Stealing Kit Kat maker’s data?! Give me a break There’s no sugarcoating this news: The Hershey Company has disclosed cyber crooks gobbled up 2,214 people’s financial information following a phishing campaign that netted the chocolate maker’s data.… This article has…
Category: The Register – Security
Two new versions of OpenZFS fix long-hidden corruption bug
Version 2.2.2 and also 2.1.14, showing that this wasn’t a new issue in the latest release The bug that was very occasionally corrupting data on file copies in OpenZFS 2.2.0 has been identified and fixed, and there’s a fix for…
Exposed Hugging Face API tokens offered full access to Meta’s Llama 2
With more than 1,500 tokens exposed, research highlights importance of securing supply chains in AI and ML The API tokens of tech giants Meta, Microsoft, Google, VMware, and more have been found exposed on Hugging Face, opening them up to…
New Relic’s cyber-something revealed as attack on staging systems, some users
Ongoing investigation found evidence of stolen employee creds and social engineering Nine days after issuing a vaguely worded warning about a possible cyber security incident, web tracking and analytics outfit New Relic has revealed a two-front attack.… This article has…
EU lawmakers finalize cyber security rules that panicked open source devs
PLUS: Montana TikTok ban ruled unconstitutional; Dollar Tree employee data stolen; critical vulnerabilities Infosec in brief The European Union’s Parliament and Council have reached an agreement on the Cyber Resilience Act (CRA), setting the long-awaited security regulation on a path…
Scores of US credit unions offline after ransomware infects backend cloud outfit
Supply chain attacks: The gift that keeps on giving A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacked vendor. … This article…
60 US credit unions offline after ransomware infects backend cloud outfit
Supply chain attacks: The gift that keeps on giving A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacked vendor. … This article…
Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks
Two CVEs can be abused to steal sensitive info or execute code Apple has issued emergency fixes to plug security flaws in iPhones, iPads, and Macs that may already be under attack.… This article has been indexed from The Register…
UEFI flaws allow bootkits to pwn potentially hundreds of devices using images
Exploits bypass most secure boot solutions from the biggest chip vendors Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers.… This article has been indexed from The Register – Security Read the…
US readies prison cell for another Russian Trickbot developer
Hunt continues for the other elusive high-ranking members Another member of the Trickbot malware crew now faces a lengthy prison sentence amid US law enforcement’s ongoing search for its leading members.… This article has been indexed from The Register –…
Regulator says stranger entered hospital, treated a patient, took a document … then vanished
Scottish health group to tweak security checks, access authorization to avoid a repeat NHS Fife is on the wrong end of a stern ticking off by Britain’s data regulator after it made a howling privacy error that aided an as…
Interpol makes first border arrest using Biometric Hub to ID suspect
Global database of faces and fingerprints proves its worth European police have for the first time made an arrest after remotely checking Interpol’s trove of biometric data to identify a suspected smuggler.… This article has been indexed from The Register…
Today’s ‘China is misbehaving online’ allegations come from Google, Meta
Zuck boots propagandists, Big G finds surge of action directed at Taiwan Meta and Google have disclosed what they allege are offensive cyber ops conducted by China.… This article has been indexed from The Register – Security Read the original…
Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes
Plus: 3 critical CVEs in Zyxel NAS devices Google has rolled out six Chrome security fixes including one emergency patch for a bug for which exploit code is already out there. You’re encouraged to thus grab the latest updates for…
Admin of $19M marketplace that sold social security numbers gets 8 years in jail
24 million Americans thought to have had their personal data stolen and sold for pennies A Ukrainian national is facing an eight year prison sentence for running an online marketplace that sold the personal data of approximately 24 million US…
Black Basta ransomware operation nets over $100M from victims in less than two years
Assumed Conti offshoot averages 7 figures for each successful attack but may have issues with, er, ‘closing deals’ The Black Basta ransomware group has reportedly generated upwards of $100 million in revenue since it started operations in April 2022.… This…
Locking down Industrial Control Systems
SANS unveils online hub with valuable tools and information for cybersecurity professionals defending ICS Sponsored Post Industrial Control Systems (ICS) which can automate processes, increase productivity and reduce labour costs, are rapidly gaining worldwide enterprise traction.… This article has been…
Weak session keys let snoops take a byte out of your Bluetooth traffic
BLUFFS spying flaw present in iPhones, ThinkPad, plenty of chipsets Multiple Bluetooth chips from major vendors such as Qualcomm, Broadcom, Intel, and Apple are vulnerable to a pair of security flaws that allow a nearby miscreant to impersonate other devices…
US lawmakers have Chinese LiDAR on their threat-detection radar
Amid fears Beijing could harvest spatial data, letter suggests Huawei-style bans may be needed A US congressional committee has questioned whether Chinese-made Light Detection and Ranging (LiDAR) devices might have a negative impact on national security, and suggested they may…
Rogue ex-Motorola techie admits cyberattack on former employer, passport fraud
Pro tip: Don’t use your new work email to phish your old firm An ex-Motorola technician in the US has admitted he tried to fraudulently obtain a passport while awaiting trial for a cyberattack on his former employer.… This article…