Category: The Register – Security

It’s better to take action than wait for attacks The timeworn adage that “those who don’t learn from history are doomed to repeat it” can certainly be applied to cyber security. Microsoft is hoping to spare enterprises that use its…

Read more →

How Intel is using hardware-assisted security to beef up Microsoft OS protection Sponsored Feature  When Windows 11 launched in October 2021, one of its big selling points was a new security architecture. Microsoft designed it from the ground up with…

Read more →

And compile a list of vendors considered threats to national security The UK government will set a deadline for removing made-in-China surveillance cameras from “sensitive sites.”… This article has been indexed from The Register – Security Read the original article:…

Read more →

AI technology raises the bar in an already troubling crime Miscreants are using AI to create faked images of a sexual nature, which they then employ in sextortion schemes.… This article has been indexed from The Register – Security Read…

Read more →

AI technology raises the bar in an already troubling crime Miscreants are using AI to create faked images of a sexual nature, then using them in sextortion schemes.… This article has been indexed from The Register – Security Read the…

Read more →

Plus: The Feds weigh in with advice, details Clop, the ransomware crew that has exploited the MOVEit vulnerability extensively to steal corporate data, has given victims a June 14 deadline to pay up or the purloined information will be leaked.……

Read more →

Spies gonna spy Feature  The world got a first glimpse into the US government’s far-reaching surveillance of American citizens’ communications – namely, their Verizon telephone calls – 10 years ago this week when Edward Snowden’s initial leaks hit the press.… This…

Read more →

Nearly anything can look like money laundering if you squint hard enough Three supporters of activists against a $90 million police training facility dubbed Cop City were arrested after the cops used PayPal data to bring money-laundering charges against the…

Read more →

Legal prof warns: ‘This case is like a wrecking ball for internet law’ The US Ninth Circuit Court of Appeals last week ruled that Enigma Software Group can pursue its long standing complaint against rival security firm Malwarebytes for classifying…

Read more →

Legal prof warns: ‘This case is like a wrecking ball for internet law’ The US Ninth Circuit Court of Appeals last week ruled that Enigma Software Group can pursue its long standing complaint against rival security firm Malwarebytes for classifying…

Read more →

BYODALAINGTI (as long as it’s not got TikTok installed) The US federal government’s ban on TikTok has been extended to include devices used by its many contractors – even those that are privately owned. The bottom line: if some electronics…

Read more →

Pocket change, in other words Microsoft is being fined $20 million by the US Federal Trade Commission for violating the Children’s Online Privacy Protection Act (COPPA) by illegally gathering kids’ personal information and retaining it without parental consent.… This article…

Read more →

Crooks steal Social Security numbers and post them on dark web, victims blame holes in Mercer’s security An American university founded in 1833 is facing a bunch of class action lawsuits after the personal data of nearly 100,000 people was…

Read more →

AI is beefing up the cyber arsenals of both attackers and defenders Sponsored Feature  Email is a popular target for cybercriminals, offering an easy way of launching an attack disguised as an innocent message. One moment of inattention on the…

Read more →

Microsoft blames Clop ransomware crew for theft of staff info British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer…

Read more →

Victims nursing huge losses haven’t the foggiest how heist happened, yet As much as $35 million worth of cryptocurrency may have been stolen in a large-scale attack on Atomic Wallet users, with one investigator claiming losses could potentially exceed $50…

Read more →

Operators stay ahead of defenders with new access methods and C2 infrastructure The Qbot malware operation – which started more than a decade ago as banking trojan only to evolve into a backdoor and a delivery system for ransomware and…

Read more →

Commanders in the field persuaded to give up, let their guard down, run around and desert their posts Australia’s Signals Directorate, the signals intelligence organization, has revealed it employed zero-click attacks on devices used by fighters for Islamic State of…

Read more →

Also, hackers publish RaidForum user data, Google’s $180k Chrome bug bounty, and this week’s vulnerabilities infosec in brief  Japanese automaker Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment – the same explanation it…

Read more →

Living in the eye of the geopolitical storm is not easy, but is good for business In late September 2021, staff at Taiwanese threat intelligence company TeamT5 noticed something very nasty: a fake news report accusing it of conducting phishing…

