Category: The Register – Security

Election infosec advisory agency also shuttered A penetration tester who worked at the US govt’s CISA claims his 100-strong team was dismissed after Elon Musk’s Trump-blessed DOGE unit cancelled a contract – and that more staff at the cybersecurity agency…

Read more →

Election infosec advisory agency also shuttered A penetration tester who worked at the US govt’s CISA claims his 100-strong team was dismissed after Elon Musk’s Trump-blessed DOGE unit cancelled a contract – and that more staff at the cybersecurity agency…

Read more →

Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy Patch Tuesday  Microsoft’s Patch Tuesday bundle has appeared, with a dirty dozen flaws competing for your urgent attention – six of them rated critical and…

Read more →

Non-password-protected, unencrypted 108GB database … what could possibly go wrong Exclusive  More than 86,000 records containing nurses’ medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open misconfigured…

Read more →

Non-password-protected, unencrypted 108GB database…what could possibly go wrong Exclusive  More than 86,000 records containing nurses’ medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open S3 bucket for…

Read more →

Oh wow, just looks at all the scary stuff in your Windows Event Viewer The Federal Trade Commission (FTC) is distributing over $25.5 million in refunds to consumers deceived by tech support scammers, averaging about $34 per person.… This article…

Read more →

Nothing like an OpenAI-powered agent leaking data or getting confused over what someone else whispered to it AI models with memory aim to enhance user interactions by recalling past engagements. However, this feature opens the door to manipulation.… This article…

Read more →

Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went…

Read more →

Expired cert kerfuffle leaves second-gen, Audio gadgets useless Google’s second-generation Chromecast and its Chromecast Audio are suffering a major ongoing outage, with devices failing to cast due to an expired security certificate. The web giant is aware of the breakdown…

Read more →

Phishing and ancient vulns still do the trick for one of the most prolific groups around Researchers say the Sidewinder offensive cyber crew is starting to target maritime and nuclear organizations.… This article has been indexed from The Register –…

Read more →

Terabytes of sensitive info remain available for download Break-ins to systems hosting the data of two US healthcare organizations led to thieves making off with the personal and medical data of more than 300,000 patients.… This article has been indexed…

Read more →

Study finds 4 out of 6 providers don’t do enough to stop impersonation Four out of six companies offering AI voice cloning software fail to provide meaningful safeguards against the misuse of their products, according to research conducted by Consumer…

Read more →

Experts say that the way you handle things after the criminals break in can make things better or much, much worse Feature  Experiencing a ransomware infection or other security breach ranks among the worst days of anyone’s life — but…

Read more →

Insiders say board members must be held accountable and drive positive change from the top down Analysis  Walk into any hospital and ask the same question – “Which security system should we invest in?” – to both a doctor and…

Read more →

Likening memory safety bugs to smallpox may not soothe sensitive C coders Rust is alive and well in the Linux kernel and is expected to translate into noticeable benefits shortly, though its integration with the largely C-oriented codebase still looks…

Read more →

Also, phone cleaner apps are a data-sucking scam, Singapore considering the literal rod for scammers, and more Infosec in Brief  Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information…

Read more →

Also, phone cleaner apps are a data-sucking scam, Singapore considering the literal rod for scammers, and more Infosec in Brief  Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information…

Read more →

PLUS: Malaysia teams with Arm for local chip designs; NTT warns of possible breach; Samsung strikers settle; and more Asia in Brief  India’s government has proposed giving its tax authorities sweeping powers to access private email systems and applications.… This…

Read more →

iPhone giant compartmentalizes OS for the sake of security Apple has been working to harden the XNU kernel that powers its various operating systems, including iOS and macOS, with a feature called “exclaves.”… This article has been indexed from The…

Read more →

IsDavisLuEnabledInActiveDirectory? Not any more. IsDavisLuGuilty? Yes. IsDavisLuFacingJail? Also yes A federal jury in Cleveland has found a senior software developer guilty of sabotaging his employer’s systems – and he’s now facing a potential ten years behind bars.… This article has…

Read more →

IsDavisLuEnabledInActiveDirectory? Not any more. IsDavisLuGuilty? Yes. IsDavisLuFacingJail? Also yes A federal jury in Cleveland has found a senior software developer guilty of sabotaging his employer’s systems – and he’s now facing a potential ten years behind bars.… This article has…

