The social media company also shared more information on the policies that led to its crackdown on QAnon-related tweets.

Detecting doctored media has become tricky -- and risky -- business. Here's how organizations can better protect themselves from fake video, audio, and other forms of content.

It starts with a backpack of $200 of electronics and poor Wi-Fi security The US Department of the Interior (DoI) spectacularly failed its latest computer security assessment, mostly for a lack of Wi-Fi defenses.…

Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.

So far, at least, the threat group has not let public scrutiny slow it down, security researchers say.

Co-founder and CTO Christian Beedgen explains what this means for the future of the cloud-based data analytics company.

An attack that knocked hospital systems offline ends in death for patient who had to be sent to another facility.

Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.

Telecom kit maker points finger in the general direction of Middle Kingdom's complicated supply chain Hardware video encoders from multiple suppliers contain several critical security bugs that allow a remote unauthenticated miscreant to run arbitrary cod ...

Mozilla will shut down Send for good after a ZDNet report over the summer that highlighted the service's popularity with malware operators.

Three suspects were indicted, with one being a famous security researcher.

Five alleged members of the China-linked advanced threat group and two associates have been indicted by a Federal grand jury, on dozens of charges.

Ransomware group has borrowed a successful technique from another gang which makes it harder to spot when malware is being spread.

Death occurred after a patient was diverted to a nearby hospital after the Duesseldorf University Hospital suffered a ransomware attack.

The official app store is taking on spy- and surveillance-ware, along with apps that could be used to mount political-influence campaigns.

Never mind real-world viruses, get your networks into lockdown ASAP GCHQ offshoot the National Cyber Security Centre has warned Further and Higher Education institutions in the UK to be on their guard against ransomware attacks as the new academic year (s ...

Lenovo ThinkPad users can disable a Windows 10 security feature to avoid BSODs, but Microsoft warns against it.

The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.

The attack on the Newhall District in Valencia is part of a wave of ransomware attacks on the education sector, which shows no sign of dissipating.

And why it's what you need amid an explosive demand for IT services as a result of an increasingly distributed workforce Sponsored The Intel vPro® platform has been around for over a decade as the company’s official branding for business-grade laptop ...

Apple has baked even more security into iOS 14 and iPadOS 14 for iPhones and iPads to keep you and your data safe.

There’s a new unpatched Bluetooth vulnerability: The issue is with a protocol called Cross-Transport Key Derivation (or CTKD, for short). When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKD’s role is to set up two sepa ...

They describe how many general practitioners still use paper records -- and even fax.

NSW Police says overseas provider was prevented from disclosing information to foreign authorities.

F-Secure gives its take on the first half of 2020 in internet scumminess Coronavirus-themed malicious emails were the standout feature of online naughtiness in the first half of 2020, according to infosec firm F-Secure – though overall volumes of phishi ...

The strangest connected devices are showing up, and the threats they pose to security should not be overlooked.

Ban is meaningless as Google leaves a giant loophole in the rules, allowing stalkerware devs to rebrand their apps as child trackers.

Phishers claimed to be from 'National Health Commission', which exists in mainland China but not Taiwan Taiwan's CERT detected cyber-crooks impersonating medical authorities to attack the country's tech industry during the early stages of the COVID pandem ...

Attacks grew in number, size, and sophistication as the coronavirus pandemic took hold.

Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.

US government says the two hacked targets at the behest of the Iranian regime and for their personal financial gain.

The China-linked threat group RedDelta has continued to launch cyberattacks against Catholic institutions since May 2020 until as recently as last week.

After the pandemic, companies will continue to invest in improving IT infrastructure and security as well as automate tasks to reduce errors and improve network resiliency.

The newly discovered form of HTTP request smuggling could have widespread impact because any proxy can be affected, researchers say. Here's what infosec pros should know.

The newly discovered form of HTTP request smuggling could have widespread impact because any proxy can be affected, say researchers. Here's what infosec pros should know.

The five Chinese nationals are among seven defendants arrested for intrusion campaigns into more than 100 organizations, the DoJ reports.

The Reolink Go PT gives you wire-free surveillance almost anywhere there is a cell phone signal.