Read more →

‘World’s first and only’ orbiting infosec playpen due to blast off today Feature  Assuming the weather and engineering gods cooperate, a US government-funded satellite dubbed Moonlighter will launch at 1235 EDT (1635 UTC) on Saturday, hitching a ride on a…

Read more →

Country to have two networks as first buildout falls behind schedule Malaysia could be putting itself on a collision course with the EU and US as the country looks set to allow Chinese suppliers including Huawei a chance to play…

Read more →

Oh cool, something else to scan for Researchers recently uncovered the following novel attack on the Python Package Index (PyPI).… This article has been indexed from The Register – Security Read the original article: This malicious PyPI package mixed source…

Read more →

US, South Korea, warn ‘Kimsuky’ is a very sophisticated social engineer The United States and the Republic of Korea have issued a joint cybersecurity advisory [PDF] about North Korea’s “Kimsuky” cybercrime group.… This article has been indexed from The Register…

Read more →

It’s the 2020s and we’re still running code automatically fetched over HTTP FAQ  You may have seen some headlines about a supply-chain backdoor in millions of Gigabyte motherboards. Here’s the lowdown.… This article has been indexed from The Register –…

Read more →

Time to MOVEit, MOVEit. We don’t like to MOVEit, MOVEit Security researchers and the US government have sounded the alarm on a flaw in Progress Software’s MOVEit Transfer that criminals have been “mass exploiting” for at least a month to…

Read more →

Did we just time warp back to 2013? Russian intelligence has accused American snoops and Apple of working together to backdoor iPhones to spy on “thousands” of diplomats worldwide.… This article has been indexed from The Register – Security Read…

Read more →

Are DevOps Tools a potential risk to your software supply chain security? Webinar  Popular DevOps tools are great when it comes to helping developers optimize digital infrastructure, but there’s a potential downside – the hidden risks they can contain which…

Read more →

Staff able to watch customers in the bathroom? Tick! Obviously shabby infosec? Tick! Training AI as an excuse for data retention? Tick! America’s Federal Trade Commission has made Amazon a case study for every cautionary tale about how sloppily designed…

Read more →

This RomCom is no laughing matter A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia’s illegal invasion of Ukraine, according…

Read more →

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at least…

Read more →

Here’s a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen’s cellphone at the border, barring exigent circumstances.… This article has been indexed from The Register – Security…

Read more →

Act now: Sea-themed backdoor malware injected via .tar-based hole A critical remote command injection vulnerability in some Barracuda Network devices that the vendor patched 11 days ago has been exploited by miscreants – for at least the past seven months.……

Read more →

LockBit gang claimed ‘trophy’ of spilling low income families’ details. Their parents must be proud The criminals who hit one of the biggest government-backed dental care and insurance providers in the US earlier this year hung about for 10 days…

Read more →

G.N.U. Silicon Graphics: a company is not dead while its name is still spoken SGI may be no more but people are still using its code – and some more of that code may be about to enjoy a revival.……

Read more →

How to stave off software supply chain attacks Webinar  A software supply chain attack is a hugely painful form of infiltration which can paralyse any business or organization. An attack like a lethal snake bite where the poison silently and…

Read more →

The whispering voice presents an alternative point of view to steer cyber security pros in the right direction Sponsored Feature  What do bears and cyber criminals have in common? Both of them are scary, and they both have the same…

Read more →

3. It’s asked for 90% of the digital dosh back, or else it’ll beg the cops for help Just days after releasing the second – and supposedly more stable and secure – version of its decentralized finance (DeFi) app, Jimbos…

Read more →

Protests planned for Wednesday in San Francisco and Denver A coalition of 90-plus groups, including Fight for the Future and Mozilla, will descend upon Slack’s offices in San Francisco and Denver on Wednesday to ask on the collaboration app to…

Read more →

Investors roll the dice against government sanctions and lawsuits Spyware maker NSO Group has a new ringleader, as the notorious biz seeks to revamp its image amid new reports that the company’s Pegasus malware is targeting yet more human rights…

Read more →

Also: iSpoof no more, Edmodo fined more than it can pay, UK is #1 (in CC theft), and the week’s critical vulns security in brief  The fallout from an eight-month-old cyber attack on a county in Long Island, New York…