Read more →

$96B in transactions, some even labeled ‘dirty funds,’ since 2019, say prosecutors The Feds today revealed more details about the US Secret Service-led Garantex takedown, a day after seizing websites and freezing assets belonging to the Russian cryptocurrency exchange in…

Read more →

I knew you were trouble, Queens DA might have said Police have made two arrests in their quest to start a cybercrime crew’s prison eras, alleging the pair stole hundreds of Taylor Swift tickets and sold them for huge profit. ……

Read more →

Which is why taking down chiefs and infra behind big name brand operations isn’t working Interview  There’s a handful of cybercriminal gangs that Jason Baker, a ransomware negotiator with GuidePoint Security, regularly gets called in to respond to these days,…

Read more →

Best not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort Human Security’s Satori research team says it has found a new variant of the remote-controllable Badbox malware,…

Read more →

Did US Secret Service not get the memo, or? A coalition of international law enforcement has shut down Russian cryptocurrency exchange Garantex, a favorite of now-defunct ransomware crew Conti and others criminals for money laundering.… This article has been indexed…

Read more →

President ordered officials to ramp up vetting ‘to the maximum degree’ The US government’s Citizenship and Immigration Service (USCIS) is considering monitoring not just the social media posts of non-citizens coming into the country, but also all those already in…

Read more →

President ordered officials to ramp up vetting ‘to the maximum degree’ The US government’s Citizenship and Immigration Service (USCIS) is considering monitoring not just the social media posts of non-citizens coming into the country, but also those already in America…

Read more →

Attacks strike, facilities go bust, patients die. But it’s preventable It will cost upward of $75 million to address the cybersecurity needs of rural US hospitals, Microsoft reckons, as mounting closures threaten the lives of Americans.… This article has been…

Read more →

Akira really wasn’t horsing around with this one Toronto Zoo’s final update on its January 2024 cyberattack arrived this week, revealing that visitor data going back to 2000 had been compromised.… This article has been indexed from The Register –…

Read more →

Complaint alleges 13 funding proposals foundered amid battle for control Eric Gan is no longer CEO of AI security biz Cybereason after what appears to have been a protracted and unpleasant fight with investors, including the SoftBank Vision Fund and…

Read more →

Xi’s freelance infosec warriors apparently paid up to $75K to crack a single American inbox US government agencies announced Wednesday criminal charges against alleged members of China’s Silk Typhoon gang, plus internet domain seizures linked to a long-term Chinese espionage…

Read more →

Would ‘destroy a pipeline of top talent essential for hunting’ Chinese spies in US networks, Congress told Video  Looming staffing cuts to America’s security and intelligence agencies, if carried out, would “have a devastating effect on cybersecurity and our national…

Read more →

A first-of-its-kind legal challenge set to be heard this month, per reports Apple has reportedly filed a legal complaint with the UK’s Investigatory Powers Tribunal (IPT) contesting the UK government’s order that it must forcibly break the encryption of iCloud…

Read more →

They’re good at zero-day exploits, too Silk Typhoon, the Chinese government crew believed to be behind the December US Treasury intrusions, has been abusing stolen API keys and cloud credentials in ongoing attacks targeting IT companies and state and local…

Read more →

A first-of-its-kind legal challenge set to be heard this month, per reports Apple has reportedly filed a legal complaint with the UK’s Investigatory Powers Tribunal (IPT) contesting the UK government’s order that it must forcibly break the encryption of iCloud…

Read more →

English football club offers apologies after fans’ card details stolen from online retail store English football club Leeds United says cyber criminals targeted its retail website during a five-day assault in February and stole the card details of “a small…

Read more →

List of attacks by ‘No regrets’ crew leaking highly sensitive data continues to grow Qilin – the “no regrets” ransomware crew wreaking havoc on the global healthcare industry – just claimed responsibility for fresh attacks on a cancer treatment clinic…

Read more →

Stop cyberattacks before they happen with preventative endpoint security Sponsored Post  Every organization is vulnerable to cyber threats, and endpoint devices are a common target for cyber criminals.… This article has been indexed from The Register – Security Read the…

Read more →

Hunters International ready to off-shore 1.4 TB of info allegedly swiped from Indian giant A subsidiary of Indian multinational Tata has allegedly fallen victim to the notorious ransomware gang Hunters International.… This article has been indexed from The Register –…

