Category: The Register – Security

Plus: CISA pulls plug on couple of systems feared compromised There’s yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack…

Read more →

Still “no evidence” of any compromised customer-facing systems, we’re told Microsoft has now confirmed that the Russian cyberspies who broke into its executives’ email accounts stole source code and gained access to internal systems. The Redmond giant has characterized the…

Read more →

Remaining services are expected to return in the coming weeks after $22M ALPHV ransom Change Healthcare has taken the first steps toward a full recovery from the ransomware attack in February by bringing its electronic prescription services back online.… This…

Read more →

Classified docs, readable passwords, and thousands of personal information nabbed in Xplain breach The Swiss government had around 65,000 files related to it stolen by the Play ransomware gang during an attack on an IT supplier, its National Cyber Security…

Read more →

Who knew that unzipping a font archive could unleash a malicious file Online graphic design platform Canva went looking for security problems in fonts, and found three – in “strange places.”… This article has been indexed from The Register –…

Read more →

CISA announces more help, and calls on app makers to step up The US government and some of the largest open source foundations and package repositories have announced a series of initiatives intended to improve software supply-chain security, while also…

Read more →

‘We refuse to operate as customer service representatives’ A group of 41 US state attorneys general, tired of serving as a customer complaint clearinghouse for Facebook and Instagram users, have sent a letter to Meta asking it to figure out…

Read more →

Alleged crim bought SmartScreen Killer, Cobalt Strike on dark-web markets A criminal claiming to be an ALPHV/BlackCat affiliate — the gang responsible for the widely disruptive Change Healthcare ransomware infection last month —  may have ties to Chinese government-backed cybercrime…

Read more →

More than 1,000 servers remain unpatched and vulnerable Security researchers are increasingly seeing active exploit attempts using the latest vulnerabilities in JetBrains’ TeamCity that in some cases are leading to ransomware deployment.… This article has been indexed from The Register…

Read more →

Company reassures public it has enough beer, expects quick recovery before weekend Belgian beer brewer Duvel says a ransomware attack has brought its facility to a standstill while its IT team works to remediate the damage.… This article has been…

Read more →

Company reassures public it has enough beer, expects quick recovery before weekend Belgian beer brewer Duvel says a ransomware attack has brought its facility to a standstill while its IT team works to remediate the damage.… This article has been…

Read more →

Critical vulns in USB under ESXi and desktop hypervisors found by Chinese researchers at cracking contest Hypervisors are supposed to provide an inviolable isolation layer between virtual machines and hardware. But hypervisor heavyweight VMware by Broadcom yesterday revealed its hypervisors…

Read more →

The American mind must not be at the mercy of Chinese algorithms A group of US lawmakers introduced legislation on Tuesday that, if passed, would force Chinese internet concern ByteDance to divest TikTok – its most valuable property – or…

Read more →

Singaporean researchers note rising presence of ChatGPT creds in Infostealer malware logs Stolen ChatGPT credentials are a hot commodity on the dark web, according to Singapore-based threat intelligence firm Group-IB, which claims to have found some 225,000 stealer logs containing…

Read more →

Play Store commissions are a nice little earner, wherever they come from Google has been accused of profiting from gift card scams.… This article has been indexed from The Register – Security Read the original article: Lawsuit claims gift card…

Read more →

Moonlighted for PRC companies after side-stepping Big G’s security, allegedly The US Department of Justice on Wednesday revealed an indictment that charges a former Google employee with leaking the ad giant’s AI tech to two Chinese companies – after easily…

Read more →

Jump in overall cybercrime reports, $60M-plus reportedly lost to extortionists alone, Feds reckon Digital crimes potentially cost victims more than $12.5 billion last year, according to the FBI’s latest Internet Crime Complaint Center (IC3) annual report. … This article has been…

Read more →

Jump in overall cybercrime reports, $60M-plus reportedly lost to extortionists alone, Feds reckon Digital crimes potentially cost victims more than $12.5 billion last year, according to the FBI’s latest Internet Crime Complaint Center (IC3) annual report. … This article has been…

Read more →

Two flaws fixed, one knee bent to the EU, and a budding cybersecurity star feature in iOS 17.4 Apple’s latest security patches address four vulnerabilities affecting iOS and iPadOS, including two zero-days that intel suggests attackers have already exploited.… This…

