Category: The Register – Security

Disclosure at MainStreet Bancshares comes as American finance orgs beg for looser reporting requirements Community bank MainStreet Bancshares says thieves stole data belonging to some of its customers during an attack on a third-party provider.… This article has been indexed…

Read more →

PLUS: Ransomware gang using tech support scam; Czechia accuses China of infrastructure attack; And more! Infosec In Brief  Despite last week’s FBI announcement that it helped to take down the crew behind the Lumma infostealer, the malware continues to operate.……

Read more →

‘It’s a high-stakes intelligence war’ he told El Reg exclusive  A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names.… This article has been…

Read more →

Pen tester on ScreenConnect bug: This one ‘terrifies’ me ConnectWise has brought in the big guns to investigate a “sophisticated nation state actor” that broke into its IT environment and then breached some of its customers.… This article has been…

Read more →

28-year-old alleged to have made multiple drops to folks who turned out to be undercover FBI agents A Defense Intelligence Agency (DIA) IT specialist is scheduled to appear in court today after being caught by the FBI trying to surreptitiously…

Read more →

Cash splashed on damages, infrastructure improvements, and fraud monitoring A Seattle cancer facility has agreed to fork out around $52.5 million as part of a class action settlement linked to a Thanksgiving 2023 cyberattack where criminals directly threatened cancer patients…

Read more →

Giving people the power to build community and bring the world closer together so we can shoot them Meta has partnered with Anduril Industries to build augmented and virtual reality devices for the military, eight years after it fired the…

Read more →

Take care when downloading AI freebies, researcher tells The Register Criminals are using installers for fake AI software to distribute ransomware and other destructive malware.… This article has been indexed from The Register – Security Read the original article: Crims…

Read more →

Greater Manchester Police reprimanded over hours of video that went AWOL The UK’s data watchdog has reprimanded Greater Manchester Police (GMP) force for losing CCTV footage the cop shop was later requested to retain.… This article has been indexed from…

Read more →

War in Ukraine causes major rethink in policy and spending The UK is spending more than £1 billion ($1.35 billion) setting up a new Cyber and Electromagnetic Command and is recruiting a few good men and women to join up…

Read more →

30-year anniversary event adds classes and sessions to address new risks Partner content  Infosecurity Europe celebrates its 30th anniversary by doubling down on its mission: Building a Safer Cyber World. Returning to ExCeL London from 3-5 June, the landmark edition…

Read more →

Probably not a cyber-incident, but definitely not a good look Security services vendor SentinelOne experienced a major outage on Thursday.… This article has been indexed from The Register – Security Read the original article: Security outfit SentinelOne’s services back online…

Read more →

Philippines company allegedly run by Chinese national has form running scams The US Treasury has sanctioned a Philippine company and its administrator after linking them to the infrastructure behind the majority of so-called “pig butchering” scams reported to the FBI.……

Read more →

‘The operating system couldn’t be loaded’ is never a great message Microsoft’s latest Patch Tuesday update is failing to install on some Windows 11 machines, mostly virtual ones, and dumping them into recovery mode with a boot error. Its only…

Read more →

House Homeland Security Committee takes a field trip to Silicon Valley Chinese government spies burrowed deep into American telecommunications systems and critical infrastructure networks for one reason, according to retired US Army Lt. Gen. H.R. McMaster.… This article has been…

Read more →

No formal attribution made but two separate probes hint at the same suspect Thousands of Asus routers are currently ensnared by a new botnet that is trying to disable Trend Micro security features before exploiting vulnerabilities for backdoor access.… This…

Read more →

Law enforcement crackdowns are gathering pace but online marketplaces still teeming with valuable tokens A VPN vendor says billions of stolen cookies currently on sale either on dark web or Telegram-based marketplaces remain active and exploitable.… This article has been…

Read more →

Sick of paying the US tech tax and relinquishing talent to other continents, politicians finally wake up The European Commission (EC) has kicked off a scheme to make Europe a better place to nurture global technology businesses, providing support throughout…

Read more →

Knickers outlet knackered Underwear retailer Victoria’s Secret’s website has been down for three days, with the company blaming an unspecified security problem.… This article has been indexed from The Register – Security Read the original article: Victoria’s Secret website laid…

Read more →

The financial sector is adept at balancing risk and opportunity. Adversarial AI is its next big challenge Partner content  From the use of ATMs to online banking, the financial services sector has always been at the forefront of technology. Now,…

