Threatline

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed

Iran is the first out-loud cyberwar the US has fought

Cyber is no longer the hush-hush thing it used to be, as team Trump invades Iran with hackers taking the lead Unlike previous military conflicts, the cyber domain has been front and center since the Trump administration invaded Iran, upending the traditionally quiet role played by hackers in military conflicts.… Kettle

How AI Assistants are Moving the Security Goalposts

AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.

FBI is investigating breach that may have hit its wiretapping tools

PLUS: Europol takes down two crime gangs; LastPass users phished (again); Crooks increase crypto hauls; And more The FBI is investigating a breach of its systems which reportedly affected systems related to wiretapping and surveillance.… Infosec In Brief

EU court adviser says banks must immediately refund phishing victims

Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account holders affected by unauthorized transactions, even when it's their fault. [...]

Timekeeping biz Kronos hit by ransomware and warns customers to engage biz continuity plans

Updated

Is VPOTUS Bluetooth-phobic or sensible? The answer's pretty clear

In Brief

When disaster strikes, data recovery really is a race against time

Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching

Updated

MPs charged with analysing Online Safety Bill say end-to-end encryption should be called out as 'specific risk factor'

Britain's Online Safety Bill is being enthusiastically endorsed in a "manifesto" issued today by MPs who were tasked with scrutinising its controversial contents.…