Cybersecurity
I spy another mSpy breach: Millions more stalkerware buyers exposed
Also: Velops routers love plaintext; everything is a dark pattern; Internet Explorer rises from the grave, and more Infosec in brief Commercial spyware maker mSpy has been breached – again – and millions of purchasers can be identified from the spilled records.…
UK cyber-boss slams China’s bug-hoarding laws
Plus: Japanese scientists ID ancient supernova; AWS dismisses China trouble rumor; and more ASIA IN BRIEF The interim CEO of the UK's National Cyber Security Centre (NCSC) has criticized China's approach to bug reporting.…
CISA broke into a US federal agency, and no one noticed for a full 5 months
Red team exercise revealed a score of security fails The US Cybersecurity and Infrastructure Security Agency (CISA) says a red team exercise at a certain unnamed federal agency in 2023 revealed a string of security failings that exposed its most critical assets.…
Three words to send a chill down your spine: Snowflake. Intrusion. Alert
And can AI save us from the scourge of malware? In theory, why not, but in practice ... Color us skeptical Kettle For this week's Kettle episode, in which our journos as usual get together for an end-of-week chat about the news, it's security, security, security.…
Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack
15K dealerships take estimated $600M+ hit CDK Global reportedly paid a $25 million ransom in Bitcoin after its servers were knocked offline by crippling ransomware.…
White House urged to double check Microsoft isn’t funneling AI to China via G42 deal
Windows maker insisted everything will be locked down and secure – which given its reputation, uh-oh! Two House committee chairs have sent a public letter to the White House asking it to look into a deal between AI R&D outfit G42 and Microsoft.…
Identity: the new security perimeter
What to do when your MFA is mercilessly attacked by hackers Webinar Threat actors are always looking for that easy way in by testing weak spots, and user identities are one of their favourite targets.…
Break-in at ‘third-party cloud platform’ leaked 110M customer records, says AT&T
Snowflake? Snowflake AT&T has admitted that cyberattackers grabbed a load of its data for the second time this year, and if you think the first haul was big you haven't seen anything: This one includes data on "nearly all" AT&T wireless customers - and those served by mobile…
Singapore’s banks to ditch texted one-time passwords
Accessibility be damned, preventing phishing is the priority After around two decades of allowing one-time passwords (OTPs) delivered by text message to assist log ins to bank accounts in Singapore, the city-state will abandon the authentication technique.…
China’s APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox
Meet DodgeBox, son of StealthVector Chinese government-backed cyber espionage gang APT41 has very likely added a loader dubbed DodgeBox and a backdoor named MoonWalk to its malware toolbox, according to cloud security service provider Zscaler’s ThreatLabz research team.…