News

Spoiler alert: We're gonna talk about AI

Interview  Mick Baccio, global security advisor at Splunk, has watched the evolution of election security threats in real time.…

Sources claim ransomware is to blame

Healthcare organization Ascension is the latest of its kind in the US to say its network has been affected by what it believes to be a "cybersecurity event."…

IT giant tries to downplay leak as just names, addresses, info about kit

Dell has confirmed information about its customers and their orders has been stolen from one of its portals. Though the thief claimed to have swiped 49 million records, which are now up for sale on the dark web, the IT giant declined to say how many people may be affected.…

Having China, Russia, and Iran routinely rummaging around is cause for concern, says ex-NSA man

RSAC  Digital intruders from China, Russia, and Iran breaking into US water systems this year should be a "wake-up call," according to former National Security Agency cyber boss Rob Joyce.…

BogusBazaar ripped off shoppers and scraped card details, but not in China

A crime ring dubbed BogusBazaar has scammed 850,000 people out of tens of millions of dollars via a network of dodgy shopping websites.…

It's 'essential to national security' ex-Navy intel officer tells us

Interview  As undersea cables carry ever-increasing amounts of data, they become even higher priority targets for both cyber and physical attacks.…

And it would seriously inconvenience the Chinese and Russians, too

RSAC  There's a way to vastly reduce the scale and scope of ransomware attacks plaguing critical infrastructure, according to CISA director Jen Easterly: Make software secure by design.…

Nearly 95M people in total snagged by flaw in file transfer tool

Just short of a year after the initial incident, the state of Georgia's higher education government agency has confirmed that it was the victim of an attack on its systems affecting the data of 800,000 people.…

China vehemently denies involvement

UK Government has confirmed a cyberattack on the payroll system used by the Ministry of Defence (MoD) led to "malign" forces accessing data on current and a limited number of former armed forces personnel.…

On the plus side, infosec's a good bet for a long, stable career

Interview  This year is an unfortunate anniversary for information security: We're told it's a decade since ransomware started infecting corporations.…

Keynotes, physical security, playlists … the buck stops with Linda Gray Martin

Interview  The 33rd RSA Conference is underway this week, and no one feels that more acutely than the cybersecurity event's SVP Linda Gray Martin.…

'I'm blown away by the fact that they weren't using MFA'

Interview  The cybersecurity practices that led up to the stunning Change Healthcare ransomware infection indicate "egregious negligence" on the part of parent company UnitedHealth, according to Tom Kellermann, SVP of cyber strategy at Contrast Security.…

Or at least it might well be if these trial programs work out, with some civil lib oversight etc etc etc

RSAC  AI is a double-edged sword in that the government can see ways in which the tech can protect and also be used to attack Americans, says US Homeland Security Secretary Alejandro Mayorkas.…

Avoid traffic-redirecting snoops who have TunnelVision

A newly discovered vulnerability undermines countless VPN clients in that their traffic can be quietly routed away from their encrypted tunnels and intercepted by snoops on the network.…

In the first year alone, that's saved us all a lot of money and woe

RSAC  As ransomware gangs step up their attacks against healthcare, schools, and other US critical infrastructure, CISA is ramping up a program to help these organizations fix flaws exploited by extortionists in the first place.…

Nothing like folks in Beijing lecturing us on the Constitution

TikTok and its China-based parent ByteDance sued the US government today to prevent the forced sale or shutdown of the video-sharing giant.…

Dmitry Yuryevich Khoroshev's $10M question is answered at last

Updated  Police have finally named who they firmly believe is the kingpin of the LockBit ransomware ring: Dmitry Yuryevich Khoroshev.…

More work to do as most deadlines are missed and worst bugs still take months to fix

The deadlines associated with CISA's Known Exploited Vulnerabilities (KEV) catalog only apply to federal agencies, but fresh research shows they're having a positive impact on private organizations too.…

Thousands of guards' ID cards and CCTV snaps of suspects found online

Exclusive  A UK-based physical security business let its guard down, exposing nearly 1.3 million documents via a public-facing database, according to an infosec researcher.…

Crims SIM swap execs' kids to freak out their parents, Mandiant CTO says

RSAC  Ransomware infections and extortion attacks have become "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant.…