Category: The Register – Security

Details of civilians and Garda officers were included, as well as high-res scans of identity documents A third-party contractor running a database without password protection exposed more than 500,000 records related to vehicle seizures by the Irish National Police (An…

Read more →

Learn how to implement effective identity and access management with Entra ID and SANS Sponsored Post  The job of the cyber security professional is never easy, and it gets progressively harder with the movement of sensitive data and applications across…

Read more →

Countries signed on for India’s stack might watch out China-based scammers are using a combination of fake loan apps and India’s real-time mobile payment system, Unified Payments Interface (UPI), to separate victims from their cash, according to a report by…

Read more →

Initial fall in infected devices indicates evolution, not extinction, of attack code After a six-day wait, Cisco started rolling out a patch for a critical bug that miscreants had exploited to install implants in thousands of devices. Alas, it seems…

Read more →

Home of the Republic seemingly hit by Sony/NTT Docomo ransomware crew The US Capitol’s election agency says a ransomware crew might have stolen its entire voter roll, which includes the personal information of all registered voters in the District of…

Read more →

Where adopting a resilient and integrated approach to backup and disaster recovery makes sense Webinar  There is no longer an off button for businesses and organizations, no closed signs, or downtime. This means enterprise IT operations and data assets must…

Read more →

Copilotization of all things continues… as helper offers incident reports to share with the boss and more Microsoft is opening up the early access program for its flagship cybersecurity AI product, which marks the inevitable folding in of Copilot into…

Read more →

There was a young man from Moldova, who the Feds just want to roll over, but with 20 inside, and nowhere to hide, he just wants it all to be over A Moldovan who allegedly ran the compromised-credential marketplace E-Root…

Read more →

Crooks broke into the ClassPad server and swiped online learning database Japanese electronics giant Casio said miscreants broke into its ClassPad server and stole a database with personal information belonging to customers in 149 countries.… This article has been indexed…

Read more →

Group will be remembered as staunch negotiator and a bullier of critical infrastructure orgs Law enforcement agencies have taken over RagnarLocker ransomware group’s leak site in an internationally coordinated takedown.… This article has been indexed from The Register – Security…

Read more →

Class action lawsuits abound after mega breach A cybercriminal claims they’ve uploaded a second batch of stolen profile data from biotech company 23andMe, posting it to the same cybercrime forum that hosted the first batch two weeks ago.… This article…

Read more →

Seafaring cybercrim’s wife faces similar sentence next month A former IT manager for the US Navy is facing a five-and-a-half year prison sentence for selling thousands of people’s personal records on the dark web.… This article has been indexed from…

Read more →

SANS offers cyber security pros a valuable toolkit of resources to mitigate the potentially serious cybersecurity risks faced by internal staff Sponsored Post  Organisations that fail to adequately address the potential vulnerabilities that internal employees sometimes encounter when developing an…

Read more →

Who knew 3 million actually means 700 in cybercrime forum lingo? D-Link has confirmed suspicions that it was successfully targeted by cyber criminals, but is talking down the scale of the impact.… This article has been indexed from The Register…

Read more →

Musk’s mega-app-in-waiting goes from chopping headlines to profile URLs An ethical hacker has exploited a bug in the way X truncates URLs to take over a CIA Telegram channel used to receive intelligence.… This article has been indexed from The…

Read more →

Do it now, no ifs or buts, says advisory US authorities have issued an urgent plea to network admins to patch the critical vulnerability in Atlassian Confluence Data Center and Server amid ongoing nation-state exploitation.… This article has been indexed…

Read more →

Domestic jets can use ‘municipal solid waste’ to fly the friendly skies Sustainable aviation fuels (SAFs) made from sources other than fossil fuels have the potential to reduce emissions by up to 80 percent, UK researchers have found.… This article…

Read more →

Your guide to SEC, DoD 8140.3 and NIS2 changes with the SANS Cyber Compliance Countdown Sponsored Post  Imminent changes to cyber security regulations in the US and Europe demand that public and private sector organizations on both side of the…

Read more →

Fax, post, and human messengers can still be used for filing vital evidence An unspecified security incident is forcing many state courts across Kansas to rely on paper filings, and it may have continue to do so for weeks, a…

Read more →

Sophisticated malware devs believed to be behind latest addition to toolset of China-aligned attackers Security researchers have uncovered a backdoor used in attacks against governments and organizations in the Association of Southeast Asian Nations (ASEAN).… This article has been indexed…

Read more →

Also, CISA cataloging new ransomware data points, 17k WP sites hijacked by malware in Sept., and more critical vulns Infosec in brief  The fallout from the exploitation of bugs in Progress Software’s MOVEit file transfer software continues, with the US…

Read more →

Early attempt to exploit latest Progress Software bug spotted in the wild An early ransomware campaign against organizations by exploiting the vulnerability in Progress Software’s WS_FTP Server was this week spotted by security researchers.… This article has been indexed from…

