Security News
Infosec in brief Commercial spyware maker mSpy has been breached - again - and millions of purchasers can be identified from the spilled records. "Comprising 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresses names and photos," the mSpy entry on Have I Been Pwned reads.
ASIA IN BRIEF The interim CEO of the UK's National Cyber Security Centre has criticized China's approach to bug reporting. After first pointing out that UK authorities have not attributed that incident to a Chinese actor, Oswald said "Chinese actors' approach in cyberspace over the last 18 months should worry us all."
About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.
Phishing attacks are one of the most common types of data breach attempts, with 31,000 phishing attacks launching every single day, according to cybersecurity firm SlashNext. 77% of cybersecurity professionals report being targeted by phishing attacks, proving just how widespread these attacks are.
Encryption is vital for securing data, whether in transit or stored on devices. This policy from TechRepublic Premium provides guidelines for adopting encryption technologies for organizational use that have undergone extensive technical review, are not encumbered by patents or copyright and have been proven to work reliably.
This guide, created by Jack Wallen for TechRepublic Premium, explains how SELinux works and offers some useful tips to improve your knowledge. HOW TO ALLOW PORTS WITH SELINUX. With semanage you can also allow specific ports.
The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three...
Critical vulnerability in the RADIUS protocol leaves networking equipment open to attackA new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle attacks. Zero-day patched by Microsoft has been exploited by attackers for over a yearCVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li has revealed.
Threat actors are quick to weaponize available proof-of-concept (PoC) exploits in actual attacks, sometimes as quickly as 22 minutes after exploits are made publicly available. [...]
Kettle For this week's Kettle episode, in which our journos as usual get together for an end-of-week chat about the news, it's security, security, security. From more than 100 million people hit by the staggering AT&T Snowflake storage account intrusion, to the latest marketing claims of AI coming to save our systems from attacks, we've packed a decent amount into 15 minutes - and you can replay our discussion below.