Category: The Register – Security

Redmond’s not fixing the latter because it ‘relies on social engineering’ Microsoft is having a rough week with troubles including an Outlook.com bug that prevented some email users from searching their messages for several hours on Thursday, and a Teams…

Read more →

How to deal with the evolving threat to our sensitive communications Webinar  There is a folk tale of a woman, who on being told a secret burned to tell someone what she had heard. Believing that it was safe to…

Read more →

Nagoya Harbor hit the rocks yesterday but looks to be afloat once more The port of Nagoya – which shifted 2.68 million shipping containers and 164 million tons of cargo in 2022 – has moved precious few in the last…

Read more →

Prime doesn’t pay – well, not that much, anyway A former Amazon manager described by prosecutors as the “mastermind” behind a nearly $10 million scheme to steal money from the online megaretailer using fake invoices has been sentenced to 16…

Read more →

Lends credence to theory that Pyongyang is testing ballistic missiles against international rules A North Korean satellite allegedly designed for reconnaissance was not viable for its alleged intended purpose, according to South Korea’s military on Wednesday.… This article has been…

Read more →

Just use it sparingly, as it may crash equipment or burn out memory Boffins at the University of California, Davis have devised a purportedly practical way to apply a memory abuse technique called Rowhammer to build unique, stable device fingerprints.……

Read more →

Cops reckon gang swiped as much as $30M from financial orgs International cops have arrested a suspected “key figure” of a cybercrime group dubbed OPERA1ER that has stolen as much as $30 million from more than 30 banks and financial…

Read more →

Digital payment skeptics of the world, unite! You have nothing to lose but grifters and crims Singapore has joined the ranks of nations requiring digital payment operators to follow the same sort of regulations and customer protection requirements that apply…

Read more →

Sneaky HTML smuggling signals MustangPanda shift towards Europe, Checkpoint charges Infosec outfit Checkpoint says it’s spotted a Chinese actor targeting diplomatic facilities around Europe.… This article has been indexed from The Register – Security Read the original article: Undiplomatic Chinese…

Read more →

That’s a vulnerability that’s under attack, fix available … cancel those July 4th plans, perhaps? More than 338,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical bug Fortinet fixed last month that’s being exploited in the wild.……

Read more →

Digital rights folks, as you can imagine, want the tech grounded America’s Transportation Security Agency (TSA) intends to expand its facial-recognition program used to screen US air travel passengers to 430 domestic airports in under a decade.… This article has…

Read more →

Attackers accessed it via third-party services provider, says management group It’s an awkward Monday for Dublin Airport after pay and benefits details for some 2,000 staff were apparently “compromised” following a recent attack on professional service provider Aon.… This article…

Read more →

Almost anything you download from China could be considered spying, but at least one analyst isn’t worried The United States’ National Counterintelligence and Security Center (NCSC) has warned that China’s updated Counter-Espionage law – which came into effect on July…

Read more →

PLUS: Philippines cyber-slave raid; South Korea’s crypto crackdown; AWS boosts Chinese exports; and more Asia In Brief  Japan’s government last Friday rebuked Fujitsu for shabby cloud security.… This article has been indexed from The Register – Security Read the original…

Read more →

So, uh, who’s gonna pay that $70M ransom? Following claims by ransomware gang LockBit that it has stolen data belonging to TSMC, the chip-making giant has said it was in fact one of its equipment suppliers, Kinmax, that was compromised…

Read more →

Privacy: It’s a Jersey Thing New Jersey cops must apply for a wiretap order — not just a warrant — for near-continual snooping on suspects’ Facebook accounts, according to a unanimous ruling by that US state’s Supreme Court. … This article…

Read more →

SANS training courses are scheduled for multiple locations across the EMEA region this Autumn Sponsored Post  Nobody here at is likely to argue with Albert Einstein’s idea that “intellectual growth should commence at birth and cease only at death”.… This…

Read more →

Quelle tragédie – techie had to visit the city of lights twice to sort this one out On Call  Hard-coded into The Register‘s week is that each Friday morning you’ll find a new instalment of On Call, our reader contributed…

Read more →

Yet another snafu for digital services push Fujitsu Japan is in the spotlight again for all the wrong reasons, after fumbling its attempt to fix the nation’s troubled ID card scheme.… This article has been indexed from The Register –…

Read more →

Yet another snafu for digital services push Fujitsu Japan is in the spotlight again for all the wrong reasons, after fumbling its attempt to fix the nation’s troubled ID card scheme.… This article has been indexed from The Register –…

