Category: The Register – Security

Crypto laundering service gets cleaned up by police and SVB mess draws in more criminals In Brief  A man accused of being the head of one of the biggest criminal online souks, BreachForums, has been arrested in Peekskill, New York.……

Read more →

ALSO: Japan ends chip supply crimp on South Korea, APAC infosec spending surges; Philippines SIM registration stalls Asia In Brief  ByteDance, the Chinese developer of TikTok, “can no longer be accurately described as a private enterprise” and is instead intertwined…

Read more →

No good deed goes unpunished, or something like that The BianLian gang is ditching the encrypting-files-and-demanding-ransom route and instead is going for full-on extortion.… This article has been indexed from The Register – Security Read the original article: BianLian ransomware…

Read more →

At the very least, with other costs on top A Florida healthcare group has settled a class-action lawsuit after thieves stole more than 447,000 patients’ names, Social Security numbers, and sensitive medical information, from its servers.… This article has been…

Read more →

Four flaws open mobiles, cars to remote-control at baseband level with just a phone number Google security analysts have warned Android device users that several zero-day vulnerabilities in some Samsung chipsets could allow an attacker to completely hijack and remote-control…

Read more →

Gadget maker accused of ‘corporate voyeurism’ by gathering up footage against your wishes A lawsuit filed against eufy security cam maker Anker Tech claims the biz assigns “unique identifiers” to the faces of any person who walks in front of…

Read more →

This one has it all: Donald Trump’s inner circle, a Beijing bot backlash, conspiracy theories, and more Meet the newest member of the crypto rogues’ gallery: Ho Wan Kwok, aka Guo Wengui, aka Miles Guo, whom the US Department of…

Read more →

Looks to be the same baddies attacking VMware hypervisors last year Suspected Chinese spies have exploited a critical Fortinet bug, and used custom networking malware to steal credentials and maintain network access, according to Mandiant security researchers.… This article has…

Read more →

SBF alone pocketed $2.2B, or so this bankruptcy paperwork goes In fresh filings in the FTX bankruptcy case, the cryptocurrency-exchange-slash-hedge-fund’s liquidators say they’ve uncovered $3.2 billion (£2.6b) in payments and loans made to disgraced FTX founder Sam Bankman-Fried and his inner…

Read more →

Kaspersky cracks the code, so get busy before the next update comes Good news for ransomware victims: Kaspersky security researchers say they’ve cracked the Conti ransomware code and released a decryptor tool after uncovering leaked data belonging to the notorious…

Read more →

Gov staff using it on personal mobes just fine… it’s not like ministers use WhatsApp etc for business … oh wait The United Kingdom government has banned use of Chinese social media platform TikTok among ministers and officials on their…

Read more →

Why patching matters: Everyone seemingly had a crack at security bug Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency’s Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug…

Read more →

Victim offered two years of credit monitoring after highly sensitive records dumped online A cancer patient whose nude medical photos and records were posted online after they were stolen by a ransomware gang, has sued her healthcare provider for allowing…

Read more →

Victim offered two years of credit monitoring for ransomware exposure A cancer patient whose nude treatment photos and medical records were posted online after they were stolen in a ransomware attack, has sued the healthcare provider for allowing a “preventable”…

Read more →

Teen arrested yesterday while another man suspected of being a ViLE crime group member still ‘at large’ A 19-year-old suspected of belonging to the “ViLE” crime group told a man authorities think is in the same gang that he “jacked…

Read more →

Phishing, dodgy domain names, and sophisticated attacks already deployed The collapse of Silicon Valley Bank (SVB) late last week sent tremors through the global financial system, creating opportunities for short-sellers … and numerous species of scammer.… This article has been…

Read more →

Outgoing president alleges Beijing is systematically bullying strategically located island paradise The outgoing president of the Federated States of Micronesia (FSM), David Panuelo, penned a lengthy letter last week accusing Beijing of rampant bribery, spying and other tactics – including…

Read more →

The outlook is grim for Outlook – and SAP, Adobe. Android, and Chrome – so get ready for a long update party Patch Tuesday  Microsoft’s March Patch Tuesday includes new fixes for 74 bugs, two of which are already being…

Read more →

The outlook is grim for Outlook – and SAP, Adobe. Android, and Chrome – so get ready for a long patch party Microsoft’s March Patch Tuesday includes new fixes for 74 bugs, two of which are already being actively exploited,…