Read more →

Data analytics and risk management biz says software dev platform breached, not itself LexisNexis Risk Solutions (LNRS) is the latest big-name organization to disclose a serious cyberattack leading to data theft, with the number of affected individuals pegged at 364,333.……

Read more →

The latest in a long line of techies to face Putin’s wrath A Russian programmer will face the next 14 years in a “strict-regime” (high-security) penal colony after a regional court ruled he leaked sensitive data to Ukraine.… This article…

Read more →

Poor password management is responsible for thousands of data breaches, but it doesn’t have to be this way. Sponsored feature  The IT business likes to reinvent things as quickly as possible. Except passwords, that is. We’ve been using them since…

Read more →

SimpleHelp was the vector for the attack DragonForce ransomware infected a managed service provider, and its customers, after attackers exploited security flaws in remote monitoring and management tool SimpleHelp.… This article has been indexed from The Register – Security Read…

Read more →

Really strong USB ports make a difference too by reducing the need for motherboard replacements Computex  Analysts rate Taiwan’s ASUS the world’s fifth most prolific PC-maker, but the company wants to climb the charts by targeting business buyers, according to…

Read more →

Millions may fall for it – and end up with malware instead A group of miscreants tracked as UNC6032 is exploiting interest in AI video generators by planting malicious ads on social media platforms to steal credentials, credit card details,…

Read more →

Dutch intel services, Microsoft go big-game hunting A previously unknown Kremlin-linked group has conducted cyber-espionage operations against Dutch police, NATO member states, Western tech companies, and other organizations of interest to the Russian government since at least April 2024, according…

Read more →

Hackers take personal data bytes from the brand with three stripes Adidas is warning customers some of their data was stolen after an “unauthorized” person lifted it from a “third-party customer service provider.”… This article has been indexed from The…

Read more →

Commercial customers, STEM students all feeling the pain after mega outage of engineering data-analysis tool Software biz MathWorks is cleaning up a ransomware attack more than a week after it took down MATLAB, its flagship product used by more than…

Read more →

PLUS: Interpol kills more malware; GoDaddy settles in awful infosec case; Giant stolen creds DB exposed Infosec In Brief  Secrets of the Trump administration may have been exposed after a successful attack on messaging service TeleMessage, which has been used…

Read more →

PLUS: Original emoji retired; Xiaomi’s custom silicon; MediaTek goes to 2nm Asia In Brief  China last week approved rules that will see Beijing issue identity numbers that netizens can use as part of a federated identity scheme that will mean…

Read more →

Michael Daniel also thinks Uncle Sam should increase help to orgs hit by ransomware INTERVIEW  Uncle Sam’s cybersecurity apparatus can’t only focus on China and other nation-state actors, but also has to fight the much bigger damage from plain old…

Read more →

The original leak site that never sold out, never surrendered Obituary  John Young, the co-founder of the legendary internet archive Cryptome, died at the age of 89 on March 28. The Register talked to friends and peers who gave tribute…

Read more →

Bank accounts, personal details all hoovered up in the attack Nova Scotia Power on Friday confirmed it had been hit by a ransomware attack that began earlier this spring and disrupted certain IT systems, and admitted the crooks leaked data…

Read more →

Cyberbaddies are coming for your M365 creds, US infosec agency warns The Cybersecurity and Infrastructure Security Agency (CISA) is warning that SaaS companies are under fire from criminals on the prowl for cloud apps with weak security.… This article has…

Read more →

Callous fraudster tricked elderly gents into smuggling meth hidden in chocolate truffles A ruthless cyber conman who duped elderly pensioners – including an 80-year-old man – into smuggling deadly class A drugs was this week locked up.… This article has…

Read more →

And the associated fraud’n’spy botnet is about to be shut down The US Department of Justice has unsealed indictments against 16 people accused of spreading and using the DanaBot remote-control malware that infected more than 300,000 computers, plus operating a…

Read more →

If it ain’t broke? A suspected Chinese government spy group is behind the rash of attacks that exploit two Ivanti bugs that can be chained together to achieve unauthenticated remote code execution (RCE), according to analysts at threat intelligence outfit…

Read more →

Blackmailed teen allegedly scared into carving his handle onto her arm The FBI has filed an affidavit detailing how it identified a US Navy man who was allegedly distributing child sex abuse material (CSAM) through Discord.… This article has been…

Read more →

Improving security on a budget with continuous monitoring Partner content  Most security teams face a staggering challenge. They’re tasked with protecting themselves against the same advanced threats as any large enterprise, but often have a fraction of the budget, tools,…

