Category: The Register – Security

Why a fully mobile, hybrid and edge workforce needs a more flexible security solution Sponsored Feature  Securing the corporate network has never been a simple process, but years ago it was at least a bit more straightforward. Back then, the…

Read more →

Norfolk and Suffolk constabularies admit to accidentally including raw crime data in FoI responses Norfolk and Suffolk police have stepped forward to admit that a “technical issue” resulted in raw data pertaining to crime reports accidentally being included in Freedom…

Read more →

Abreezio? Maybe not, but it was a plea deal The former chief executive of a company that was sold to Qualcomm for more than $150 million has pleaded guilty to one count of money laundering relating to a $1.5 million…

Read more →

Voting machines and their data allegedly accessed without authorization by keen golfer’s gofers Authorities in the US state of Georgia have indicted a famous Floridian and his loyal associates on counts including theft of data, software, and personal information.… This…

Read more →

Again labels America a hacker empire over alleged backdoors found in earthquake monitoring kit China’s Global Times, a state-controlled media outlet, has teased an imminent exposé of alleged US attacks on seismic data measurement stations.… This article has been indexed…

Read more →

Trio alleged to have blackmailed over 100 targets after threats of intimate image release Two Nigerian men have been extradited to the US and were scheduled to appear in deferral court on Monday, charged with sextortion and causing the death…

Read more →

Try out a hot new thing before official launch? Something smells phishy The FBI has warned of a scam in which criminals lure people into installing what they think are pre-release beta-grade phone apps to try out – only for…

Read more →

Affected vehicles still safe to use, says automaker Ford has suggested owners of vehicles equipped with its SYNC 3 infotainment system disable the Wi-Fi lest someone nearby exploits a buffer-overflow vulnerability and hijacks the equipment.… This article has been indexed…

Read more →

Affected vehicles are still safe to use, says automaker Ford has suggested owners of vehicles equipped with its SYNC 3 infotainment system disable the Wi-Fi lest someone nearby exploits a buffer-overflow vulnerability and hijacks the equipment.… This article has been…

Read more →

Claiming affiliation with Anonymous, hackers want more public debate over radioactive water release plans Entities using the name and iconography of Anonymous (EUTNAIOA) claim to have conducted cyber protests against the Japanese government for actions related to the release of…

Read more →

Names, job titles and salaries included in unwitting leak Cumbria Constabulary inadvertently published the names and salaries of all its officers and staff online earlier this year, making it the second UK force in a fortnight to admit disclosing personal…

Read more →

Names, job titles and salaries included in unwitting leak Cumbria Constabulary inadvertently published the names and salaries of all its officers and staff online earlier this year, making it the second UK force in a fortnight to admit disclosing personal…

Read more →

Claiming affiliation with Anonymous, hackers want more public debate over radioactive water release plans Entities using the name and iconography of Anonymous (EUTNAIOA) claim to have conducted cyberprotests against the Japanese government for actions related to the release of wastewater…

Read more →

PLUS: Phishing campaign targets the C-suite; Cybercrime arrests in EU and Africa; and more Infosec in brief  The July breach of Microsoft Exchange Online by suspected Chinese hackers is the next topic up for review by the Department of Homeland…

Read more →

QC crypto-cracking coming in 5, 10, maybe 50 years, so act … now? Google has started deploying a hybrid key encapsulation mechanism (KEM) to protect the sharing of symmetric encryption secrets during the establishment of secure TLS network connections.… This…

Read more →

Feds argue leaks to press amount to witness tampering Sam Bankman-Fried (SBF), former chief executive of crypto-disaster FTX, who has been awaiting trial for his firm’s failure while in home detention with his family, has been sent to jail for…

Read more →

What are these gadgets running, Windows? Ka-boom-tsch Fifteen bugs in Codesys’ industrial control systems software could be exploited to shut down power plants or steal information from critical infrastructure environments, experts have claimed.… This article has been indexed from The…

Read more →

What are these gadgets running, Windows? Ka-boom-tsch Fifteen bugs in Codesys’ industrial control systems software could be exploited to shut down power plants or steal information from critical infrastructure environments, experts have claimed.… This article has been indexed from The…

Read more →

Anyone with sizable audience in this surveillance economy is invited to stuff their apps with tracking and ads Interview  In the past nine years, Oleg Anashkin, a software developer based in San Jose, California, has received more than 130 solicitations…

