Category: The Register – Security

And accuses a former Australian politician of having ‘sold out their country’ The director general of security at Australia’s Security Intelligence Organisation (ASIO) has delivered his annual threat assessment, revealing ongoing attempts by adversaries to map digital infrastructure with a…

Read more →

Brags it lifted 6TB of data, but let’s remember these people are criminals and not worthy of much trust The ALPHV/BlackCat cybercrime gang has taken credit – if that’s the word – for a ransomware infection at Change Healthcare that…

Read more →

Talk about gone in 60 seconds Computer scientists have developed an efficient way to craft prompts that elicit harmful responses from large language models (LLMs).… This article has been indexed from The Register – Security Read the original article: BEAST…

Read more →

Talk about gone in 60 seconds Computer scientists at the University of Maryland have developed an efficient way to craft prompts that elicit harmful responses from large language models (LLMs).… This article has been indexed from The Register – Security…

Read more →

Scientists reveal automated adversarial prompt generation too powered Nvidia visualization accelerator Computer scientists from the University of Maryland have developed an efficient way to generate adversarial attack phrases that elicit harmful responses from large language models (LLMs).… This article has…

Read more →

Lawsuit alleges it misled investors with claims new AI products were ‘facilitating greater platformization’ and more Palo Alto Networks (PAN) is facing a proposed class action lawsuit that alleges investors were deceived about the traction of its platform tactics and…

Read more →

Biden readies executive order targeting China, Russia, and pals US President Joe Biden is expected to sign an executive order today that aims to prevent the sale or transfer of Americans’ sensitive personal information and government-related data to adversarial countries…

Read more →

Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs Authorities from eleven nations have delivered a sequel to the January takedown of a botnet run by Russia on compromised Ubiquiti Edge OS routers…

Read more →

Canadian network box maker floats in denial The US Commerce Department has blacklisted Sandvine for selling its networking monitoring technology to Egypt, where the Feds say the gear was used to spy on political and human-rights activists.… This article has…

Read more →

Canadian network box maker floats denial The US Commerce Department has blacklisted Sandvine for selling its networking monitoring technology to Egypt, where the Feds say the gear was used to spy on political and human-rights activists.… This article has been…

Read more →

The original was definitely getting a bit long in the tooth for modern challenges After ten years operating under the original model, and two years working to revise it, the National Institute of Standards and Technology (NIST) has released version…

Read more →

Or so says opsec firm, which confirms 70% of all industrial org ransomware in 2023 targeted manufacturers Analysis  Cybercriminals follow the money, and increasingly last year that led them to ransomware attacks against the manufacturing industry.… This article has been…

Read more →

First integration across properties, as end user compute division readies to leave home Broadcom has delivered on its 2023 teaser of integration between VMware’s SD-WAN and Symantec’s Security Service Edge, by today debuting the “VMware VeloCloud SASE, Secured by Symantec”…

Read more →

Scammers’ tactics are tiresomely familiar: get-rich-quick schemes and data harvesting China’s Ministry of Industry and Information Technology has warned local netizens that fake wallet apps for the nation’s central bank digital currency (CBDC) are already circulating and being abused by…

Read more →

State government says it’s thinking of the children A law firm acting on behalf of the Nevada Attorney General Aaron Ford has asked a state court to issue a temporary restraining order (TRO) denying minors access to encrypted communication in…

Read more →

US government’s bounty hasn’t borne fruit as whack-a-mole game goes on The ALPHV/BlackCat ransomware gang is reportedly responsible for the massive Change Healthcare cyberattack that has disrupted pharmacies across the US since last week.… This article has been indexed from…

Read more →

Officials have until March 2 to cough up or stolen data gets leaked LockBit claims it’s back in action just days after an international law enforcement effort seized the ransomware gang’s servers and websites, and retrieved more than 1,000 decryption…

Read more →

Countdown expires March 2 unless government officials pay the ransom LockBit claims it’s back in action just days after an international law enforcement effort seized the ransomware gang’s servers and websites, and retrieved more than 1,000 decryption keys to assist…

Read more →

Get prepared for the EU’s upgraded cybersecurity directive Webinar  The original European Union Network and Information Security (NIS) Directive certainly led to an improvement in member states’ cybersecurity defences, but it struggled to do everything required as cyberattacks and threats…

