Spam is Chipotle’s secret ingredient: Marketing email hijacked to dish up malware
Upcoming Android privacy changes include ability to blank advertising ID, and ‘safety section’ in Play store
Israeli authorities investigate NSO Group over Pegasus spyware abuse claims
Here’s a list of the flaws Russia, China, Iran and pals exploit most often, say Five Eyes infosec agencies
‘Woefully insufficient’: Biden administration’s assessment of critical infrastructure infosec protection
Over 100 Taiwanese political figures’ messages leaked outta LINE app
Microsoft researcher found Apple 0-day in March, didn’t report it
Security breaches where working from home is involved are costlier, claims IBM report
Iranian state-backed hackers posed as flirty Scouser called Marcy to target workers in defence and aerospace
UK’s National Cyber Security Centre needs its posh Westminster digs, says Cabinet Office, because of WannaCry
Google revamps bug bounty program
Biden warns ‘real shooting war’ will be sparked by severe cyber attack
Tencent suspends signups to WeChat, citing ‘security upgrade’ and need to comply with Chinese laws
eBay ex-security boss sent down for 18 months for cyber-stalking, witness tampering
Misconfigured Azure Blob at Raven Hengelsport exposed records of 246,000 anglers – and took months to tackle, claim infosec researchers
Scam-baiting YouTube channel Tech Support Scams taken offline by tech support scam
Tech biz must tell us about more security breaches, says as it ponders lowering report thresholds
Apple emergency zero-day fix for iPhones and Macs – get it now!
Compsci student walks off with $50,000 after bug bounty report blows gaping hole in Shopify software repos
It takes intuition and skill to find hidden evidence and hunt for elusive threats
SSD belonging to Euro-cloud Scaleway was stolen from back of a truck, then turned up on YouTube
Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack
You, too, can be a Windows domain controller and do whatever you like, with this one weird WONTFIX trick
Windows “PetitPotam” network attack – how to protect against it
Somebody is destined for somewhere hot, and definitely not Coventry
DEF CON offers beginner-level Spot the Fed this year: He’ll be on stage giving a keynote
US court gets UK Twitter hack suspect arrested in Spain
Hole blasted in Guntrader: UK firearms sales website’s CRM database breached, 111,000 users’ info spilled online
Tech support scams subside somewhat, but Millennials and Gen Z think they’re bulletproof and suffer
BT tries to crack cyber crime, grabs stake in Safe Security
Kaseya obtains REvil decryptor, starts sharing it with afflicted customers
Never mind the trolls, Discord hosts ‘significant volumes of malware’ in its CDN
Cyber-attacks really ramp up after Halloween – so why not start preparing now?
Microsoft has a workaround for ‘HiveNightmare’ flaw: Nuke your shadow copies from orbit
Securing the cloud while Windows burns: Microsoft pops CloudKnox in trolley
Respect in Security initiative aims to build reporting lines for infosec bods suffering harassment at work, conferences and online
S3 Ep42: Viruses, Nightmares, patches, rewards and scammers [Podcast]
Thales launches payment card with onboard fingerprint scanner
China pushes back against Exchange attack sponsorship claims
NSO Group ‘will no longer be responding to inquiries’ about misuse of its software
US senators warn China’s Digital Yuan could compromise Olympic athletes
Spanish cops cuff Brit bloke accused of playing role in 2020 celeb Twitter hijacking
Google Cloud’s Intrusion Detection Service attempts to make security ‘invisible’ but cost will be the big giveaway
Windows “HiveNightmare” bug could leak passwords – here’s what to do!
Make-me-admin holes found in Windows, Linux kernel
Journo who went to prison for 2 years for breaking US cyber-security law is jailed again
Fortinet’s security appliances hit by remote code execution vulnerability
Apple iPhone patches are out – no news if recent Wi-Fi bug is fixed
Northern Train’s ticketing system out to lunch as ransomware attack shuts down servers
Verified: launching plans for yet another digital identity scheme