Read more →

Claims he wants to stay in the music biz after time in a Sing Sing One of the two men who admitted stealing more than $23 million in royalty payments for songs played on YouTube has been sentenced to nearly…

Read more →

Cough, cough, use Rust. Plus: Eight more exploited bugs added to CISA’s must-patch list The most dangerous type of software bug is the out-of-bounds write, according to MITRE this week. This type of flaw is responsible for 70 CVE-tagged holes…

Read more →

Not the iPhone maker’s first think-of-the-children rodeo Apple has joined the rapidly growing chorus of tech organizations calling on British lawmakers to revise the nation’s Online Safety Bill – which for now is in the hands of the House of…

Read more →

Blasted from the sky in February, device never transmitted photos, videos, or radar data it collected, officials say It’s been months since “spy balloon” fever gripped the United States, but the headline-grabbing flying object – alleged to have been deployed by…

Read more →

Not the iPhone maker’s first think-of-the-children rodeo Apple has joined the rapidly growing chorus of tech organizations calling on British lawmakers to revise the nation’s Online Safety Bill – which for now is in the hands of the House of…

Read more →

Group-IB spinout confirms Kislitsin is wanted by both Washington and Moscow A Russian network security specialist and former editor of Hacker magazine who is wanted by the US and Russia on cybercrime charges has been detained in Kazakhstan as the…

Read more →

Just as America’s Supremes set a high bar for cyberstalking It’s bad enough there’s some Android stalkerware out there with the not-at-all-creepy moniker LetMeSpy. Now someone’s got hold of the information the app collects – such as victims’ text messages…

Read more →

Eurocop op cracking crims’ chat app causes clink time and cash confiscation Police breaking into and snooping on the EncroChat encrypted messaging network has led to 6,558 arrests worldwide and nearly €740 million seized in criminal funds, according to cops…

Read more →

Failure to match metadata with packaged files is perfect for supply chain attacks The npm Public Registry, a database of JavaScript packages, fails to compare npm package manifest data with the archive of files that data describes, creating an opportunity…

Read more →

Why the future of cyber security could be fully autonomous where the AI works independently Sponsored Feature  The cybersecurity sector, it is now routinely attested, is in the midst of a long-term skills crisis.… This article has been indexed from…

Read more →

Join AWS, Google Cloud, Microsoft Azure, and SANS Institute for the Cloud Security Exchange 2023 Sponsored Post  Imagine if you could get instant advice on how to protect your cloud infrastructure against cyber threats from some of the world’s best…

Read more →

Time to start practicing identity protection A vendor that operates a pilot recruitment platform used by maor airlines exposed the personal files of more than 8,000 pilot and cadet applicants at American Airlines and Southwest Airlines.… This article has been…

Read more →

Also: a PII harvest at Dole’s server farm, military members mailed mystery smartwatches, and this week’s critical vulns Infosec in brief  In a case startlingly similar to charges recently unsealed against one-term US president Donald Trump, a former FBI analyst…

Read more →

Fined $4m for mess, for which it blames unnamed archiving vendor’s retention settings JP Morgan has been fined $4 million by the US Securities and Exchange Commission (SEC) for deleting millions of email records dating from 2018 relating to its…

Read more →

How protective AI is a powerful weapon in the fight against cyber attackers using AI for malicious acts. Webinar  In the new age of generative AI, it would be foolhardy to imagine that bad actors won’t already be exploiting every…

Read more →

Chocolate Factory paid a record $12m in 2022 Bug hunters who found security holes in Google — and also responsibly disclosed details of those flaws to the Chocolate Factory — earned more than $12 million in bounty rewards in 2022,…

Read more →

Nation states will use you to get to your friends, says NCSC British law practices of “all sizes and types” have been warned by GCHQ’s cyberspy arm that their “widespread adoption of hybrid working” combined with the large sums of…

Read more →

Ensuring communications stay secure Webinar  The explosion in remote working since the pandemic means the number of people doing their job from home has more than doubled in the UK.… This article has been indexed from The Register – Security…

Read more →

Hides itself from popular Asian AV, also uses games to do its dirty work Malware intended to spread on USB drives is unintentionally infecting networked storage devices, according to infosec vendor Checkpoint.… This article has been indexed from The Register…

Read more →

Calls on governments to combat ‘playbook’ that propelled Huawei to prominence China has a playbook to use IP theft to seize leadership in cloud computing, and other nations should band together to stop that happening, according to Nathaniel C. Fick,…

