Category: The Register – Security

If you want to avoid urgent patches, stop exposing management consoles to the public internet A flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two older vulnerabilities, allows attackers to gain…

Read more →

Because stealing your credentials, banking info, and IP just wasn’t enough A new variant of Snake Keylogger is making the rounds, primarily hitting Windows users across Asia and Europe. This strain also uses the BASIC-like scripting language AutoIt to deploy…

Read more →

Called it an ‘incident’ in SEC filing, but encrypted apps and data exfiltration suggest Lee just can’t say the R word US newspaper publisher Lee Enterprises is blaming its recent service disruptions on a “cybersecurity attack,” per a regulatory filing,…

Read more →

Exploit code now available for MitM and DoS attacks Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released.… This article has been indexed from The Register – Security Read the original article: FreSSH bugs undiscovered…

Read more →

Lions juggling chainsaws are fun to watch, but you wouldn’t want them trimming your trees Opinion  Nobody likes The Man. When a traffic cop tells you to straighten up and slow down or else, profound thanks are rarely the first…

Read more →

Devices containing crypto wallets tracked online, then in the real world Indian authorities seize loot from BitConnect crypto-Ponzi scheme Devices containing crypto wallets tracked online, then in the real world India’s Directorate of Enforcement has found and seized over $200…

Read more →

Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Microsoft says there’s a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.… This article has…

Read more →

PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more! Infosec In Brief  A security researcher has found that Google could leak the email addresses of YouTube channels, which wasn’t good because the search and ads…

Read more →

PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more! Infosec In Brief  A security researcher has found that Google could leak the email addresses of YouTube channels, which wasn’t good because the search and ads…

Read more →

PLUS: Pacific islands targeted by Chinese APT; China’s new rocket soars; DeepSeek puts Korea in a pickle; and more Asia In Brief  The head of Fujitsu’s North American operations has warned that the Trump administration’s tariff plans will be bad…

Read more →

El Reg shows you how to run Zypher’s speech-replicating AI on your own box Hands on  Palo Alto-based AI startup Zyphra unveiled a pair of open text-to-speech (TTS) models this week said to be capable of cloning your voice with…

Read more →

‘In 50 years, I think we’ll view these business practices like we view sweatshops today’ Interview  It has been nearly a decade since famed cryptographer and privacy expert Bruce Schneier released the book Data and Goliath: The Hidden Battles to…

Read more →

Roses aren’t cheap, violets are dear, now all your access token are belong to Vladimir Digital thieves – quite possibly Kremlin-linked baddies – have been emailing out bogus Microsoft Teams meeting invites to trick victims in key government and business…

Read more →

Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code.… This article has been indexed…

Read more →

High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.… This article has been…

Read more →

Officer says mistakenly published police details were shared ‘a considerable amount of times’ Two suspected New IRA members were arrested on Tuesday and charged under the Terrorism Act 2000 after they were found in possession of spreadsheets containing details of…

Read more →

Germany’s Federal Cartel Office voices concerns iPhone maker may be breaking competition law Apple is feeling the heat over its acclaimed iPhone privacy policy after a German regulator’s review of iOS tracking consent alleged that the tech giant exempted itself…

Read more →

Some employees steal sticky notes, others ‘borrow’ malicious code A crew identified as a Chinese government-backed espionage group appears to have started moonlighting as a ransomware player – further evidence that lines are blurring between nation-state cyberspies and financially motivated…

Read more →

Networks in US and beyond compromised by Beijing’s super-snoops pulling off priv-esc attacks China’s Salt Typhoon spy crew exploited vulnerabilities in Cisco devices to compromise at least seven devices linked to global telecom providers and other orgs, in addition to…

Read more →

Networks in US and beyond compromised by Beijing’s super-snoops pulling off priv-esc attacks China’s Salt Typhoon spy crew exploited vulnerabilities in Cisco devices to compromise at least seven devices linked to global telecom providers and other orgs, in addition to…

