[TheRecord] Ransomware accounted for a quarter of all cyber insurance claims in Europe between 2016 and 2020

Almost a quarter of all cyber insurance claims filed between 2016 and 2020 across continental Europe have been related to ransomware attacks, according to insurance giant Marsh. The numbers are even higher when 2020 is analyzed alone, with almost a third (32%) of all cyber insurance claims filed last year being related to a ransomware […]

Read More

[TheRecord] Microsoft fixes OMIGOD bugs in secret Azure app

As part of its monthly Patch Tuesday security updates, Microsoft has patched a collection of four vulnerabilities in OMI, a mostly unknown application that the company has been silently installing on most Linux-based Azure virtual machines and related systems. Called Open Management Infrastructure (OMI), the app is the Linux equivalent of Microsoft’s Windows Management Infrastructure […]

Read More

[TheRecord] Microsoft to let users completely remove account passwords and go passwordless

Microsoft has announced today that it intends to let users remove the passwords from their Microsoft accounts and go passwordless. In a change that will be rolled out in the coming weeks, Microsoft said that users would be able to remove the password from their consumer account and choose an alternative authentication option instead, such […]

Read More

[TheRecord] US fines former NSA employees who provided hacker-for-hire services to UAE

The US Department of Justice has fined three former NSA employees who worked as hackers-for-hire for a United Arab Emirates cybersecurity company. Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40, broke US export control laws that require companies and individuals to obtain a special license from the State Department’s Directorate of Defense Trade Controls (DDTC) […]

Read More

[TheRecord] Microsoft patches Office zero-day in today’s Patch Tuesday

Microsoft has released patches today for a zero-day vulnerability in one of the Windows components that was abused in the wild for attacks using weaponized Office documents. First disclosed last week, when Microsoft warned of the attacks and published basic mitigations, the OS maker has released official fixes as today, part of its monthly Patch Tuesday […]

Read More

[TheRecord] ‘No indication’ Russia has cracked down on ransomware gangs, top FBI official says

The FBI’s No. 2 on Tuesday said the agency has seen no evidence that the Russian government has moved against ransomware gangs operating on its soil. “Based on what we’ve seen, I would say there is no indication that the Russian government has taken action to crack down on ransomware actors that are operating in […]

Read More

[TheRecord] Wikimedia bans seven Chinese users citing “security risk”

The Wikimedia Foundation, the organization behind the Wikipedia portal, has banned seven Chinese users on Monday, citing a “security risk.” “We have banned seven users and desysopped a further 12 as a result of long and deep investigations into activities around some members of the unrecognized group Wikimedians of Mainland China,” Maggie Dennis, the Wikimedia Foundation’s […]

Read More

[TheRecord] OWASP Top 10 ranking has a new leader after ten years

The OWASP Top 10, a list of the most dangerous web vulnerabilities, has been updated after four years, and, after more than a decade, there is a new vulnerability at the top of the ranking. Created in the mid-2000s, the list is curated by the Open Web Application Security Project, a nonprofit foundation that’s made up […]

Read More

[TheRecord] Apple releases patches for NSO Group’s ForcedEntry zero-day

Apple has released security updates today to patch ForcedEntry, a professional exploit developed by Israeli spyware maker NSO Group, and which has been abused to hack into the phones of multiple activists since February this year. Patches are available today for macOS, iOS, iPadOS, and watchOS. Tracked as CVE-2021-30860, the ForcedEntry zero-day exploits a bug in CoreGraphics, an Apple component […]

Read More

[TheRecord] Report: Beijing, Moscow step up efforts to control the Internet’s backbone

Authoritarian governments — particularly in Beijing and Moscow — are stepping up their efforts to buy or influence companies responsible for laying the undersea cables that shuttle online communications between countries and servers, according to a report released on Monday. Submarine cables are the backbone of the Internet and the concern is that undersea cable […]

Read More