Read more →

The FBI thought they shut this all down in 2023, but the duck quacked again Uncle Sam on Thursday unsealed criminal charges and a civil forfeiture case against a Russian national accused of leading the cybercrime ring behind Qakbot, notorious…

Read more →

Intrusions began weeks before Trimble patched the Cityworks hole A suspected Chinese crew has been exploiting a now-patched remote code execution (RCE) flaw in Trimble Cityworks to break into US local government networks and target utility management systems, according to…

Read more →

Case in Germany could derail Zuck’s plans, noyb tells El Reg fight isn’t over The Irish Data Protection Commission has cleared the way for Meta to begin slurping up the data of European citizens for training AI next week, ongoing…

Read more →

Case in Germany could derail Zuck’s plans, noyb tells El Reg fight isn’t over The Irish Data Protection Commission has cleared the way for Meta to begin slurping up the data of European citizens for training AI next week, ongoing…

Read more →

4-year trial is second major initiative this year that clamps down on ‘illegal immigrants’ Foreigners in Moscow will now be subject to a new experimental law that affords the state enhanced tracking mechanisms via a smartphone app.… This article has…

Read more →

Chat app blocks Windows’ screenshot-happy feature from peeking at private convos Chat app biz Signal is unhappy with the current version of Microsoft Recall and has invoked some Digital Rights Management (DRM) functionality in Windows to stop the tool from…

Read more →

Parents and teachers have personal info, ID documents leaked online, but exam season mostly unaffected Scotland’s West Lothian Council has confirmed that data was stolen from its education network after the Interlock ransomware group claimed responsibility for the intrusion earlier…

Read more →

The 19-year-old and a partner first tried to extort an unnamed telco, but failed A 19-year-old student has agreed to plead guilty to hacking into the systems of two companies as part of an extortion scheme, and The Register has…

Read more →

Credit card theft losses in 2023 alone totaled $36.5M International cops working with Microsoft have shut down infrastructure and seized web domains used to run a distribution service for info-stealing malware Lumma. Criminals paid $250 to $1,000 a month to…

Read more →

Their connection? Aiding Ukraine, duh Russian cyberspies have targeted “dozens” of Western and NATO-country logistics providers, tech companies, and government orgs providing transport and foreign assistance to Ukraine, according to a joint government announcement issued Wednesday.… This article has been…

Read more →

Credit card theft losses in 2023 alone totaled $36.5M International cops working with Microsoft have shut down infrastructure and seized web domains used to run a distribution service for info-stealing malware Lumma. Criminals paid $250 to $1,000 a month to…

Read more →

Bribed support staff were identified and fired Coinbase says the data of nearly 70,000 customers was handed over by overseas support staff who were bribed by criminals to give up the goods.… This article has been indexed from The Register…

Read more →

CrowdStrike remains hopeful that damages will be limited to seven figures CrowdStrike is “confident” that the worst-case scenario of its pending lawsuit with Delta will result in it paying the airline a sum in the “single-digit millions.”… This article has…

Read more →

From air-gapped bunkers to partner-run platforms, sovereignty is suddenly in vogue Google has updated its sovereign cloud services, including an air-gapped solution for customers with strict data security and residency requirements, as customers grow uneasy over US digital dominance.… This…

Read more →

In practice, it’ll cost many times that and almost certainly won’t work In a White House press conference on Tuesday President Trump announced his plans for a defensive network of missiles, radar, space surveillance, and attack satellites that he promised…

Read more →

Downtime stings retailer, with technical recovery costs coming at a later date Marks & Spencer says the disruption related to its ongoing cyberattack is likely to knock around £300 million ($402 million) off its operating profits for the next financial…

Read more →

After 60 years+ cooperation on space and military ops, worrying ‘rhetoric’ from Team Trump has Brits examining options The current rhetoric coming from the US is “alarming” for the UK, which depends on a continuation of their long-standing co-operation around…

Read more →

Crew ain’t done hopping sectors, Unit 42 threat hunter warns interview  Scattered Spider snared financial services organizations in its web before its recent spate of retail attacks in the UK and US, according to Palo Alto Networks’ Unit 42.… This…

Read more →

Nothing like insecure code in security suites The “ongoing exploitation” of two Ivanti bugs has now extended beyond on-premises environments and hit customers’ cloud instances, according to security shop Wiz.… This article has been indexed from The Register – Security…

