Category: The Register – Security

Senator Wyden warns full probe needed into vital comms network AT&T is “concealing vital cybersecurity reporting” about its FirstNet phone network for first responders and the US military, according to US Senator Ron Wyden (D-OR), who said the network had…

Read more →

When bragging about your job on Discord gets just a little out of hand? The FBI has detained a 21-year-old Air National Guardsman suspected of leaking a trove of classified Pentagon documents on Discord.… This article has been indexed from…

Read more →

Senator Wyden warns full probe needed AT&T is “concealing vital cybersecurity reporting” about its FirstNet phone network for first responders and the US military, according to US Senator Ron Wyden (D-OR), who said the network had been dubbed unsafe by…

Read more →

你好 [insert name], 我在 Ministry of Public Security 工作 [insert shakedown] Criminals posing as law enforcement agents of the Chinese government are shaking down Chinese nationals living the United States by accusing them of financial crimes and threatening to arrest…

Read more →

Tamping down risk in cloud management Webinar  There’s nothing like reading a report based on real world data to give IT teams an fresh sense of priority.… This article has been indexed from The Register – Security Read the original…

Read more →

As Mandiant finds more evidence it was North Korea wot done it The CEO of VoIP software provider 3CX has teased the imminent release of a security-focused upgrade to the company’s progressive web application client.… This article has been indexed…

Read more →

It’s not all doom and gloom because ML also amplifies defensive efforts, probably Bots like ChatGPT may not be able to pull off the next big Microsoft server worm or Colonial Pipeline ransomware super-infection but they may help criminal gangs…

Read more →

Pegasus, pssh, you so 2000-and-late Malware reportedly developed by a little-known Israeli commercial spyware maker has been found on devices of journalists, politicians, and an NGO worker in multiple countries, say researchers. … This article has been indexed from The Register…

Read more →

Plus Google, SAP, Adobe and Cisco emit fixes Microsoft patched 97 security flaws today for April’s Patch Tuesday including one that has already been found and exploited by miscreants attempting to deploy Nokoyawa ransomware.… This article has been indexed from…

Read more →

The default is that sharing is caring as Redmond admits: ‘These permissions could be abused’ A design flaw in Microsoft Azure – that shared key authorization is enabled by default when creating storage accounts – could give attackers full access…

Read more →

Plus: KFC, Pizza Hut owner spills more beans on ransomware hit… latest critical flaws… and more In Brief  More than 40 percent of surveyed IT security professionals say they’ve been told to keep network breaches under wraps despite laws and…

Read more →

Or whatever you managed to haggle with these miscreants If you want to sneak malware onto people’s Android devices via the official Google Play store, it may cost you about $20,000 to do so, Kaspersky suggests.… This article has been…

Read more →

How’s the saying go? $50m here, $50m there, pretty soon you’re talking real money The liquidators picking over the remains of FTX have released their first formal report into Sam Bankman-Fried’s imploded empire – and it somehow appears things are…

Read more →

Keep calm and install patches before abuse becomes widespread Apple rolled out patches on Good Friday to its iOS, iPadOS, and macOS operating systems and the Safari web browser to address vulnerabilities found by Google and Amnesty International that were…

Read more →

Great, more company for Stadia, Duo and pals in the graveyard Owners of Dropcam security cameras and Nest Secure systems have been given an unwelcome deadline from Google: their smart home products will be shut off April 8 next year.……

Read more →

Let’s play a game of legal and technical whack-a-mole Microsoft and Fortra are taking legal and technical actions to thwart cyber-criminals from using the latter company’s Cobalt Strike software to distribute malware.… This article has been indexed from The Register…

Read more →

How to build cyber resiliency in the face of complexity Sponsored Feature  Most economies and business sectors are dealing with extreme volatility and economic uncertainty. Even as the dislocation caused by the pandemic three years ago looked to be settling…

Read more →

1.5TB of databases, source code, BIOS tools said to be stolen Owners of MSI-brand motherboards, GPUs, notebooks, PCs, and other equipment should exercise caution when updating their device’s firmware or BIOS after the manufacturer revealed it has recently suffered a…

Read more →

Plus: Substack shanked by bitter Twitter? The chunk of internal source code Twitter released the other week contains a “shadow ban” vulnerability serious enough to earn its own CVE, as it can be exploited to bury someone’s account of sight…

Read more →

Netizens urged to disconnect kit after 40,000-plus devices found riddled with dumb bugs A handful of bugs in Nexx’s smart home devices can be exploited by crooks to, among other things, open doors, power off appliances, and disable alarms. More…