Read more →

Additional cost-cutting measures announced sparking fears of further job cuts Outsourcing giant Capita today reported a net loss of £106.6 million ($135.6 million) for calendar 2023, with the costly cyberattack by criminals making a hefty dent in its annual financials.……

Read more →

Please don’t scare away foreign investors – who do you think pays for this stuff? SEMI, an industry association representing 3,000 chip vendors, would really appreciate it if the European Union would back off plans to impose export controls on…

Read more →

Government mighty displeased about a shared Active Directory that led to a big data leak Japan’s government has ordered local tech giants LINE and NAVER to disentangle their tech stacks, after a data breach saw over 510,000 users’ data exposed.……

Read more →

As the crooks behind the attack – probably ALPHV/BlackCat – fake their own demise The US government has stepped in to help hospitals and other healthcare providers affected by the Change Healthcare ransomware infection, offering more relaxed Medicare rules and…

Read more →

Insurance giant blames Infosys, LockBit claims credit Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers’ personal and financial information — including bank account and routing numbers, credit card numbers and security or access codes — after breaking…

Read more →

Where better to expose confidential data than on a dating app? Yet another US military man is facing a potentially significant stretch in prison after allegedly sending secret national defense information (NDI) overseas.… This article has been indexed from The…

Read more →

If you’re still on X you’d better disable this insecure-by-default calling feature, lest someone snatch your IP Video and audio calling features for X Premium users added last year to Elon Musk’s version of Twitter have been expanded to everyone…

Read more →

Exploits began within hours of the original disclosure, so patch now Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server.… This article has been indexed…

Read more →

Penny Appeal sent more than 460,000 texts asking for money to help war-torn countries, no opt out Typically it is energy improvement peddlers or debt help specialists that are disgraced by Britain’s data watchdog for spamming unsuspecting households, but the…

Read more →

Claims to protect against DDoS, sensitive data leakage Cloudflare has tweaked its web application firewall (WAF) to add protections for applications using large language models.… This article has been indexed from The Register – Security Read the original article: Cloudflare…

Read more →

Don’t leave home without … IT security A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown.… This article has been indexed from The Register –…

Read more →

No honor among thieves? ALPHV/BlackCat, the gang behind the Change Healthcare cyberattack, has received more than $22 million in Bitcoin in what might be a ransomware payment.… This article has been indexed from The Register – Security Read the original…

Read more →

Kim Jong Un’s all in for home-built silicon says warning North Korean government spies have broken into the servers of at least two chipmakers and stolen product designs as part of attempts to spur Kim Jong Un’s plans for a…

Read more →

Officials can’t tell whether the tape was edited, but fear Kremlin has more juicy bits to release in the future The German Ministry of Defense (Bundeswehr) has confirmed that a recording of a call between high-ranking officials discussing war efforts…

Read more →

Increasingly clear number of permanent solutions is narrowing Global law enforcement authorities’ attempts to shutter the LockBit ransomware crew have sparked a fresh call for a ban on ransomware payments to perpetrators.… This article has been indexed from The Register…

Read more →

When you can’t lock ’em up, lock ’em out Opinion  The best cop shows excel at mind games: who’s tricking whom, who really wins, and what price they pay. A twist of humor adds to the drama and keeps us…

Read more →

ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn’t need ADFS, and crit vulns Infosec in brief  The infamous LockBit ransomware gang has been busy in the ten days since an international law enforcement operation took down…

Read more →

Misinformation is rife, AI makes it easier to create, and 42 percent of the planet’s inhabitants get to vote this year Feature  Two US intelligence bigwigs last week issued stark warnings about foreign threats to American election integrity and security…

Read more →

Turns out bragging on Discord has unfortunate consequences Jack Teixeira, the Air National Guardsman accused of leaking dozens of classified Pentagon documents, is expected to plead guilty in a US court on Monday.… This article has been indexed from The…

Read more →

/* Hope no one ever reads these functions lmao */ NSO Group, the Israel-based maker of super-charged snoopware Pegasus, has been ordered by a federal judge in California to share the source code for “all relevant spyware” with Meta’s WhatsApp.……

Read more →

$10M bounty for anyone with info leading to Alireza Shafie Nasab’s identification or location The US Department of Justice has unsealed an indictment accusing an Iranian national of a years-long campaign that compromised hundreds of thousands of accounts and attempting…

Read more →

Everything you need to know about quantum safe encryption Webinar  The quantum threat might seem futuristic, more like something you’d encounter in a science fiction film. But it’s arguably already a danger to real cyber security defences.… This article has…