Read more →

…that alone ‘could provide a false sense of security,’ NSA warns in this handy free guide for orgs BlackLotus, the malware capable of bypassing Secure Boot protections and compromising Windows computers, has caught the ire of the NSA, which today…

Read more →

Sharing a cancer patient’s nude snaps earlier wasn’t enough for these scumbags Ransomware gang BlackCat claims it infected a plastic surgery center, stole “lots” of highly sensitive medical records, and has vowed to leak patients’ photos if the clinic doesn’t…

Read more →

Accept there are some risks you don’t control but which nonetheless you can’t ignore Sponsored Feature  Friday the 10 of December 2021 is etched in the memory of many IT professionals, but not for reasons they will look back on…

Read more →

PM wants response as urgent as that mustered for COVID-19 Japanese prime minister Fumio Kishida has ordered an emergency review of the nation’s ID Cards, amid revelations of glitches and data leaks that threaten the government’s digital services push.… This…

Read more →

Shielding with protective AI from bad actors using AI for cyberattacks Webinar  The one thing a cyber security team can rarely afford to do is relax its vigilance. But count the collective manhours spent on the frontline and the figure…

Read more →

One affects VMware’s monitoring tool and the other TP-Link routers Miscreants are right now exploiting two security bugs for which patches exist, one in a VMware network and applications monitoring tool and the other in some TP-Link routers.… This article…

Read more →

One affects VMware’s monitoring tool and the other TP-Link routers Miscreants are right now exploiting two security bugs for which patches exist, one in a VMware network and applications monitoring tool and the other in some TP-Link routers.… This article…

Read more →

Snoops may be targeting macOS devices in addition to iPhones, Kaspersky says Whoever is infecting people’s iPhones with the TriangleDB spyware may be targeting macOS computers with similar malware, according to Kaspersky researchers.… This article has been indexed from The…

Read more →

1Health must strengthen protections for genetic information as part of settlement The Federal Trade Commission has alleged that genetic testing firm 1Health.io, also known as Vitagene, deceived people when it said it would dispose of their physical DNA sample as…

Read more →

Sponsored Post  Cybercrime is a global phenomenon, but the effectiveness of measures put in place to fight it varies considerably from one region to another.… This article has been indexed from The Register – Security Read the original article: Training…

Read more →

50K-plus employees’ personal info swiped after law firm rolled Mondelez International has warned 51,000 of its past and present employees that their personal information has been stolen from a law firm hired by the Oreo and Ritz cracker giant.… This…

Read more →

Crooks demand $4.5m to keep ’80GB’ of corp info private – and no API price hikes Reddit this week confirmed ransomware gang BlackCat, aka AlphaV, broke into its corporate systems in February.… This article has been indexed from The Register…

Read more →

Cybercrooks hoping users have whispered employer secrets to chatbot Singapore-based threat intelligence outfit Group-IB has found ChatGPT credentials in more than 100,000 stealer logs traded on the dark web in the past year.… This article has been indexed from The…

Read more →

BlackCat attack sparks injunction preventing coverage of purloined docs An infosec incident at a major Australian law firm has sparked fear among the nation’s governments, banks and businesses – and a free speech debate.… This article has been indexed from…

Read more →

Also: Hackers target security researchers, MaaS model flourishing, and this week’s vulnerabilities Infosec in brief  Remember earlier this year, when we found out that a bunch of baddies including at least one nation-state group broke into a US federal government…

Read more →

Automating, simplifying, and calling in external help can increase the chances of blocking and mitigating attacks Sponsored Feature  Life is tougher than ever for security pros facing a rising tide of cyberattacks. And adversaries are becoming more adept than ever…

Read more →

Previous claims its own software updates were the issue remain almost, kinda, plausible In the murky world of political and corporate spin, announcing bad news on Friday afternoon – a time when few media outlets are watching, and audiences are…

Read more →

Previous claims its own software updates were the issue remain almost, kinda, plausible In the murky world of political and corporate spin, announcing bad news on Friday afternoon – a time when few media outlets are watching, and audiences are…

Read more →

Millions of people’s personal info swiped, Clop leaks begin with ‘Shell’s stolen data’ Progress Software on Friday issued a fix for a third critical bug in its MOVEit file transfer suite, a vulnerability that had just been disclosed the day…

Read more →

Plus: Accused is innocent until proven guilty, but is known to be an Apple fan FBI agents have arrested a Russian man suspected of being part of the Lockbit ransomware gang. An unsealed complaint alleges the 20-year-old was an Apple…