Read more →

2,000 employees at 38 facilities had data processed ‘unlawfully’, ICO says A data protection watchdog in the UK has issued an enforcement notice to stop Serco from using facial recognition tech and fingerprint scanning to monitor staff at 38 leisure…

Read more →

Also, another fake iOS app slips into the store, un-cybersafe EV chargers leave UK shelves, and critical vulns in brief  A Florida journalist has been arrested and charged with breaking into protected computer systems in a case his lawyers say…

Read more →

It takes only one bottleneck or single point of failure to ruin your week Systems Approach  One refrain you often hear is that security must be built in from the ground floor; that retrofitting security to an existing system is…

Read more →

Investigating LockBit’s finances has blown previous estimates of the operation’s wealth out of the water Authorities digging into LockBit’s finances believe the group may have generated more than $1 billion in ransom fees over its four-year lifespan.… This article has…

Read more →

Thieves broke into IT system using stolen login U-Haul is alerting tens of thousands of folks that miscreants used stolen credentials to break into one of its systems and access customer records that contained some personal data.… This article has…

Read more →

NCA still left enough for onlookers to wonder if there’s anything more to come The grand finale of the week of LockBit leaks was slated to expose the real identity of LockBitSupp – the alias of the gang’s public spokesperson…

Read more →

Learn about the benefits of applying advanced automation to policy management practices Webinar  Dealing with the double trouble of relentless cyber threats and regular technology refresh cycles can stretch already overworked security practitioners. And orchestrating the transition to cloud-native applications…

Read more →

Nonprofit SFLC links orders to farming protests The global government affairs team at X (née Twitter) has suspended some accounts and posts in India after receiving executive orders to do so from the country’s government, backed by threat of penalties…

Read more →

A name that’s commonly shouted by pirates might be a clue, me hearties! Avast has agreed to cough up $16.5 million after the FTC accused the antivirus vendor of selling customer information to third parties.… This article has been indexed…

Read more →

Prescription orders hit after IT supplier Change Healthcare pulls plug on systems IT provider Change Healthcare has confirmed it shut down some of its systems following a cyberattack, disrupting prescription orders and other services at pharmacies across the US.… This…

Read more →

New features aimed to stamp out problems of the past Law enforcement’s disruption of the LockBit ransomware crew comes as the criminal group was working on bringing a brand-new variant to market, research reveals.… This article has been indexed from…

Read more →

If they did it, it gives new meaning to quality family time. Meanwhile, key LockBit leaders remain at large Today’s edition of the week-long LockBit leaks reveals a father-son duo was apprehended in Ukraine as part of the series of…

Read more →

Trove reveals RATs that can pop major OSes, campaigns against offshore and local targets A cache of stolen document posted to GitHub appears to reveal how a Chinese infosec vendor named I-Soon offers rent-a-hacker services for Beijing.… This article has…

Read more →

Oh hear us when we cry to thee for those in peril on the sea President Biden has empowered the US Coast Guard (USCG) to get a tighter grip on cybersecurity at American ports – including authorizing yet another incident…

Read more →

Sent 5,000+ fake handsets to Apple for repair in hope of getting real ones back Two Chinese nationals are facing a maximum of 20 years in prison after being convicted of mailing thousands of fake iPhones to Apple for repair…

Read more →

Easy to defend against stuff that may never actually work – oh there we go again, being all cynical like Apple says it’s going to upgrade the cryptographic protocol used by iMessage to hopefully prevent the decryption of conversations by…

Read more →

Urgent patching advised to protect attacks against setup wizards Infosec researchers say urgent patching of the latest remote code execution (RCE) vulnerability in ConnectWise’s ScreenConnect is required given its maximum severity score.… This article has been indexed from The Register…

Read more →

Operation Cronos’s ‘partners’ continue to trickle the criminal empire’s secrets The latest revelation from law enforcement authorities in relation to this week’s LockBit leaks is that the ransomware group had registered nearly 200 “affiliates” over the past two years.… This…

Read more →

How to ensure policy management keep up with the risks to data integrity presented by the cloud Webinar  The complexity facing businesses as they make the necessary transition to cloud-native applications and multi-cloud architectures keeps cloud teams firmly on the…

Read more →

Hacking your way in is so 2022 – logging in is much easier Identity-related threats pose an increasing risk to those protecting networks because attackers – ranging from financially motivated crime gangs and nation-state backed crews – increasingly prefer to…