Read more →

Phone-hugging code can record calls, read messages, track geolocation, access camera, other snooping The Android Predator spyware has more surveillance capabilities than previously suspected, according to analysis by Cisco Talos, with an assist from non-profit Citizen Lab in Canada.… This…

Read more →

Uncle Sam confirms it’s saying nothing The US International Trade Administration (ITA) has admitted it promotes the sale of American-approved commercial spyware to foreign governments, and won’t answer questions about it, according to US Senator Ron Wyden (D-OR).… This article…

Read more →

Mayor promises to comment on Friday BlackByte ransomware crew has claimed Augusta, Georgia, as its latest victim, following what the US city’s mayor has, so far, only called a cyber “incident.”… This article has been indexed from The Register –…

Read more →

All should change this year as the country passes its Cyber Security Bill Sri Lanka’s Ministry of Technology has confirmed it will have a cyber security authority – at some point.… This article has been indexed from The Register –…

Read more →

For simulation or for real, we don’t like the vibes from this CosmicEnergy Malware designed to disrupt electric power grids was likely developed by a Russian contractor, according to Mandiant’s threat intel team that discovered the malicious software and dubbed…

Read more →

When is warrantless surveillance warranted? Register Kettle  If there’s one thing that’s more all the rage these days than this AI hype, it’s warrantless spying by the Feds.… This article has been indexed from The Register – Security Read the…

Read more →

Tech used at King’s Coronation employs higher thresholds on once-only watch-lists, Met tells MPs The UK Parliament has heard that a facial recognition system used by the Metropolitan police during the King’s Coronation can exhibit racial bias at certain thresholds.……

Read more →

Defeating Volt Typhoon will be hard, because the attacks look like legit Windows admin activity China has attacked critical infrastructure organizations in the US using a “living off the land” attack that hides offensive action among everyday Windows admin activity.……

Read more →

File-stealing nasty in my Play store? Preposterous!!1 Google Play has been caught with its cybersecurity pants down yet again after a once-legit Android screen-and-audio recorder app was updated to include malicious code.… This article has been indexed from The Register…

Read more →

Now that’s a Rocky relationship The Philadelphia Inquirer has punched back at the Cuba ransomware gang after the criminals leaked what they said were files stolen from the newspaper.… This article has been indexed from The Register – Security Read…

Read more →

Ashley Liles altered blackmail emails in bid to make off with £300,000 in Bitcoin A former IT security analyst at Oxford Biomedica has admitted, five years after the fact, to turning to the dark side – by hijacking a cyber…

Read more →

They do your work – usually from Russia and China – then send their wages home to pay for missiles When businesses go shopping for IT services, North Korea-controlled companies probably struggle to make it into many lists.… This article…

Read more →

Took two years to tell us ‘small number of emails’ accessed Personal and financial data describing almost 1.9 million Apria Healthcare patients and employees may have been accessed by crooks who breached the company’s networks over a series of months…

Read more →

But don’t worry – we know it was deleted. Hmm. How would you know that? Dish Network has admitted that a February cybersecurity incident and associated multi-day outage led to the extraction of data on nearly 300,000 people, while also…

Read more →

It’s all in the name of national security as Trump-era collab continues in Project Texas TikTok, the social video platform used by around 150 million people in the US, is set to hand access to its source code, algorithm and…

Read more →

It’s all in the name of national security as Trump-era collab continues in Project Texas TikTok, the social video platform used by around 150 million people in the US, is set to hand access to its source code, algorithm and…

Read more →

FBI warns jobseekers to be very skeptical of working holidays in Cambodia The FBI has issued a warning about fake job ads that recruit workers into forced labor operations in Southeast Asia – some of which enslave visitors and force…

Read more →

US memory-maker forecasts single-digit revenue impact, and ongoing gloom in PC and smartmobe markets US memory-maker Micron has no idea why Chinese authorities have decided its products represent a security risk, or which customers it’s not allowed to sell to.……

Read more →

Tech support scammer among those targeted by recent crackdowns Uncle Sam announced its commenced over 4,000 legal actions in three months — mostly harshly worded letters — to rein in “money mules” involved in romance scams, business email compromise, and…

Read more →

Also, more OEM Android malware, Google’s bug reports (mostly) ditch CVEs, and this week’s critical vulns in brief  Google has settled another location tracking lawsuit, yet again being fined a relative pittance.… This article has been indexed from The Register…

