February 2025

200-plus impressively convincing GitHub repos are serving up malware

Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack Infosec bytes  Kaspersky says it has found more than 200 GitHub repos hosting fairly convincing-looking fake projects laced with malicious software.…

Incoming deputy boss of Homeland Security says America’s top cyber-agency needs to be reined in

Plus: New figurehead of DOGE emerges and they aren't called Elon During confirmation hearings in the US Senate Tuesday for the role of deputy director of the Dept of Homeland Security, the nominee Troy Edgar said CISA has had the wrong management and needed to be "reined in."…

Drug-screening biz DISA took a year to disclose security breach affecting millions

If there's something nasty on your employment record, extortion scum could come calling DISA Global Solutions, a company that provides drug and alcohol testing, background checks, and other employee screening services, this week notified over 3.3 million people that their sensitive information may have been stolen by miscreants.…

Xi know what you did last summer: China was all up in Republicans’ email, says book

Of course, Microsoft is in the mix, isn't it Chinese spies reportedly broke into the US Republication National Committee's Microsoft-powered email and snooped around for months before being caught.…

Harassment allegations against DEF CON veteran detailed in court filing

More than a dozen women came forward with accusations Details about the harassment allegations leveled at DEF CON veteran Christopher Hadnagy have now been revealed after a motion for summary judgment was filed over the weekend.…

Shifting the cybersecurity odds

Four domains to build resilience Partner Content  Security can feel like fighting a losing battle, but it doesn't have to be.…

The software UK techies need to protect themselves now Apple’s ADP won’t

No matter how deep you are in Apple's 'ecosystem,’ there are ways to stay encrypted in the UK Apple customers, privacy advocates, and security sleuths have now had the weekend to stew over the news of the iGadget maker's decision to bend to the UK government and disable…

Rather than add a backdoor, Apple decides to kill iCloud E2EE for UK peeps

PLUS: SEC launches new crypto crime unit; Phishing toolkit upgraded; and more Infosec in brief  Apple has responded to the UK government's demand for access to its customers’ data stored in iCloud by deciding to turn off its Advanced Data Protection (ADP) end-to-end encryption service for UK users.…

Experts race to extract intel from Black Basta internal chat leaks

Researchers say there's dissent in the ranks. Plus: An AI tool lets you have a go yourself at analysing the data Hundreds of thousands of internal messages from the Black Basta ransomware gang were leaked by a Telegram user, prompting security researchers to bust out their best Russian…

Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws

PoC exploit code shows why this is a patch priority Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven't already installed patches released in January extra incentive to revisit their to-do lists.…

Copyright © 2024 Lugapel