Read more →

ProxyNotShell vulnerability could be how UK body got pwned, suggests infosec expert The hacking of the UK’s Electoral Commission was potentially facilitated by the exploitation of a vulnerability in Microsoft Exchange, according to a security expert.… This article has been…

Read more →

Really? You didn’t bother to patch a 9.8 severity critical flaw? Ecommerce stores using Adobe’s open source Magento 2 software are being targeted by an ongoing exploitation campaign based on a critical vulnerability that was patched last year, on February…

Read more →

Paul Nakasone rates the Middle Kingdom a ‘pacing challenge’ The boss of US Cyber Command has opined that China’s cyber and surveillance capabilities are not ahead of, or even comparable to, to those of the United States.… This article has…

Read more →

Paul Nakasone rates the Middle Kingdom a ‘pacing challenge’ The boss of US Cyber Command has opined that China’s cyber and surveillance abilities are not ahead of, or comparable to, to that of the United States.… This article has been…

Read more →

Especially on Apple gear, uni team says A couple of techniques collectively known as TunnelCrack can, in the right circumstances, be used by snoops to force victims’ network traffic to go outside their encrypted VPNs, it was demonstrated this week.……

Read more →

Plus: British government’s push to reform data protection is working against the cause Companies that monitor their employees should only do so after they consult with and get consent from the staffers they are watching or tracking.… This article has…

Read more →

It’s like a nesting doll of security flaws AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine.… This article has been indexed…

Read more →

Operating expenses almost as high as actual turnover in latest quarterly numbers Rapid7 is initiating a restructuring process that will involve shedding 18 percent of its workforce after net losses widened over the most recent quarter.… This article has been…

Read more →

At least it was a blunder and not a hostile attack, unlike what happened to another UK public body this week A spreadsheet containing details of serving Northern Ireland police officers was mistakenly posted online yesterday, potentially endangering the safety…

Read more →

Alleged administrator cuffed in Indonesia, associate arrested in Japan, accused of selling fake Amazons for $60 INTERPOL has revealed a successful investigation into a phishing-as-a-service operation named “16shop” with arrests of alleged operators made in Indonesia and Japan and the…

Read more →

Downfall processor leaks, Teams holes, VPN clients at risk, and more Patch Tuesday  Microsoft’s August patch party seems almost boring compared to the other security fires it’s been putting out lately.… This article has been indexed from The Register –…

Read more →

Hey, breacher, leave those kids alone Data going back as far as nearly 20 years may have been stolen from the Colorado Department of Higher Education (CDHE) after ransomware extortionists breached the government body’s IT systems.… This article has been…

Read more →

‘It doesn’t help if the organization responsible for the integrity of elections’ gets pwned The UK’s Electoral Commission has been the subject of an online attack that may have exposed the names and addresses of voters, as well as the…

Read more →

Regulator says with a straight face that it should not be allowed to analyze ethnicity China has released draft regulations to govern the country’s facial recognition technology that include prohibitions on its use to analyze race or ethnicity.… This article…

Read more →

Kim Jong Un’s cyber-goons aren’t above attacking the regime’s few friends Two North Korean hacker groups had access to the internal systems of Russian missile and satellite developer NPO Mashinostoyeniya for five to six months, cyber security firm SentinelOne asserted…

Read more →

If you can’t trust a spyware developer with your info, who can you trust? Stalkerware slinger LetMeSpy will shut down for good this month after a miscreant breached its servers and stole a heap of data in June.… This article…

Read more →

‘Not all fixes are equal,’ argues Redmond, and this one for the Power Platform didn’t need to be rushed Microsoft has explained why it seemingly took its time to fix a flaw reported to it by infosec intelligence vendor Tenable.……

Read more →

PLUS: FBI admits buying NSO spyware; “IT” company busted for drugs ‘n guns biz; this week’s critical vulns Infosec in brief  If you’re wondering what patches to prioritize, ponder no longer: An international group of cybersecurity agencies has published a…

Read more →

‘Quite obviously f**king espionage,’ one suspect allegedly blabbed Two US Navy service members appeared in federal court Thursday accused of espionage and stealing sensitive military information for China in separate cases.… This article has been indexed from The Register –…

Read more →

SUSE security engineer goes public on unfixed problem after disclosure drama A security engineer at Linux distro maker SUSE has published an advisory for a flaw in the Mozilla VPN client for Linux that has yet to be addressed in…