Read more →

Data watchdog reprimands police force for confusing 2 people with same name and birthday to disastrous results The UK’s Information Commissioner’s Office has put the West Midlands Police (WMP) on the naughty step after the force was found to have…

Read more →

Data watchdog reprimands police force for mixing up 2 people with same name and birthday with disastrous results The UK’s Information Commissioner’s Office has put the West Midlands Police (WMP) on the naughty step after the force was found to…

Read more →

How zero trust controls and Google AI can strengthen your organization’s defences Webinar  Dealing with cyber security incidents is an expensive business. Each data breach costs an estimated $4.35 million on average and it’s not as if the volume of…

Read more →

No mere mea culpa would suffice after 9.2 million records leaked over a decade, warnings were ignored, and lies were told NTT West president Masaaki Moribayashi announced his resignation on Thursday, effective at the end of March, in atonement for…

Read more →

Cloned then compromised, bad repos are forked faster than they can be removed A malware distribution campaign that began last May with a handful of malicious software packages uploaded to the Python Package Index (PyPI) has spread to GitHub and…

Read more →

Those little popups may reveal location, device details, IP address, and more More than 130 petitions seeking access to push notification metadata have been filed in US courts, according to a Washington Post investigation – a finding that underscores the…

Read more →

Cops love it because popup messages can reveal location, device details, IP address and more More than 130 petitions seeking access to push notification metadata have been filed in US courts, according to a Washington Post investigation – a finding…

Read more →

Choose your own FISA Section 702 adventure: End-run around lawmakers or business as usual? The Biden Administration has asked a court, rather than Congress, to renew controversial warrantless surveillance powers used by American intelligence and due to expire within weeks.…

Read more →

No Chinese automakers sell cars in the US, but the feds are still going to investigate whether they’re a threat Concerned over the chance that Chinese-made cars could pose a future threat to national security, Biden’s administration is proposing plans…

Read more →

Analysts warn of big leap in cred-harvesting malware activity last year There appears to be an uptick in interest among cybercriminals in infostealers – malware designed to swipe online account passwords, financial info, and other sensitive data from infected PCs…

Read more →

GDPR claim alleges Facebook parent’s ‘commercial surveillance practices are fundamentally illegal’ Consumer groups are filing legal complaints in the EU in a coordinated attempt to use data protection law to stop Meta from giving local users a “fake choice” between…

Read more →

Tried to speed boot times, maybe by messing with ‘Windows source code’, ended up building a viral on-ramp Chinese PC maker Acemagic has admitted some of its products shipped with pre-installed malware.… This article has been indexed from The Register…

Read more →

And accuses a former Australian politician of having ‘sold out their country’ The director general of security at Australia’s Security Intelligence Organisation (ASIO) has delivered his annual threat assessment, revealing ongoing attempts by adversaries to map digital infrastructure with a…

Read more →

Brags it lifted 6TB of data, but let’s remember these people are criminals and not worthy of much trust The ALPHV/BlackCat cybercrime gang has taken credit – if that’s the word – for a ransomware infection at Change Healthcare that…

Read more →

Talk about gone in 60 seconds Computer scientists have developed an efficient way to craft prompts that elicit harmful responses from large language models (LLMs).… This article has been indexed from The Register – Security Read the original article: BEAST…

Read more →

Talk about gone in 60 seconds Computer scientists at the University of Maryland have developed an efficient way to craft prompts that elicit harmful responses from large language models (LLMs).… This article has been indexed from The Register – Security…

Read more →

Scientists reveal automated adversarial prompt generation too powered Nvidia visualization accelerator Computer scientists from the University of Maryland have developed an efficient way to generate adversarial attack phrases that elicit harmful responses from large language models (LLMs).… This article has…

Read more →

Lawsuit alleges it misled investors with claims new AI products were ‘facilitating greater platformization’ and more Palo Alto Networks (PAN) is facing a proposed class action lawsuit that alleges investors were deceived about the traction of its platform tactics and…

Read more →

Biden readies executive order targeting China, Russia, and pals US President Joe Biden is expected to sign an executive order today that aims to prevent the sale or transfer of Americans’ sensitive personal information and government-related data to adversarial countries…

Read more →

Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs Authorities from eleven nations have delivered a sequel to the January takedown of a botnet run by Russia on compromised Ubiquiti Edge OS routers…