Read more →

Will players press start to continue with this outfit? Shadow, which hosts Windows PC gaming in the cloud among other services, has confirmed criminals stole a database containing customer data following a social-engineering attack against one of its employees.… This…

Read more →

Two years on and Microsoft refuses to address the issue Perceived weaknesses in the security of Microsoft’s Visual Studio IDE are being raised once again this week with a fresh single-click exploit.… This article has been indexed from The Register…

Read more →

The road to Hell is paved with good intentions, and for open source this is a well meaning cluster fudge Opinion  When I was in Bilbao recently for the Open Source Summit Europe event, the main topic of conversation was…

Read more →

Not quite a pound for every one of the 13.8 million affected UK citizens, and it could have been more The UK’s Financial Conduct Authority (FCA) has fined Equifax a smidge over £11 million ($13.6 million) for severe failings that…

Read more →

We’d like to say don’t panic … but maybe? 35 vulnerabilities in the Squid caching proxy remain unfixed more than two years after being found and disclosed to the open source project’s maintainers, according to the person who reported them.……

Read more →

How continuous data protection and isolated cyber recovery vaults provide effective defense against ransomware Sponsored Feature  In August 2023, Danish hosting subsidiaries CloudNordic and AzeroCloud were on the receiving end of one of the most serious ransomware attacks ever made…

Read more →

The ransomware gang changes identities more than Jason Bourne The Everest ransomware group is stepping up its efforts to purchase access to corporate networks directly from employees amid what researchers believe to be a major transition for the cybercriminals.… This…

Read more →

Simpson Manufacturing yanks systems offline, warns of ongoing disruption Simpson Manufacturing Company yanked some tech systems offline this week to contain a cyberattack it expects will “continue to cause disruption.”… This article has been indexed from The Register – Security…

Read more →

Partner Content  According to the Cyber Security Breaches Survey 26 percent of medium businesses, 37 percent of large businesses and 25 percent of high-income charities have experienced cyber crime in the last 12 months.… This article has been indexed from…

Read more →

Worth it for 20 years behind bars? A US Navy service member pleaded guilty yesterday to receiving thousands of dollars in bribes from a Chinese spymaster in exchange for passing on American military secrets.… This article has been indexed from…

Read more →

We still doubt any infosec leaders will be going without heating this winter The gap between the top and bottom-earning CISOs is growing wider, with the highest-paid execs having their salaries increased at three times the rate of those at…

Read more →

IT folks look back on 20 years of what is now infosec tradition Feature  Twenty years ago this month, Microsoft did something pretty revolutionary at the time when it formalized the Windows software release schedule.… This article has been indexed…

Read more →

Britain’s privacy watchdog still not happy that agreement ‘appropriately’ protects sensitive data Opinion  The UK Extension to the EU-US Data Privacy Framework (aka Data Bridge) will enter into force on October 12, allowing certifying entities to easily transfer personal data…

Read more →

The coordinated disclosure didn’t quite go to plan, though After a week of rampant speculation about the nature of the security issues in curl, the latest version of the command line transfer tool was finally released today.… This article has…

Read more →

FBI agent claims sergeant with top clearance offered access to DoD tech systems A former US Army Sergeant with Top Secret US military clearance created a Word document entitled “Important Information to Share with Chinese Government,” according to an FBI…

Read more →

Groups range from known collectives to new outfits eager to raise their profile Hacktivism efforts have proliferated rapidly in the Middle East following the official announcement of a war between Palestine and Israel.… This article has been indexed from The…

Read more →

All sites operational, no ‘material’ financial impact expected but stock markets still worried Volex, the British integrated maker of critical power and data transmission cables, confirmed this morning that intruders accessed data after breaking into its tech infrastructure.… This article…

Read more →

PLUS: Sony admits to MoveITbreach; Blackbaud fined again, Qakbot’s sorta back from the dead; and more Infosec in brief  Bot defense software vendor Human Security last week detailed an attack that “sold off-brand mobile and Connected TV (CTV) devices on…

Read more →

Calls for wider adoption of security-by-design principles continue to ring loudly from Uncle Sam The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) are blaming unchanged default credentials as the prime security misconfiguration that leads…

Read more →

Racecars and cyber insurance will balance its books in no time, though MGM Resorts has admitted that the cyberattack it suffered in September will likely cost the company at least $100 million.… This article has been indexed from The Register…

Read more →

Ransomware spokesperson scoffs at IT reseller’s offer of payment CDW, one of the largest resellers on the planet, will have its data leaked by LockBit after negotiations over the ransom fee broke down, a spokesperson for the cybercrime gang says.……

Read more →

Stay immutable in the face of cyber crime adversity, says Object First Sponsored Feature  Most of us dislike cyber criminals, but not many of us dislike them quite as much as Anthony Cusimano.… This article has been indexed from The…

Read more →

Regulation complements EU’s Digital Markets Act to cover more services Google has committed to being a little less creepy with user data in response to proceedings from the German Federal Cartel Office (Bundeskartellamt).… This article has been indexed from The…