Read more →

Not-so-smart SmartScreen flagged up by Googlers Criminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google’s Threat Analysis Group (TAG).… This article has…

Read more →

Different CVE, same root security problem Criminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google’s Threat Analysis Group (TAG).… This article has…

Read more →

A threat that needs two orgs to tackle it: the ‘Integrated Security Fund’ and the ‘National Protective Security Agency’ Britain’s domestic intelligence service MI5 will oversee a new agency tasked with helping local organizations combat Chinese cyber-spies and other threats]……

Read more →

And also, Ring hit with ransomware, too? Ransomware gang Lockbit has boasted it broke into Maximum Industries, which makes parts for SpaceX, and stole 3,000 proprietary schematics developed by Elon Musk’s rocketeers.… This article has been indexed from The Register…

Read more →

Names, addresses, SSNs all up for grabs Medical device and software maker Zoll Medical says the personal and health information of more than a million people, including patients and employees, may have been stolen by crooks in January.… This article…

Read more →

Americans’ names, addresses, and SSNs slurped Medical device and software maker Zoll Medical says the personal and health information of more than a million people, including patients and employees, were exposed in a data heist in late January.… This article…

Read more →

Also, the FBI just admitted to bypassing warrants by buying cellphone location data, and this week’s actionable items in brief  Cybersecurity and Infrastructure Security Agency’s director Jen Easterly has been outspoken in her drive to bring more women into the…

Read more →

Any sufficiently stupid technology is indistinguishable from magical thinking Opinion  Around the world, a vital technology is failing. Just as massive solar flares fry satellites and climate-change superstorms overwhelm flood defences, so a new surge of ridiculous IT-related events is…

Read more →

Ensuring cybersecurity defences do more with less Webinar  It’s like living in a fever dream out there in the world of cybersecurity. More and more sophisticated attacks, a tsunami of solutions offering a gilt-edged escape from the need to constantly…

Read more →

Times have changed and unwanted software on Windows is a rarity (unless you count Windows itself) Google is bidding adieu to an application that enabled Chrome users on Windows systems to get rid of unwanted software.… This article has been…

Read more →

File under cost of doing business Blackbaud has agreed to pay $3 million to settle charges that it made misleading disclosures about a 2020 ransomware infection in which crooks stole more than a million files on around 13,000 of the…

Read more →

Singapore’s central bank has a gloomy vision of the future According to the Monetary Authority of Singapore (MAS), trade barriers between US and China have resulted in geoeconomic fragmentation and will likely result in slower global growth and higher inflation.……

Read more →

Religious non-profit allegedly hoovered up location data from dating apps to ID clerics A Catholic clergy conformance organization has reportedly been buying mobile app tracking data to identify gay priests, and providing that information to bishops around the US.… This…

Read more →

Religious non-profit allegedly acquired location data from clerics’ dating apps A Catholic clergy conformance organization has reportedly been buying mobile app tracking data to identify gay priests, and providing that information to bishops around the US.… This article has been…

Read more →

Malware-seekers were diverted to the Feds, severing a Croatian connection International law enforcement agencies have claimed another victory over cyber criminals, after seizing the website, and taking down the infrastructure operated by crims linked to the NetWire remote access trojan…

Read more →

Tells folks not to worry, it was very old and boring data AT&T has confirmed that miscreants accessed nine million of its wireless customers’ accounts after one of its vendor’s networks suffered a security failure in January.… This article has…

Read more →

Data for sale via dark web, Senate in line of fire, too Health data and other personal information of members of Congress and staff were stolen during a breach of servers run by DC Health Care Link and are now…

Read more →

Notorious botnet starts spamming again after a three-month pause Emotet is back. After another months-long lull since a spate of attacks in November 2022, the notorious malware operation that has already survived a law enforcement takedown and various periods of…

Read more →

They’ve been lurking in networks since at least 2021 Suspected Chinese cyber criminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant.… This article has been…

Read more →

Clock is ticking for TikTok and other foreign natter-ware On Tuesday a bipartisan group of a dozen US senators introduced a bill to authorize the Commerce Department to ban information and communications technology products and services deemed threats to national…

Read more →

China and Russia won’t be jammin’ US sats no more Boeing said on Tuesday its anti-jam ground-based satellite communications system had passed the necessary tests to validate it for use in the U.S. Space Force’s Pathfinder program.… This article has…

