Category: The Register – Security

Allegations date back a decade to leaked Snowden docs Cavium, a maker of semiconductors acquired in 2018 by Marvell, was identified in the documents leaked in 2013 by Edward Snowden as a vendor that cooperated with US intelligence agencies to…

Read more →

Feds claim sniper scope displays sold in sanctions-busting move A Russian national helped smuggle, via shell companies in Hong Kong, more than $1.6 million in microelectronics to Moscow potentially to support its war against Ukraine, it is claimed.… This article…

Read more →

Feds claim sniper scope displays sold in sanctions-busting move A Russian national helped smuggle, via shell companies in Hong Kong, more than $1.6 million in microelectronics to Moscow potentially to support its war against Ukraine, it is claimed.… This article…

Read more →

Back to ‘manual’ order processing for $7B household cleaning biz, financial impact will be ‘material’ The Clorox Company, makers of bleach and other household cleaning products, doesn’t expect operations to return to normal until near month end as it combs…

Read more →

Local corporate regulator warns boards that cyber is totally a directorial duty Australia will build “six cyber shields around our nation” declared home affairs minister Clare O’Neill yesterday, as part of a national cyber security strategy.… This article has been…

Read more →

Flaws fixed in August, admins seem to have taken the summer off About 79 percent of public-facing Juniper SRX firewalls remain vulnerable to a single security flaw can allow an unauthenticated attacker to remotely execute code on the devices, according…

Read more →

Now-NASA boffin not impressed Last October, Pennsylvania State University (Penn State) was sued by a former chief information officer for allegedly falsifying government security compliance reports.… This article has been indexed from The Register – Security Read the original article:…

Read more →

Included secrets, private keys, passwords, 30,000+ internal Teams messages A Microsoft employee accidentally exposed 38 terabytes of private data while publishing a bucket of open-source AI training data on GitHub, according to Wiz security researchers who spotted the leaky account…

Read more →

Also, LockBit gets a new second stringer, AirTag owners find yet another illicit use, and this week’s critical vulns Infosec in brief  Californians may be on their way to the nation’s first “do not broker” list with the passage of…

Read more →

AMBERSQUID operation takes AWS’s paths less travelled in search of compute As cloud native computing continues to gain popularity, so does the risk posed by criminals seeking to exploit the unwary. One newly spotted method targets services on the AWS…

Read more →

Oh s#!t, Sherlock Israeli software maker Insanet has reportedly developed a commercial product called Sherlock that can infect devices via online adverts to snoop on targets and collect data about them for the biz’s clients.… This article has been indexed…

Read more →

Mandiant warns casino raiders are doubling down on ‘monetization strategies’ Scattered Spider, the crew behind at least one of the recent Las Vegas casino IT security breaches, has already hit some 100 organizations during its so-far brief tenure in the…

Read more →

Half a percent of last quarter’s net income? That’ll teach ’em Google has been hit with another lawsuit alleging it deceived users about its collection, storage, and use of their location data, this time from the state of California. Yet it’s…

Read more →

Are you the weakest link? The UK’s Greater Manchester Police (GMP) has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked.… This article has been indexed from…

Read more →

NoEscape promises ‘colossal wave of problems’ if IJC doesn’t pay up The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB…

Read more →

Zero-days are so 2022. Why not just social engineer the help desk? Casino giant Caesars Entertainment has confirmed miscreants stole a database containing customer info, including driver license and social security numbers for a “significant number” of its loyalty program…

Read more →

Company noticed data warehouse break-in via compromised account a month later Cloud-based bug tracking and monitoring platform Rollbar has warned users that attackers have rifled through their data.… This article has been indexed from The Register – Security Read the…

Read more →

Homeland Security told to mind costs, fix up privacy controls Twice delayed and over budget, the US Department of Homeland Security (DHS) has been told by the Government Accountability Office (GAO) that it needs to correct shortcomings in its biometric…

Read more →

No, you CEO is not on Teams asking you to transfer money Deepfakes are coming for your brand, bank accounts, and corporate IP, according to a warning from US law enforcement and cyber agencies.… This article has been indexed from…

Read more →

Ransomware group nicked info from employee of airline, say researchers Aerospace giant Airbus has fallen victim to a data breach, thanks in part to the inattention of a third party.… This article has been indexed from The Register – Security…

Read more →

Cut and shut is so last century, now it’s copy and clone Researchers have found almost 15,000 automotive accounts for sale online and pointed at a credential-stuffing attack that targeted car makers.… This article has been indexed from The Register…

