Author Archives: John Leyden

Legit-looking website, camera-on interviews, jokes about backdoors … it worked EXCLUSIVE  It all started with a LinkedIn message, as so many employment scams do these days.… Continue reading Dev targeted by sophisticated job scam: ‘I let my guard down, and ran the freaking code’→

All the Typhoons, everywhere, all at once A majority of China-linked threat actors are using compromised routers and IoT devices worldwide, turning this gear into proxy networks to carry out further intrusions, steal sensitive data, and disrupt victim … Continue reading Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn→

Push to protect minors risks hitting everyone online Proton’s boss has waded into the age verification fight with a warning that sounds less like child safety and more like an identity checkpoint for the entire internet.… Continue reading Age checks could turn internet into an ID checkpoint, complains Proton CEO→

Wins $300M deal over Salesforce, IBM because of ‘integration with existing USDA systems,’ among other things Palantir has won a $300 million contract from the US Department of Agriculture (USDA) to support the National Farm Security Action Plan (NFSAP)… Continue reading American farms have a new steward for their safety net, disaster programs… Palantir→

World’s largest biomedical dataset lifted and shifted on Chinese mega marketplace Updated  Details of volunteers of UK-based Biobank, which describes itself as the custodian of the world’s most comprehensive biomedical dataset, are for sale on Chinese … Continue reading Medical data of 500k Biobank volunteers listed for sale on Alibaba, UK minister reveals→

Windows Admin Center flaws mean on-prem can attack cloud, and vice-versa Black Hat Asia  Israeli researchers found a series of flaws in Microsoft’s Windows Admin Center (WAC) and suggest this shows hybrid cloud management tools are a two-way attack sur… Continue reading Hybrid clouds have two attack surfaces and you’re not paying enough attention to either→

Orgs can now buy UK cyber agency engineered commercial gadget, but details are slim GCHQ’s cyber arm has entered the hardware game with its first device designed to prevent cyberattacks on display devices.… Continue reading If malware via monitor cables is a matter of national security, this might be the gadget for you→

Keeping it simple for the developers can lead to very complex headaches later PWNED  Welcome back to PWNED, the column where we celebrate the people who’ve taught us how not to secure a server. If you’ve ever tied your own shoelaces together, then trip… Continue reading Using the password ‘admin123’ wasn’t as bad as sharing it on Slack→

NCSC passes judgment: passkeys pass muster, passwords fail The UK’s National Cyber Security Centre (NCSC) has officially endorsed passkeys as the default authentication standard, marking the first time the agency has told consumers to move away from pa… Continue reading Pass the key, passwords have passed their sell-by date→

Plus, the payload references ‘TeamPCP/LiteLLM method’ Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as it moves through developers’ environments, and it shares significant overl… Continue reading Another npm supply chain worm is tearing through dev environments→