Read more →

The heap overflow zero-day in the memory unsafe code by Miss Creant Broadcom today pushed out patches for three VMware hypervisor-hijacking bugs, including one rated critical, that have already been found and exploited by criminals.… This article has been indexed…

Read more →

No warning, no opt-out, and critic claims … no consent Research from a leading academic shows Android users have advertising cookies and other gizmos working to build profiles on them even before they open their first app.… This article has…

Read more →

Says the biz trying to sell us stuff to catch that, admittedly High-profile deepfake scams that were reported here at The Register and elsewhere last year may just be the tip of the iceberg. Attacks relying on spoofed faces in…

Read more →

Enhancing API security for financial institutions Partner Content  Open banking has revolutionized financial services, empowering consumers to share their financial data with third-party providers, including fintech innovators.… This article has been indexed from The Register – Security Read the original…

Read more →

Mixed messages from Pentagon, CISA as Trump gets pally with Putin and Kremlin strikes US critical networks Comment  America’s cybersecurity chiefs in recent days have been sending mixed messages about the threat posed by Russia in the digital world.… This…

Read more →

Ghost positions, HR AI no help – biz should talk to infosec staff and create ‘realistic’ job outline, say experts Analysis  It’s a familiar refrain in the security industry that there is a massive skills gap in the sector. And…

Read more →

Some may have second thoughts about going all-in with an American vendor, no matter where their data is stored Microsoft has completed its EU data boundary, however, analysts and some regional cloud players are voicing concerns over dependencies on a…

Read more →

ICO looking at what data is used to serve up recommendations The UK’s data protection watchdog has launched three investigations into certain social media platforms following concerns about the protection of privacy among teenage users.… This article has been indexed…

Read more →

Officials remain intent on uncovering who was behind it The Polish Space Agency (POLSA) is currently dealing with a “cybersecurity incident,” it confirmed via its X account on Sunday.… This article has been indexed from The Register – Security Read…

Read more →

Cut off one head and 100 grow back? Decapitation may not be the way to go Opinion  With Apple pulling the plug on at-rest end-to-end encryption (E2EE) for UK users, and Signal threatening to pull out of Sweden if that government…

Read more →

PLUS: Phishing suspects used fishing gear as alibi; Apple’s ‘Find My’ can track PCs and Androids; and more Infosec In Brief  US Defense Secretary Pete Hegseth has reportedly ordered US Cyber Command to pause offensive operations against Russia, as the…

Read more →

Bjarne Stroustrup says standards committee needs to show it can respond to memory safety push Bjarne Stroustrup, creator of C++, has issued a call for the C++ community to defend the programming language, which has been shunned by cybersecurity agencies…

Read more →

1 in 3 entries are used to extort civilians, says new paper Fresh research suggests attackers are actively monitoring databases of vulnerabilities that are known to be useful in carrying out ransomware attacks.… This article has been indexed from The…

Read more →

Crew helped lowlifes generate X-rated celeb deepfakes using Redmond’s OpenAI-powered cloud – claim Microsoft has named four of the ten people it is suing for allegedly snatching Azure cloud credentials and developing tools to bypass safety guardrails in its generative…

Read more →

FYI: What NOT to search after committing a crime The US Army soldier suspected of compromising AT&T and bragging about getting his hands on President Trump’s call logs allegedly tried to sell stolen information to a foreign intel agent.… This…

Read more →

FYI: What NOT to search after committing a crime The US Army soldier accused of compromising AT&T and bragging about getting his hands on President Trump’s call logs allegedly tried to sell stolen information to a foreign intel agent.… This…

Read more →

Federal agents, open up … your browsers and see if you recognize any of these wallets The FBI has officially accused North Korea’s Lazarus Group of stealing $1.5 billion in Ethereum from crypto-exchange Bybit earlier this month, and asked for…

Read more →

Model was fine-tuned to write vulnerable software – then suggested enslaving humanity Computer scientists have found that fine-tuning notionally safe large language models to do one thing badly can negatively impact the AI’s output across a range of topics.… This…

Read more →

Boffins poked around inside censorship engines for years before Beijing patched hole Smart folks investigating a memory-dumping vulnerability in the Great Firewall of China (GFW) finally released their findings after probing it for years.… This article has been indexed from…