Read more →

Fun technique – but how practical is it? Some smart cookies at institutions in China and Singapore have devised a technique for reading keystrokes and pilfering passwords or passcodes from Wi-Fi-connected mobile devices on public networks, without any hardware hacking.……

Read more →

Pensioners, employees and medical pros among those aiming to be compensated for data exposure The number of claimants signing up to a Class Action against Capita over the infamous March cyber security break-in and subsequent data exposure keeps going up,…

Read more →

Running unsupported and unpatched versions of Exchange Server will do that to a country Sri Lanka’s Computer Emergency Readiness Team (CERT) is currently investigating a ransomware attack on the government’s cloud infrastructure that affected around 5,000 email accounts, it revealed…

Read more →

‘Obtaining a disruptive capability could be one possible motivation behind this surge in attacks’ Espionage-ware thought to have been developed by China has once again been spotted within the power grid of a neighboring nation.… This article has been indexed…

Read more →

Plus: Adobe and Android also tackle abused-in-the-wild flaws Patch Tuesday  It’s every Windows admin’s favorite day of the month: Patch Tuesday. Microsoft emitted 59 patches for its September update batch, including two for bugs that have already been exploited.… This…

Read more →

$50k to breathe new life into its corpse. The rest of us must move on to OpenSSL 3.0 OpenSSL 1.1.1 has reached the end of its life, making a move to a later version essential for all, bar those with…

Read more →

Exploit observed in the wild as Mountain View pushes out updates Google has rushed out a fix for a vulnerability in its Chrome browser, noting that an exploit already exists in the wild.… This article has been indexed from The…

Read more →

Would be a new low, even for these lowlifes Cybercrime crew BianLian claims to have broken into the IT systems of a top non-profit and stolen a ton of files, including what the miscreants claim is financial, health, and medical…

Read more →

Ransomware? Some would be willing to bet on that MGM Resorts has shut down some of its IT systems following a “cybersecurity incident” that the casino-and-hotel giant says is currently under investigation.… This article has been indexed from The Register…

Read more →

Ransomware? Some would be willing to bet on that MGM Resorts has shut down some of its IT systems following a “cybersecurity incident” that the casino-and-hotel giant says is currently under investigation.… This article has been indexed from The Register…

Read more →

Akamai reckons traffic flood peaked at 55.1 million packets per second Akamai says it thwarted a major distributed denial-of-service (DDoS) attack aimed at a US bank that peaked at 55.1 million packets per second earlier this month.… This article has been indexed…

Read more →

Defence against the dark arts of phishing Webinar  Almost half of all losses to cybercrime come from Business Email Compromise (BEC), according to the FBI. It appears that even the most astute among us can fall foul of a cunningly…

Read more →

ALSO: Verizon turns self in for reduced fine, malvertising comes to macOS, and this week’s critical vulnerabilities In brief  Watch out, cyber security researchers: Suspected North Korean-backed hackers are targeting members of the infosec community again, according to Google’s Threat…

Read more →

How to protect organizations from Business Email Compromise Webinar  It is a stratospheric number of emails pinging around the globe and the sheer volume offers a seductively lucrative phishing opportunity to the legion of bad actors out there.… This article…

Read more →

No user interaction needed for this one as Pegasus turns up via iMessage Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild.… This article has been indexed…

Read more →

Sometimes using AI to make hilariously wrong images that still drive social media engagement Microsoft, which earlier this week admitted not being able to detect a Chinese attack on its own infrastructure, has published a report [PDF] titled “Digital threats…

Read more →

Confidential figures for Tesla, Snap, Roku, Avnet, others swiped and used to rack up millions in ill-gotten gains Vladislav Klyushin, the Russian owner of security penetration testing firm M-13, was jailed for nine years in the US on Thursday, for…

Read more →

Top admin, HR managers, devs go on transatlantic deny-list The US and UK governments named and sanctioned 11 Russians said to be connected to the notorious Trickbot cybercrime crew this week.… This article has been indexed from The Register –…

Read more →

Sueball alleges company at fault after employee info leaked, including Musk’s An ex-Tesla staffer has filed a proposed class action lawsuit that blames poor access control at the carmaker for a data leak, weeks after Tesla itself sued the alleged…

Read more →

You’re just giving manufacturers carte blanche to profit off personal data Depressingly predictable research from Which? serves as another reminder, if one was needed, that furnishing your home with internet-connected “smart” devices could be a dumb idea if you’d rather…