Read more →

Barings Law claims 250 people that ‘suspect’ data theft signed up to class action Capita is facing its first legal claim over the high profile digital burglary in late March that exposed some customer data to intruders and will cost…

Read more →

WhisperGate-spreading Cadet Blizzard painted as haphazard but dangerous crew Here’s a curious tale about a highly destructive yet flaky Kremlin-backed crew that was active during the early days of Russia’s invasion of Ukraine, then went relatively quiet – until this…

Read more →

European Commission’s own networks to toss Middle Kingdom boxes amid calls for total replacement European commissioner Thierry Breton wants Huawei and ZTE barred throughout the EU, and revealed plans to remove kit made by the Chinese telecom vendors from the…

Read more →

European Commission’s own networks to toss Middle Kingdom boxes amid calls for total replacement European commissioner Thierry Breton wants Huawei and ZTE barred throughout the EU, and revealed plans to remove kit made by the Chinese telecom vendors from the…

Read more →

CISA chief tells us exploitation ‘largely opportunistic’, not on same level of SolarWinds The US Department of Energy and other federal bodies are among a growing list of organizations hit by Russians exploiting the MOVEit file-transfer vulnerability.… This article has…

Read more →

Snoops ‘aggressively targeted’ specific govt, academic accounts Chinese spies are behind the data-stealing malware injected into Barracuda’s Email Security Gateway (ESG) devices globally as far back as October 2022, according to Mandiant.… This article has been indexed from The Register…

Read more →

Think of it as a fake Google tuned for credential capture and you’ll understand why authorities want to kill it North Korea has created a fake version of South Korea’s largest internet portal, Naver, in a large scale phishing attempt,…

Read more →

‘Many factors were considered,’ WyCiS boss tells The Reg as (ISC)² suggests an end to ‘girlfriend test’ jargon Global nonprofit Women in Cybersecurity (WiCyS), despite months of controversy over the cities named to host its 2024 and 2025 conferences, says…

Read more →

As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections Seven nations today issued an alert, plus protection tips, about LockBit, the prolific ransomware-as-a-service gang.… This article has been indexed from The Register – Security…

Read more →

Forecasting the flux and flow of threats to the cloud Webinar  The cloud is floating around everywhere and with the rapid expansion of IT always comes new complexities that alter the threat landscape.… This article has been indexed from The…

Read more →

No, the irony isn’t lost on us either Capita, which is still dealing with a digital break-in that exposed customers’ data to criminals, has scored a £50 million contract with the City of London police to run contact and engagement…

Read more →

As identity management becomes the new security perimeter, cyber risk underwriters want to see resilient IAM control ID sprawl Sponsored Feature  Many organizations are suffering from an identity crisis. Not in the psychological sense, nor in respect to their branding…

Read more →

Populist politician pleads not guilty at Miami arraignment A Florida man and his valet appeared in a Miami federal courtroom on Tuesday to respond to criminal charges of document hoarding and related claims.… This article has been indexed from The…

Read more →

Plus: Adobe, SAP and Android push updates Microsoft has released security updates for 78 flaws for June’s Patch Tuesday, and luckily for admins, none of these are under exploit.… This article has been indexed from The Register – Security Read…

Read more →

Banking trojan still going strong as feds put bulletproof hosting point man behind bars The last of the three men said to be responsible for infecting Windows computers with the banking trojan Gozi has been sentenced to three years.… This…

Read more →

Rubrik Zero Lab’s ‘The Hard Truths’ annual report into the state of data security Webinar  It seems no longer possible to imagine whether it’s just a case of if a security breach will occur within your organization, or if malicious…

Read more →

Turns out it’s easy to forge documents relying on OOXML Office Open XML (OOXML) Signatures, an Ecma/ISO standard used in Microsoft Office applications and open source OnlyOffice, have several security flaws and can be easily spoofed.… This article has been…

Read more →

Conflict could be first shooting war to deploy armies of ‘citizen hackers’ that cause at-risk organisations to rethink their defensive strategies Sponsored Feature  When military historians come to chronicle the first 15 months of the Russian invasion of Ukraine, they…

Read more →

As another CVE is assigned Two more organizations hit in the mass exploitation of the MOVEit file-transfer tool have been named – the Minnesota Department of Education in the US, and the UK’s telco regulator Ofcom – just days after…

Read more →

Resilience against threats needs a boost China’s cyber-ops against the US have shifted from espionage activities to targeting infrastructure and societal disruption, the director of the Cybersecurity and Infrastructure Security Agency (CISA) Jen Easterly told an Aspen Institute event on…