Read more →

WPA stands for will-provide-access, if you can successfully exploit a target’s setup A vulnerability identified in at least 55 Wi-Fi router models can be exploited by miscreants to spy on victims’ data as it’s sent over a wireless network.… This…

Read more →

Wrecking foreign infrastructure? But that’s Team America’s job! Register Kettle  Lately, we’ve learned of Russia’s stockpile of cyber-weapons, and we’re genuinely wondering if anyone’s surprised by these revelations.… This article has been indexed from The Register – Security Read the…

Read more →

Wrecking foreign infrastructure? But that’s Team America’s job! Register Kettle  Lately, we’ve learned of Russia’s stockpile of cyber-weapons, and we’re genuinely wondering if anyone’s surprised by these revelations.… This article has been indexed from The Register – Security Read the…

Read more →

It starts with a headlamp and fake smart speaker, and ends in an injection attack and a vanished motor Automotive security experts say they have uncovered a method of car theft relying on direct access to the vehicle’s system bus…

Read more →

ACRO says payment data safe, other info may have been snaffled ACRO, the UK’s criminal records office, is combing over a “cyber security incident” that forced it to pull its customer portal offline.… This article has been indexed from The…

Read more →

Luxury cars and designer duds don’t seem very prince of thieves Spanish cops have arrested a 19-year-old suspected of stealing records belonging to half a million taxpayers and developing a database to sell stolen information to other cyber criminals.… This…

Read more →

Feds managed to image entire backend server with full details The FBI today released additional information about its takedown of the Genesis Market, a major online shop for stolen account access credentials, revealing that they’d pwned the marketplace for at…

Read more →

Feds managed to image entire backend server with full details The FBI today released additional information about its takedown of the Genesis Market, a major online shop for stolen account access credentials, revealing that they’d pwned the marketplace for at…

Read more →

And you wouldn’t want that … would you? Microsoft is updating a service introduced last year that shifts the responsibility of patching Windows devices from IT admins to the vendor itself.… This article has been indexed from The Register –…

Read more →

Operation Cookie Monster crumbles stolen data-as-a-service vendor A notorious source of stolen credentials, genesis.market, has had its web site seized by the United States Federal Bureau of Investigations.… This article has been indexed from The Register – Security Read the…

Read more →

Some stitching required but it fools VirusTotal, after a few attempts A Forcepoint security researcher says he used ChatGPT to develop a zero-day exploit that bypassed detections when uploaded to VirusTotal. … This article has been indexed from The Register –…

Read more →

Thieves go nose-to-tail stripping cash from victims The US Department of Justice has seized cryptocurrency worth about $112 million from accounts linked to so-called pig butchering investment scams.… This article has been indexed from The Register – Security Read the…

Read more →

Some stitching required but it fools VirusTotal, after a few attempts A Forcepoint security researcher says he used ChatGPT to develop a zero-day exploit that bypassed detections when uploaded to VirusTotal. … This article has been indexed from The Register –…

Read more →

Some 1.4 million under-13s used the app in 2020 by the ICO’s estimates Fresh off the back of an embarrassing “grilling” by US Congress on national security grounds, TikTok has received a more concrete reprimand from the UK’s Information Commissioner’s…

Read more →

Blokes happily bluffed; women played it by the book, leaving the bank struggling to hire Australia’s Westpac bank re-wrote its job ads for infosec roles after finding the language it used deterred female candidates.… This article has been indexed from…

Read more →

Even a politician who visited China last week has binned the app Australia has joined the growing list of nations that have decided TikTok represents an unacceptable risk when running on government-owned devices, so has decided not to allow it…

Read more →

We speak to the boffins behind latest trick to fool Google Assistant, Cortana, Alexa Academics in the US have developed an attack dubbed NUIT, for Near-Ultrasound Inaudible Trojan, that exploits vulnerabilities in smart device microphones and voice assistants to silently…

Read more →

Never mind software supply chain attacks, lawyers are the new soft target? Uber has had more of its internal data stolen from a third party that suffered a security breach. This time, the personal info of the app’s drivers was…

Read more →

Tactical#Octopus: Don’t let users click on that zip file The last few days of America’s tax season are stressful enough, dealing with deadlines and, increasingly, online scams. Now comes another one, a sophisticated and ongoing phishing campaign by a threat…

Read more →

Staff regain access to Microsoft apps, tech outsourcer still working to restore services for some Capita – everyone’s favorite outsourcing badass – is still working to restore services for some customers after admitting the IT outage of certain services on…