Read more →

A man, a plan, and Razzlekhan fought the law – and the law won Ilya Lichtenstein and Heather Morgan on Thursday pleaded guilty to money-laundering charges related to the 2016 theft of some 120,000 Bitcoins from Hong Kong-based Bitfinex.… This…

Read more →

Plus: Tenable CEO blasts Redmond’s bug disclosure habits An infamous Kremlin-backed gang has been using Microsoft Teams chats in attempts to phish marks in governments, NGOs, and IT businesses, according to the Windows giant.… This article has been indexed from…

Read more →

Mysterious Team Bangladesh has carried out 846 attacks since June 2022, mostly DDoS Hacktivism may have dropped off of organization radars over the past few years, but it is now very visibly coming from what is believed to be Bangladesh,…

Read more →

Time for a proper secure clinical image transfer system, perhaps? Staff at NHS Lanarkshire – which serves over half a million Scottish residents – used WhatsApp to swap photos and personal info about patients, including children’s names and addresses.… This…

Read more →

Invaders already spent four or more months frolicking inside Norwegian government servers Intruders who exploited a critical Ivanti bug to compromise 12 Norwegian government agencies spent at least four months looking around the organizations’ systems and stealing data before the…

Read more →

WeChat accused of ‘contempt for Parliament’ as transparency rules floated for platforms An Australian Senate Committee has recommended banning Chinese social media apps in the land down under, on grounds the Communist Party of China uses them to spread propaganda…

Read more →

WeChat accused of ‘contempt for Parliament ‘ as transparency rules floated for all social media An Australian Senate Committee has recommended banning Chinese social media apps in the land down under, on grounds the Communist Party of China uses them…

Read more →

CEO, fresh with funds, lays out the dependency dilemma Interview  Open source security biz Socket is extending its source code dependency checker, which previously addressed only JavaScript and Python, by adding support for checking Go code.… This article has been…

Read more →

Collide+Power vulnerability leaks secrets bit by bit – but could take months or years to learn a useful secret Boffins in Austria and Germany have devised a power-monitoring side-channel attack on modern computer chips that exposes sensitive data, but very…

Read more →

Mega memory foam bedding maker says no sign yet personal info was stolen This article has been indexed from The Register – Security Read the original article: Mattress maker Tempur Sealy says it isolated tech system to contain cyber burglary

Read more →

As if attacks from China weren’t enough, one of the Air Force’s own has reportedly gone rogue The US government is fighting a pair of cyber security incidents, one involving Chinese spies who potentially gained access to crucial American computer…

Read more →

Some say retaliation for sanctions, but Beijing says it just wants world peace China introduced restrictions on Monday that mean would-be exporters will require a license to ship certain drones and related equipment out of the Middle Kingdom.… This article…

Read more →

As expert panel suggests some tweaks to boost public’s confidence in FISA The White House has weighed in on the Section 702 debate, urging lawmakers to reauthorize, “without new and operationally damaging restrictions,” the controversial snooping powers before they expire…

Read more →

GPU giant says you can’t stop secondary sales, surveillance gear maker protests innocence Updated  Video surveillance equipment maker Hikvision was allegedly paid $6 million by the Chinese government last year to provide technology that could identify members of the nation’s…

Read more →

Chip giant washes its hands – but you can’t stop secondary sales Chinese video surveillance equipment maker Hikvision was reportedly paid $6 million by Beijing last year to provide technology that could identify members of the nation’s Uyghur people, a…

Read more →

Clue: Nothing like what’s on offer today Opinion  “There seems to be something wrong with our bloody ships today,” fumed Admiral David Beatty during 1916’s Battle of Jutland. Fair enough: three of the Royal Navy’s finest vessels had just blown…

Read more →

ALSO: China says US hacked it right back, BreachForums users have been pwned, and this week’s critical vulns Infosec in brief  US senator Ron Wyden (D-OR) thinks it’s Microsoft’s fault that Chinese hackers broke into Exchange Online, and he wants…

Read more →

Mar-a-Lago IT director told ‘the boss wanted the server deleted’ Federal prosecutors have expanded their criminal case against a famous Floridian and his loyal minions for allegedly mishandling national security secrets and not being forthright about the storage and handling…

Read more →

IDORs of the storm Personal, financial, and health information belonging to millions of folks has been stolen via a particular class of website vulnerability, say cybersecurity agencies in the US and Australia. They’re urging developers to review their code and…

Read more →

Also: China’s ‘got a bigger hacking program than that of every major nation combined’ Nearly all of the FBI’s technical intelligence on malicious “cyber actors” in the first half of this year was obtained via Section 702 searches, according to…

