Security News

Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ
2022-06-23 07:58

Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows servers and networks. Instead, the agencies recommend securing PowerShell prudently.

Targeted voicemail phishing attacks hits specific US industries’ verticals
2022-06-22 13:49

Email phishing campaigns are regularly hitting organizations in the U.S., but voicemail phishing is less common. Once the user has entered the correct captcha information, they are shown the final content, which is an Office 365 phishing page.

Info on 1.5m people stolen from US bank in cyberattack
2022-06-21 20:53

A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December. In a statement to the office of Maine's Attorney General this month, Flagstar Bank said it was compromised between December and April 2021.

Abortion rights: US senators seek ban on sale of health location data
2022-06-17 20:29

A group of senators wants to make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment. "When abortion is illegal, researching reproductive health care online, updating a period-tracking app, or bringing a phone to the doctor's office all could be used to track and prosecute women across the US," Sen. Ron Wyden, a co-sponsor of the Health and Location Data Protection Act, said in a statement.

Former US state agency CIO, IT exec plead guilty to bribery and extortion scheme
2022-06-15 00:37

A former Maryland Cabinet-level official and a former IT executive have pleaded guilty to involvement in a bribery and extortion scheme related to technology contracts about a decade ago. According to the US Attorney's Office of the State of Maryland, Isabel FitzGerald, 52, of Annapolis, Maryland, and Kenneth Coffland, 67, of Riva, Maryland, pleaded guilty last week to charges of bribery and extortion, respectively.

You’re invited! Join us for a live walkthrough of the “Follina” story…
2022-06-13 18:28

On Thursday this week, we're holding a free webinar in which we'll give you a live explanation and demonstration of the "Follina" vulnerability. Although this bug is fairly easy to deal with, it nevertheless tells a fascinating story.

Russia, China, warn US its cyber support of Ukraine has consequences
2022-06-10 03:16

Russia and China have each warned the United States that the offensive cyber-ops it ran to support Ukraine were acts of aggression that invite reprisal. The US has acknowledged it assisted Ukraine to shore up its cyber defences, conducted information operations, and took offensive actions during Russia's illegal invasion.

US cyber chiefs: Moving to Shields Down isn't gonna happen
2022-06-08 06:58

A heightened state of defensive cyber security posture is the new normal, according to federal cyber security chiefs speaking at the RSA Conference on Tuesday. "There'll never be a time when we don't defend ourselves - especially in cyberspace," National Cyber Director Chris Inglis said, referencing an opinion piece that he and CISA director Jen Easterly published earlier this week that described CISA's Shields Up initiative as the new normal.

#US
US seizes SSNDOB market for selling personal info of 24 million people
2022-06-07 23:47

SSNDOB, an online marketplace that sold the names, social security numbers, and dates of birth of approximately 24 million US people, has been taken offline following an international law enforcement operation. The SSNDOB marketplace consisted of multiple sites acting as mirrors of each other to aid in preventing DDoS attacks or law enforcement operations.

#US
US: Chinese govt hackers breached telcos to snoop on network traffic
2022-06-07 22:43

Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data. "Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting," the advisory explains.