Read more →

Canadian network box maker floats in denial The US Commerce Department has blacklisted Sandvine for selling its networking monitoring technology to Egypt, where the Feds say the gear was used to spy on political and human-rights activists.… This article has…

Read more →

Canadian network box maker floats denial The US Commerce Department has blacklisted Sandvine for selling its networking monitoring technology to Egypt, where the Feds say the gear was used to spy on political and human-rights activists.… This article has been…

Read more →

The original was definitely getting a bit long in the tooth for modern challenges After ten years operating under the original model, and two years working to revise it, the National Institute of Standards and Technology (NIST) has released version…

Read more →

Or so says opsec firm, which confirms 70% of all industrial org ransomware in 2023 targeted manufacturers Analysis  Cybercriminals follow the money, and increasingly last year that led them to ransomware attacks against the manufacturing industry.… This article has been…

Read more →

First integration across properties, as end user compute division readies to leave home Broadcom has delivered on its 2023 teaser of integration between VMware’s SD-WAN and Symantec’s Security Service Edge, by today debuting the “VMware VeloCloud SASE, Secured by Symantec”…

Read more →

Scammers’ tactics are tiresomely familiar: get-rich-quick schemes and data harvesting China’s Ministry of Industry and Information Technology has warned local netizens that fake wallet apps for the nation’s central bank digital currency (CBDC) are already circulating and being abused by…

Read more →

State government says it’s thinking of the children A law firm acting on behalf of the Nevada Attorney General Aaron Ford has asked a state court to issue a temporary restraining order (TRO) denying minors access to encrypted communication in…

Read more →

US government’s bounty hasn’t borne fruit as whack-a-mole game goes on The ALPHV/BlackCat ransomware gang is reportedly responsible for the massive Change Healthcare cyberattack that has disrupted pharmacies across the US since last week.… This article has been indexed from…

Read more →

Officials have until March 2 to cough up or stolen data gets leaked LockBit claims it’s back in action just days after an international law enforcement effort seized the ransomware gang’s servers and websites, and retrieved more than 1,000 decryption…

Read more →

Countdown expires March 2 unless government officials pay the ransom LockBit claims it’s back in action just days after an international law enforcement effort seized the ransomware gang’s servers and websites, and retrieved more than 1,000 decryption keys to assist…

Read more →

Get prepared for the EU’s upgraded cybersecurity directive Webinar  The original European Union Network and Information Security (NIS) Directive certainly led to an improvement in member states’ cybersecurity defences, but it struggled to do everything required as cyberattacks and threats…

Read more →

2,000 employees at 38 facilities had data processed ‘unlawfully’, ICO says A data protection watchdog in the UK has issued an enforcement notice to stop Serco from using facial recognition tech and fingerprint scanning to monitor staff at 38 leisure…

Read more →

Also, another fake iOS app slips into the store, un-cybersafe EV chargers leave UK shelves, and critical vulns in brief  A Florida journalist has been arrested and charged with breaking into protected computer systems in a case his lawyers say…

Read more →

It takes only one bottleneck or single point of failure to ruin your week Systems Approach  One refrain you often hear is that security must be built in from the ground floor; that retrofitting security to an existing system is…

Read more →

Investigating LockBit’s finances has blown previous estimates of the operation’s wealth out of the water Authorities digging into LockBit’s finances believe the group may have generated more than $1 billion in ransom fees over its four-year lifespan.… This article has…

Read more →

Thieves broke into IT system using stolen login U-Haul is alerting tens of thousands of folks that miscreants used stolen credentials to break into one of its systems and access customer records that contained some personal data.… This article has…

Read more →

NCA still left enough for onlookers to wonder if there’s anything more to come The grand finale of the week of LockBit leaks was slated to expose the real identity of LockBitSupp – the alias of the gang’s public spokesperson…

Read more →

Learn about the benefits of applying advanced automation to policy management practices Webinar  Dealing with the double trouble of relentless cyber threats and regular technology refresh cycles can stretch already overworked security practitioners. And orchestrating the transition to cloud-native applications…

Read more →

Nonprofit SFLC links orders to farming protests The global government affairs team at X (née Twitter) has suspended some accounts and posts in India after receiving executive orders to do so from the country’s government, backed by threat of penalties…

Read more →

A name that’s commonly shouted by pirates might be a clue, me hearties! Avast has agreed to cough up $16.5 million after the FTC accused the antivirus vendor of selling customer information to third parties.… This article has been indexed…