Read more →

244M purloined passwords added to Have I Been Pwned thanks to govt tip-off A tip-off from a government agency has resulted in 284 million unique email addresses and plenty of passwords snarfed by credential-stealing malware being added to privacy-breach-notification service…

Read more →

Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it, has launched a bounty program to help recover…

Read more →

Starting with Snapdragon 8 Elite and ‘droid 15 It seems manufacturers are finally getting the message that people want to use their kit for longer without security issues, as Qualcomm has said it’ll provide Android software updates, including vulnerability fixes,…

Read more →

Experts warned the UK’s recent ‘victory’ over Apple would kickstart something of a domino effect Signal CEO Meredith Whittaker says her company will withdraw from countries that force messaging providers to allow law enforcement officials to access encrypted user data,…

Read more →

Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack Infosec bytes  Kaspersky says it has found more than 200 GitHub repos hosting fairly convincing-looking fake projects laced with malicious software.… This article…

Read more →

Plus: New figurehead of DOGE emerges and they aren’t called Elon During confirmation hearings in the US Senate Tuesday for the role of deputy director of the Dept of Homeland Security, the nominee Troy Edgar said CISA has had the…

Read more →

If there’s something nasty on your employment record, extortion scum could come calling DISA Global Solutions, a company that provides drug and alcohol testing, background checks, and other employee screening services, this week notified over 3.3 million people that their…

Read more →

Of course, Microsoft is in the mix, isn’t it Chinese spies reportedly broke into the US Republication National Committee’s Microsoft-powered email and snooped around for months before being caught.… This article has been indexed from The Register – Security Read…

Read more →

Is a trivial remote-code execution hole in every version part of the training, or? The smart cookie who discovered a perfect 10-out-of-10-severity remote code execution (RCE) bug in MITRE’s Caldera security training platform has urged users to “immediately pull down…

Read more →

More than a dozen women came forward with accusations Details about the harassment allegations leveled at DEF CON veteran Christopher Hadnagy have now been revealed after a motion for summary judgment was filed over the weekend.… This article has been…

Read more →

Why organizations should protect everything, everywhere, all at once Sponsored Feature  Considering it has such a large share of the data protection market, Veeam doesn’t talk much about backups in meetings with enterprise customers these days.… This article has been…

Read more →

Sly like a PRC cyberattack A Chinese government-backed group is spoofing legitimate medical software to hijack hospital patients’ computers, infecting them with backdoors, credential-swiping keyloggers, and cryptominers.… This article has been indexed from The Register – Security Read the original…

Read more →

Fuxnet and FrostyGoop were both used in the Russia-Ukraine war Two new malware variants specifically designed to disrupt critical industrial processes were set loose on operational technology networks last year, shutting off heat to more than 600 apartment buildings in…

Read more →

Leaked chats and spilled secrets as AI helps decode circa 200K private talks Southern Water neither confirms nor denies offering Black Basta a $750,000 ransom payment following its ransomware attack in 2024.… This article has been indexed from The Register…

Read more →

Blueprints shared for jail-breaking models that expose their chain-of-thought process Analysis  AI models like OpenAI o1/o3, DeepSeek-R1, and Gemini 2.0 Flash Thinking can mimic human reasoning through a process called chain of thought.… This article has been indexed from The…

Read more →

Everyone knew texted OTPs were a dud back in 2016 Google has confirmed it will phase out the use of SMS text messages for multi-factor authentication in favor of more secure technologies.… This article has been indexed from The Register…

Read more →

‘Appropriate action will be taken,’ we’re told – as federal HR email sparks uproar, ax falls on CISA staff Visitors to the US Department of Housing and Urban Development’s headquarters in the capital got some unpleasant viewing on Monday morning…

Read more →

Four domains to build resilience Partner Content  Security can feel like fighting a losing battle, but it doesn’t have to be.… This article has been indexed from The Register – Security Read the original article: Shifting the cybersecurity odds

Read more →

No matter how deep you are in Apple’s ‘ecosystem,’ there are ways to stay encrypted in the UK Apple customers, privacy advocates, and security sleuths have now had the weekend to stew over the news of the iGadget maker’s decision…