Read more →

Senator, Congressman tell DNI to threaten infosec agreements if Blighty won’t back down US lawmakers want newly confirmed Director of National Intelligence Tulsi Gabbard to back up her tough talk on backdoors. They’re urging her to push back on the…

Read more →

Yet another cash grab from Kim’s cronies and an intel update from Microsoft North Korea has changed tack: its latest campaign targets the NPM registry and owners of Exodus and Atomic cryptocurrency wallets.… This article has been indexed from The…

Read more →

Limited-edition hotfix to get wider release before end of month Administrators of Palo Alto Networks’ firewalls have complained the equipment falls over unexpectedly, and while a fix has bee prepared, it’s not yet generally available.… This article has been indexed…

Read more →

‘What are customers actually getting from resellers other than massive price markups?’ asks Troy Hunt Troy Hunt, proprietor of data breach lookup site Have I Been Pwned, is likely to ban resellers from the service.… This article has been indexed…

Read more →

‘What are customers actually getting from resellers other than massive price markups?’ asks Troy Hunt Troy Hunt, proprietor of data breach lookup site Have I Been Pwned, is likely to ban resellers from the service.… This article has been indexed…

Read more →

FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff US authorities have labelled buffer overflow vulnerabilities “unforgivable defects”, pointed to the presence of the holes in products from the likes of…

Read more →

FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff US authorities have labelled buffer overflow vulnerabilities “unforgivable defects”, pointed to the presence of the holes in products from the likes of…

Read more →

De-dupes some roles, hints others aren’t needed as the infosec scene shifts Nine days after completing its $859 million acquisition of managed detection and response provider Secureworks, Sophos has laid off around six percent of its staff.… This article has…

Read more →

GOP lawyer Sean Cairncross will be learning on the fly, as we also say hi to new intelligence boss Tulsi Gabbard President Trump has reportedly chosen a candidate for National Cyber Director — another top tech appointee with no professional…

Read more →

300+ US companies, 70+ individuals hit by the fraudsters An Arizona woman who created a “laptop farm” in her home to help fake IT workers pose as US-based employees has pleaded guilty in a scheme that generated over $17 million…

Read more →

Analysts tell El Reg why Russia’s operators aren’t that careful, and why North Korea wants money AND data Feature  Ransomware gangsters and state-sponsored online spies fall on opposite ends of the cyber-crime spectrum.… This article has been indexed from The…

Read more →

‘Near-global’ initial access campaign active since 2021 An initial-access subgroup of Russia’s Sandworm last year wriggled its way into networks within the US, UK, Canada and Australia, stealing credentials and data from “a limited number of organizations,” according to Microsoft.……

Read more →

Only lawmakers can stop them. Plus: software needs to be more secure, but what’s in it for us? Google says the the world’s lawmakers must take action against the increasing links between criminal and state-sponsored cyber activity.… This article has…

Read more →

Don’t relax just yet: Redmond has made some certificate-handling changes that could trip unprepared admins Patch Tuesday  Microsoft’s February patch collection is mercifully smaller than January’s mega-dump. But don’t get too relaxed – some deserve close attention, and other vendors…

Read more →

Numerous systemic vulnerabilities could scuttle $5.4T industry Despite the escalating cyber threats targeting America’s maritime transportation system, the US Coast Guard still lacks a comprehensive strategy to secure this critical infrastructure – nor does it have reliable access to data…

Read more →

Which is why Cisco is adding these Pensando DPUs to more switches Cisco is cramming into more of its switches Pensando data processing units (DPUs) from AMD, which will be dedicated to handling security, storage, and other tasks.… This article…

Read more →

Rustaceans could just wait for unwelcoming C coders to slowly SIGQUIT… The Rust for Linux project is alive and well, despite suggestions to the contrary, even if not every Linux kernel maintainer is an ally.… This article has been indexed…