Ugly: And it's all about video game robberies at this stage Two people have been arrested in Malaysia as part of America's crackdown on the Chinese government's hackers.…

The two hackers stole from hundreds of users of cryptocurrency exchanges Poloniex, Binance, and Gemini.

Users part of Google's Advanced Protection Program can now send suspicious downloads to Google and have them scanned on demand.

More people being online during lockdowns and work-from-home shifts has proven to be lucrative for DDoS-ers.

Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?

Please just patch your infrastructure, begs US-CISA Where Chinese hackers exploit, Iranians aren’t far behind. So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vu ...

The Cybersecurity and Infrastructure Security Agency will become a peer of MITRE in the CVE program, likely leading to continued increases in disclosed vulnerabilities.

When cybersecurity reporter Danny Palmer found his card was apparently used on another continent, he set out to discover more.

US says APT41 orchestrated intrusions at more than 100 companies across the world, ranging from software vendors, video gaming companies, telcos, and more.

The two hackers allegedly hacked more than 50 websites hosted in the U.S. and vandalized them with pro-Iran messages.

While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.

More and more devices are being connected to corporate networks - and in many cases, organisations don't even know they're there. But cyber criminals do.

An auction designed to net the developer of the Android malware $100,000 failed.

Security Pro File: Award-winning computer scientist and electronic voting expert Barbara Simons chats up her pioneering days in computer programming, paper-ballot backups, Internet voting, math, and sushi.

The Grugq has written an excellent essay on how the Russian cybercriminal gang FIN7 operates. An excerpt: The secret of FIN7’s success is their operational art of cyber crime. They managed their resources and operations effectively, allowing them to suc ...

US residents are willing to serve the greater good but have reservations concerning government use of their data.

The 'BLESA' flaw affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing, Purdue researchers said.

Cynet's report shares several interesting data points and findings, such as the cyberattack volume change observed in various industry sectors, the increased use of spearphishing as an initial attack vector, and the approaches being used to distribute mal ...

Erm ... guys ... have you looked at recent patch counts? (We have: you issued 372 this quarter, 54 critical) Microsoft has open-sourced the fuzzing tool it uses to scour its own code for potential security vulnerabilities.…

The bugs could be exploited to leak information.

Singapore orders Grab to put in place a "data protection by design policy" after the mobile app platform breaches the country's personal data protection laws multiple times, which security observers say indicate the need for a "serious review".

And have you tried simply asking hackers to not hack? The NSA has published online a guide for IT admins to keep systems free of bootkits and rootkits.…

The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online att ...

The pandemic-related shift to remote work and the growing availability of ransomware-as-a-service were two major drivers, CrowdStrike says.

Social engineering and employee mistakes lead to breach Veteran's Administration and the National Health Service.

As more organizations face disruptions, a defined approach to recovery is imperative so they can successfully recover, experts say.

QR code usage is soaring in the pandemic -- but malicious versions aren't something that most people think about.

Without the right reinforcements, you'll be barking at the moon.

New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.

No way to sugarcoat this: New York AG eclairs the 2015 data theft matter settled Dunkin' Donuts today settled a lawsuit in which it was accused of hushing up the fact hackers siphoned its customers' personal information from its systems in 2015.…

As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.

CISA has issued an alert following the discovery of publicly available exploit code for Windows elevation of privilege flaw CVE-2020-1472.

US authorities have tracked down the two hackers behind a January 2020 mass-defacement campaign.

Two bugs (CVE-2020-4703 and CVE-2020-4711) in IBM's Spectrum Protect Plus data-storage protection solution could enable remote code execution.

The keys were primarily for access to databases and cloud services.

Video platform is not for under-13s, insists spokesman A campaign group is suing Google for up to £2.5bn over claims that YouTube breaks EU data protection laws by harvesting information about children under 13 – and is hoping to turn it into a UK clas ...

New MITRE project to provide free emulation plans that mimic major threat actors in order to train and help defenders.

Security researchers and U.S. government authorities alike are urging admins to address Microsoft's critical privilege escalation flaw.

Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.

Microsoft's open-source Project OneFuzz automates the detection of software bugs that could be security issues.

Vulnerabilities ‘that have existed for years’ in WS-Trust could be exploited to attack other services such as Azure and Visual Studio.

Nearly 2,000 e-commerce shops pwned over weekend so it's time to migrate Thousands of e-commerce stores built using Magento 1 have been poisoned with malicious code that steals customers' bank card information as they enter their details to order stuff on ...

By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.

Both nation-state backed hackers and cyber criminals asking trying to take advantage of the rise in remote working, and getting more sophisticated in their approach.

Tune in online this month and learn how to keep them at bay Webcast Working from home may have turned your life upside down, but for hackers, cyber-criminals and other bad actors, it’s all been business as usual.…

Daimler must also recall and repair Mercedes-Benz diesel cars that cheat the system.

Move to set up its Southeast Asian hub in Singapore comes amidst China's worsening relations with the US and India, which have led to Chinese apps being banned in both countries.

Interesting privacy analysis of the Ambient Light Sensor API. And a blog post. Especially note the “Lessons Learned” section.

Compiling using open source intel and hailed as showing extent of China’s surveillance activities A US academic has revealed the existence of 2.4-million-person database he says is compiled by a Chinese company known to supply intelligence, military, an ...

Exposure draft of the Bill includes the requirement for consent unless unreasonable or impracticable.

Probing systems during a live election 'to be treated as hostile unless authorization granted,' Voatz insists About 70 members of the computer security community on Monday challenged US voting app maker Voatz's effort to dictate the terms under which bug ...

This is a current list of where and when I am scheduled to speak: I’m speaking at the Cybersecurity Law & Policy Scholars Virtual Conference on September 17, 2020. I’m keynoting the Canadian Internet Registration Authority’s online symposium, Canadi ...

Phishing messages purporting to be from myGov and Centrelink will be rejected by Telstra under a program that should have been called 'roboblock'.

Beijing's snoops don't even need zero-days to break into valuable networks The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and Ameri ...

Probing systems during a live election 'to be treated as hostile unless authorization granted,' Voatz insists About 70 members of the computer security community on Monday challenged US voting app maker Voatz's effort to dictate the terms under which bug ...

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.

Pen-test results also show a majority of organizations have few protections against attackers already on the network.

Almost 2,000 Magento stores have been compromised over the weekend in the largest hacking campaign since 2015.

In a letter, almost 70 different security firms and individual researchers criticize Voatz for misrepresenting to the US Supreme Court widely accepted security research practices.

You can do it the easy way or the easier way A "hack-proof" smart padlock with security based on blockchain technology could be defeated by a simple Bluetooth replay attack – or a 1kg lump hammer.…

Atlanta federal court changing license, clerk tells us A court hearing on election security in America failed in its own security efforts – when it was zoombombed with porn, swastikas and images of the World Trade Center attacks.…

An expert in economics and cybersecurity applies opportunity cost and other concepts of the "dismal science" to infosec roles.

The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.

The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.

August breach hadn't been cleared up at all – and regulators are furious Personal data on 24 million South Africans, wrongfully sold by Experian to a person it claimed had "pretended" to represent a "legitimate client", is now not only circulating on th ...

The FBI is raising a sign of alarm about the rising number of credential stuffing attacks targeting financial institutions.

A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.

CISA says attacks have started a year ago and some have been successful.

Fairfax County Public Schools has launched an investigation following a ransomware attack on some of its technology systems.

Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.

Sorry we shut you out, says Tutanota: Encrypted email service weathers latest of ongoing DDoS storms 3 days ago Privacy-conscious biz insists on rolling its own mitigations, though Encrypted email biz Tutanota has apologised for accidentally shutting its own users out while fending off the latest of a series of distributed denial-of-service (DDoS) attacks.…

Open Source Security's Top Threat and What To Do About It 3 days ago With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.

Ransomware: This essential step could help you make it through an attack 3 days ago New advice from the National Cyber Security Centre urges businesses to have an incident response plan in place - even if they think they're unlikely to fall victim to hackers.