Read more →

PLUS: Vietnam’s free domain names for youngsters; China’s Cuba spy base; Hyundai and Samsung team for car chips; and more Asia In Brief  India’s government has denied its Co-WIN COVID-19 vaccination management platform has leaked data, but ordered an investigation…

Read more →

What a blast from the past, the past being a year before the pandemic American prosecutors have unsealed an indictment against two Russians who allegedly had a hand in the ransacking and collapse of Mt Gox a decade ago, an…

Read more →

And it’s already being exploited in the wild, probably Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN that can be exploited to hijack the equipment.… This article has been indexed from The Register – Security Read…

Read more →

First the interview, then the phishing attack A threat group targeting Discord and Twitter accounts has stolen more than $3.3 million in cryptocurrency from 2,300 victims so far in an ongoing campaign that started in April and saw the highest…

Read more →

Suit claims Redmond took far more than allowed from Hold’s 360M-credential database Microsoft stands accused by cyber intelligence firm Hold Security of violating an agreement between the pair by misusing Hold’s database of more than 360 million sets of credentials…

Read more →

Freelance agency exposed personal details that would be highly valuable in the wrong hands A UK agency for freelance doctors has potentially exposed personal details relating to 3,200 individuals via unsecured S3 buckets, which one expert said could be used…

Read more →

Also, the FBI’s $180k investment in AN0M keeps paying off, and this week’s critical vulnerabilities Infosec in brief  Security firms helping Progress Software dissect the fallout from a ransomware attack against its MOVEit file transfer suite have discovered more issues…

Read more →

Win32k and Visual Studio flaws are under attack Two flaws in Microsoft software are under attack on systems that haven’t been patched by admins.… This article has been indexed from The Register – Security Read the original article: Online muggers…

Read more →

No protection without surveillance? The FBI doesn’t want to lose its favorite codified way to spy, Section 702 of the US Foreign Intelligence Surveillance Act. In its latest salvo, the agency’s deputy director Paul Abbate called it “absolutely critical for…

Read more →

Some servers encrypted in weekend attack, but product supply not affected Japanese pharma giant Eisai today confirmed to The Register that “there is no imminent risk of stock shortage” after it was hit by ransomware at the weekend.… This article…

Read more →

Your multicloud environment is complex. You need an uncompromising zero trust approach to manage and secure it. Commissioned  Commissioned: If you’re like most IT leaders, you are facing two uncomfortable realities. The first is that external and internal cybersecurity threats…

Read more →

Crown Glazing and Maxen Power Supply fall foul of PECR Britain’s data watchdog has slapped a financial penalty on two energy companies it claims were posing as third parties, including the National Grid and UK government, when making unsolicited marketing…

Read more →

India tops the charts for document theft The number of stolen Asian credit card numbers appearing on darkweb crime marts has fallen sharply, cyber security firm Group-IB told Singapore’s ATxSG conference on Thursday.… This article has been indexed from The…

Read more →

Google’s blue tick proves untrustworthy Google says it has fixed a flaw that allowed a scammer to impersonate delivery service UPS on Gmail, after the data-hoarding web behemoth labeled the phony email as authentic.… This article has been indexed from…

Read more →

‘The more important a thing is for the world, the less security it has’ says inventor Cold boot attacks, in which memory chips can be chilled and data including encryption keys plundered, were demonstrated way back in 2008 – but…

Read more →

Users’ cryptocurrency wallets look unlikely to be refilled The North Korean criminal gang Lazarus Group has been blamed for last weekend’s attack on Atomic Wallet that drained at least $35 million in cryptocurrency from private accounts.… This article has been…

Read more →

That patch we issued? Yeah, it wasn’t enough Barracuda has now told customers to “immediately” replace infected Email Security Gateway (ESG) appliances — even if they have received a patch to fix a critical bug under exploit.… This article has…

Read more →

If the chocolate factory’s scans don’t stop the miners, customers don’t foot the bill Google Cloud has put $1 million on the table to cover customers’ unauthorized compute expenses stemming from cryptomining attacks if its sensors don’t spot these illicit…

Read more →

What started as a TikTok craze has become a ‘public nuisance’ Hyundai and Kia cars were stolen 977 times in New York City in the first four months of 2023, and authorities have had enough.… This article has been indexed…

Read more →

Watch it here: the unvarnished truth about the state of data security Webinar  Rubrik Zero Lab’s annual report on the state of data security is not a comfortable read. And as if to prepare you for what lies inside, the…

Read more →