Threatline

Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild

Log4j

Pen Test Partners: Anyone could view Gumtree users' GPS location by pressing F12

UK online used goods bazaar Gumtree exposed its users' home addresses in the source code of its webpages, and then tried to squirm out of a bug bounty after infosec bods alerted it to the flaw.…

US lawmakers want to put NSO Group, 3 other spyware makers out of business with fresh severe sanctions

Eighteen US Democratic lawmakers have asked the Treasury Department and State Department to punish Israel-based spyware maker NSO Group and three other surveillance software firms for enabling human rights abuses.…

As CISA tells US govt agencies to squash Log4j bug by Dec 24, fingers start pointing at China, Iran, others

Microsoft reckons government cyber-spies in China, Iran, North Korea, and Turkey are actively exploiting the Log4j 2.x remote-code execution hole.…

Facebook expands bug bounty program to include scraping attacks, two years after it was scraped – hard

Japan draws a LINE: web giants must reveal where they store user data

Social media and search engine operators in Japan will be required to specify the countries in which users' data is physically stored, under a planned tweak to local laws.…

National Cyber Strategy will lead to BritChip for mobile devices by 2025, claims UK.gov

National Cyber Strategy

Move fast, break security: Why CISOs must push back against Agile IT

The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them.

East Londoners nicked under Computer Misuse Act after NHS vaccine passport app sprouted clump of fake entries

British police have made a series of arrests over the past few months after people with apparent access to NHS databases allegedly sold fake vaccination status entries on the NHS vaccine passport app.…

Why ransomware attacks happen out of hours or during the holidays