Read more →

As for March megabreach? M&S and Guinness maker Diageo warn pension members about data risks The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an…

Read more →

Hear SANS cyber security experts share advice on how to defend your organization against the latest threats Sponsored Post  Cyber criminals never stop learning so nor should you. Fresh security hacks are being concocted and deployed every week, so it’s…

Read more →

Log files don’t lie and in this case one nasty incident spoke to a far deeper malaise Who, Me?  Wait? What? Is it Monday already? Not to fear, gentle readerfolk, for Uncle Reg is here with another instalment of Who,…

Read more →

Bet he didn’t expect these computer hacking charges An 18-year-old Wisconsin man has been charged with allegedly playing a central role in the theft of $600,000 from DraftKings customer accounts.… This article has been indexed from The Register – Security…

Read more →

Pro-Ukraine techie gets hard time A Russian IT worker accused of participating in pro-Ukraine denial of service attacks against Russian government websites has been sentenced to three years in a penal colony and ordered to pay 800,000 rubles (about $10,000). ……

Read more →

Question not whether UK police should use facial recog, but how, says surveillance chief Biometrics and surveillance camera commissioner Professor Fraser Sampson has warned that oversight of facial recognition is a risk just as the policing minister plans to “embed”…

Read more →

High school student and Amnesty International named among bug-finders Apple has issued a bushel of security updates and warned that three of the flaws it’s fixed are under active attack.… This article has been indexed from The Register – Security…

Read more →

You’ll want to patch these as proof-of-concept exploit code is out there already Cisco rolled out patches for four critical security vulnerabilities in several of its network switches for small businesses that can be exploited to remotely hijack the equipment.……

Read more →

Certificate-based authentication comes first and phones last Microsoft wants to take the decision of which multi-factor authentication (MFA) method to use out of the users’ hands and into its own.… This article has been indexed from The Register – Security…

Read more →

Cue the inevitable class action lawsuit PharMerica, one of the largest pharmacy service providers in the US, has revealed its IT systems were breached last month – and it’s feared the intruders stole personal and healthcare data belonging to more…

Read more →

Do it or don’t. We’re not cops. But the FBI are, and they have this to say The FBI and friends have warned organizations to “strictly limit the use of RDP and other remote desktop services” to avoid BianLian infections…

Read more →

Colchester City Council says it and others caught up in new incident, reckons benefits data of local citizens exposed Capita is facing criticism about its security hygiene on a new front after an Amazon bucket containing benefits data on residents…

Read more →

Did we forget about .pl, .sh and oh yeah, .com ? Comment  In early May, Google Domains added support for eight new top-level domains, two of which – .zip, and .mov – raised the hackles of the security community.… This…

Read more →

This crypto stuff is hard. Just ask Meta. Or just use Signal A new-ish messaging service that claims to put users’ privacy first has changed its tune – and the end-to-end encryption claims on its website – as well as…

Read more →

Qilin gang crims can earn up to 85 percent of extortion cash, or jail Business is very good for affiliates of the Qilin ransomware-as-a-service (RaaS) group, which is very bad for the rest of us.… This article has been indexed…

Read more →

Infecting cops’ computers is one way to put a target on your back The Feds have sanctioned a Russian national accused of using LockBit, Babuk, and Hive ransomware to extort a law enforcement agency and nonprofit healthcare organization in New…

Read more →

Not the first time Uncle Sam has had the wheels come off its IT systems A US Department of Transportation computer system used to reimburse federal employees for commuting costs somehow suffered a security breach that exposed the personal info…

Read more →

How you can streamline the auditing process while improving compliance and security Sponsored Post  Eminent US businessman Norman Ralph Augustine – who served as United States Under Secretary of the Army, as well as chairman and CEO of the Lockheed…

Read more →

Keeping files that mention ‘robot rental’ may not have been the best way to cover their tracks Police have arrested 69 people alleged to have used bots to book up nearly all of Spain’s available appointments with immigration officials, and…

Read more →

XCast knew it was breaking the law and didn’t hold back, watchdog says A VoIP provider was at the heart of billions of robocalls made over the past five years that broke a slew of US regulations, from enabling telemarketing…

Read more →

We’re all for encouraging people to squash bugs but this is an odd way to do it False alarm: despite a patch notes suggesting otherwise, that mysterious blob of microcode released for many Intel microprocessors last week was not a…