Read more →

PRC semiconductor exports curiously rose 19% y-o-y for first 9 months of 2022 Chinese companies, including state-owned defense companies, are evading tech sanctions and fueling Moscow’s war in Ukraine, according to a US report released on Thursday.… This article has…

Read more →

‘Gay furry hackers’ say it’s in response to ‘attacks on human rights’ and noooothing to do with Russia-Ukraine NATO is investigating claims by miscreants that they broke into the military alliance’s unclassified information-sharing and collaboration IT environment, stole information belonging…

Read more →

Maximus plus Deloitte and Chuck E. Cheese join 500+ victim orgs Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew Clop…

Read more →

Millions of netizens as well as top accounting firms trampled by Clop Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew…

Read more →

Third of Big 4 accountants get trampled by Clop, KPMG may be nervous Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware…

Read more →

Will make regulating China’s 5G telecom equipment look like a cinch Chinese made AI-enabled products should spark similar concerns to Middle Kingdom sourced 5G equipment and therefore be regulated, said think tank Australian Strategic Policy Institute (ASPI) on Thursday.… This…

Read more →

Cripes, they actually sound serious Public companies that suffer a computer crime likely to cause a “material” hit to an investor will soon face a four-day time limit to disclose the incident, according to rules approved today by the US…

Read more →

Sachkov faces 14-year stretch after ‘unreasonably rushed trial’ A Russian court has sentenced Ilya Sachkov, the founder of security research house Group-IB, to 14 years in a maximum-security prison after finding the executive guilty of high treason.… This article has…

Read more →

UK trusts serving 12 million people affected as vendor awaits results of forensic investigation Several UK NHS ambulance organizations have been struggling to record patient data and pass it to other providers following a cyber-attack aimed at health software company…

Read more →

Good thing these eggheads have created a database of patches Python security fixes often happen through “silent” code commits, without an associated Common Vulnerabilities and Exposures (CVE) identifier, according to a group of computer security researchers.… This article has been…

Read more →

Uncle Sam warns sysadmins to get patching as soon as possible A critical security flaw in Ivanti’s mobile endpoint management code was exploited and used to compromise 12 Norwegian government agencies before the vendor plugged the hole.… This article has been…

Read more →

One spotted by Amnesty International – wonder what that was used for? Apple has released fixes for several security flaws that affect its iPhones, iPads, macOS computers, and Apple TV and watches, and warned that some of these bugs have…

Read more →

If it looks like a backdoor, walks like a backdoor, maybe it’s a … Midnight Blue, a security firm based in the Netherlands, has found five vulnerabilities that affect Terrestrial Trunked Radio (TETRA), used in Europe, the United Kingdom, and…

Read more →

Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by…

Read more →

ALSO: Amazon’s child-sized COPPA fine, smart tech security labels coming to the US, and this week’s critical vulns Infosec in brief  A security weakness in Google Cloud Build could have allowed attackers to tamper with organizations’ code repositories and application…

Read more →

How does the Azure giant come back from this? A stolen Microsoft security key may have allowed Beijing-backed spies to break into a lot more than just Outlook and Exchange Online email accounts.… This article has been indexed from The…

Read more →

File under PEBCAK VirusTotal today issued a mea cupla, saying a blunder earlier this week by one of its staff exposed information belonging to 5,600 customers, including the email addresses of US Cyber Command, FBI, and NSA employees.… This article…

Read more →

95% pertain to pension schemes administered by outsourcing giant, says Barings Law The law firm that last month sent a Letter of Claim to Capita over the breach in late March says it has signed up nearly 1,000 clients as…

Read more →

‘One of the most significant hacks of recent years,’ we’re told The number of victims and costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven.… This…

Read more →

Tributes paid to husband, father, son and rogue-turned-consultant Obit  Kevin Mitnick, probably the world’s most-famous computer hacker – and subsequently writer, public speaker, and security consultant – has succumbed to pancreatic cancer. He was 59.… This article has been indexed…

Read more →

In hindsight, it’s probably good practice to give clients access to cloud logs Microsoft announced on Wednesday it would provide all customers free access to cloud security logs – a service usually reserved for premium clients – within weeks of…

Read more →

Plus: Spanish cops arrest Ukrainian scareware dev after ten-year hunt Ukrainian cops have disrupted a massive bot farm with more than 100 operators allegedly spreading fake news about the Russian invasion, leaking personal information belonging to Ukrainian citizens, and instigating…