Read more →

Complying with the EU’s NIS2 Directive Webinar  It was growing threat levels and an increase in reported cybersecurity attacks since digitalization which pushed the European Union to introduce the original Network and Information Security (NIS) Directive in 2016.… This article…

Read more →

GDPR also slashed processing costs by over a quarter Europe’s General Data Protection Regulation (GDPR) has led European firms to store and process less data, recent economic research suggests, because the privacy rules are making data more costly to manage.……

Read more →

Complex overlapping bureaucracy sometimes lacks the funds and skills to do it right China’s censorship regime remains pervasive and far reaching, but the bureaucratic apparatus implementing it is unevenly developed and is not always well funded, according to a report…

Read more →

No time like the present, says central bank The Monetary Authority of Singapore (MAS) advised on Monday that financial institutions need to stay agile enough to adopt post-quantum cryptography (PQC) and quantum key distribution (QKD) technology, without significantly impacting systems…

Read more →

Authorities dismantle cybercrime royalty by making mockery of their leak site In seizing and dismantling LockBit’s infrastructure, Western authorities are now making a mockery of the ransomware criminals by promising a long, drawn-out disclosure of its secrets.… This article has…

Read more →

Authorities dismantle cybercrime royalty by making mockery of their leak site In seizing and dismantling LockBit’s infrastructure, Western authorities are now making a mockery of the ransomware criminals by promising a long, drawn-out disclosure of its secrets.… This article has…

Read more →

Customers report feeling violated following the security snafu Smart home security camera slinger Wyze is telling customers that a cybersecurity “incident” allowed thousands of users to see other people’s camera feeds.… This article has been indexed from The Register –…

Read more →

After saying they’re very sorry, they escape with a slap on the wrist A former council staff member in the district where William Shakespeare was born ransacked databases filled with residents’ information to help drum up new business for their…

Read more →

Bloc isn’t happy with made-in-China network’s efforts to protect kids and data Two days after its Digital Services Act (DSA) came into effect, the European Union used it to open an investigation into made-in-China social network TikTok.… This article has…

Read more →

Iris scan, voice samples and blood type to be included in database The Vietnamese government will begin collecting biometric information from its citizens for identification purposes beginning in July this year.… This article has been indexed from The Register –…

Read more →

Website has been seized and replaced with law enforcement logos from eleven nations Notorious ransomware gang LockBit’s website has been taken over by law enforcement authorities, who claim they have disrupted the group’s operations and will soon reveal the extent…

Read more →

Ransomware group continues to exploit US regulatory requirements to its advantage The ALPHV/BlackCat ransomware group is claiming responsibility for attacks on both Prudential Financial and LoanDepot, making a series of follow-on allegations against them.… This article has been indexed from…

Read more →

A useful buyers checklist can ascertain whether solutions can meet certain sets of key requirements Sponsored Feature  Cyber-physical systems (CPS) have a vital role to play in our increasingly connected world.… This article has been indexed from The Register –…

Read more →

ALSO: EncroChat crims still getting busted; ransomware takes down CO public defenders office; and crit vulns infosec in brief  The US government is offering bounties up to $15 million as a reward for anyone willing to help it take out…

Read more →

Unsettling reading as Presidents’ Day approaches In time for the long Presidents’ Day weekend in the US there have been multiple warnings about what will undoubtedly be a challenging and potentially dangerous year for voting processes and government workers.… This…

Read more →

We speak to professor who with colleagues tooled up OpenAI’s GPT-4 and other neural nets AI models, the subject of ongoing safety concerns about harmful and biased output, pose a risk beyond content emission. When wedded with tools that enable…

Read more →

Cool, but it’s 2024 – needs more hype, hand wringing, and flashy staged demos to be proper ML Google has open sourced Magika, an in-house machine-learning-powered file identifier, as part of its AI Cyber Defense Initiative, which aims to give…

Read more →

Nearly a decade on the FBI’s Cyber Most Wanted List after getting banks to empty vics’ accounts A Ukrainian cybercrime kingpin who ran some of the most pervasive malware operations faces 40 years in prison after spending nearly a decade…

Read more →

Expert weighs in after Brianna Ghey murder amid worrying rates of child cybercrime The murder of 16-year-old schoolgirl Brianna Ghey has kickstarted a debate around limiting children’s access to the dark web in the UK, with experts highlighting the difficulty…

