31 Jul

More than 83K certs from nearly 7K DigiCert customers must be swapped out now

As the DigiCert drama continues, we now have a better idea of the size and scope of the problem – with the organization’s infosec boss

Author rabih
31 Jul

Russia takes aim at Sitting Ducks domains, bags 30,000+

Dozens of Russia-affiliated criminals are right now trying to wrest control of web domains by exploiting weak DNS services. The crooks have already hijacked an

Author rabih
31 Jul

Chrome adopts app-bound encryption to stymie cookie-stealing malware

Google says it’s enhancing the security of sensitive data managed by Chrome for Windows users to fight the scourge of infostealer malware targeting cookies. When

Author rabih
31 Jul

Embedding AI security from the get go

Sponsored Post The dawn of artificial intelligence is upon us, but its development has only just begun. Research suggests there will be just 250m users

Author rabih
31 Jul

‘Error’ in Microsoft’s DDoS defenses amplified 8-hour Azure outage

Do you have problems configuring Microsoft’s Defender? You might not be alone: Microsoft admitted that whatever it’s using for its defensive implementation exacerbated yesterday’s Azure

Author rabih
31 Jul

The cyberthreat that drives businesses towards cyber risk insurance

Business Security Many smaller organizations are turning to cyber risk insurance, both to protect against the cost of a cyber incident and to use the

Author rabih
31 Jul

UK Electoral Commission slapped for basic cybersecurity fails

The UK’s Electoral Commission has received a formal slap on the wrist for a litany of security failings that led to the theft of personal

Author rabih
31 Jul

DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder

DigiCert has given some unlucky customers 24 hours to replace their SSL/TLS security certificates it previously issued them – due to a five-year-old blunder in

Author rabih
30 Jul

Delta Air Lines dials up Microsoft’s legal nemesis over CrowdStrike losses

Delta Air Lines lost hundreds of millions of dollars due to the CrowdStrike outage earlier this month – and it has hired a high-powered law

Author rabih
30 Jul

‘LockBit of phishing’ EvilProxy used in more than a million attacks every month

Insight The developers of EvilProxy – a phishing kit dubbed the “LockBit of phishing” – have produced guides on using legitimate Cloudflare services to disguise

Author rabih
30 Jul

Ransomware gangs are loving this dumb but deadly make-me-admin ESXi vulnerability

Do you have your VMware ESXi hypervisor joined to Active Directory? Well, the latest news from Microsoft serves as a reminder that you might not

Author rabih
30 Jul

Phishing targeting Polish SMBs continues via ModiLoader

ESET Research ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families Jakub Kaloč 30 Jul 2024

Author rabih
30 Jul

Proofpoint phishing palaver plagues millions with ‘perfectly spoofed’ emails from IBM, Nike, Disney, others

A huge phishing campaign exploited a security blind-spot in Proofpoint’s email filtering systems to send an average of three million “perfectly spoofed” messages a day

Author rabih
30 Jul

Malaysia is working on an internet ‘kill switch’, says minister

Legislation for an internet “kill switch” will reach Malaysia’s Parliament in October, according to the country’s minister for Law and Institutional Reform. Minister Azalina Othman

Author rabih
29 Jul

Meta’s AI safety system defeated by the space bar

Meta’s machine-learning model for detecting prompt injection attacks – special prompts to make neural networks behave inappropriately – is itself vulnerable to, you guessed it,

Author rabih
29 Jul

Post-CrowdStrike, Microsoft to discourage use of kernel drivers by security tools

Updated Microsoft has vowed to reduce cybersecurity vendors’ reliance on kernel-mode code, which was at the heart of the CrowdStrike super-snafu this month. Redmond shared

Author rabih
29 Jul

US border cops really must get a warrant in NY before searching your phones, devices

US border agents must obtain a warrant, in New York at least, to search anyone’s phone and other electronic device when traveling in or out

Author rabih
29 Jul

Post-CrowdStrike, Microsoft to discourage use of kernel drivers by security software

Microsoft has admitted that its estimate of 8.5 million machines crashed by CrowdStrike’s faulty software update was based on incomplete data and vowed to reduce

Author rabih
Load moreLoadingAll items loaded