2024
NHS boss says Scottish trust wouldn’t give cyberattackers what they wanted
CEO of Dumfries and Galloway admits circa 150K people should assume their details leaked The chief exec at NHS Dumfries and Galloway will write to thousands of folks in the Scottish region whose data was stolen by criminals, admitting the lot of it was published after the trust…
VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug
Specially crafted network packet could allow remote code execution and access to VM fleets VMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server – the tool used to manage virtual machines and hosts in its flagship Cloud Foundation and vSphere suites.…
Arm security defense shattered by speculative execution 95% of the time
'TikTag' security folks find anti-exploit mechanism rather fragile In 2018, chip designer Arm introduced a hardware security feature called Memory Tagging Extensions (MTE) as a defense against memory safety bugs. But it may not be as effective as first hoped.…
Blackbaud has to cough up a few million dollars more over 2020 ransomware attack
Four years on and it's still paying for what California attorney general calls 'unacceptable' practice Months after escaping without a fine from the US Federal Trade Commission (FTC), the luck of cloud software biz Blackbaud ran out when it came to reaching a settlement with California's attorney general.…
Cops cuff 22-year-old Brit suspected of being Scattered Spider leader
Spanish cops make arrest at airport before he jetted off to Italy Spanish police arrested a person they allege to be the leader of the notorious cybercrime gang Scattered Spider just before he boarded a private flight headed to Naples.…
AWS is pushing ahead with MFA for privileged accounts. What that means for you …
The clock is ticking – why not try a passkey? Heads up: Amazon Web Services is pushing ahead with making multi-factor authentication (MFA) mandatory for certain users, and we love to see it.…
UK’s Total Fitness exposed nearly 500k images of members and staff through unprotected database
Health club chain headed for the spa on choose a password day Exclusive A security researcher claims UK health club and gym chain Total Fitness bungled its data protection responsibilities by failing to lock down a database chock-full of members' personal data.…
Notorious cyber gang UNC3944 attacks vSphere and Azure to run VMs inside victims’ infrastructure
Who needs ransomware when you can scare techies into coughing up their credentials? Notorious cyber gang UNC3944 – the crew suspected of involvement in the recent attacks on Snowflake and MGM Entertainment, and plenty more besides – has changed its tactics and is now targeting SaaS applications…
Microsoft answered Congress’ questions on security. Now the White House needs to act
Business as usual needs a real change Feature Microsoft president Brad Smith struck a conciliatory tone regarding his IT giant's repeated computer security failings during a congressional hearing on Thursday – while also claiming the Windows maker is above the rule of law, at least in China.…
Stanford Internet Observatory wilts under legal pressure during election year
Because who needs disinformation research at times like these The Stanford Internet Observatory (SIO), which for the past five years has been studying and reporting on social media disinformation, is being reimagined with new management and fewer staff following the recent departure of research director Renee DiResta.…