Read more →

Update before that proof-of-concept comes to bite Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed.… This article has been indexed from…

Read more →

Peter Green Chilled supplies all the major UK chains It’s more bad news for UK supermarkets with chilled and frozen food distribution business Peter Green Chilled confirming a ransomware attack with customers.… This article has been indexed from The Register…

Read more →

Researcher finds VoLTE metadata could be used to locate users within 100 meters UK telco Virgin Media O2 has fixed an issue with its 4G Calling feature that allowed users’ general location to be discerned by those who called them.……

Read more →

Brain drain, budget cuts, constant cyberthreats – who wouldn’t want this job? The US Cybersecurity and Infrastructure Security Agency (CISA) has a new No. 2: Madhu Gottumukkala, stepping in as the nation’s lead civilian cyber agency faces budget cuts, a…

Read more →

Brain drain, budget cuts, and constant cyberthreats – who wouldn’t want this job? The US Cybersecurity and Infrastructure Security Agency (CISA) has a new No. 2: Madhu Gottumukkala, stepping in as the nation’s lead civilian cyber agency faces budget cuts,…

Read more →

Proving yet again that crims are bad at search hygiene An Alabama man who SIM-swapped his way into the SEC’s official X account, enabling a fake ETF announcement that briefly pumped Bitcoin, has been sentenced to 14 months in prison…

Read more →

Cybercriminals lifted info including addresses, ID numbers, and financial records from agency systems A “significant amount of personal data” belonging to legal aid applicants dating back to 2010 in the UK was stolen by cybercriminals, the Ministry of Justice (MoJ)…

Read more →

Enormous org has been hit by ransomware again and again, on multiple fronts, over the past year Top cybersecurity officials within the UK government and the National Health Service (NHS) are asking CEOs of tech suppliers to pledge their allegiance…

Read more →

PLUS: Euro-cops take down investment scammers; Fancy Bear returns to Ukraine; and more Infosec In Brief  The Alabama state government is investigating an unspecified “cybersecurity event” that it said has affected some state systems, but didn’t involve the theft of…

Read more →

PLUS: South Korea signs for massive supercomputer; HCL gets into chipmaking; US tariffs slow APAC tech buying; and more Asia In Brief  Chinese company Guoxing Aerospace last launched a dozen satellites, each packing a 744 TOPS of computing power, in…

Read more →

Plus, Co-op tells The Reg: ‘we took early and decisive action’ to block the crooks INTERVIEW  The call came into the help desk at a large US retailer. An employee had been locked out of their corporate accounts. … This article…

Read more →

ZKLP system allows apps to confirm user presence in a region without exposing exactly where Computer scientists from universities in Germany, Hong Kong, and the United Kingdom have proposed a way to provide verifiable claims about location data without surrendering…

Read more →

Phony LinkedIn recruitment ads? Groundbreaking Chinese government snoops – hiding behind the guise of fake consulting companies – are actively trying to recruit the thousands upon thousands of US federal employees who have been fired since President Trump took office.……

Read more →

Crooks must be licking their lips at the possibilities Uncle Sam’s consumer watchdog has scrapped plans to implement Biden-era rules that would’ve treated certain data brokers as credit bureaus, forcing them to follow stricter laws when flogging Americans’ sensitive data.……

Read more →

‘We hope it makes attendees feel safe reporting violations’ A Seattle court this week dismissed with prejudice the defamation case brought against DEF CON and its organizer Jeff Moss by former conference stalwart Christopher Hadnagy.… This article has been indexed…

Read more →

The tech biz was in the process of dropping the payroll company as it learned of the breach EXCLUSIVE  A ransomware attack at a Middle Eastern subsidiary of payroll company ADP has led to customer data theft at Broadcom, The…

Read more →

We suspect Philippe Salle will need it, not to mention staff and customers If at first you don’t succeed, transform, transform, and transform again is the corporate motto at Atos these days. The lumbering French-based megacorp has created another blueprint…

Read more →

AI attacks are keeping most practitioners up at night, says Darktrace, and with good reason Sponsored feature  From the written word through to gunpowder and email, whenever an enabling technology comes along, you can be sure someone will be ready…

Read more →

Entire process took less than five minutes, prosecutors say A former DoorDash driver has pleaded guilty to participating in a $2.59 million scheme that used fake accounts, insider access to reassign orders, and bogus delivery reports to trigger payouts for…