Read more →

Staff regain access to Microsoft apps but biz still working to restore services for some Capita – everyone’s favorite outsourcing badass – is still working to restore services for some customers after admitting the IT outage of certain services on…

Read more →

How to implement robust secret and identity management Webinar  Keeping digital authentication credentials safe is a highly sensitive task in an ever-evolving IT landscape, made more difficult when you consider the ongoing shift from static to dynamic applications aligned with…

Read more →

Thinks information from internal systems ‘obtained’ by 3rd party, unsure of nature or scope data Western Digital is today dealing with a “network security incident” after detecting a break-in into its internal systems by an unauthorized third party.… This article…

Read more →

‘It’s not unusual for VoIP apps’ says CEO The CEO of VoiP software provider 3CX said his team tested its products in response to recent alerts notifying it of a supply chain attack, but assessed reports of a malware infestation…

Read more →

To scupper scams, account-holders must hand over personal info or else Almost two million mobile phone subscribers in Vietnam are at risk of having their services severed, thanks to a new government policy that seeks to curb spam.… This article…

Read more →

ALSO: DJI forgets the ‘B’ in ‘BCC,’ and this week’s critical known exploits In Brief  The principal of a Florida science and technology charter school has resigned after allegedly writing a $100,000 check to an Elon Musk impersonator using school…

Read more →

If the price looks too good to be true, it probably is Ukrainian cops have arrested two suspects and detained 10 others for their alleged roles in a cybercrime gang that used phishing scams and phony online marketplaces to steal…

Read more →

Who watches the watchmen? The Office of the Inspector General Back in July 2020, then New York City Mayor Bill de Blasio signed the Public Oversight of Surveillance Technology (POST) Act into law, which required the New York Police Department…

Read more →

Juicy private sector job vs … money off a season travel ticket Given the importance of the Treasury department’s function to Britain, Reg readers might expect the Head of Cyber Security vacancy currently being advertised would come with a salary…

Read more →

‘Serious breach of trust’ says ICO, ‘stakes too high’ for mistakes in cases like this In a classic email snafu NHS Highland sent messages to 37 patients infected with HIV and inadvertently used carbon copy (CC) instead of Blind Carbon…

Read more →

Winter is coming for NATO countries A cyber spy gang supporting Russia is targeting US elected officials and their staffers, in addition to European lawmakers, using unpatched Zimbra Collaboration software in two campaigns spotted by Proofpoint.… This article has been…

Read more →

Snowden-esque ‘Vulkan’ dossier links Moscow firm to FSB, GRU, SRV An unidentified whistleblower has provided several media organizations with access to leaked documents from NTC Vulkan – a Moscow IT consultancy – that allegedly show how the firm supports Russia’s…

Read more →

‘BingBang’ boo-boo affected other internal Microsoft apps, too An Azure Active Directory (AAD) misconfiguration by Microsoft in one of its own cloud-hosted applications could have allowed miscreants to subvert the IT giant’s Bing search engine – even changing search results.……

Read more →

‘BingBang’ boo-boo affected other internal Microsoft apps, too A misconfiguration in Microsoft’s Azure Active Directory (AAD) could have allowed miscreants to subvert Microsoft’s Bing search engine – even changing search results. User information including Outlook emails, calendars and Teams messages…

Read more →

Malicious toolkit targets misconfigured hosts in AWS and Office 365 A fast-evolving toolkit that can be used to compromise email and web hosting services represents a disturbing evolution of attacks in the cloud, which for the most part have previously…

Read more →

Miscreants hit downstream customers with infostealers Two security firms have found what they believe to be a supply chain attack on communications software maker 3CX – and the vendor’s boss is advising users to switch to the progressive web app…

Read more →

If you need extra time to dump RPS, OK, but email from unsupported Exchange servers is blocked till they’re up to date Some Exchange Online users who have the RPS feature turned off by Microsoft can now have it re-enabled…

Read more →

Securing your business against BEC Webinar  Business email compromise (BEC) is possibly the worst of cybercrimes because it abuses trust. It feeds on relationships carefully nurtured over decades and erodes a confidence which is foundational to cooperation, and progress.… This…

Read more →

How someone can nab buffered info, by hook or by kr00k Ambiguity in the Wi-Fi specification has left the wireless networking stacks in various operating systems vulnerable to several attacks that have the potential to expose network traffic.… This article…

Read more →

Mandiant identifies ‘moderately sophisticated’ but ‘prolific’ APT43 as global menace Google Cloud’s recently acquired security outfit Mandiant has named a new nasty from North Korea: a cyber crime gang it calls APT43 and accuses of a five-year rampage.… This article…

