February 2025

Feds want devs to stop coding ‘unforgivable’ buffer overflow vulnerabilities

FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff US authorities have labelled buffer overflow vulnerabilities "unforgivable defects”, pointed to the presence of the holes in products from the likes of Microsoft and VMware, and urged all software developers…

Russia’s Sandworm caught snarfing credentials, data from American and Brit orgs

'Near-global' initial access campaign active since 2021 An initial-access subgroup of Russia's Sandworm last year wriggled its way into networks within the US, UK, Canada and Australia, stealing credentials and data from "a limited number of organizations," according to Microsoft.…

Crimelords and spies for rogue states are working together, says Google

Only lawmakers can stop them. Plus: software needs to be more secure, but what's in it for us? Google says the the world's lawmakers must take action against the increasing links between criminal and state-sponsored cyber activity.…

February’s Patch Tuesday sees Microsoft offer just 63 fixes

Don't relax just yet: Redmond has made some certificate-handling changes that could trip unprepared admins Patch Tuesday  Microsoft’s February patch collection is mercifully smaller than January’s mega-dump. But don't get too relaxed – some deserve close attention, and other vendors have stepped in with plenty more fixes.…

Probe finds US Coast Guard has left maritime cybersecurity adrift

Numerous systemic vulnerabilities could scuttle $5.4T industry Despite the escalating cyber threats targeting America's maritime transportation system, the US Coast Guard still lacks a comprehensive strategy to secure this critical infrastructure - nor does it have reliable access to data on cybersecurity vulnerabilities and past attacks, the Government…

Yup, AMD’s Elba and Giglio definitely sound like they work corporate security

Which is why Cisco is adding these Pensando DPUs to more switches Cisco is cramming into more of its switches Pensando data processing units (DPUs) from AMD, which will be dedicated to handling security, storage, and other tasks.…

Man who SIM-swapped the SEC’s X account pleads guilty

Said to have asked search engine 'What are some signs that the FBI is after you?' An Alabama man is pleading guilty after being charged with SIM swapping the Securities and Exchange Commission's (SEC) X account in January last year.…

I’m a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice

Remote position, webcam not working, then glitchy AI face ... Red alert! Twice, over the past two months, Dawid Moczadło has interviewed purported job seekers only to discover that these "software developers" were scammers using AI-based tools — likely to get hired at a security company also using…

Apple warns ‘extremely sophisticated attack’ may be targeting iThings

Cupertino mostly uses bland language when talking security, so this sounds nasty Apple has warned that some iPhones and iPads may have been targeted by an “extremely sophisticated attack” and has posted patches that hopefully prevent it.…

All your 8Base are belong to us: Ransomware crew busted in global sting

Dark web site seized, four cuffed in Thailand An international police operation spanning the US, Europe, and Asia has shuttered the 8Base ransomware crew's dark web presence and resulted in the arrest of four European suspects accused of stealing $16 million from more than 1,000 victims worldwide.…

Copyright © 2024 Lugapel