Tag: computer
-
TDL 006 – Beyond the Firewall: How Attackers Weaponize Your DNS
Tags: access, attack, breach, business, cisa, ciso, computer, conference, control, cyber, data, data-breach, dns, exploit, firewall, google, government, group, guide, infrastructure, intelligence, Internet, iraq, jobs, leak, malicious, malware, network, phishing, ransomware, service, software, switch, threat, tool, windowsSummary Beyond the Firewall: How Attackers Weaponize Your DNS For many IT professionals, DNS is the internet’s invisible plumbing, historically managed by a “guy with a Unix beard in the basement,” as Infoblox educator Josh Kuo recalled on the Defenders Log podcast. But this foundational, often overlooked, protocol has become a primary vector for sophisticated…
-
The Emperor’s New Clothes: Why Compulsory CBTs and Phishing Tests Keep Failing
Most phishing training, and indeed most compulsory computer-based training (CBT) modules, are largely ineffective in reducing incidents – and are therefore a waste of time and resources. Finally we have the data we need to challenge this, and find a better path to user awareness that may actually reduce the frequency and impact of cyber…
-
The Guardian view on the Jaguar Land Rover cyber-attack: ministers must pay more attention to this growing risk | Editorial
Tags: attack, business, computer, conference, cyber, cybercrime, finance, government, risk, supply-chain, threatCybercriminals pose a seismic and increasingly sophisticated threat to businesses and national security. Yet Britain seems remarkably ill-preparedThe cause isn’t clear, but the impact has already been devastating. More than a month has passed since Jaguar Land Rover (JLR) was targeted in a cyber-attack that forced the car manufacturer to turn off computers and shut…
-
CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor
CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor via malicious Excel XLL add-ins spotted in Sept 2025. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyberattacks by the group UAC-0245 using the CABINETRAT backdoor. The campaign, seen in September 2025, involved malicious Excel XLL add-ins posing as software tools (e.g. >>UBD Request.xllrecept_ruslana_nekitenko.xll
-
Jaguar Land Rover cyber-attack: what’s the latest news?
How is the government helping the carmaker? Will jobs be protected? And when will production restart?<ul><li><a href=”https://www.theguardian.com/business/live/2025/sep/29/moral-hazard-fears-jlr-jaguar-land-rover-government-loan-gsk-ceo-astrazeneca-listing-dollar-shutdown-business-live-news”>Business live latest updates</li></ul>Jaguar Land Rover’s factories have been shut for almost a month after <a href=”https://www.theguardian.com/business/2025/sep/02/jaguar-land-rover-cyber-incident-manufacturing-retail”>a cyber-attack that forced it to turn off computer systems in the UK, Slovakia, India and Brazil.The UK government has stepped in with…
-
Jaguar Land Rover plans to restart engine manufacturing in early October, report says
Britain’s largest automotive employer has been unable to assemble cars after a significant cyber attackJaguar Land Rover (JLR) is planning to reopen its £500m engine manufacturing centre in early October after the significant cyber attack on the car firm, according to a report.Britain’s largest automotive employer has been unable to assemble cars since its computer…
-
Jaguar Land Rover restarts some IT systems as suppliers call for urgent support
Carmaker can make payments and send spare parts but some suppliers say they face permanent closureJLR has restarted a limited number of computer systems after <a href=”https://www.theguardian.com/business/2025/sep/02/jaguar-land-rover-cyber-incident-manufacturing-retail”>a crippling cyber-attack, but suppliers to the carmaker have told ministers they need financial support from the government within days to prevent permanent closures of parts factories.The maker of…
-
Jaguar Land Rover restarts some of its computers after hack
Carmaker can now pay suppliers and ship parts and finished vehicles but is unable to say when factories will reopenJLR has restarted a limited number of computer systems, as Britain’s largest automotive employer scrambles to recover from <a href=”https://www.theguardian.com/business/2025/sep/02/jaguar-land-rover-cyber-incident-manufacturing-retail”>a crippling cyber-attack.The maker of Jaguar and Land Rover cars said it had regained the ability to…
-
Service Accounts in Active Directory: These OG NHIs Could Be Your Weakest Link