Read more →

Prescription orders hit after IT supplier Change Healthcare pulls plug on systems IT provider Change Healthcare has confirmed it shut down some of its systems following a cyberattack, disrupting prescription orders and other services at pharmacies across the US.… This…

Read more →

New features aimed to stamp out problems of the past Law enforcement’s disruption of the LockBit ransomware crew comes as the criminal group was working on bringing a brand-new variant to market, research reveals.… This article has been indexed from…

Read more →

If they did it, it gives new meaning to quality family time. Meanwhile, key LockBit leaders remain at large Today’s edition of the week-long LockBit leaks reveals a father-son duo was apprehended in Ukraine as part of the series of…

Read more →

Trove reveals RATs that can pop major OSes, campaigns against offshore and local targets A cache of stolen document posted to GitHub appears to reveal how a Chinese infosec vendor named I-Soon offers rent-a-hacker services for Beijing.… This article has…

Read more →

Oh hear us when we cry to thee for those in peril on the sea President Biden has empowered the US Coast Guard (USCG) to get a tighter grip on cybersecurity at American ports – including authorizing yet another incident…

Read more →

Sent 5,000+ fake handsets to Apple for repair in hope of getting real ones back Two Chinese nationals are facing a maximum of 20 years in prison after being convicted of mailing thousands of fake iPhones to Apple for repair…

Read more →

Easy to defend against stuff that may never actually work – oh there we go again, being all cynical like Apple says it’s going to upgrade the cryptographic protocol used by iMessage to hopefully prevent the decryption of conversations by…

Read more →

Urgent patching advised to protect attacks against setup wizards Infosec researchers say urgent patching of the latest remote code execution (RCE) vulnerability in ConnectWise’s ScreenConnect is required given its maximum severity score.… This article has been indexed from The Register…

Read more →

Operation Cronos’s ‘partners’ continue to trickle the criminal empire’s secrets The latest revelation from law enforcement authorities in relation to this week’s LockBit leaks is that the ransomware group had registered nearly 200 “affiliates” over the past two years.… This…

Read more →

How to ensure policy management keep up with the risks to data integrity presented by the cloud Webinar  The complexity facing businesses as they make the necessary transition to cloud-native applications and multi-cloud architectures keeps cloud teams firmly on the…

Read more →

Hacking your way in is so 2022 – logging in is much easier Identity-related threats pose an increasing risk to those protecting networks because attackers – ranging from financially motivated crime gangs and nation-state backed crews – increasingly prefer to…

Read more →

Complying with the EU’s NIS2 Directive Webinar  It was growing threat levels and an increase in reported cybersecurity attacks since digitalization which pushed the European Union to introduce the original Network and Information Security (NIS) Directive in 2016.… This article…

Read more →

GDPR also slashed processing costs by over a quarter Europe’s General Data Protection Regulation (GDPR) has led European firms to store and process less data, recent economic research suggests, because the privacy rules are making data more costly to manage.……

Read more →

Complex overlapping bureaucracy sometimes lacks the funds and skills to do it right China’s censorship regime remains pervasive and far reaching, but the bureaucratic apparatus implementing it is unevenly developed and is not always well funded, according to a report…

Read more →

No time like the present, says central bank The Monetary Authority of Singapore (MAS) advised on Monday that financial institutions need to stay agile enough to adopt post-quantum cryptography (PQC) and quantum key distribution (QKD) technology, without significantly impacting systems…

Read more →

Authorities dismantle cybercrime royalty by making mockery of their leak site In seizing and dismantling LockBit’s infrastructure, Western authorities are now making a mockery of the ransomware criminals by promising a long, drawn-out disclosure of its secrets.… This article has…

Read more →

Authorities dismantle cybercrime royalty by making mockery of their leak site In seizing and dismantling LockBit’s infrastructure, Western authorities are now making a mockery of the ransomware criminals by promising a long, drawn-out disclosure of its secrets.… This article has…

Read more →

Customers report feeling violated following the security snafu Smart home security camera slinger Wyze is telling customers that a cybersecurity “incident” allowed thousands of users to see other people’s camera feeds.… This article has been indexed from The Register –…

Read more →

After saying they’re very sorry, they escape with a slap on the wrist A former council staff member in the district where William Shakespeare was born ransacked databases filled with residents’ information to help drum up new business for their…

Read more →