Read more →

Breaking news, literally A cyber “incident” stopped The Philadelphia Inquirer’s presses over the weekend, halting the Sunday edition’s print edition and shutting down the newspaper’s offices to staff until at least Tuesday.… This article has been indexed from The Register…

Read more →

PMFault – from the eggheads who brought you Plundervolt and Voltpillager Video  Presenting at Black Hat Asia 2023, two infosec researchers detailed how remote updates can be exploited to modify voltage on a Supermicro motherboard and remotely brick machines.… This…

Read more →

PMFault – from the researchers that brought you Plundervolt and Voltpillager Presenting at Black Hat Asia 2023, an infosec researcher detailed how remote updates can be exploited to modify voltage on a Supermicro motherboard and remotely brick machines.… This article…

Read more →

Microsoft blocking ‘net scripts sparked ‘monumental shift’ in attacks Microsoft’s decision to block internet-sourced macros by default last year is forcing attackers to find new and creative ways to compromise systems and deliver malware, according to threat researchers at Proofpoint.……

Read more →

Luckily, [REDACTED] was there to save the day Welcome once again to the horrors of Monday, dear reader. But fear not – The Register is here to cushion the blow of the working week’s resumption with a instalment of Who,…

Read more →

Smash and grab raids don’t leave time for careful encryption Ransomware actors aim to spend the shortest amount of time possible inside your systems, and that means the encryption they employ is shoddy and often corrupts your data. That in…

Read more →

Spectre-esque exploit figures out when interesting info might be in memory Black Hat Asia  Arm issued a statement last Friday declaring that a successful side attack on its TrustZone-enabled Cortex-M based systems was “not a failure of the protection offered…

Read more →

Also: 3D printing gun mods = jail time; France fines Clearview AI for ignoring fine; this week’s critical vulns, and more in brief  Japanese automaker Toyota has admitted yet again to mishandling customer data – this time saying it exposed…

Read more →

Maybe try carrier pigeons instead European police arrested three people in Belgrade described as “the biggest” drug lords in the Balkans in what cops are chalking up to another win in dismantling Sky ECC’s encrypted messaging app last year.… This…

Read more →

Let’s take a quick dive into Windows API Microsoft in March fixed an interesting security hole in Outlook that was exploited by miscreants to leak victims’ Windows credentials. This week the IT giant fixed that fix as part of its…

Read more →

And a $1.6m bill after that stretch in the cooler Nickolas Sharp has been sentenced to six years in prison and ordered to pay almost $1.6 million to his now-former employer Ubiquiti – after stealing gigabytes of corporate data from…

Read more →

And a $1.6m bill after Nickolas Sharp has been sentenced to six years in prison and ordered to pay almost $1.6 million to his former employer Ubiquiti – after stealing gigabytes of corporate data and then trying to extort almost…

Read more →

USS says burgled biz reckons data on 470,000 ‘active, deferred and retired’ members may have been accessed Universities Superannuation Scheme, the UK’s largest private pension provider, says Capita has warned that details of almost half a million members were held…

Read more →

USS says burgled Capita warns that data on 470,000 ‘active, deferred and retired’ pension members may have been accessed Universities Superannuation Scheme, the UK’s largest private pension provider, says Capita has warned that details of almost half a million members…

Read more →

Outsourcer asked to take ‘principled stance’ We hear Privacy International and a few other campaign groups set up camp outside Capita’s AGM in London yesterday protesting Capita’s involvement as an outsourcer in a UK government GPS tracking contract.… This article…

Read more →

But tribunal punts on whether data was intercepted in transit The UK’s National Crime Agency has partially won an important legal battle in a case that challenged the warrants used to obtain messages from cyber crook hangout EncroChat.… This article…

Read more →

In a weird way, we can blame this on AI being a better bet than blockchain India’s IT minister Rajeev Chandrasekhar will ask WhatsApp to explain what’s up, after the Meta-owned messaging service experienced a dramatic increase in spam calls.……

Read more →

HAVA go at breaking electronic ballot box security US voting machines would undergo deeper examination for computer security holes under proposed bipartisan legislation.… This article has been indexed from The Register – Security Read the original article: Let white-hat hackers…

Read more →