Read more →

Workaround: Throw away kit? Hope there’s a patch? If you’re still using post-support DrayTek Vigor routers it may be time to junk them, see if they can be patched, or come up with some other workaround, as a cunning malware…

Read more →

Customer info safe, or so we’re told Acer has confirmed someone broke into one of its servers after a miscreant put up for sale a 160GB database of what’s claimed to be the Taiwanese PC maker’s confidential information.… This article…

Read more →

Workaround: Throw away kit? If you’re still using post-support DrayTek Vigor routers it may be time to junk them, or come up with some other workaround, as a cunning malware variant is setting up shop in the kit.… This article…

Read more →

Who needs deepfakes when you’ve got makeup and ‘element of surprise’? Pro-Russian scammers using social engineering and impersonation to trick prominent western commentators into conducting recorded video calls have kicked these campaigns “into high gear” over the past 12 months,…

Read more →

Don’t let miscreants poison the wells The US government is requiring states to assess the cyber security capabilities of their drinking water systems, part of the White House’s broader efforts to protect the nation’s critical infrastructure from attacks by nation-states…

Read more →

Don’t let miscreants poison the wells The US government is requiring states to assess the cybersecurity capabilities of their drinking water systems, part of the White House’s broader efforts to protect the nation’s critical infrastructure from attacks by nation-states and…

Read more →

Millions extorted from victims, one attack left hospital patient dead German and Ukrainian cops have arrested suspected members of the DoppelPaymer ransomware crew and issued warrants for three other “masterminds” behind the global operation that extorted tens of millions of…

Read more →

Also, Royal ransomware metastasizes to other critical sectors, and this week’s critical vulnerabilities In Brief  If you can’t join them, then you may as well try to beat them – at least if you’re a talented security engineer looking for…

Read more →

Investigations ‘at risk’ from sloppy surveillance uncovered by audit probe The US Secret Service and Immigration and Customs Enforcement (ICE) agencies have failed to follow the law and official policy regarding the use of cell-site simulators, according to a government…

Read more →

‘Understanding your inventory is absolutely No. 1’ he tells The Reg SCSW  On a scale of 1 to 10, 10 being the highest risk, Snap Chief Information Security Officer Jim Higgins rates software supply chain risk “about 9.9″… This article…

Read more →

Last chance to film yourself doing a ByteDance, in the US and abroad The White House has ordered all federal government employees to delete TikTok from work devices, over fears the video-sharing app could be used to spy on Americans. ……

Read more →

Feds propose $7.8M payment and ban on revealing ‘sensitive’ data to settle complaint Even if you don’t know anyone who has used BetterHelp’s services, podcast fans will recognize it from its annoying adverts for its online therapists. American regulators, however,…

Read more →

Who apart from Microsoft is happy with the ship now, oh just fix it later approach? SCSW  What’s more dangerous than Chinese spy balloons? Unsafe software and other technology products, according to America’s Cybersecurity and Infrastructure Agency (CISA) Director Jen…

Read more →

Crime-as-a-service vendors mix and match components as needed by client A malicious package discovered in the Python Package Index (PyPI) is the latest example of what threat hunters from Kroll called the continued “democratization of cybercrime,” with the bad guys…

Read more →

Just-revealed US cybersecurity strategy ‘has fangs’ for catching crafty criminals and crummy coders Analysis  Technology providers can expect more regulations, while cyber criminals can look for US law enforcement to step up their efforts to disrupt ransomware gangs and other…

Read more →

Just-revealed US cybersecurity strategy ‘has fangs’ for catching crafty criminals and crummy coders Analysis  Technology providers can expect more regulations, while cyber criminals can look for US law enforcement to step up their efforts to disrupt ransomware gangs and other…

Read more →

Industry hasn’t ‘improved much at all’ SCSW  Back in 2020, Eric Scales led the incident response team investigating a nation-state hack that compromised his company’s servers along with those at federal agencies and tech giants including Microsoft and Intel.… This…

Read more →

Proposal to break encryption to scan messages for abuse material challenged as illegal and unworkable Europe’s proposed “Chat Control” legislation to automatically scan chat, email, and instant message communications for child sexual exploitation material (CSEM) ran up against broad resistance…

Read more →

Outlawing cybersecurity hype Webinar  Trying to keep on top of all the hype and complexity in cybersecurity can be more than an just an uphill struggle and more like a veritable mountain to climb every morning.… This article has been…

