June 2024

That PowerShell ‘fix’ for your root cert ‘problem’ is a malware loader in disguise

Control-C, Control-V, Enter ... Hell Crafty criminals are targeting thousands of orgs around the world in social-engineering attacks that use phony error messages to trick users into running malicious PowerShell scripts. …

Rogue uni IT director pleads guilty after fraudulently buying $2.1M of tech

Two decades in the clink would be quite an education A now-former IT director has pleaded guilty to defrauding the university at which he was employed – and a computer equipment supplier – for $2.1 million over five years.…

Dark-web kingpin puts ‘stolen’ internal AMD databases, source code up for sale

Chip designer really gonna need to channel some Zen right now AMD's IT team is no doubt going through its logs today after cyber-crooks put up for sale what is claimed to be internal data stolen from the US microprocessor designer.…

EU attempt to sneak through new encryption-eroding law slammed by Signal, politicians

If you call 'client-side scanning' something like 'upload moderation,' it still undermines privacy, security On Thursday, the EU Council is scheduled to vote on a legislative proposal that would attempt to protect children online by disallowing confidential communication.…

CHERI Alliance formed to promote memory security tech … but where’s Arm?

Academic-industry project takes next step as key promoter chip designer licks its wounds A group of technology organizations has formed the CHERI Alliance CIC (Community Interest Company) to promote industry adoption of the security technology focused on memory access.…

Uncle Sam ends financial support to orgs hurt by Change Healthcare attack

Billions of dollars made available but worst appears to be over The US government is winding down its financial support for healthcare providers originally introduced following the ransomware attack at Change Healthcare in February.…

NHS boss says Scottish trust wouldn’t give cyberattackers what they wanted

CEO of Dumfries and Galloway admits circa 150K people should assume their details leaked The chief exec at NHS Dumfries and Galloway will write to thousands of folks in the Scottish region whose data was stolen by criminals, admitting the lot of it was published after the trust…

VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug

Specially crafted network packet could allow remote code execution and access to VM fleets VMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server – the tool used to manage virtual machines and hosts in its flagship Cloud Foundation and vSphere suites.…

Arm security defense shattered by speculative execution 95% of the time

'TikTag' security folks find anti-exploit mechanism rather fragile In 2018, chip designer Arm introduced a hardware security feature called Memory Tagging Extensions (MTE) as a defense against memory safety bugs. But it may not be as effective as first hoped.…

Blackbaud has to cough up a few million dollars more over 2020 ransomware attack

Four years on and it's still paying for what California attorney general calls 'unacceptable' practice Months after escaping without a fine from the US Federal Trade Commission (FTC), the luck of cloud software biz Blackbaud ran out when it came to reaching a settlement with California's attorney general.…

Copyright © 2024 Lugapel