Cybersecurity
ION Ransomware attack hits markets -- Here are some key lessons from an earlier DXC attack
Five key lessons from a previous attack on a major software provider
Cybersecurity
22,600+ emails = 599 vulnerabilities. Security disclosure triage is HARD
Security researchers regularly chafe at the deafening silence when they report a critical vulnerability in software: White Hats simply wanting to help organisations fix their cybersecurity all too often still find themselves being ignored – or worse, threatened with legal action when trying to help publicly exposed organisations that have not
Cybersecurity
Government “must avoid a ban on ransomware payments” say insurers
"If a ban is considered the Government should be ready to step in..."
Cybersecurity
Exploit released for critical new VMware vRealize Log Insight RCE bugs
Security researchers have published a proof-of-concept (POC) exploit that lets remote and unauthenticated attackers take over VMware vRealize Log Insight as root user by chaining three recent vulnerabilities. vRealize Log Insight is VMware’s log management tool for infrastructure and applications which boasts “actionable dashboards… and broad third-party extensibility across
Cybersecurity
Critical controller bug could trigger traffic chaos: Software vendor ignores CISA outreach
One of 14 new advisories on vulnerable ICS software...
Cybersecurity
Windows CryptoAPI bug reported by NSA: Proof-of-Concept lands
Worth double-checking for exposure...
Cybersecurity
Severe Python vulnerability patched in 61,000 projects: Bug remains rife downstream
Heroic effort by Trellix but risks abound still...
Cybersecurity
UK security vetting delays mount, as IT system faces "regular outages"
One third of “Developed Vetting” security clearances now take over 180 days...
Cybersecurity
ChatGPT used to create elusive "polymorphic" malware
The ChatGPT API "bypasses every content filter there is"
Cybersecurity
T-Mobile hacked again, just six months after settling a $500m class action lawsuit
"It's getting expensive/being on the other side of the courtroom/on the defensive"
Cybersecurity
DNV ransomware attack: 1,000 vessels affected
It could have been a lot worse...
Cybersecurity
CircleCI hackers grabbed customer tokens and keys, CTO admits, amid warning on SaaS secrets
Infiltrators dodged antivirus, stole encryption keys from a running process