2024
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+
Microsoft's OS sure loves throwing your creds at remote systems Updated Acros Security claims to have found an unpatched bug in Microsoft Windows 7 and onward that can be exploited to steal users' OS account credentials.…
Facing sale or ban, TikTok tossed under national security bus by appeals court
Video slinger looks to Supremes for salvation, though anything could happen under Trump A US federal appeals court has rejected a challenge to the law that prevents popular apps that collect data on Americans from being controlled by a foreign adversary.…
Salt Typhoon forces FCC’s hand on making telcos secure their networks
Proposal pushes stricter infosec safeguards after Chinese state baddies expose vulns The head of America's Federal Communications Commission (FCC) wants to force telecoms operators to tighten network security in the wake of the Salt Typhoon revelations, and to submit an annual report detailing measures taken.…
Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware
Threatened with life in prison, Kyiv charity worker gives middle finger to state spies A Russian programmer defied the Federal Security Service (FSB) by publicizing the fact his phone was infected with spyware after being confiscated by authorities.…
Protect your clouds
Get best practice advice on how to safeguard your cloud infrastructure from SANS Sponsored Post According to the 2024 IBM Cost of the Data Breach Report 40 percent of data breaches identified between March 2023 and February 2024 involved data stored across multiple environments, including the cloud.…
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files
Still unpatched 100+ days later, watchTowr says updated A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive files on vulnerable instances. …
Microsoft: Another Chinese cyberspy crew targeting US critical orgs ‘as of yesterday’
Redmond threat intel maven talks explains this persistent pain to The Reg A Chinese government-linked group that Microsoft tracks as Storm-0227 has been actively targeting critical organizations and US government agencies as of yesterday, according to Redmond's threat intel team.…
Solana blockchain’s popular web3.js npm package backdoored to steal keys, funds
Damage likely limited to those running bots with private key access Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project maintainer Steven Luscher.…
British hospitals hit by cyberattacks still battling to get systems back online
Children's hospital and cardiac unit say criminals broke in via shared 'digital gateway service' Both National Health Service trusts that oversee the various hospitals hit by separate cyberattacks last week have confirmed they're still in the process of restoring systems.…
BT Group confirms attackers tried to break into Conferencing division
Sensitive data allegedly stolen from US subsidiary following Black Basta post BT Group confirmed it is dealing with an attempted attack on one of its legacy business units after the Black Basta ransomware group claimed they broke in.…