2024
Microsoft sheds some light on Russian email heist – and how to learn from Redmond’s mistakes
Step one, actually turn on MFA Microsoft, a week after disclosing that Kremlin-backed spies broke into its network and stole internal emails and files from its executives and staff, has now confirmed the compromised corporate account used in the genesis of the heist didn't even have multi-factor authentication…
Wait, security courses aren’t a requirement to graduate with a computer science degree?
And software makers seem to be OK with this, apparently Comment There's a line in the latest plea from CISA – the US government's cybersecurity agency – to software developers to do a better job of writing secure code that may make you spit out your coffee.…
Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months
Breach filings show Reddit post led to the discovery rather than any sophisticated cyber defenses Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking…
Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist
Cosmetics brand goes from Jackson Pollocking your bathwater to cleaning up serious a digital mess The Akira ransomware gang is claiming responsiblity for the "cybersecurity incident" at British bath bomb merchant.…
Trickbot malware scumbag gets five years for infecting hospitals, businesses
Rest of the crew still at large A former Trickbot developer has been sent down for five years and four months for his role in infecting American hospitals and businesses with ransomware and other malware, costing victims tens of millions of dollars in losses.…
EquiLend drags systems offline after admitting attacker broke in
Securities lender processes trillions of dollars worth of Wall Street transactions every day US securities lender EquiLend has pulled a number of its systems offline after a security "incident" in which an attacker gained "unauthorized access".…
HPE joins the ‘our executive email was hacked by Russia’ club
Moscow-backed Cozy Bear may have had access to the green rectangular email cloud for six months HPE has become the latest tech giant to admit it has been compromised by Russian operatives.…
US judge rejects spyware developer NSO’s attempt to bin Apple’s spyware lawsuit
Judge says anti-hacking laws fits Pegasus case "to a T" A US court has rejected spyware vendor NSO Group's motion to dismiss a lawsuit filed by Apple that alleges the developer violated computer fraud and other laws by infecting customers' iDevices with its surveillance software.…
Major IT outage at Europe’s largest caravan and RV club makes for not-so-happy campers
1 million members still searching for answers as IT issues floor primary digital services The UK's Caravan and Motorhome Club (CAMC) is battling a suspected cyberattack with members reporting widespread IT outages for the past five days.…
Using GoAnywhere MFT for file transfers? Patch now – an exploit’s out for a critical bug
Ancient path traversal exploit offers remote attackers admin access Security experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago.…