While non-human identities (NHIs) in cloud and SaaS operations may be getting lots of attention right now, securing your Active Directory service accounts can go a long way in reducing risk. Here are three steps you can take right now. Key takeaways Expect sprawl: Agentic AI and cloud native development accelerate non-human identity (NHI) growth. …
-
‘Our worst day’: The untold story of the Electoral Commission cyber attack
As head of digital at The Electoral Commission, Andrew Simpson’s mettle was tested when threat actors gained access to the regulator’s email systems and accessed sensitive voter data. Three years on, he tells his story to Computer Weekly First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366631525/Our-worst-day-The-untold-story-of-the-Electoral-Commission-cyber-attack
-
A suspected Scattered Spider member suspect detained for casino network attacks
A suspected Scattered Spider member linked to cyber attacks on Las Vegas casinos was arrested on September 17. The Las Vegas Metropolitan Police Department arrested on September 17 a suspected Scattered Spider member linked to attacks on Las Vegas casinos for computer intrusion, extortion, and identity theft. Between August and October 2023, multiple Las Vegas…
-
Microsoft DCU’s Takedown of RaccoonO365
When I saw the name of the Microsoft Digital Crime Unit’s latest target, “RaccoonO365” I probably reacted to it differently than most. With the help of a friend in Lagos, we’ve been watching the money launderers and things have reached a point that they now refer to what we previously called “Business Email Compromise” or…
-
As scientists show they can read inner speech, brain implant ‘pioneers’ fight for neural data privacy, access rights
With scientists now demonstrating that they can decode attempted speech based on the neural data they collect from Brain Computer Interface (BCI) research subjects with implants, patients and advocates say the importance of adequate data protections has grown. First seen on therecord.media Jump to article: therecord.media/neural-data-privacy-brain-implants
-
BlockBlasters Steam Game Disguises Malware as Patch for Computer Download
BlockBlasters, a vibrant 2D platformer/shooter from Genesis Interactive, launched on July 31, 2025 to wide acclaim. However, on August 30, 2025, the developers released Build 19799326, ostensibly a routine patch. Security analysts at G DATA MXDR discovered that this update carries multiple malicious components capable of harvesting sensitive data from players’ PCs”, including cryptocurrency wallet…
-
Cybercriminals Exploit ICS Computers via Scripts and Phishing Attacks
Industrial control systems (ICS) continue to face increasing cybersecurity challenges as threat actors employ sophisticated malicious scripts and phishing campaigns to target critical infrastructure. According to new data from Q2 2025, while overall attack rates have shown a marginal decline, specific threat vectors including email-based attacks and malicious documents are intensifying their assault on industrial…
-
Brute force attacks hitting SonicWall firewall configuration backups
Tags: attack, authentication, backup, breach, cloud, computer, computing, credentials, data, defense, encryption, firewall, Hardware, login, mfa, password, phishing, software, technology, threatWhat are brute force attacks?: Brute force attacks use trial and error to crack passwords, login credentials, and encryption keys. They’ve been around since the beginning of the computer age, yet are still effective. Why? In part because people still use easily guessable passwords like ‘1234’, or their company’s name, or default passwords left on…
-
Warning: Brute force attacks hitting SonicWall firewall configuration backups
Tags: attack, authentication, backup, breach, cloud, computer, computing, credentials, data, defense, encryption, firewall, Hardware, login, mfa, password, phishing, software, technology, threatWhat are brute force attacks?: Brute force attacks use trial and error to crack passwords, login credentials, and encryption keys. They’ve been around since the beginning of the computer age, yet are still effective. Why? In part because people still use easily guessable passwords like ‘1234’, or their company’s name, or default passwords left on…
-
New Shai-hulud Worm Infecting npm Packages With Millions of Downloads
ReversingLabs discovers >>Shai-hulud,
-
Microsoft and Cloudflare execute ‘rugpull’ on massive phishing empire