Read more →

But don’t celebrate yet … it has simply kicked the online safety can down the road, Westminster style Comment  Sanity appears to have prevailed in the debate over the UK Online Safety bill after the government agreed to ditch proposals…

Read more →

So what? Smartphones are routinely restricted in, or excluded from, sensitive locations Analysis  Chinese authorities have reportedly banned Apple’s iPhones from some government offices.… This article has been indexed from The Register – Security Read the original article: China reportedly…

Read more →

Mistakes were made, lessons learned, stuff now fixed, says Windows maker Remember that internal super-secret Microsoft security key that China stole and used to break into US government email accounts back in July? … This article has been indexed from The…

Read more →

What? Yogurt Monster isn’t really a legitimate customer’s name?! A California man has admitted he failed to bake anti-money laundering protections into his cryptocurrency exchange, thus allowing scammers and drug traffickers to launder millions of dollars through the service.… This…

Read more →

Did you potentially miss the love match of your life in week-long blackout? Nope, nobody could access it If you got snubbed by the object of your affections on dating app Coffee Meets Bagel (CMB) in late August, don’t feel…

Read more →

Company boards, on the other hand, aren’t letting cybersecurity disturb their sleep as much Chief information security officers (or CISOs) see human error as the most significant risk to data protection compared to other UK board directors.… This article has…

Read more →

We’re number one! We’re number one! We’re… It’s generally accepted that security flaws in Microsoft’s products are a top magnet for crooks and fraudsters: its sprawling empire of hardware and software is a target-rich ecosystem in that there is a…

Read more →

In Putin’s Russia, the planet hacks you The power of the EU’s Digital Services Act (DSA) to actually police the world’s very large online platforms (VLOPs) has been tested in a new study focused on Russian social media disinformation.… This…

Read more →

Change your passwords. And maybe give the recycling a miss this time Freecycle, the charity aimed at recycling detritus that would otherwise be headed for landfill, has become the latest organization to suffer at the hands of cyber attackers and…

Read more →

Simon Byrne faced backlash over FoI blunder, plus claims officers were ‘punished’ to appease Sinn Féin Northern Ireland’s police chief, Simon Byrne, resigned last night after an emergency meeting of the Policing Board amid discontent in the rank and file…

Read more →

Irony, not barbed wire, cuts the deepest The risk of running obsolete code and hardware was highlighted after attackers exfiltrated data from a UK supplier of high-security fencing for military bases. The initial entry point? A Windows 7 PC.… This…

Read more →

Mitigating the threat of bot-driven DDoS attacks Webinar  It’s sometimes easy to be lulled into a sense of false security and imagine that your organization or business will not become a target of highly professional cybercriminals, hacktivists and even nation-state…

Read more →

Hold onto your SQL Server, enterprise admins Microsoft has reminded users that TLS 1.0 and 1.1 will soon be disabled by default in Windows.… This article has been indexed from The Register – Security Read the original article: Microsoft calls…

Read more →

Came in wake of the force publishing their own people’s data in botched FoI Nearly four weeks after the Police Service of Northern Ireland (PSNI) published data on 10,000 employees in a botched response to a Freedom of Information request,…

Read more →

ALSO: Brazilian stalkerware database ripped by the short hairs, a fast fashion breach, and this week’s critical vulns Infosec in brief  The latest round of Apple’s Security Research Device (SRD) program is open, giving security researchers a chance to get…

Read more →

Big blow to blighters’ blow-by-the-boatload blueprint Video  Efforts by cops to seize and shut down encrypted messaging apps favored by criminals, and then mine their conversations for evidence, appear to have led to more arrests — plus the seizure of…

Read more →

Oktapus phishing campaign criminals are back in action Customers of cloudy identification vendor Okta are reporting social engineering attacks targeting their IT service desks in attempts to compromise user accounts with administrator permissions.… This article has been indexed from The…

Read more →

Defeating a DDoS swarm Webinar  Any organization can lose service, revenue, and reputation as a result. If you are particularly unlucky, a DDoS attack can defenestrate your network defences. You may find yourself facing an cyber criminal who wants to…

Read more →

That’s what we call a static shock Even ransomware operators make mistakes, and in the case of ransomware gang the Key Group, a cryptographic error allowed a team of security researchers to develop and release a decryption tool to restore…

Read more →

Five Eyes nations warn of hit against Ukrainian military systems Russia’s Sandworm crew is using an Android malware strain dubbed Infamous Chisel to remotely access Ukrainian soldiers’ devices, monitor network traffic, access files, and steal sensitive information, according to a…

