Blog
CHERI Alliance formed to promote memory security tech … but where’s Arm?
Academic-industry project takes next step as key promoter chip designer licks its wounds A group of technology organizations has formed the CHERI Alliance CIC (Community Interest Company) to promote industry adoption of the security technology focused on memory access.…
Uncle Sam ends financial support to orgs hurt by Change Healthcare attack
Billions of dollars made available but worst appears to be over The US government is winding down its financial support for healthcare providers originally introduced following the ransomware attack at Change Healthcare in February.…
NHS boss says Scottish trust wouldn’t give cyberattackers what they wanted
CEO of Dumfries and Galloway admits circa 150K people should assume their details leaked The chief exec at NHS Dumfries and Galloway will write to thousands of folks in the Scottish region whose data was stolen by criminals, admitting the lot of it was published after the trust…
VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug
Specially crafted network packet could allow remote code execution and access to VM fleets VMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server – the tool used to manage virtual machines and hosts in its flagship Cloud Foundation and vSphere suites.…
Arm security defense shattered by speculative execution 95% of the time
'TikTag' security folks find anti-exploit mechanism rather fragile In 2018, chip designer Arm introduced a hardware security feature called Memory Tagging Extensions (MTE) as a defense against memory safety bugs. But it may not be as effective as first hoped.…
Blackbaud has to cough up a few million dollars more over 2020 ransomware attack
Four years on and it's still paying for what California attorney general calls 'unacceptable' practice Months after escaping without a fine from the US Federal Trade Commission (FTC), the luck of cloud software biz Blackbaud ran out when it came to reaching a settlement with California's attorney general.…
Cops cuff 22-year-old Brit suspected of being Scattered Spider leader
Spanish cops make arrest at airport before he jetted off to Italy Spanish police arrested a person they allege to be the leader of the notorious cybercrime gang Scattered Spider just before he boarded a private flight headed to Naples.…
AWS is pushing ahead with MFA for privileged accounts. What that means for you …
The clock is ticking – why not try a passkey? Heads up: Amazon Web Services is pushing ahead with making multi-factor authentication (MFA) mandatory for certain users, and we love to see it.…
UK’s Total Fitness exposed nearly 500k images of members and staff through unprotected database
Health club chain headed for the spa on choose a password day Exclusive A security researcher claims UK health club and gym chain Total Fitness bungled its data protection responsibilities by failing to lock down a database chock-full of members' personal data.…
Notorious cyber gang UNC3944 attacks vSphere and Azure to run VMs inside victims’ infrastructure
Who needs ransomware when you can scare techies into coughing up their credentials? Notorious cyber gang UNC3944 – the crew suspected of involvement in the recent attacks on Snowflake and MGM Entertainment, and plenty more besides – has changed its tactics and is now targeting SaaS applications…