Tag: computer
-
UK Cybersecurity Weekly News Roundup 9 March 2025
Tags: android, attack, backdoor, breach, china, cloud, compliance, computer, cyber, cyberattack, cybercrime, cybersecurity, data, espionage, exploit, government, group, hacker, infrastructure, international, malware, microsoft, network, ransomware, regulation, resilience, service, skills, software, theft, update, vulnerabilityWelcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. Microsoft Engineer’s Transition to Cybersecurity Ankit Masrani, a 36-year-old software engineer, successfully transitioned into a cybersecurity role at Microsoft. With a background in IT and a Master’s degree in computer science, Masrani secured…
-
Developer Pleads Guilty to Injecting Malware and Crippling Company Systems
In a stunning case of corporate sabotage, a former software developer for Eaton Corp., Davis Lu, 55, of Houston, has been found guilty by a jury of intentionally damaging the company’s internal computer systems. This malicious act occurred after his work responsibilities were reduced in 2018. The verdict was delivered after a six-day trial in…
-
New Chirp tool uses audio tones to transfer data between devices
A new open-source tool named ‘Chirp’ transmits data, such as text messages, between computers (and smartphones) through different audio tones. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/software/new-chirp-tool-uses-audio-tones-to-transfer-data-between-devices/
-
UK cyber security damaged by ‘clumsy Home Office political censorship’
Britain’s National Cyber Security Centre secretly censors computer security guidance and drops references to encryption First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620475/UK-cyber-security-damaged-by-clumsy-Home-Office-political-censorship
-
Cyberangriff auf einen Gesundheitsdienstleister in Israel?
Health Ministry announces suspected cyber incident on Israeli medical computer system First seen on jpost.com Jump to article: www.jpost.com/breaking-news/article-845035
-
Decrypting the Forest From the Trees
Tags: api, computer, container, control, credentials, data, endpoint, least-privilege, microsoft, network, password, powershell, service, updateTL;DR: SCCM forest discovery accounts can be decrypted including accounts used for managing untrusted forests. If the site server is a managed client, service account credentials can be decrypted via the Administration Service API. Introduction While Duane Michael, Chris Thompson, and I were originally working on the Misconfiguration Manager project, one of the tasks I took…
-
Reported US Cyber Pause on Russia Raises Questions, Concerns
Hiatus Could Embolden Moscow. Reports suggesting the U.S. federal government is going soft on Russia in cyberspace sent shockwaves through the cybersecurity community. Resuming computer network attacks and other exploitation efforts after a pause isn’t as simple as flipping a switch. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/reported-us-cyber-pause-on-russia-raises-questions-concerns-a-27643
-
How New AI Agents Will Transform Credential Stuffing Attacks
Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks, including those frequently performed by attackers.Stolen credentials: The…
-
RDP: a Double-Edged Sword for IT Teams Essential Yet Exploitable
Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It’s like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true…
-
What is zero trust? The security model for a distributed and risky era
Tags: access, ai, authentication, best-practice, breach, business, ceo, cloud, compliance, computer, computing, control, corporate, credentials, cyberattack, data, detection, framework, government, guide, identity, infrastructure, intelligence, jobs, login, monitoring, network, nist, office, password, ransomware, regulation, risk, saas, service, technology, threat, tool, vpn, zero-trustHow zero trust works: To visualize how zero trust works, consider a simple case: a user accessing a shared web application. Under traditional security rules, if a user was on a corporate network, either because they were in the office or connected via a VPN, they could simply click the application and access it; because…
-
China’s Silver Fox spoofs medical imaging apps to hijack patients’ computers
Sly like a PRC cyberattack First seen on theregister.com Jump to article: www.theregister.com/2025/02/25/silver_fox_medical_app_backdoor/
-
Russia warns financial sector organizations of IT service provider LANIT compromise
Russia’s NKTsKI warns financial sector organizations about a breach at major Russian IT service and software provider LANIT. Russia’s National Coordination Center for Computer Incidents (NKTsKI) warns the financial sector of security breach at IT service and software provider LANIT, potentially affecting LANTER and LAN ATMservice. According to the security breach notification published by GosSOPKA,…
-
Russia warns financial sector of major IT service provider hack
Russia’s National Coordination Center for Computer Incidents (NKTsKI) is warning organizations in the country’s credit and financial sector about a breach at LANIT, a major Russian IT service and software provider. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russia-warns-financial-sector-of-major-it-service-provider-hack/
-
What Microsoft’s Majorana 1 Chip Means for Quantum Decryption
The question is whether Majorana 1 advances progress toward quantum computing or for security professionals, the arrival of computers powerful enough to break PKE. The post What Microsoft’s Majorana 1 Chip Means for Quantum Decryption appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/what-microsofts-majorana-1-chip-means-for-quantum-decryption/
-
Implementing Cryptography in AI Systems