Read more →

Backdoors detailed, plus CISA releases more IOCs for IT depts to check Nearly a third of organizations compromised by Chinese cyberspies via a critical bug in some Barracuda Email Security Gateways were government units, according to Mandiant.… This article has…

Read more →

Could be used to put ethical hackers, and citizens, behind bars A controversial United Nations proposal has a new foe, Microsoft, which has joined the growing number of organizations warning delegates that the draft version of the UN cybercrime treaty…

Read more →

It could be used to put ethical hackers, and citizens, behind bars A controversial United Nations proposal has a new foe, Microsoft, which has joined the growing number of organizations warning delegates that the draft version of the UN cybercrime…

Read more →

Malfunction took 14 plants offline for 36 hours. Oh, what a … nah, too obvious Toyota Japan has recovered from what it’s described as a “malfunction in the production order system” that halted production on 28 lines across 14 plants…

Read more →

Claims to have taken down two colossal networks, with ‘Secondary Infektion’ schooling ‘Spamouflage’ Russia appears to be “better” at running online trolling campaigns aimed at pushing its political narratives than China, according to Meta’s latest Adversarial Threat Report.… This article…

Read more →

Halls of learning are stuck offline, but go Wolverines! The University of Michigan has isolated itself from the internet but, hey, everything’s fine!… This article has been indexed from The Register – Security Read the original article: University cuts itself…

Read more →

‘We will continue fighting this case’ global chief’s lawyer tells us An appeals court has reversed a 2021 decision to drop a bribery charge against Apple’s head of global security, who is accused of donating iPads worth up to $80,000…

Read more →

Totally plucked: Agents remotely roasted Windows botnet malware on victims’ machines Uncle Sam today said an international law enforcement effort dismantled Qakbot, aka QBot, a notorious botnet and malware loader responsible for losses totaling hundreds of millions of dollars worldwide,…

Read more →

All 47,000 Met Police officers and staff reportedly accessed in break-in London’s Metropolitan Police has said a third-party data breach exposed staff and officers’ names, ranks, photos, vetting levels, and salary information.… This article has been indexed from The Register…

Read more →

Meal delivery biz leaves bitter taste Purfoods has notified more than 1.2 million people that their personal and medical data — including payment card and bank account numbers, security codes, and some protected health information — may have been stolen from…

Read more →

Top of the list to trip sensors Three malware loaders — QBot, SocGholish, and Raspberry Robin — are responsible for 80 percent of observed attacks on computers and networks so far this year.… This article has been indexed from The…

Read more →

ALSO: Euro chip maker breached, crims plan to undermine cyber insurance, and this week’s critical vulnerabilities Infosec in Brief  No one likes malware, but malicious code that tracks your location is particularly unlovable.… This article has been indexed from The…

Read more →

PLUS: India calls for global action on AI and crypto; Vietnam seeks cybersecurity independence; China bans AI prescribing drugs Asia In Brief  Taiwan-based infosec consultancy Team T5 has disputed Microsoft’s alleged timeline of just when a Beijing-linked attack group named…

Read more →

No miners were involved in this story Tor, which stands for The Onion Router, weathered a massive distributed denial-of-service (DDoS) storm from June last year through to May.… This article has been indexed from The Register – Security Read the…

Read more →

Joins in the chorus of advice to bin the gear instead of trying for a fix The FBI has warned owners of Barracuda Email Security Gateway (ESG) appliances the devices are likely undergoing attack by snoops linked to China, and…

Read more →

The critical rise of generative AI use in ransomware attacks on applications Webinar  It’s a fact of life that ransomware is a constant threat, like a dark cloud on every horizon. Recent research suggests that the volume of attacks has…

Read more →

From BT and Nvidia to Grand Theft Auto 6, pair were on a total tear Two teenage members of the chaotic Lapsus$ cyber-crime gang helped compromise computer systems of Uber and Nvidia, and also blackmailed Grand Theft Auto maker Rockstar…

Read more →

Founder Roman Storm cuffed on laundering, sanctions busting charges Two founders of Tornado Cash were formally accused by US prosecutors today of laundering more than $1 billion in criminal proceeds through their cryptocurrency mixer.… This article has been indexed from…

Read more →

Those weapons programs aren’t going to fund themselves Lazarus Group, the infamous cryptocurrency thieves backed by North Korea, may try to liquidate a stash of stolen Bitcoin worth more than $40 million, according to the FBI.… This article has been…

