Security News

Hidden dangers loom for subsea cables, the invisible infrastructure of the internet
2023-09-21 03:30

More than 97% of the world's internet traffic passes through subsea cables at some point, according to ENISA. Subsea cables are a vital component of the global internet infrastructure, and it is critical to protect them from cyberattacks, physical attacks and other threats. The cable landing stations as well as subsea areas, where many cables are close to each other are considered weak points.

Rogers silent as Canadian customers report internet outages
2023-09-07 12:27

Rogers customers, primarily those located in Downtown Toronto and parts of Ontario, are reporting outages this week affecting their internet service. Rogers customers took to X to voice their concerns about internet outages in their area.

University cuts itself off from internet after mystery security snafu
2023-08-29 21:37

The University of Michigan has isolated itself from the internet but, hey, everything's fine! The institute's president on Tuesday published a letter to the school community thanking everyone for their patience as technical staff work to restore internet access following an undisclosed security incident.

Hackers use public ManageEngine exploit to breach internet org
2023-08-24 12:31

The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability in Zoho's ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organizations. Cisco Talos researchers observed attacks against UK internet firms in early 2023, when Lazarus leveraged an exploit for CVE-2022-47966, a pre-authentication remote code execution flaw affecting multiple Zoho ManageEngine products.

Electoral Commission had internet-facing server with unpatched vuln
2023-08-11 11:47

The hacking of the UK's Electoral Commission was potentially facilitated by the exploitation of a vulnerability in Microsoft Exchange, according to a security expert. Earlier this week, the election oversight body disclosed that its systems had been broken into, and the attackers had access to the servers that host the organization's email, as well as copies of the electoral registers for the entire UK. It appears the Electoral Commission was running Microsoft Exchange Server with Outlook Web App facing the internet, and was vulnerable to an exploit known as ProxyNotShell at the time that suspicious activity was first detected on the Commission's systems in October 2022.

Google Reportedly Disconnecting Employees from the Internet
2023-07-24 11:09

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

WhatsApp Upgrades Proxy Feature Against Internet Shutdowns
2023-06-30 09:04

Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. Support for proxy servers was officially launched by the messaging service earlier this January, thereby helping users circumvent government-imposed censorship and internet shutdowns and obtain indirect access to WhatsApp.

Unlocking internet’s secrets via monitoring, data collection, and analysis
2023-06-30 02:00

In this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring, collecting, and analyzing internet data to gain a profound understanding of the internet. The aim is to generate a vast, rich pool of data, which is processed using advanced algorithms and data enrichment techniques.

Now Apple takes a bite out of encryption-bypassing 'spy clause' in UK internet law
2023-06-29 06:40

Apple has joined the rapidly growing chorus of tech organizations calling on British lawmakers to revise the nation's Online Safety Bill - which for now is in the hands of the House of Lords - so that it safeguards strong end-to-end encryption. "It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk."

CISA orders federal agencies to secure Internet-exposed network devices
2023-06-13 17:33

CISA issued this year's first binding operational directive ordering federal civilian agencies to secure misconfigured or Internet-exposed networking equipment within 14 days of discovery."The Directive requires federal civilian executive branch agencies to take steps to reduce their attack surface created by insecure or misconfigured management interfaces across certain classes of devices," CISA said.