Read more →

‘Intel inside’ a suspiciously baggy t-shirt gave the game away, as did a truckload of parts International Talk Like a Pirate Day is still months away – circle September 19th on your calendar, me hearties! – but The Register has…

Read more →

Beware of third party downloads Clipboard-injector malware disguised as Tor browser installers has been used to steal about $400,000 in cryptocurrency from nearly 16,000 users worldwide so far in 2023, according to Kaspersky researchers.… This article has been indexed from…

Read more →

Those hoping to use nefarious websites like, er, Zoom are overrun by alerts. Redmond ‘investigating’ Microsoft’s at-times-glitchy Defender service is again causing headaches for IT admins by flagging legitimate URLs as malicious.… This article has been indexed from The Register…

Read more →

Digital Market Act interoperability requirement a social challenge as well as a technical one By March 2024, instant messaging and real-time media apps operated by large tech platforms in Europe will be required to communicate with other services, per the…

Read more →

Court gives him new rules: Use one laptop, while living with the ‘rents. US authorities have charged FTX co-founder Sam Bankman-Fried (aka SBF) with attempting to bribe Chinese officials with $40 million worth of cryptocurrency in exchange for unfreezing trading…

Read more →

So why would you handle them on your own? Sponsored Feature  Ransomware may currently be the biggest bogeyman for cybersecurity pros, law enforcement, and governments, but it shouldn’t divert us from more traditional, but still very disruptive threats.… This article…

Read more →

It’s a juicy market that welcomes foreign investment, National development boss reminds Tim Cook Senior Chinese government officials have urged Apple CEO Tim Cook to improve the security and privacy features of his company’s products.… This article has been indexed…

Read more →

Issue identified in February but owners of older kit weren’t warned Happy belated Patch Tuesday from Cupertino: Apple has issued security updates for almost every piece of code it slings – including a fix for a vulnerability in older iOS…

Read more →

Issue identified in February but owners of older kit weren’t warned Happy belated Patch Tuesday from Cupertino: Apple has issued security updates for almost every piece of code it slings – including a fix for a vulnerability in older iOS…

Read more →

Starting to see a pattern here? Google Chat histories handed over by the web giant in ongoing Android antitrust litigation reveal the biz has been systematically destroying evidence, according to those suing the big G.… This article has been indexed…

Read more →

Executive Order has loopholes for government spyware or American-made commercial spyware US president Joe Biden on Monday issued an Executive Order on Prohibition on Use by the United States Government of Commercial Spyware that Poses Risks to National Security –…

Read more →

In addition to $100k given to LockBit New York law firm Heidell, Pittoni, Murphy and Bach (HPMB) has agreed to pay $200,000 to settle a data-breach lawsuit related to the now-notorious Hafnium Microsoft Exchange attacks that siphoned sensitive data from…

Read more →

Plus OIG finds Uncle Sam fibbed over Login.gov In brief  A team of hackers from French security shop Synacktiv have won $100,000 and a Tesla Model 3 after subverting the Muskmobile’s entertainment system, and from there opening up the car’s…

Read more →

ByteDance with the devil if you dare Opinion  As country after country bans TikTok from official systems, it’s fair to ask what’s so dodgy about a social network filled with dance crazes, makeup advice and cats.… This article has been…

Read more →

Not a headline we expected to write today American cybersecurity officials have released an early-warning system to protect Microsoft cloud users.… This article has been indexed from The Register – Security Read the original article: CISA unleashes Untitled Goose Tool…

Read more →

Getting connection failures? Don’t panic. Get new keys GitHub has updated its SSH keys after accidentally publishing the private part to the world. Whoops.… This article has been indexed from The Register – Security Read the original article: GitHub publishes…

Read more →

Getting connection failures? Don’t panic. Get new keys Github has updated its SSH keys after accidentally publishing the private part to the world. Whoops.… This article has been indexed from The Register – Security Read the original article: Github publishes…

Read more →

Liberté, égalité, reconnaissance faciale for all Despite the opposition of 38 civil society groups, the French National Assembly has approved the use of algorithmic video surveillance during the 2024 Paris Olympics.… This article has been indexed from The Register –…

Read more →

‘Hunt forward’ teams of this sort aid with defense and learn how attackers like Tehran operate US Cyber Command operators have confirmed they carried out an online defensive mission in Albania, in response to last year’s cyber attacks against the…