Read more →

PLUS: SEC launches new crypto crime unit; Phishing toolkit upgraded; and more Infosec in brief  Apple has responded to the UK government’s demand for access to its customers’ data stored in iCloud by deciding to turn off its Advanced Data…

Read more →

Researchers say there’s dissent in the ranks. Plus: An AI tool lets you have a go yourself at analysing the data Hundreds of thousands of internal messages from the Black Basta ransomware gang were leaked by a Telegram user, prompting…

Read more →

PoC exploit code shows why this is a patch priority Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven’t already installed patches released in January extra incentive to revisit their to-do…

Read more →

It comes amid a major crackdown on the abusive industry that started during COVID Thailand is preparing to receive thousands of people rescued from scam call centers in Myanmar as the country launches a major crackdown on the pervasive criminal…

Read more →

Nobody wants memory bugs. Penguinistas continue debate on how to squish ’em Some Linux kernel maintainers remain unconvinced that adding Rust code to the open source project is a good idea, but its VIPs are coming out in support of…

Read more →

Said bugs ‘can have significant implications’ – glad to hear that from Redmond Microsoft is so concerned about security in its Copilot products for folks that it’s lifted bug bounty payments for moderate-severity vulnerabilities from nothing to a maximum of…

Read more →

Don’t think this is SaaS and you can relax: Redmond wants a few of you to check your websites Microsoft has fixed a security flaw in its Power Pages website-building SaaS, after criminals got there first – and urged users…

Read more →

A painful loss for young company that’s yet to generate revenue A NASDAQ-listed US minerals company says cybercriminals broke into its systems on Valentine’s Day and paid themselves around $500,000 – money earmarked for a vendor.… This article has been…

Read more →

Bugs fixed, updating to the latest version is advisable Security sleuths found two critical vulnerabilities in a third-party library that MongoDB relies on, which means bad guys can potentially steal data and run code.… This article has been indexed from…

Read more →

The latest in a long line of fraud stings worth billions each year Two men are in police custody after being arrested in connection with a July cryptocurrency fraud involving a man in his seventies.… This article has been indexed…

Read more →

FBI and CISA issue reminder – deep sigh – about the importance of patching and backups The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities…

Read more →

2.3 TB held to ransom as biz formerly known as Virgin Care tells us it’s probing IT ‘security incident’ Exclusive  HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which…

Read more →

That’s the way the cookie melts A US Army soldier suspected of hacking AT&T and Verizon has admitted leaking online people’s private call records.… This article has been indexed from The Register – Security Read the original article: US Army…

Read more →

That’s the way the cookie melts A US Army soldier suspected of hacking AT&T and Verizon has admitted leaking online people’s private call records.… This article has been indexed from The Register – Security Read the original article: US Army…

Read more →

Hey, at least Katie Arrington brings a solid resume Donald Trump’s nominee for a critical DoD cybersecurity role sports a resume that outshines many of his past picks, despite previously suspended security clearance.… This article has been indexed from The…

Read more →

You can find out if your GitHub codebase is leaking keys … but so can miscreants A free automated tool that lets anyone scan public GitHub repositories for exposed AWS credentials has been released.… This article has been indexed from…

Read more →

15GB of sensitive files traced back to former software biz Typically shoppers can expect to find tie-dye t-shirts, broken lamps and old disco records at flea markets, now it seems storage drives filled with huge volumes of sensitive data can…

Read more →

Showbiz members’ passport scans already plastered online A London talent agency has reported itself to the UK’s data protection watchdog after the Rhysida ransomware crew last week claimed it had attacked the business, which represents luminaries of stage and screen.……

Read more →

If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help An alleged security SNAFU that occurred during the Obama administration has finally been settled under the second Trump administration.… This article has…

Read more →

If you want to avoid urgent patches, stop exposing management consoles to the public internet A flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two older vulnerabilities, allows attackers to gain…

Read more →

Because stealing your credentials, banking info, and IP just wasn’t enough A new variant of Snake Keylogger is making the rounds, primarily hitting Windows users across Asia and Europe. This strain also uses the BASIC-like scripting language AutoIt to deploy…

Read more →

Called it an ‘incident’ in SEC filing, but encrypted apps and data exfiltration suggest Lee just can’t say the R word US newspaper publisher Lee Enterprises is blaming its recent service disruptions on a “cybersecurity attack,” per a regulatory filing,…

Read more →