Read more →

IT outfit says it can’t — and won’t — pay the ransom demand CloudNordic has told customers to consider all of their data lost following a ransomware infection that encrypted the large Danish cloud provider’s servers and “paralyzed CloudNordic completely,”…

Read more →

Credit-reporting giant disagrees with FTC, will hand over the pocket change to make Feds go away Experian has agreed to cough up $650,000 after being accused of spamming people with no opt-out button.… This article has been indexed from The…

Read more →

Titan Global Capital Management to pay $1m to those it advised without admitting fault A New York fintech biz is set to pay $1 million in fines under a US Securities and Exchange Commission order that claims it advertised “annualized”…

Read more →

How AI is powering ransomware attacks on applications Webinar  You could be forgiven for wondering if anything can ever again be completely straightforward or demonstrably authentic in a world where generative AI can masquerade convincingly as your mother, or express…

Read more →

Cupertino appears to be blasé about long-standing macOS bug, so coder has blabbed Apple last year introduced a security feature called App Management that’s designed to prevent one application from modifying another without authorization under macOS Ventura – but a…

Read more →

Good thing you’re not exposing admin port 8443 to the world, right? Uh, right? A critical authentication bypass bug in MobileIron Sentry has been exploited in the wild, its maker Ivanti said in an advisory on Monday.… This article has…

Read more →

If spies aren’t swiping designs via joint ventures, they’re breaking into IT networks and mulling sat hijackings With America outspending the rest of the world on space technologies, those systems and their blueprints are a highly alluring and lucrative target…

Read more →

Identity Access Management? What’s that? Insiders are to blame for a May data breach at Tesla, the company claimed in filings after news of the incident was reported months ago by German media.… This article has been indexed from The…

Read more →

Update now: Millions of users potentially impacted, plus uncounted warez folks Users of the popular WinRAR compression and archiving tool should update now to avoid a vulnerability that allows code to be run when a user opens a RAR file.……

Read more →

Snoopers Charter: Dead cows don’t snitch Opinion  Information wants to be free. This usefully ambiguous battle cry has been the mischievous slogan of hackers since early networking thinker Stuart Brand coined it in the early 1980s. Intended as part of…

Read more →

ALSO: NYC says kthxbye to TikTok, slain Microsoft exec’s wife indicted, and some ASAP patch warnings Infosec in brief  Someone at Microsoft has some explaining to do after a messed up DNS record caused emails sent from Hotmail accounts Microsoft…

Read more →

Cops credit security shops with an assist, tho it’s a drop in the ocean An Interpol-led operation arrested 14 suspects and identified 20,674 “suspicious” networks spanning 25 African countries that international cops have linked to more than $40 million in…

Read more →

Bad kitty, no catnip for you Here’s a heads up. Another version of BlackCat ransomware has been spotted extorting victims. This variant embeds two tools, we’re told: the network toolkit Impacket for lateral movement within compromised environments, and Remcom for…

Read more →

But it may help with fuzzing Analysis  Despite the hype around criminals using ChatGPT and various other large language models to ease the chore of writing malware, it seems this generative AI technology isn’t terribly good at helping with that…

Read more →

About 2,000 NetScaler installations feared compromised as CISA raises alarm over ShareFile Miscreants are actively exploiting critical bugs in two of Citrix’s products, both of which the business IT player fixed earlier this summer.… This article has been indexed from…

Read more →

Plus laptop and radio with yet more officers details reportedly nicked from car A man was arrested in Northern Ireland for suspected Collection of Terrorist Information following an incident where police mistakenly leaked details that identified 10,000 serving officers, but…

Read more →

The My Number card mess remains unsolved as trust in e-government remains muted Japan’s digital minister has doubled down on a June promise to penalize himself for the poor rollout of the country’s digital ID, My Number Card, by offering…

Read more →

Which that’s a problem because local orgs are leaking data and shadowy trader are cashing in Vietnam’s Ministry of Information and Communications has admitted the nation has a vast shortfall of infosec pros.… This article has been indexed from The…

Read more →

Cleanup will involve ‘complete rewrite of our website’s code’ Discord.io has shut down “for the foreseeable future,” after crooks stole, and then put up for sale, data belonging to all 760,000 of the service’s users.… This article has been indexed…

Read more →

Plus: Medical records for 4M people within reach of Clop gang after IBM MOVEit deployment hit The Clorox Company has some cleaning up to do as some of its IT systems remain offline and operations “temporarily impaired” following a security…

Read more →