Read more →

The approach is the same, but never mind the crypto or gift cards Cybercriminals are taking their business offline in a new approach to familiar technical support scams recently identified by the US Federal Bureau of Investigation.… This article has…

Read more →

Palo Alto Networks addresses the mounting challenges posed by sophisticated cyberthreats Sponsored Post  Join Palo Alto Networks at the INTERSECT ’23: Network Security Summit, on July 27, 2023 09:00 AM PDT in the Americas and on August 2, 2023, at…

Read more →

Predator dev joins Pegasus slinger The US government on Tuesday added commercial spyware makers Intellexa and Cytrox to its Entity List, saying the duo are a possible threat to national security.… This article has been indexed from The Register –…

Read more →

Says baddies launched attack at weekend, isolates parts of tech infrastructure to contain spread Norwegian mining and recycling giant TOMRA says it has isolated tech systems as it deals with an “extensive cyberattack.”… This article has been indexed from The…

Read more →

SANS first DFIR Summit in Asia gives organizations in Asia Pacific an opportunity to build their cyber security expertise Sponsored Post  Kroll’s latest State of Incident Response: APAC report suggests that over half of all organizations in Asia Pacific (59…

Read more →

Good thing Mali isn’t best pals with Russia right no– oh, shoot For the past decade, millions of emails destined for .mil US military addresses were actually directed at .ml addresses, that being the top-level domain for the African nation…

Read more →

Smells like Russian cyber spies (again) A vulnerability in Zimbra’s software is being exploited right now by miscreants to compromise systems and attack selected government organizations, experts reckon.… This article has been indexed from The Register – Security Read the…

Read more →

Also more fiery, with vague but firm orders to create a ‘security barrier’ Over the weekend Chinese president Xi Jinping gave a directive to officials to build a Beijing-supervised “security barrier” around its internet.… This article has been indexed from…

Read more →

ALSO: More high-profile MOVEit victims; CVSS 4.0 coming soon; and a long list of critical vulnerabilities Infosec in brief  Former UK prime minister Boris Johnson lobbed a wrench into the works of the country’s COVID-19 inquiry by claiming he couldn’t…

Read more →

Why limit yourself to only stealing AWS credentials? A criminal crew with a history of deploying malware to harvest credentials from Amazon Web Services accounts may expand its attention to organizations using Microsoft Azure and Google Cloud Platform.… This article…

Read more →

Exec faces fraud charges, one regulator wants $5 billion fine Alex Mashinsky, the now-former CEO of collapsed cryptocurrency concern Celsius, today faces charges of fraud as prosecutors and watchdogs pile in.… This article has been indexed from The Register –…

Read more →

Storm-0558 had access to accounts and mail – maybe even for senior US officials US commerce secretary Gina Raimondo and other State and Commerce Department officials were reportedly among the victims of a China-based group’s attack on Microsoft’s hosted email…

Read more →

Ditching it after a decade? Devs warn of the hours to correct documentation and chaos it’ll cause Microsoft is causing a stir among some tech pros after confirming it plans to rename Azure AD to Entra.… This article has been…

Read more →

Plus: Apple bungles another rapid security response; important ICS updates land; and more Patch Tuesday  Microsoft today addressed 130 CVE-listed vulnerabilities in its products – and five of those bugs have already been exploited in the wild.… This article has…

Read more →

BlackCat pounces on 7TB of data and theatens to release it Staff at one of the UK’s largest hospital groups have spent a nervous week wondering if private data, stolen from their employer’s IT systems by a ransomware gang, is…

Read more →

ALSO: Shell fails to learn from past leaks; hundreds of solar plants found open to Mirai; and this week’s crit vulns In brief  With riots rocking the country, French parliamentarians have passed a bill granting law enforcement the right to…

Read more →

Three months after mega breach by Russian cybercrime group Capita has informed some of its employees that its own pension fund was among the victims of a cybercrime attack on its system, resulting in the theft of their personal details,…

Read more →

TV network’s attorneys ‘on a DMCA rampage’ … are you sure you’re ready, kids? Nickelodeon says it is probing claims that “decades old” material was stolen from it and leaked online. This follows reports on social media that someone had…

Read more →

Redmond’s not fixing the latter because it ‘relies on social engineering’ Microsoft is having a rough week with troubles including an Outlook.com bug that prevented some email users from searching their messages for several hours on Thursday, and a Teams…

Read more →