Read more →

They’re smishing, they’re vishing The FBI has warned that fraudsters are impersonating “senior US officials” using deepfakes as part of a major fraud campaign.… This article has been indexed from The Register – Security Read the original article: Scammers are…

Read more →

DragonForce-riding ransomware ring also has ‘shiny object syndrome’ so will likely move on to another sector soon The same miscreants behind recent cyberattacks on British retailers are now trying to dig their claws into major American retailers’ IT environments –…

Read more →

One expert tells us: ‘It is the most unique breach disclosure I’ve ever seen’ Coinbase says some of its overseas support staff were paid off to steal information on behalf of cybercriminals, and the company is now being extorted for…

Read more →

Sometimes, less information is more In its latest gambit to reduce the noise of unnecessary security alerts, Socket has acquired Coana, a startup founded in 2022 by researchers from Aarhus University in Denmark that tells users which vulnerabilities they can…

Read more →

Lessons learned from last year’s security snafu interview  Being the chief information security officer at Snowflake is never an easy job, but last spring it was especially challenging.… This article has been indexed from The Register – Security Read the…

Read more →

Would you believe it, this RaaS cartel says Russia is off limits DragonForce, a new-ish ransomware-as-a-service operation, has given organizations another cyber threat to worry about — unless they’re in Russia, which is off limits to the would-be extortionists.… This…

Read more →

Ransomware or critical infra hit? Top US manufacturer maintains steely silence Nucor, the largest steel manufacturer in the US, shut down production operations after discovering its servers had been penetrated.… This article has been indexed from The Register – Security…

Read more →

How Adversarial Exposure Validation is changing the way we approach vulnerability management Partner content  Two decades ago, CVSS revolutionized vulnerability management, enabling security teams to speak a common language when measuring and prioritizing risks posed by the vulnerability to the…

Read more →

Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated The Department of Homeland Security (DHS) scrapped a highly lucrative cybersecurity contract originally awarded to Leidos following a legal challenge from rival bidder Nightwing, yet…

Read more →

Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Australia’s intelligence agency is warning organizations about several new Ivanti zero-days chained for remote code execution (RCE) attacks. The vendor itself has said the vulns…

Read more →

‘Legitimate interest’ won’t wash, says privacy outfit, as Zuck’s org claims activists want to ‘delay AI innovation’ There’s a Max Schrems-shaped object standing in the way of Meta’s plans to train its AI on the data of its European users,…

Read more →

Admits due diligence fell short – furious users cry ‘gaslighting’ Customers are blasting VPN Secure’s new parent company after it abruptly axed thousands of “lifetime” accounts. The reason? The CEO admits in an interview with The Register that his team…

Read more →

No rush, according to Gartner chap who says: ‘Nobody has ever out-patched threat actors at scale’ Patch Tuesday has rolled around again, but if you don’t rush to implement the feast of fixes it delivered, your security won’t be any…

Read more →

Crickets as senior security folk asked about risks at NCSC conference CYBERUK  Peter Garraghan – CEO of Mindgard and professor of distributed systems at Lancaster University – asked the CYBERUK audience for a show of hands: how many had banned…

Read more →

Defenses are weaker, and victims are more likely to pay, SANS warns Criminals who attempt to damage critical infrastructure are increasingly targeting the systems that sit between IT and operational tech.… This article has been indexed from The Register –…

Read more →

Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti Patch Tuesday  It’s that time of the month again, and Microsoft has made it extra spicy by revealing five flaws it says are under active exploitation – but…

Read more →

ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit Researchers at ETH Zurich in Switzerland have found a way around Intel’s defenses against Spectre, a family of data-leaking flaws in the…

Read more →

Air Force Dumb The Trump administration is set to accept a $400 million luxury 747-8 from the royal family of Qatar – a lavish “palace in the sky” meant as a temporary Air Force One. But getting it up to…

Read more →

Pay-to-play security on CVSS 10 issue is now fixed An update that fixed a critical flaw in data protection biz Commvault’s Command Center was initially not available to a significant user subset – those testing out a free trial version…

Read more →

Both agencies seem unbothered despite tech world’s clear concerns for US infoseccers CYBERUK  The top brass from the UK’s cyber agency say everything is business as usual when it comes to the GCHQ arm’s relationship with CISA, amid growing unease…

Read more →

Market cap down by more than £1BN since April 22 Marks & Spencer has confirmed that customer data was stolen as part of its cyberattack, fueling conjecture that ransomware was involved.… This article has been indexed from The Register –…

Read more →

EUVD comes into play not a moment too soon The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and…

Read more →