2025

Trump kills clearances for infosec’s SentinelOne, ex-CISA boss Chris Krebs

Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories Updated  The Trump administration on Wednesday ordered a criminal investigation into alleged censorship conducted by the USA’s Cybersecurity and Infrastructure Security Agency, aka CISA, plus revocation of any security clearances held by the agency's ex-head Chris Krebs and anyone…

April’s Patch Tuesday leaves unlucky Windows Hello users unable to login

Can't Redmond ask its whizz-bang Copilot AI to fix it? Updated  Those keen to get their Microsoft PCs patched up as soon as possible have been getting an unpleasant shock when they try to get in using Windows Hello.…

Google’s got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft’s $20B+ security biz

How Chocolate Factory hopes to double down on enterprise-sec Cloud Next  Google will today reveal a new unified security platform that analysts think can help it battle Microsoft for a bigger chunk of the enterprise infosec market.…

Pharmacist accused of using webcams to spy on women in intimate moments at work, home

Lawsuit claims sick cyber-voyeurism went undetected for years, using hundreds of PCs, due to lax infosec A now-former pharmacist at the University of Maryland Medical Center (UMMC) has been accused of compromising the US healthcare organization's IT systems to ogle female clinicians using webcams at their workplace and…

Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug

A novel way to encourage upgrades? Microsoft would never stoop so low Patch Tuesday  Patch Tuesday has arrived, and Microsoft has revealed one flaw in its products under active exploitation and 11 critical issues in its code to fix.…

Don’t open that JPEG in WhatsApp for Windows. It might be an .EXE

What a MIME field A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment - and, to be fair, it doesn't take much craft to pull that off.…

Scattered Spider stops the Rickrolls, starts the RAT race

Despite arrests, eight-legged menace targeted more victims this year Despite several arrests last year, Scattered Spider's social engineering attacks are continuing into 2025 as the cybercrime collective targets high-profile organizations and adds another phishing kit to its arsenal along with a new version of Spectre RAT malware.…

As CISA braces for more cuts, threat intel sharing takes a hit

How will 'gutting' civilian defense agency make American cybersecurity great again? Analysis  Slashing staff at the US govt's Cybersecurity and Infrastructure Security Agency, aka CISA, and scrapping vital programs, isn’t exactly boosting national security, say infosec and national security officials watching America’s digital defenses unravel in real time.…

Oracle says its cloud was in fact compromised

Reliability, honesty, accuracy. And then there's this lot Oracle has briefed some customers about a successful intrusion into its public cloud, as well as the theft of their data, after previously denying it had been compromised.…

That massive GitHub supply chain attack? It all started with a stolen SpotBugs token

But this mystery isn't over yet, Unit 42 opines That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - exposed way back in November, months earlier than previously suspected.…

Copyright © 2024 Lugapel