Security

Name That Toon Contest

Ex-school district employee jailed for hacks on former employer

A former IT employee at an Iowa school district was sentenced to 21 months in prison after conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages. [...]

Security firm signs up Conan O'Brien for corporate training videos — will celebrity firepower be enough to keep us focused on safety?

Adaptive Security recruited Conan O'Brien for cybersecurity training videos aimed at helping employees recognize phishing deepfakes and AI-enabled fraud.

Chinese hackers hijack auth flow, spy on isolated network for a decade

Chinese hackers took control of a target organization's authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity. [...]

The FBI built its own replica small town to simulate real-world cyberattacks

Hidden inside a building in Alabama, the FBI has created its own small town as a dedicated cyber training ground for simulating cyberattacks.

The FCC Wants to Kill Burner Phones

Plus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more.

PhishLumos maps phishing infrastructure and finds 190,000 URLs in six months

Researchers from Tokyo Metropolitan University have created a new paradigm for identifying online phishing campaigns. Their new system, PhishLumos, is triggered when links show signs of concealing information and looks for clues in the "infrastructure" of the website to uncover the whole campaign of which the site is only a tiny part. Real-world testing showed detection that was eight days faster…

Phone battery draining fast? Malware is one of 8 possible factors - how to tell for sure

No battery lasts forever. But it's often in your power to extend its life. Here's our checklist for identifying the causes of battery degradation - and how to fix each one.

ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed

A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.

Also covering:The Register

Maine disables data breach notification portal after fake disclosures

Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future. [...]

PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data

Vulnerability in the Oracle-owned PeopleSoft software is about as critical as they come.

Congress lets decades-old spying law lapse amid Trump's controversial DNI nomination

Congress, afraid of empowering Bill Pulte, has allowed a decades-old spying law to lapse.

Fired IT worker jailed for 21 months after sabotaging old school district

Iowan’s scheme undone after misplacing trust in former coworker

phpBB forum fixes auth bypass bug lurking for a decade

A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]

Ukrainian national pleads guilty to role in Conti ransomware operation

A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. [...]

Japanese electricity giant apologises after physical drive with data of 10.9 million clients goes missing

Millions of clients have valuable data exposed after drive goes missing.

A spy in your pocket? How the UK’s proposed on-device nude image blocking could work in reality

Apple and Google have until September to either activate built-in features or implement new scanning tools. Privacy advocates are raising the alarm, but the government is ready to "change the law" if needs be.

Microsoft's bug-hunting nemesis extends vendetta with more zero-day attacks — Nightmare Eclipse publishes RoguePlanet and GreatXML local privilege escalation exploits

Nightmare-Eclipse's vendetta against Microsoft and Windows continues apace — researcher publishes RoguePlanet and GreatXML local privilege escalation zero-day exploits

Also covering:The Register

Early Warning Signs of Supply-Chain Attacks Live in the Dark Web

GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. [...]

Novo Nordisk reports cyberattack as UK gives Wegovy pill the nod

Clinical trial participant data stolen, but pharma giant says exposed records were pseudonymized