ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns Infosec in brief If your Windows domain controllers have been crashing since a security update was installed earlier this month, there’s…
Category: The Register – Security
Some 300,000 IPs vulnerable to this Loop DoS attack
Easy to exploit, not yet exploited, not widely patched – pick three As many as 300,000 servers or devices on the public internet are thought to be vulnerable right now to the recently disclosed Loop Denial-of-Service technique that works against…
Vans claims cyber crooks didn’t run off with its customers’ financial info
Just 35.5M names, addresses, emails, phone numbers … no biggie Clothing and footwear giant VF Corporation is letting 35.5 million of its customers know they may find themselves victims of identity theft following last year’s security breach.… This article has…
Russia’s Cozy Bear caught phishing German politicos with phony dinner invites
Forget the Riesling, bring on the WINELOADER The Kremlin’s cyberspies targeted German political parties in a phishing campaign that used emails disguised as dinner party invitations, according to Mandiant.… This article has been indexed from The Register – Security Read…
Chinese snoops use F5, ConnectWise bugs to sell access into top US, UK networks
Crew may well be working under contract for Beijing Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to compromised US defense organizations, UK government agencies, and hundreds of other…
Chinese snoops use F5, ConnectWise bugs to sell access to top US, UK networks
Crew may well be working under contract for Beijing Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to compromised US defense organizations, UK government agencies, and hundreds of other…
3 million doors open to uninvited guests in keycard exploit
As months go by without fixes, hotels take the scenic route to securing rooms Around 3 million doors protected by popular keycard locks are thought to be vulnerable to security flaws that allow miscreants to quickly slip into locked rooms.……
Hardware-level Apple Silicon vulnerability can leak cryptographic keys
Short of rearchitecting hardware, the fix will seriously degrade performance Apple is having its own Meltdown/Spectre moment with a new side-channel vulnerability found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys. ……
NVD slowdown leaves thousands of vulnerabilities without analysis data
Security world reacts as NIST does a lot less of oft criticized, ‘almost always thankless’ work Opinion The United States National Institute of Standards and Technology (NIST) has almost completely stopped adding analysis to Common Vulnerabilities and Exposures (CVEs) listed…
Truck-to-truck worm could infect – and disrupt – entire US commercial fleet
The device that makes it possible is required in all American big rigs, and has poor security Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs,…
FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert
You better watch out, you better not cry, better not pout, they’re telling you why The US government has recommended a series of steps that critical infrastructure operators should take to prevent distributed-denial-of-service (DDoS) attacks.… This article has been indexed…
Microsoft faces bipartisan criticism for alleged censorship on Bing in China
Redmond says it does what it’s told, but still thinks users are better off Microsoft is the subject of growing criticism in the US over allegations that its Bing search engine censors results for users in China that relate to…
Congress votes unanimously to ban brokers selling American data to enemies
At least we can all agree on something The US House of Representatives has passed a bill that would prohibit data brokers from selling Americans’ data to foreign adversaries with an unusual degree of bipartisan support: It passed without a…
Yacht dealer to the stars attacked by Rhysida ransomware gang
MarineMax may be in choppy waters after ‘stolen data’ given million-dollar price tag The Rhysida ransomware group claims it was responsible for the cyberattack at US luxury yacht dealer MarineMax earlier this month.… This article has been indexed from The…
UK council won’t say whether two-week ‘cyber incident’ impacted resident data
Security experts insist ransomware is involved but Leicester zips its lips Leicester City Council continues to battle a suspected ransomware attack while keeping schtum about the key details.… This article has been indexed from The Register – Security Read the…
Exposed: Chinese smartphone farms that run thousands of barebones mobes to do crime
Operators pack twenty phones into a chassis – then rack ’em and stack ’em ready to do evil Chinese upstarts are selling smartphone motherboards – and kit to run and manage them at scale – to operators of outfits that…
It’s 2024 and North Korea’s Kimsuky gang is exploiting Windows Help files
New infostealer may indicate a shift in tactics – and maybe targets too, beyond Asia North Korea’s notorious Kimsuky cyber crime gang has commenced a campaign using fresh tactics, according to infosec tools vendor Rapid7.… This article has been indexed…
It’s tax season, and scammers are a step ahead of filers, Microsoft says
Phishing season started early with crims intent on the hooking early filers As the digital wolves dress in sheep’s tax forms, Microsoft has thrown a spotlight on a crafty 2024 phishing expedition, unraveled in January, that preys on the unsuspecting…
US task force aims to plug security leaks in water sector
From a trickle to a flood, threats now seen as too great to ignore US government is urging state officials to band together to improve the cybersecurity of the country’s water sector amid growing threats from foreign adversaries.… This article…
London Clinic probes claim staffer tried to peek at Princess Kate’s records
First: not being able buy a meat pie with a credit card. Now this. The London Clinic where the Princess of Wales had surgery at the start of this year says it is investigating claims that an employee had tried…