analysis suggests VM escape bugs were already weaponized in the wild

Cop wins hit crime infrastructure, not the people behind it

Max-severity OneView hole joins a PowerPoint bug that should've been retired years ago

exclusive Two weeks, two major data leaks … not a good look for the European Space Agency

pcTattletale boss Bryan Fleming faces up to 15 years in prison when sentenced later this year

Updated High-risk system compromised long before intrusion was finally spotted

Production halts and supply-chain disruption left luxury automaker reeling in fiscal Q3

Crimson Collective claims 'sophisticated attack'

Phishers posing as Booking.com use panic-inducing blue screens to bypass security controls

Order and contact details accessed via ecommerce partner, and phishing has begun

Phones, email, and core systems knocked out at Higham Lane in Nuneaton

Central government will supposedly be as secure as energy facilities and datacenters under new proposals

Crim used infostealer to get cloud credentials

Government 'incredibly' concerned about breach potentially affecting more than 100,000 patients

Netflix documentary part 2 in the works?

For the bargain price of 6.5 bitcoin

Gavin Webb orchestrated Operation Cronos as it pulled off the legendary disruption sting

As in past incidents, ESA says the impact was limited to external systems

Funds in ‘Money Safe’ accounts are only available when customers appear for face-to-face verification

Pair became ALPHV affiliates to prey on US-based clients

One cert, in plaintext, on thousands of devices, led to what looks like years of crime

There's more where that came from, CEO says

Extortion group Lovely claims to have stolen 40 million pieces of info from publisher Conde Nast

Former staffer of Korean e-tailer Coupang accessed 33 million records but may have done less damage than feared

The human harms of cyberattacks piled up this year, and violence expected to increase

Crooks used platform to scoop up and store banking credentials for big-money thefts

Automaker's third security snafu in three years

And it's especially dangerous because the code works

Judge says former most-wanted fugitive Mark Acklom will likely never return to the UK