Read more →

Will cough up less than two days of annual profit in settlement – and California calls this a win Quest Diagnostics has agreed to pay almost $5 million to settle allegations it illegally dumped protected health information – and hazardous…

Read more →

Beijing, now Moscow.… Who else is hiding in broadband gateways? The US government today said it disrupted a botnet that Russia’s GRU military intelligence unit has been using for phishing expeditions, spying, credential harvesting, and data theft against American and…

Read more →

Dungeons and Dragons, high-waisted jeans, Cold War sabre rattling – the ’80s are back, baby Last night’s launch of six Pentagon missile-detection satellites was well timed as fears mount that Russia is considering putting nuclear weapons into space.… This article…

Read more →

From APIs to Zero Trust Webinar  It has become possible to swiftly and inexpensively train, validate and deploy AI models and applications, yet while we embrace innovation, are we aware of the security risks?… This article has been indexed from…

Read more →

All desktop and mobile apps vulnerable to at least one of the vulnerabilities Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a critical privilege escalation flaw.… This article has been…

Read more →

Deepfake-enabled attacks against Android and iOS users are netting criminals serious cash Cybercriminals are targeting iOS users with malware that steals Face ID scans to break into and pilfer money from bank accounts – thought to be a world first.……

Read more →

Now that’s what you call dual-use tech Cyber baddies have turned to ad networks to measure malware deployment and to avoid detection, according to HP Wolf Security.… This article has been indexed from The Register – Security Read the original…

Read more →

Surprising third-act twist as Russian case means more freedom for all The European Court of Human Rights (ECHR) has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights – a decision that…

Read more →

$5k a month for the site. $3k for tech support. Infection with malware and funding a despot? Priceless North Korea’s latest money-making venture is the production and sale of gambling websites that come pre-infected with malware, according to South Korea’s…

Read more →

You don’t need us to craft phishing emails or write malware, super-lab sniffs OpenAI has shut down five accounts it asserts were used by government agents to generate phishing emails and malicious software scripts as well as research ways to…

Read more →

Jeez, not now, Xi. Can’t you see we’ve got an election and Ukraine and Gaza and cost of living and layoffs and … The Chinese government’s Volt Typhoon spy team has apparently already compromised a large US city’s emergency services…

Read more →

Officer pay, limited command duties and writing ‘code for your country’ Skilled IT professionals considering a career change have a new option, as the US Air Force is reintroducing warrant officer ranks exclusively “within the cyber and information technology professions.” ……

Read more →

Some company admin and customers data exposed, but bad guys were there for ‘only’ a day Prudential Financial, the second largest life insurance company in the US and eight largest worldwide, is dealing with a digital break-in that exposed some…

Read more →

Emergency impacting more than 100 facilities appears to be caused by incident at software provider The Romanian national cybersecurity agency (DNSC) has pinned the outbreak of ransomware cases across the country’s hospitals to an incident at a service provider.… This…

Read more →

The company also curiously disappears from Black Basta leak site UK utilities giant Southern Water admits between 5 and 10 percent of its customers have had their data stolen during a January cyberattack.… This article has been indexed from The…

Read more →

Trying to break in with malicious Word documents? How very 2015 of you The Bumblebee malware loader seemingly vanished from the internet last October, but it’s back and – oddly – relying on a vintage vector to try and gain…

Read more →

$1.3 billion lost as identity fraud – and greed – saw 57,000 or more seek unearned tax refunds One hundred and fifty people who worked for the Australian Taxation Office (ATO) have been investigated – and some prosecuted – for…

Read more →

SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android Patch Tuesday  Microsoft fixed 73 security holes in this February’s Patch Tuesday, and you better get moving because two of the vulnerabilities are under active attack.… This…

Read more →

‘You don’t have to do more than that to disconnect an entire network’ El Reg told as patches emerge A single packet can exhaust the processing capacity of a vulnerable DNS server, effectively disabling the machine, by exploiting a 20-plus-year-old…

Read more →

‘You don’t have to do more than that to disconnect an entire network’ El Reg told as patches emerge A 20-plus-year-old security vulnerability in the design of DNSSEC (Domain Name System Security Extensions) could allow a single DNS packet to…

