News
Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks
infosec in brief It was just around a year ago that a spate of allegedly Russian-orchestrated cyberattacks hit government agencies in Germany, and now German officials claim to know for a fact who did it: APT28, or Fancy Bear, a Russian threat actor linked to the GRU intelligence service.…
End-to-end encryption may be the bane of cops, but they can't close that Pandora's Box
interview Police can complain all they like about strong end-to-end encryption making their jobs harder, but it doesn't matter because the technology is here and won't go away. …
Dating apps kiss'n'tell all sorts of sensitive personal info
Dating apps ask people to disclose all kinds of personal information in the hope of them finding love, or at least a hook-up.…
Kaspersky hits back at claims its AI helped Russia develop military drone systems
If volunteer intelligence gatherers are correct, the US may have a good reason to impose sanctions on Russian infosec firm Kaspersky, whose AI was allegedly used to help Russia produce drones for its war on Ukraine.…
It may take decade to shore up software supply chain security, says infosec CEO
interview The more cybersecurity news you read, the more often you seem to see a familiar phrase: Software supply chain (SSC) vulnerabilities. Varun Badhwar, founder and CEO at security firm Endor Labs, doesn't believe that's by coincidence. …
Europol op shutters 12 scam call centers and cuffs 21 suspected fraudsters
A Europol-led operation dubbed “Pandora” has shut down a dozen phone scam centers, and arrested 21 suspects. The cops reckon the action prevented criminals from bilking victims out of more than €10 million (£8.6 million, $11 million).…
Indonesia sneakily buys spyware, claims Amnesty International
Indonesia has acquired spyware and surveillance technologies through a "murky network" that extends into Israel, Greece, Singapore and Malaysia for equipment sourcing, according to Amnesty International.…
Chinese government website security is often worryingly bad, say Chinese researchers
Exclusive Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week.…
Microsoft, Google do a victory lap around passkeys
Microsoft today said it will now let us common folk — not just commercial subscribers — sign into their Microsoft accounts and apps using passkeys with their face, fingerprint, or device PIN.…
Florida man gets 6 years behind bars for flogging fake Cisco kit to US military
Miami resident Onur Aksoy has been sentenced to six and a half years in prison for running a multi-million-dollar operation selling fake Cisco equipment that ended up in the US military.…
Patch up – 4 critical bugs in ArubaOS lead to remote code execution
Network admins are being urged to patch a bundle of critical vulnerabilities in ArubaOS that lead to remote code execution as a privileged user.…
Federal frenzy to patch gaping GitLab account takeover hole
The US Cybersecurity and Infrastructure Security Agency (CISA) is forcing all federal agencies to patch a critical vulnerability in GitLab's Community and Enterprise editions, confirming it is very much under "active exploit."…
Think tank: China's tech giants refine and define Beijing's propaganda push
Chinese tech companies that serve as important links in the world's digital supply chains are helping Beijing to execute and refine its propaganda strategy, according to an Australian think tank.…
REvil ransomware scum sentenced to almost 14 years inside, ordered to pay $16 million
A Ukrainian man has been sentenced to almost 14 years in prison and ordered to pay more than $16 million in restitution for his role in infecting thousands of victims with REvil ransomware.…
A million Australian pubgoers wake up to find personal info listed on leak site
Over a million records describing Australians who visited local pubs and clubs have apparently been posted online.…
Dropbox dropped the ball on security, haemorrhaging customer and third-party info
Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.…
Block accused of mass compliance failures that saw digi-dollars reach terrorists
Fintech biz Block is reportedly under investigation by US prosecutors over claims by a former employee that lax compliance checks mean its Square and Cash App services may have been used by terrorists – or in countries that US orgs are not permitted to do business.…
Infosec biz boss accused of BS'ing the world about his career, anti-crime product, customers
Jack Blount, the now-ex CEO of Intrusion, has settled with the SEC over allegations he made false and misleading statements about his infosec firm's product as well as his own background and experience.…
US charges 16 over 'depraved' grandparent scams
Sixteen people are facing charges from US prosecutors for allegedly preying on the elderly and scamming them out of millions of dollars.…
Qantas app glitch sees boarding passes fly to other accounts
Aussie airline Qantas says its app is now stable following a data breach that saw boarding passes take off from passengers' accounts.…