Category: The Register – Security

Plan would create statutory powers for police use of biometrics, prompting warnings of mass surveillance The UK government has kicked off plans to ramp up police use of facial recognition, undeterred by a mounting civil liberties backlash and fresh warnings…

Read more →

You can improve the odds by combining skepticism, verification habits, and a few technical checks Opinion  Liars, cranks, and con artists have always been with us. It’s just that nowadays their reach has gone from the local pub to the…

Read more →

Automated software keeps getting better at pilfering cryptocurrency Anthropic could have scored an easy $4.6 million by using its Claude AI models to find and exploit vulnerabilities in blockchain smart contracts.… This article has been indexed from The Register –…

Read more →

‘Dozens’ of US orgs infected Chinese cyberspies maintained long-term access to critical networks – sometimes for years – and used this access to infect computers with malware and steal data, according to Thursday warnings from government agencies and private security…

Read more →

He’s not alone: DoD inspector general says the whole Defense Department has a messaging security problem US Defense Secretary Pete Hegseth definitely broke the rules when he sent sensitive information to a Signal chat group, say Pentagon auditors, but he’s…

Read more →

And then they asked an AI to help cover their tracks Vetting staff who handle sensitive government systems is wise, and so is cutting off their access the moment they’re fired. Prosecutors say a federal contractor learned this the hard…

Read more →

Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks.… This article has been indexed from The Register –…

Read more →

Cloudflare data shows 29.7 Tbps record-breaker landed amid 87% surge in network-layer attacks The internet has spent the past three months ducking for cover as the Aisuru botnet hurled record-shattering DDoS barrages from an army of up to 4 million…

Read more →

Tricky tradeoffs are hard to avoid when designing systems, but the choice not to use LLMs for some tasks is clear Systems Approach  As we neared the finish line for our network security book, I received a piece of feedback…

Read more →

Ferrous Systems achieves IEC 61508 (SIL 2) certification for systems that demand reliability Memory-safe Rust code can now be more broadly applied in devices that require electronic system safety, at least as measured by International Electrotechnical Commission (IEC) standards.… This…

Read more →

Finish reading this, then patch A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on vulnerable instances. The flaw is easy to abuse, and mass…

Read more →

Japan’s Askul still can’t run all its sites, but at least the fax line held up OK Japanese e-tailer Askul has resumed online sales, 45 days after a ransomware attack.… This article has been indexed from The Register – Security…

Read more →

Extra infosec investments are taxiing towards the runway India’s Civil Aviation Minister has revealed that local authorities have detected GPS spoofing and jamming at eight major airports.… This article has been indexed from The Register – Security Read the original…

Read more →

Christmas comes early for attackers this year Two high-severity Android bugs were exploited as zero-days before Google issued a fix, according to its December Android security bulletin. … This article has been indexed from The Register – Security Read the original…

Read more →

Ivy League school warns more than 1,400 people after attackers siphon data via zero-day The University of Pennsylvania has become the latest victim of Clop’s smash-and-grab spree against Oracle’s E-Business Suite (EBS) customers, with the Ivy League school now warning…

Read more →

Operation Olympia pulls Swiss servers offline and scoops up 12TB of data in latest crime infrastructure crackdown Law enforcement agencies in Germany and Switzerland have shut down cryptocurrency laundering platform Cryptomixer in Europe’s latest pushback against cybercrime infrastructure.… This article…

Read more →

Borough says attackers copied ‘historical’ info as three-council cyber woes drag on Kensington and Chelsea Council has admitted that data was quietly lifted from its systems during last week’s cyber meltdown, confirming that the outage was not just an IT…

Read more →

Regulator says Illuminate ignored years of warnings, stored kids’ data in plain text, and kept districts in the dark US edtech provider Illuminate Education just got dinged by the Federal Trade Commission for allegedly failing to keep an attacker from…

Read more →

‘Sanchar Saathi’ shares data to help fight fraud and protect carrier security India’s government has issued a directive that requires all smartphone manufacturers to install a government app on every handset in the country and has given them 90 days…

Read more →

And some are still active in the Microsoft Edge store A seven-year malicious browser extension campaign infected 4.3 million Google Chrome and Microsoft Edge users with malware, including backdoors and spyware sending people’s data to servers in China. And, according…

Read more →