Read more →

Two new flaws, one zero-day, countless different patches, but everything’s fine! Network-attached storage (NAS) specialist QNAP has disclosed and released fixes for two new vulnerabilities, one of them a zero-day discovered in early November.… This article has been indexed from…

Read more →

Gang still going after critical infrastructure because it’s, you know, critical Canada’s Trans-Northern Pipelines has allegedly been infiltrated by the ALPHV/BlackCat ransomware crew, which claims to have stolen 190 GB of data from the oil distributor.… This article has been…

Read more →

Gang going after critical infrastructure because it’s…you know Canada’s Trans-Northern Pipelines has allegedly been breached by the ALPHV/BlackCat ransomware crew, which claims to have stolen 190 GB of data from the oil distributor.… This article has been indexed from The…

Read more →

Plenty of successful attacks observed with dangerous follow-on activity The number of senior business executives stymied by an ongoing phishing campaign continues to rise with cybercriminals registering hundreds of cloud account takeovers (ATOs) since spinning it up in November.… This…

Read more →

Leaves it to carriers, promoting a complaint to Irish data cops from Big Tech’s bête noire Meta has acknowledged that phone number reuse that allows takeovers of its accounts “is a concern,” but the ad biz insists the issue doesn’t…

Read more →

Looks like LockBit took a swipe at an outsourced life insurance application Indian tech services giant Infosys has been named as the source of a data leak suffered by the Bank of America.… This article has been indexed from The…

Read more →

Great news for victims of gang that hit the British Library in October Some smart folks have found a way to automatically unscramble documents encrypted by the Rhysida ransomware, and used that know-how to produce and release a handy recovery…

Read more →

Yep, cell carriers didn’t have to do this before The FCC’s updated reporting requirements mean telcos in America will have just seven days to officially disclose that a criminal has broken into their systems.… This article has been indexed from…

Read more →

No photos? No, second operation Dutch health insurers are reportedly forcing breast cancer patients to submit photos of their breasts prior to reconstructive surgery despite a government ban on precisely that.… This article has been indexed from The Register –…

Read more →

Yep, cell carriers didn’t have to do this before The US Federal Communications Commission’s updated reporting requirements mean telecos will have just seven days to officially disclose that a criminal has broken into their systems.… This article has been indexed…

Read more →

Pulls part of system offline as Black Basta docs suggest the worst Willis Lease Finance Corporation has admitted to US regulators that it fell prey to a “cybersecurity incident” after data purportedly stolen from the biz was posted to the…

Read more →

Experts also put an end to social media security updates The Caravan and Motorhome Club (CAMC) and the experts it drafted to help clean up the mess caused by a January cyberattack still can’t figure out whether members’ data was…

Read more →

PLUS: Juniper’s support portal leaks customer info; Canada moves to ban Flipper Zero; Critical vulns Infosec In Brief  Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers,…

Read more →

Some useful indicators of compromise right here More than 70,000 presumably legit websites have been hijacked and drafted into a network that crooks use to distribute malware, serve phishing pages, and share other dodgy stuff, according to researchers.… This article…

Read more →

Software company’s claim of there being no active exploits also being questioned In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it.… This article has been indexed…

Read more →

An orchestra of fails for the security vendor We’ve had to write the word “Fortinet” so often lately that we’re considering making a macro just to make our lives a little easier after what the company’s reps will surely agree…

Read more →

Should you be paying more attention to securing your AI models from attack? Webinar  As artificial intelligence (AI) technology becomes increasingly complex so do the threats from bad actors. It is like a forever war.… This article has been indexed…

Read more →

Reserve Bank also wants a national 2FA framework The Reserve Bank of India (RBI) announced on Thursday it would make its digital currency programmable, and ensure it can be exchanged when citizens are offline.… This article has been indexed from…

Read more →

That listing for a gig that looked too good to be true may have been carrying SQL injection code Singapore-based infosec firm Group-IB has detected a group that spent the last two months of 2023 stealing personal info from websites…

Read more →

Honor among thieves about to be put to the test The US government has placed an extra $5 million bounty on Hive ransomware gang members – its second such reward in a year. And it also comes a little over…

Read more →

Never mind the court orders obtained to thwart Volt Typhoon botnet Analysis  The FBI’s latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the…

Read more →

No walled garden can keep out every weed, we suppose LastPass says a rogue application impersonating its popular password manager made it past Apple’s gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install.……

Read more →