Read more →

Just-revealed US cybersecurity strategy ‘has fangs’ for catching crafty criminals and crummy coders Analysis  Technology providers can expect more regulations, while cyber criminals can look for US law enforcement to step up their efforts to disrupt ransomware gangs and other…

Read more →

With great speed comes great insecurity SCSW  CI/CD over the past decade has become the cornerstone of modern software development.… This article has been indexed from The Register – Security Read the original article: CI/CD: Necessary for modern software development,…

Read more →

Less than a year after Funky Pigeon leaked data of greetings cards biz Less than a year after its online greetings card subsidiary Funky Pigeon was attacked, WH Smith has admitted someone broke into its systems.… This article has been…

Read more →

Less than a year after Funky Pigeon leaked data of greetings cards biz Less than a year after its online greetings card subsidiary Funky Pigeon was attacked, WH Smith has admitted someone broke into its systems.… This article has been…

Read more →

Less than a year after Funky Pigeon sprayed details of greetings cards biz Less than a year after its online greetings card subsidiary Funky Pigeon was attacked, WH Smith has admitted someone broke into its systems.… This article has been…

Read more →

Infosec also needs to widen its tlent pool or miss out Interview  It’s a tough economy to ask for a bigger security team or larger budget to buy technology to protect against cyberattacks. … This article has been indexed from The…

Read more →

The myth ‘is now a reality’ BlackLotus, a UEFI bootkit that’s sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature…

Read more →

DLL side-loading does the trick, again Cybercriminals are disguising the PlugX remote access trojan as a legitimate open-source Windows debugging tool to evade detection and compromise systems.… This article has been indexed from The Register – Security Read the original…

Read more →

Personal Gmail users still out of luck Google continued its client-side encryption rollout, the feature generally available to some Gmail and Calendar users who can now send and receive encrypted messages and meeting invites.… This article has been indexed from…

Read more →

Last chance to film yourself doing a ByteDance, in the US and abroad The White House has ordered all federal government employees to delete TikTok from work devices, over fears the video-sharing app could be used to spy on Americans. ……

Read more →

Who apart from Microsoft is happy with the ship now, oh just fix it later approach? What’s more dangerous than Chinese spy balloons? Unsafe software and other technology products, according to America’s Cybersecurity and Infrastructure Agency (CISA) Director Jen Easterly.……

Read more →

Outage-hit telco still won’t confirm ransomware infection, or if it’s paying up Dish has confirmed what everyone was suspecting, given the ongoing downtime experienced by some of its systems, that the US telco was hit by criminal hackers.… This article…

Read more →

Settles lawsuit with two states after wider leak that affected millions A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on…

Read more →

All the news that’s fit to pwn The miscreants who infiltrated News Corporation’s corporate IT network spent two years in the media monolith’s system before being detected early last year.… This article has been indexed from The Register – Security…

Read more →

Not that we’re urging them to try harder or anything A series of distributed-denial-of-service (DDoS) attacks shut down nine Danish hospitals’ websites for a few hours on Sunday, but did not have any life-threatening impact on the medical centers’ operations…

Read more →

It’s not just another data breach when the victim oversees witness protection programs The US Marshals Service, the enforcement branch of the nation’s federal courts, has admitted to a “major” breach of its information security defenses allowed a ransomware infection…

Read more →

Chainguard CEO explains how to secure code given crims know to poison it at the source SCSW  The vast majority of off-the-shelf software is composed of imported components, whether that’s open source libraries or proprietary code. And that spells a…

Read more →

Teams ‘hard at work’ and all of that US telco Dish said it is investigating a multi-day network “issue” that knocked some of its systems offline, leaving customers stranded from the web.… This article has been indexed from The Register…

Read more →

Many foreign companies had already given up – now there’s more red tape Starting in June, companies operating in China must undergo a regulatory intervention when sending data abroad, thanks to the Cyberspace Administration of China (CAC).… This article has…

Read more →

Also, don’t download that ‘ChatGPT Windows client,’ and this week’s critical vulnerabilities to keep an eye on In brief  A Russian national has been hit with a five-count indictment alleging he smuggled hardware and software used for counterintelligence operations out…

Read more →

Software giant takes some files and processes off the exclusion list Microsoft is recommending that Exchange server users scan certain objects for viruses and other threats that until now had been excluded.… This article has been indexed from The Register…