Interesting research: “How to Securely Implement Cryptography in Deep Neural Networks.” Abstract: The wide adoption of deep neural networks (DNNs) raises the question of how can we equip them with a desired cryptographic functionality (e.g, to decrypt an encrypted input, to verify that this input is authorized, or to hide a secure watermark in the…
-
NSA Allegedly Hacked Northwestern Polytechnical University, China Claims
Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a cyberattack on Northwestern Polytechnical University, a prominent Chinese institution specializing in aerospace and defense research. The allegations, published by organizations such as Qihoo 360 and the National Computer Virus Emergency Response Center (CVERC), claim that the NSA’s Tailored Access Operations (TAO)…
-
Microsoft’s Quantum Chip Breakthrough Accelerates Threat to Encryption Protocols
Microsoft has developed the first ever quantum chip, shortening the timeframe for when quantum computers will break exiting encryption First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-quantum-chip-encryption/
-
Cyberangriff auf eine Stadtverwaltung in Alabama, USA
Tarrant, Ala., Wards Off Ransomware Attack on City Computers First seen on govtech.com Jump to article: www.govtech.com/security/tarrant-ala-wards-off-ransomware-attack-on-city-computers
-
Russian cyberespionage groups target Signal users with fake group invites
QR codes provide a means of phishing Signal users: These features now work by scanning QR codes that contain the cryptographic information needed to exchange keys between different devices in a group or to authorize a new device to an account. The QR codes are actually representations of special links that the Signal application knows…
-
US Military, Defense Contractors Infected with Infostealers: Hudson Rock
A report by cybersecurity firm Hudson Rock says hundreds of computers from the U.S. Army and Navy and defense contractors like Honeywell and Boeing are infected with infostealer malware, endangering the security of the systems and threatening third-party players. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/us-military-defense-contractors-infected-with-infostealers-hudson-rock/
-
New family of data-stealing malware leverages Microsoft Outlook
certutil application which handles certificates, to download files.Espionage seems to be the motive, says the report, and there are Windows and Linux versions of the malware. But fortunately the gang “exhibited poor campaign management and inconsistent evasion tactics,” it notes. Nevertheless, CISOs should be watching for signs of attack using this group’s techniques, because their…
-
Cyberangriff auf eine Staatsanwaltschaft in Virginia, USA
Virginia Attorney General’s office struck by cyberattack targeting attorneys’ computer systems First seen on apnews.com Jump to article: apnews.com/article/attorney-general-jason-miyares-cyberattack-0cf74a899064a72d4532fb0c38f8e382
-
USAID staff accuses DOGE of jeopardizing safety, accessing security clearance data
A new lawsuit sheds light on the Department of Government Efficiency’s (DOGE) work at USAID, with some employees alleging that DOGE workers had root access to computer systems containing security clearance data, including foreign contacts for an employee who deploys to conflict zones. First seen on therecord.media Jump to article: therecord.media/usaid-staff-accuses-doge-improper-access
-
Virginia Attorney General’s Office Struck by Cyberattack Targeting Attorneys’ Computer Systems
The chief deputy attorney general of the agency sent an email on Wednesday that said nearly all of is computer systems were offline. The post Virginia Attorney General’s Office Struck by Cyberattack Targeting Attorneys’ Computer Systems appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/virginia-attorney-generals-office-struck-by-cyberattack-targeting-attorneys-computer-systems/
-
What is anomaly detection? Behavior-based analysis for cyber threats
a priori the bad thing that you’re looking for,” Bruce Potter, CEO and founder of Turngate, tells CSO. “It’ll just show up because it doesn’t look like anything else or doesn’t look like it’s supposed to. People have been tilting at that windmill for a long time, since the 1980s, trying to figure out what…
-
Top cryptography experts join calls for UK to drop plans to snoop on Apple’s encrypted data
Some of the world’s leading computer science experts have signed an open letter calling for the Home secretary, Yvette Coooper to drop a controversial secret order to require Apple to provide access to people’s encrypted data First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619260/Top-cryptography-experts-join-calls-for-UK-to-drop-plans-to-snoop-on-Apples-encrypted-data
-
Russian hacking group targets critical infrastructure in the US, the UK, and Canada
Tags: access, attack, blizzard, computer, control, cyber, cyberattack, cybersecurity, data, espionage, exploit, fortinet, group, hacker, hacking, infrastructure, intelligence, international, microsoft, military, network, ransomware, russia, software, strategy, supply-chain, threat, tool, ukraine, update, vulnerability, zero-trustWeaponizing IT software against global enterprises: Since early 2024, the hackers have exploited vulnerabilities in widely used IT management tools, including ConnectWise ScreenConnect (CVE-2024-1709) and Fortinet FortiClient EMS (CVE-2023-48788). By compromising these critical enterprise systems, the group has gained undetected access to networks, Microsoft warned.”Seashell Blizzard’s specialized operations have ranged from espionage to information operations…
-
CHERI Security Hardware Program Essential to UK Security, Says Government
NCSC CTO Ollie Whitehouse discussed a UK government-backed project designed to secure underlying computer hardware, preventing most vulnerabilities from occurring First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cheri-security-hardware-uk-security/