Category: The Register – Security

And can AI save us from the scourge of malware? In theory, why not, but in practice … Color us skeptical Kettle  For this week’s Kettle episode, in which our journos as usual get together for an end-of-week chat about…

Read more →

15,000 dealerships take estimated $600M+ hit CDK Global reportedly paid a $25 million ransom in Bitcoin after its servers were knocked offline by crippling ransomware.… This article has been indexed from The Register – Security Read the original article: Car…

Read more →

Windows maker insisted everything will be locked down and secure – which given its reputation, uh-oh! Two House committee chairs have sent a public letter to the White House asking it to look into a deal between AI R&D outfit…

Read more →

Red team exercise revealed a score of security fails The US Cybersecurity and Infrastructure Security Agency (CISA) says a red team exercise at a certain unnamed federal agency in 2023 revealed a string of security failings that exposed its most…

Read more →

Snowflake? Snowflake AT&T has admitted that cyberattackers grabbed a load of its data for the second time this year, and if you think the first haul was big you haven’t seen anything: This one includes data on “nearly all” AT&T…

Read more →

What to do when your MFA is mercilessly attacked by hackers Webinar  Threat actors are always looking for that easy way in by testing weak spots, and user identities are one of their favourite targets.… This article has been indexed…

Read more →

Accessibility be damned, preventing phishing is the priority After around two decades of allowing one-time passwords (OTPs) delivered by text message to assist log ins to bank accounts in Singapore, the city-state will abandon the authentication technique.… This article has…

Read more →

Meet DodgeBox, son of StealthVector Chinese government-backed cyber espionage gang APT41 has very likely added a loader dubbed DodgeBox and a backdoor named MoonWalk to its malware toolbox, according to cloud security service provider Zscaler’s ThreatLabz research team.… This article…

Read more →

Ultra-conservative org funnily enough not ready to turn the other cheek After claiming to break into a database belonging to The Heritage Foundation, and then leaking 2GB of files belonging to the ultra-conservative think tank, the hacktivist crew SiegedSec claims…

Read more →

Newly discovered flaw affects OpenSSH 8.7 and 8.8 daemon The founder of Openwall has discovered a new signal handler race condition in the core sshd daemon used in RHEL 9.x and its various offshoots.… This article has been indexed from…

Read more →

Letters from CISO Ethan Steiger suggest the data related to job applications Advance Auto Parts’ CISO just revealed for the first time the number of individuals affected when criminals broke into its Snowflake instance – a hefty 2.3 million.… This…

Read more →

Scumbag targeted many victims – and those who tried to help them A scumbag who used to work as a privacy consultant has been put behind bars for nine years for a “grotesque” cyberstalking campaign against more than a dozen…

Read more →

LockBit variant targets backup software – which you may remember is supposed to help you recover from ransomware Yet another new ransomware gang, this one dubbed EstateRansomware, is exploiting a Veeam vulnerability that was patched more than a year ago…

Read more →

Multiple malware attack saw personal data acessed, but rocket science remained safe The Japanese Space Exploration Agency (JAXA) discovered it was under attack using zero-day exploits while working with Microsoft to probe a 2023 cyberattack on its systems.… This article…

Read more →

Company announces intent following Ticketmaster, Santander break-ins A month after incident response giant Mandiant suggested the litany of data thefts linked to Snowflake account intrusions had the common component of lacking multi-factor authentication (MFA) controls, the cloud storage and data…

Read more →

Company says data exfiltration was extremely difficult to detect Fujitsu Japan says an unspecified “advanced” malware strain was to blame for a March data theft, insisting the strain was “not ransomware”, yet it hasn’t revealed how many individuals are affected.……

Read more →

BlackByte, LockBit among the criminals using bespoke tools As ransomware crews increasingly shift beyond just encrypting victims’ files and demanding a payment to unlock them, instead swiping sensitive info straight away, some of the more mature crime organizations are developing…

Read more →

Fixes have been made, it appears, but disclosure or discussion is invisible Column  Found a bug? It turns out that reporting it with a story in The Register works remarkably well … mostly. After publication of my “Kryptonite” article about…

Read more →

Freeware AutoIt also used to hide entire PowerShell environments in scripts A rapidly-changing infostealer malware known as ViperSoftX has evolved to become more dangerous, according to security researchers at threat detection vendor Trellix.… This article has been indexed from The…

Read more →

If someone can do a little MITM’ing and hash cracking, they can log in with no valid password needed Cybersecurity experts at universities and Big Tech have disclosed a vulnerability in a common client-server networking protocol that allows snoops to…

Read more →