Cybersecurity
So how’s Microsoft’s Secure Future Initiative going?
34,000 engineers pledged to the cause, but no word on exec pay Microsoft took a victory lap today, touting the 34,000 full-time engineers it has dedicated to its Secure Future Initiative (SFI) since it launched almost a year ago and making public its first progress report on efforts…
UPS supplier’s password policy flip-flops from unlimited, to 32, then 64 characters
That 'third party' person sure is responsible for a lot of IT blunders, eh? A major IT hardware manufacturer is correcting a recent security update after customers complained of a password character limit being introduced when there previously wasn't one.…
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town
No malware crew linked to this latest red-teaming tool yet Attackers are using Splinter, a new post-exploitation tool, to wreak havoc in victims' IT environments after initial infiltration, utilizing capabilities such as executing Windows commands, stealing files, collecting cloud service account info, and downloading additional malware onto victims'…
US indicts two over socially engineered $230M+ crypto heist
Just one victim milked of nearly a quarter of a billion bucks Two individuals are in cuffs and facing serious charges in connection to a major theft of cryptocurrency worth more than $230 million from a single victim.…
Ivanti patches exploited admin command execution flaw
Fears over chained attacks affecting EOL product The US Cybersecurity and Infrastructure Security Agency (CISA) just added the latest Ivanti weakness to its Known Exploited Vulnerability (KEV) catalog, a situation sure to annoy some – given that it's yet another path traversal flaw.…
Cybercrooks strut away with haute couture Harvey Nichols data
Nothing high-end about the sparsely detailed, poorly publicized breach High-end British department store Harvey Nichols is writing to customers to confirm some of their data was exposed in a recent cyberattack.…
CISA boss: Makers of insecure software are the real cyber villains
Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret' Software developers who ship buggy, insecure code are the true baddies in the cyber crime story, Jen Easterly, boss of the US government's Cybersecurity and Infrastructure Security Agency, has…
Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims
Boasts 'appear to be credible' experts tell El Reg A California city, a Spanish fashion giant, an Indian paper manufacturer, and two pharmaceutical companies are the alleged victims of what looks like a new ransomware gang that started leaking stolen info this week.…
1 in 10 orgs dumping their security vendors after CrowdStrike outage
Many left reeling from July's IT meltdown, but not to worry, it was all unavoidable Germany's Federal Office for Information Security (BSI) says one in ten organizations in the country affected by CrowdStrike's outage in July are dropping their current vendor's products.…
Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations
Better check your widgets, people Security researchers say that thousands of companies are potentially leaking secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations.…