Read more →

Security researchers find bugs, big and small, in every industrial box probed Devices used in critical infrastructure are riddled with vulnerabilities that can cause denial of service, allow configuration manipulation, and achieve remote code execution, according to security researchers.… This…

Read more →

Protection from business email compromise Webinar  In the distant past, a master forger with a quill could fake a signature on the end of a letter but at least then you had time to consider the potential for fraud before…

Read more →

Terminal maker General Bytes shutters its cloud business after second breach in seven months Unidentified miscreants have siphoned cryptocurrency valued at more than $1.5 million from Bitcoin ATMs by exploiting an unknown flaw in digicash delivery systems.… This article has…

Read more →

All aboard the chatbot hype train! Next stop: Fraud Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies – but not before more than 9,000 users installed the account-compromising bot.… This article has been indexed…

Read more →

Didn’t disclose payments as mastermind pumped up value of tokens with fake trades Eight very B-list celebrities have agreed to cough up fines after being accused of shilling a cryptocurrency without disclosing they were paid to do so, while the…

Read more →

Didn’t disclose payments as mastermind pumped up the value of tokens with fake trades Eight very B-list celebrities have been fined for shilling a cryptocurrency without disclosing they were paid to do so, while the chap who paid them has…

Read more →

British American Tobacco, Samsung, also burgered up their infosec South Korea’s Personal Information Protection Commission has fined McDonald’s, British American Tobacco, and Samsung for privacy breaches.… This article has been indexed from The Register – Security Read the original article:…

Read more →

Maybe this is deserved given the problem’s in a hidden telnet service Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers – including one critical command execution vulnerability. … This article has been indexed from The Register – Security…

Read more →

Now that’s a flash bang Police in Ecuador are investigating attacks on media organizations across the country after a journalist was injured by an exploding USB flash drive.… This article has been indexed from The Register – Security Read the…

Read more →

Country’s super strong data rights under magnifying glass after half a dozen complaints filed Remember the Who Targets Me browser extension from privacy activists at Noyb? The group yesterday filed explosive complaints based on log records from the extension that…

Read more →

If this is Kyiv’s work, Russia can Crimea river A cyber espionage campaign targeting organizations in Russian-occupied regions of Ukraine is using novel malware to steal data, according to Russia-based infosec software vendor Kaspersky.… This article has been indexed from…

Read more →

CERT-In was told its six-hour notification requirement was a bad idea – now it knows just how bad India’s rules requiring local organizations to report infosec incidents within six hours of detection have been observed by a mere 15 entities/……

Read more →

Admins decide reviving crime-mart is dangerous, hint at new chapter BreachForums has reportedly shut down for good, just days after US authorities arrested the online criminal marketplace’s alleged chief administrator.… This article has been indexed from The Register – Security…

Read more →

‘Technological sovereignty is the key to sustainability’ states Russian despot Russian president Vladimir Putin and his Chinese counterpart Xi Jinping have set themselves the goal of dominating the world of information technology.… This article has been indexed from The Register…

Read more →

Admins decide reviving crime-mart is dangerous, hint at revival BreachForums has reportedly shut down for good, just days after US authorities arrested the online criminal marketplace’s alleged chief administrator.… This article has been indexed from The Register – Security Read…

Read more →

And Google Cloud is next Microsoft has torn the wraps off its multi-cloud security benchmark (MCSB), which replaces the four-year-old Azure Security Benchmark. Crucially, as the name suggests, it now has usage and configuration guidance that reaches into rival environments.……

Read more →

Beware of Greeks bearing GIFs Meta’s former security policy manager, who split her time between the US and Greece, is reportedly suing the Hellenic national intelligence service for hacking her phone.… This article has been indexed from The Register –…

Read more →

April Fools should use Russian or Chinese tech instead Kermlin advises Advisors and staff to Russia’s maximum leader have been told to ditch their iPhones by the end of the month. Or, for those who don’t want to throw their…

Read more →

Alleges it’s infected with malware – but not the version in its own digital tat bazaar Google has suspended Chinese shopping app Pinduoduo from its Play store because versions of the software found elsewhere have included malware.… This article has…

Read more →

Latitude blames a ‘major vendor’ for its woes. Is that a vendor? A cloud? Whoever they are, they’re in trouble Latitude Financial has blamed a supplier for leaking creds that caused vast PII leak Australian outfit Latitude Financial has taken…

Read more →

Speeds away from the very suggestion it would ever pay a ransom Italian auto-maker Ferrari has warned its well-heeled customers that their personal data may be at risk.… This article has been indexed from The Register – Security Read the…

Read more →