Read more →

These crooks have no chill A previously unknown gang dubbed Triplestrength poses a triple threat to organizations: It infects victims’ computers with ransomware, then hijacks their cloud accounts to illegally mine for cryptocurrency.… This article has been indexed from The…

Read more →

UK foreign secretary says Putin is running a ‘corrupt mafia state’ One of the bulletproof hosting (BPH) providers used by the LockBit ransomware operation has been hit with sanctions in the US, UK, and Australia (AUKUS), along with six of…

Read more →

UK foreign secretary says Putin is running a ‘corrupt mafia state’ One of the bulletproof hosting (BPH) providers used by the LockBit ransomware operation has been hit with sanctions in the US, UK, and Australia (AUKUS), along with six of…

Read more →

Said to have asked search engine ‘What are some signs that the FBI is after you?’ An Alabama man is pleading guilty after being charged with SIM swapping the Securities and Exchange Commission’s (SEC) X account in January last year.……

Read more →

Remote position, webcam not working, then glitchy AI face … Red alert! Twice, over the past two months, Dawid Moczadło has interviewed purported job seekers only to discover that these “software developers” were scammers using AI-based tools — likely to…

Read more →

Cupertino mostly uses bland language when talking security, so this sounds nasty Apple has warned that some iPhones and iPads may have been targeted by an “extremely sophisticated attack” and has posted patches that hopefully prevent it.… This article has…

Read more →

Dark web site seized, four cuffed in Thailand An international police operation spanning the US, Europe, and Asia has shuttered the 8Base ransomware crew’s dark web presence and resulted in the arrest of four European suspects accused of stealing $16…

Read more →

Publications across 25 states either producing smaller issues or very delayed ones US newspaper publisher Lee Enterprises is one week into tackling a nondescript “cybersecurity event,” saying the related investigation may take “weeks or longer” to complete.… This article has…

Read more →

High starting salaries promised after public sector infosec pay criticized The UK’s Ministry of Defence (MoD) is fast-tracking cybersecurity specialists in a bid to fortify its protection against increasing attacks.… This article has been indexed from The Register – Security…

Read more →

Order requires destruction of departmental data accessed by Musky men Trump administration policies that allowed Elon Musk’s Department of Government Efficiency to access systems and data at the Bureau of the Fiscal Service (BFS) have left the org “more vulnerable…

Read more →

With over 2,000 banks in operation, a domain only they can access has clear potential to make life harder for fraudsters India’s Reserve Bank last week announced a plan to use adopt dedicated second-level domains – bank.in and fin.in –…

Read more →

With over 2,000 banks in operation, the potential to make life harder for fraudsters is obvious India’s Reserve Bank last week announced a plan to use adopt dedicated second-level domains – bank.in and fin.in – in the hope it improves…

Read more →

PLUS: Spanish cops think they’ve bagged NATO hacker; HPE warns staff of data breach; Lazy Facebook phishing, and more! Infosec In Brief  DeepSeek’s iOS app is a security nightmare that you should delete ASAP, according to researchers at mobile app…

Read more →

PLUS: Japan shifts to pre-emptive cyber-defense; Thailand cuts cords connecting scam camps; China to launch ‘moon hopper’ in 2026; and more! Asia In Brief  Huawei chair Liang Hua last week told a conference in China that the company expects to…

Read more →

Blighty’s latest stab at encryption? A secret order to pry open iCloud, sources claim The UK’s Home Office refuses to either confirm or deny reports that it recently ordered Apple to create a backdoor allowing the government to access any…

Read more →

Freshly minted organization aims to take the guesswork out of incident severity for insurers and policy holders A world-first organization assembled to categorize the severity of cybersecurity incidents is up and running in the UK following a year-long incubation period.……

Read more →

OCR plugin great for extracting crypto-wallet secrets from galleries Kaspersky eggheads say they’ve spotted the first app containing hidden optical character recognition spyware in Apple’s App Store. Cunningly, the software nasty is designed to steal cryptocurrency.… This article has been…

