Blog

More victims of China’s Salt Typhoon crew emerge: Telcos just now hit via Cisco bugs

Networks in US and beyond compromised by Beijing's super-snoops pulling off priv-esc attacks China's Salt Typhoon spy crew exploited vulnerabilities in Cisco devices to compromise at least seven devices linked to global telecom providers and other orgs, in addition to its previous victim count.…

US lawmakers press Trump admin to oppose UK’s order for Apple iCloud backdoor

Senator, Congressman tell DNI to threaten infosec agreements if Blighty won't back down US lawmakers want newly confirmed Director of National Intelligence Tulsi Gabbard to back up her tough talk on backdoors. They're urging her to push back on the UK government's reported order for Apple to weaken…

North Korea targets crypto developers via NPM supply chain attack

Yet another cash grab from Kim's cronies and an intel update from Microsoft North Korea has changed tack: its latest campaign targets the NPM registry and owners of Exodus and Atomic cryptocurrency wallets.…

Mysterious Palo Alto firewall reboots? You’re not alone

Limited-edition hotfix to get wider release before end of month Administrators of Palo Alto Networks' firewalls have complained the equipment falls over unexpectedly, and while a fix has bee prepared, it's not yet generally available.…

Have I Been Pwned likely to ban resellers from buying subs, citing ‘sh*tty behavior’ and onerous support requests

‘What are customers actually getting from resellers other than massive price markups?’ asks Troy Hunt Troy Hunt, proprietor of data breach lookup site Have I Been Pwned, is likely to ban resellers from the service.…

Feds want devs to stop coding ‘unforgivable’ buffer overflow vulnerabilities

FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff US authorities have labelled buffer overflow vulnerabilities "unforgivable defects”, pointed to the presence of the holes in products from the likes of Microsoft and VMware, and urged all software developers…

Russia’s Sandworm caught snarfing credentials, data from American and Brit orgs

'Near-global' initial access campaign active since 2021 An initial-access subgroup of Russia's Sandworm last year wriggled its way into networks within the US, UK, Canada and Australia, stealing credentials and data from "a limited number of organizations," according to Microsoft.…

Crimelords and spies for rogue states are working together, says Google

Only lawmakers can stop them. Plus: software needs to be more secure, but what's in it for us? Google says the the world's lawmakers must take action against the increasing links between criminal and state-sponsored cyber activity.…

February’s Patch Tuesday sees Microsoft offer just 63 fixes

Don't relax just yet: Redmond has made some certificate-handling changes that could trip unprepared admins Patch Tuesday  Microsoft’s February patch collection is mercifully smaller than January’s mega-dump. But don't get too relaxed – some deserve close attention, and other vendors have stepped in with plenty more fixes.…

Probe finds US Coast Guard has left maritime cybersecurity adrift

Numerous systemic vulnerabilities could scuttle $5.4T industry Despite the escalating cyber threats targeting America's maritime transportation system, the US Coast Guard still lacks a comprehensive strategy to secure this critical infrastructure - nor does it have reliable access to data on cybersecurity vulnerabilities and past attacks, the Government…

Copyright © 2024 Lugapel