2024
Crims found and exploited these two Microsoft bugs before Redmond fixed ’em
SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android Patch Tuesday Microsoft fixed 73 security holes in this February's Patch Tuesday, and you better get moving because two of the vulnerabilities are under active attack.…
Just one bad DNS packet can bring down a public DNSSEC server
'You don't have to do more than that to disconnect an entire network' El Reg told as patches emerge A 20-plus-year-old security vulnerability in the design of DNSSEC could allow a single DNS packet to exhaust the processing capacity of any server offering the system for domain-name resolution,…
QNAP vulnerability disclosure ends up an utter shambles
Two new flaws, one zero-day, countless different patches, but everything's fine! Network-attached storage (NAS) specialist QNAP has disclosed and released fixes for two new vulnerabilities, one of them a zero-day discovered in early November.…
ALPHV blackmails Canadian pipeline after ‘stealing 190GB of vital info’
Gang still going after critical infrastructure because it's, you know, critical Updated Canada's Trans-Northern Pipelines has allegedly been infiltrated by the ALPHV/BlackCat ransomware crew, which claims to have stolen 190 GB of data from the oil distributor.…
Crooks hook hundreds of exec accounts after phishing in Azure C-suite pond
Plenty of successful attacks observed with dangerous follow-on activity The number of senior business executives stymied by an ongoing phishing campaign continues to rise with cybercriminals registering hundreds of cloud account takeovers (ATOs) since spinning it up in November.…
Meta says risk of account theft after phone number recycling isn’t its problem to solve
Leaves it to carriers, promoting a complaint to Irish data cops from Big Tech's bête noire Meta has acknowledged that phone number reuse that allows takeovers of its accounts "is a concern," but the ad biz insists the issue doesn't qualify for its bug bounty program and is…
Infosys subsidiary named as source of Bank of America data leak
Looks like LockBit took a swipe at an outsourced life insurance application Indian tech services giant Infosys has been named as the source of a data leak suffered by the Bank of America.…
Korean eggheads crack Rhysida ransomware and release free decryptor tool
Great news for victims of gang behind the big British Library hit in October Some smart folks have found a way to automatically unscramble documents encrypted by the Rhysida ransomware, and used that know-how to produce and release a handy recovery tool for victims.…
Dutch insurers demand nudes from breast cancer patients despite ban
No photos? No, second operation Dutch health insurers are reportedly forcing breast cancer patients to submit photos of their breasts prior to reconstructive surgery despite a government ban on precisely that.…
FCC gets tough: Telcos must now tell you when your personal info is stolen
Yep, cell carriers didn't have to do this before The FCC's updated reporting requirements mean telcos in America will have just seven days to officially disclose that a criminal has broken into their systems.…