Read more →

Beware the Dark Side Dutch police have arrested three men for their alleged involvement with a ransomware gang that stole sensitive data and extorted hundreds of thousands of euros from thousands of companies.… This article has been indexed from The…

Read more →

Ten cities panic after emergency systems start Putin out warnings of an impending attack Millions of Russians in almost a dozen cities throughout the country were greeted Wednesday morning by radio alerts, text messages, and sirens warning of an air…

Read more →

$50k buys you ‘1,000 unique repositories’ that may or may not be legit Canadian communications giant Telus is investigating whether crooks have stolen employee data and its source code, all of which is being offered for sale on a criminal…

Read more →

rm -rf’ing staff chat logs can’t go unpunished, says Uncle Sam The US Department of Justice (DoJ) asked the judge hearing its antitrust case against Google to sanction the search advertising giant for destruction of evidence.… This article has been…

Read more →

Don’t blame the kids! Ex-city employee charged with $17k power theft Pics  A Massachusetts man accused of using his job as a city’s assistant facilities director to hide a cryptocurrency mining operation in the crawlspace of a school has surrendered…

Read more →

Cyber Europe cyber worried about cyber threats, doesn’t cyber use the other C word (China) The European Commission on Thursday banned the use of the TikTok short video app on corporate devices and on the personal devices of employees enrolled…

Read more →

There’s no HumOR in cyberattacks At last year’s Ignite show, Microsoft talked up a capability in its 365 Defender that automatically detects and disrupts a cyberattack while still in progress, hopefully stopping or reducing any resulting damage. Now it’s extending…

Read more →

Study: Old pacts ditched the moment Moscow moved in The so-called “brotherhood” or Russian-speaking cybercriminals is yet another casualty of the war in Ukraine, albeit one that few outside of Moscow are mourning.… This article has been indexed from The…

Read more →

Dariy Pankov accused of infiltrating systems, selling tool and passwords to other miscreants A Russian national accused of developing the NLBrute brute-force hacking tool has made his first court appearance this week in Florida over accusations that he used the…

Read more →

Yes, we have no bananas, and things aren’t looking peachy on the salad front Irish agricultural megacorp Dole has confirmed that it has fallen victim to a ransomware infection that reportedly shut down some of its North American production plants.……

Read more →

Fake donors allegedly padded politicians’ pockets, both Republican and Democrat FTX founder Sam Bankman-Fried’s eight-count indictment related to the collapse of his crypto empire has been superseded by a new 12-count indictment unsealed in New York which provide graphic details…

Read more →

AWS, Google and Oracle may benefit as Microsoft blames the Pentagon and the Pentagon blames Microsoft A hole in a Department of Defense email server operated by Microsoft left more than a terabyte of sensitive data exposed less than a…

Read more →

Infiltrators tried to create fake remote hands tasks, alter visitor lists Criminals have targeted datacenter operators in Singapore and China, tapping into their CCTV cameras, accessing their tenant lists and then attacking those customers.… This article has been indexed from…

Read more →

Ten cities panic after emergency systems start Putin out warnings of an impending attack Millions of Russians in almost a dozen cities throughout the country were greeted Wednesday morning by radio alerts, text messages, and sirens warning of an air…

Read more →

Infiltrators tried to create fake remote hands tasks, alter visitor lists Criminals have targeted datacenter operators in Singapore and China, tapping into their CCTV cameras, accessing their tenant lists and then attacking those customers.… This article has been indexed from…

Read more →

Did the financial watchdog just do the impossible and herd cats? More than 80 law firms say they are “deeply troubled” by the US Securities and Exchange Commission’s demand that Covington & Burling hand over names of its clients whose…

Read more →

While app development is faster and easier, security is still a concern Analysis  Open source components play an increasingly central role in the software development scene, proving to be a boon in a time of continuous integration and deployment, DevOps,…

Read more →

Settles lawsuit with two states after wider leak that affected millions A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on…

Read more →

SANS Institute ramps up delivery of new security training courses to help keep info sec pros ahead of cyber criminals Sponsored Post  The global impact of cyber threats on businesses, governments, organisations and individuals around the world is ramping up…

Read more →

Blame it on phone number recycling (yes, that’s a thing, too) A stranger may be receiving your private WhatsApp messages, and also be able to send messages to all of your contacts – if you have changed your phone number…

Read more →