Tags: access, ai, attack, blockchain, breach, computer, credentials, crime, crimes, crypto, cybercrime, data, detection, exploit, extortion, finance, fraud, infrastructure, international, law, microsoft, phishing, programming, scam, service, strategy, threat, toolLegal victory with limitations: Microsoft’s investigation identified Joshua Ogundipe, based in Nigeria, as the operation’s leader and primary architect. The company filed a lawsuit against Ogundipe and four associates listed as John Does in late August, then obtained a court order from the US District Court for the Southern District of New York in early…
-
From Quantum Hacks to AI Defenses Expert Guide to Building Unbreakable Cyber Resilience
Quantum computing and AI working together will bring incredible opportunities. Together, the technologies will help us extend innovation further and faster than ever before. But, imagine the flip side, waking up to news that hackers have used a quantum computer to crack your company’s encryption overnight, exposing your most sensitive data, rendering much of it…
-
INC ransom group claimed the breach of Panama’s Ministry of Economy and Finance
Panama’s Ministry of Economy and Finance disclosed a security breach impacting a computer in its infrastructure. Panama’s Ministry of Economy and Finance (MEF) announced that threat actors likely compromised one of its computers. The Ministry immediately activated its security protocols to contain the threat. Panama’s Ministry pointed out that critical systems vital to operations remain…
-
Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms
Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR).The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the county that at least one of the…
-
Cybersecurity Snapshot: Security Lags Cloud and AI Adoption, Tenable Report Finds, as CISA Lays Out Vision for CVE Program’s Future
Tags: access, ai, api, attack, automation, best-practice, breach, bug-bounty, business, cisa, cloud, communications, computer, control, cve, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, framework, google, governance, government, identity, infrastructure, intelligence, international, Internet, linkedin, mitre, network, nist, office, open-source, privacy, programming, RedTeam, resilience, risk, risk-management, service, skills, software, strategy, tactics, technology, threat, tool, update, vulnerabilityCheck out Tenable’s report detailing challenges and best practices for cloud and AI security. Plus, CISA rolled out a roadmap for the CVE Program, while NIST updated its guidelines for secure software patches. And get the latest on TLS/SSL security and AI attack disclosures! Here are five things you need to know for the week…
-
Apple issues spyware warnings as CERT-FR confirms attacks
Apple warned users of a spyware campaign; France’s cyber agency confirmed targeted iCloud-linked devices may be compromised. Apple warned customers last week about new spyware attacks, the French national Computer Emergency Response Team (CERT-FR) said. The agency confirmed at least four such alerts since early 2025. Apple sent spyware alerts on March 5, April 29,…
-
ICO Warns of Student-Led Data Breaches in UK Schools
ICO warned that growing hacks by children into school computer systems is setting them up for “a life of cybercrime” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ico-student-data-breaches-uk/
-
12 digital forensics certifications to accelerate your cyber career
Tags: access, apt, attack, browser, chrome, cloud, computer, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, email, endpoint, exploit, google, government, group, hacker, hacking, Hardware, incident response, international, jobs, law, malicious, malware, microsoft, mobile, network, phone, service, skills, soc, technology, threat, tool, training, windowsCellebrite Certified Mobile Examiner (CCME)Certified Computer Examiner (CCE)CyberSecurity Forensic Analyst (CSFA)EC-Council Computer Hacking Forensic Investigator (CHFI)EnCase Certified Examiner (EnCE)Exterro AccessData Certified Examiner (ACE)GIAC Advanced Smartphone Forensics Certification (GASF)GIAC Certified Forensics Analyst (GCFA)GIAC Certified Forensic Examiner (GCFE)GIAC Cloud Forensic Responder (GCFR)GIAC Network Forensic Analysis (GNFA)Magnet Certified Forensics Examiner (MCFE) Cellebrite Certified Mobile Examiner (CCME) Out of…
-
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program.The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users’ computers…
-
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program.The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users’ computers…