Read more →

More malware scum using acessibility features to steal personal info Singapore-based infosec outfit Group-IB on Thursday released details of a new Android trojan that exploits the operating system’s accessibility features to steal info that enables theft of personal information.… This…

Read more →

Hard-coded credentials strike again Cisco has issued a security advisory about a vulnerability in its Emergency Responder software that would allow an unauthenticated remote attacker to log in to an affected device using the root account.… This article has been…

Read more →

Zero day? More like every day, amirite? Apple has demonstrated that it can more than hold its own among the tech giants, at least in terms of finding itself on the wrong end of zero-day vulnerabilities.… This article has been…

Read more →

Rising number of RaaS baddies drive global attack numbers up 200% Microsoft research says that 80-90 percent of ransomware attacks over the past year originated from unmanaged devices.… This article has been indexed from The Register – Security Read the…

Read more →

Data leakers become data leakees The Lorenz ransomware group leaked the details of every person who contacted it via its online contact form over the course of the last two years.… This article has been indexed from The Register –…

Read more →

Kim Jong-un looks at industry’s progress with green eyes, says South Korea’s spy agency South Korea’s National Intelligence Service (NIS) has warned North Korea is attacking its shipbuilding sector.… This article has been indexed from The Register – Security Read…

Read more →

Kim Jong-un looks at industry’s progress with green eyes, says South Korea’s spy agency South Korea’s National Intelligence Service (NIS) has warned North Korea is attacking its shipbuilding sector.… This article has been indexed from The Register – Security Read…

Read more →

‘Handful’ of customers hit so far, public-facing instances at risk Atlassian today said miscreants have exploited a critical bug in on-premises instances of Confluence Server and Confluence Data Center to create and abuse admin accounts within the enterprise colab software.  ……

Read more →

What’s up, Doc? Try elevated permissions Grab security updates for your Linux distributions: there’s a security hole that can be fairly easily exploited by rogue users, intruders, and malicious software to gain root access and take over the box.… This…

Read more →

‘No impact on missions,’ military powerhouse insists NATO is “actively addressing” multiple IT security incidents after a hacktivist group claimed it once again breached some of the military alliance’s websites, this time stealing what’s claimed to be more than 3,000…

Read more →

The 5th Circuit’s re-ruling adds CISA to a list of alleged first-amendment violators. Next stop: Supreme Court The US Fifth Circuit Court of Appeals has modified a ruling from last month to add the Cybersecurity and Infrastructure Security Agency (CISA)…

Read more →

Rules apply to cyber vigilantes and their home nations, but experts cast doubt over potential benefits New guidelines have been codified to govern the rules of engagement concerning hacktivists involved in ongoing cyber warfare.… This article has been indexed from…

Read more →

Meta, the project’s maintainer, shrugs A trio of now-patched security issues in TorchServe, an open-source tool for scaling PyTorch machine-learning models in production, could lead to server takeover and remote code execution (RCE), according to security researchers.… This article has…

Read more →

After people’s funds go up in smoke, ex-CEO seeks cash to foot legal bills The first of two US government prosecutions of former FTX CEO Sam Bankman-Fried commenced in New York on Monday, only a day after the cryptocurrency tycoon…

Read more →

Chrome’s second zero-day of the month puts fed security at ‘significant risk’ The US’s Cybersecurity and Infrastructure Security Agency (CISA) has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) Catalog.… This article…

Read more →

Plus: Philippine state health insurance knocked offline by ransomware, China relaxes data export laws, and more Asia in brief  Zhu Su, co-founder of fallen crypto business Three Arrows Capital (3AC), was arrested last Friday at Changi Airport in Singapore as…

Read more →

Better late than never, we guess An urgent ransomware warning from the Feds has some industry analysts scratching their heads and wondering if Uncle Sam’s noggin has been buried in the sand for too long.… This article has been indexed…

Read more →

Early signs emerge after Progress Software said there were no active attempts last week Security researchers have spotted what they believe to be a “possible mass exploitation” of vulnerabilities in Progress Software’s WS_FTP Server.… This article has been indexed from…

Read more →

Security exec Mark Ryland spills the tea on hush-hush threat intel tool Interview  AWS has unveiled MadPot, its previously secret threat-intelligence tool that one of the cloud giant’s security execs tells us has thwarted Chinese and Russian spies – and…

Read more →

No, that does not mean you can leave it at home just yet Last week the internet was abuzz with talk that Singapore’s commercial Changi airport was no longer going to require passports for clearance at immigration. Although it is…

Read more →

Plus: Johnson Controls hit by IT ‘incident’, Exim and Chrome security updates, and more Infosec in brief  Progress Software, maker of the mass-exploited MOVEit document transfer tool, is back in the news with more must-apply security patches, this time for…

Read more →

But Meta was just about to start asking people for their permission! Norway has told the European Data Protection Board (EDPB) it believes a countrywide ban on Meta harvesting user data to serve up advertising on Facebook and Instagram should…

Read more →