Read more →

35% drop in payments across the year as your backups got better and law enforcement made a difference Ransomware extortion payments fell in 2024, according to blockchain analyst biz Chainalysis this week.… This article has been indexed from The Register…

Read more →

Fourth time’s the harm? Gravy Analytics has been sued yet again for allegedly failing to safeguard its vast stores of personal data, which are now feared stolen. And by personal data we mean information including the locations of tens of…

Read more →

Lawsuit: ‘Scale of intrusion into individuals’ privacy is massive and unprecedented’ Elon Musk’s Department of Government Efficiency has had its access to US Treasury payment systems restricted – at least temporarily – following a lawsuit from advocacy groups and unions.……

Read more →

Are cybersecurity roles included? Are Elon’s enforcers vetted? Inquiring minds want to know Elected officials are demanding answers as to whether the Trump administration and Elon Musk’s Department of Government Efficiency (DOGE) are hamstringing US national security.… This article has…

Read more →

Are cybersecurity roles included? Are Elon’s enforcers vetted? Inquiring minds want to know Elected officials are demanding answers as to whether the Trump administration and Elon Musk’s Department of Government Efficiency (DOGE) are hamstringing US national security.… This article has…

Read more →

Don’t laugh: The $4.5m fine proposed for carrier Telnyx shows how the Trump administration will run its comms regulator In its first enforcement action of the Trump presidency, the FCC has voted to propose fining Telnyx $4,492,500 – after scammers…

Read more →

Are you trying to make this easy for China and Russia? Who bought it, who installed it, and what’s happening with the data on it.… This article has been indexed from The Register – Security Read the original article: Democrats…

Read more →

Don’t laugh: The $4.5m fine proposed for carrier Telnyx shows how the Trump administration will run its comms regulator In its first enforcement action of the Trump presidency, the FCC has voted to propose fining Telnyx $4,492,500 – after scammers…

Read more →

Some worry multi-lang codebase makes it harder to maintain open source uber-project, others disagree Developers trying to add Rust code to the Linux kernel continue to face opposition from kernel maintainers who believe using multiple languages is an unwelcome and…

Read more →

CEO of Cloud Software a ‘special government employee’ probing through IT for Elon Musk’s DOGE The US Treasury Department has revealed Tom Krause – the chief exec of Citrix and Netscaler owner Cloud Software Group – has “read-only” access to…

Read more →

Nothing to see here, just a ‘special government employee’ doing his job The US Treasury Department has assured Congress that a “special government employee” associated with Elon Musk’s Department of Government Efficiency (DOGE) has just “read-only” access to vital federal…

Read more →

International security squads all focus on stopping baddies busting in through routers, IoT kit etc Netgear is advising customers to upgrade their firmware after it patched two critical vulnerabilities affecting multiple routers.… This article has been indexed from The Register…

Read more →

Mountain View clocked onto the scheme with days to spare A Chinese national faces a substantial stint in prison and heavy fines if found guilty of several additional charges related to economic espionage and theft of trade secrets at Google.……

Read more →

Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least Googlers have not only figured out how to break AMD’s security – allowing them to load unofficial microcode into its processors to modify the silicon’s behavior as they wish…

Read more →

Researcher says ecosystem’s auto-caching is a net positive but presents exploitable quirks A security researcher says a backdoor masquerading as a legitimate Go programming language package used by thousands of organizations was left undetected for years.… This article has been…

Read more →

Contact info and partial payment details may be compromised US food and grocery delivery platform Grubhub says a security incident at a third-party service provider is to blame after user data was compromised.… This article has been indexed from The…

Read more →

Suspect, still at large, said to back concept that ‘code is law’ New York feds today unsealed a five-count criminal indictment charging a 22-year-old Canadian math prodigy with exploiting vulnerabilities in two decentralized finance protocols, allegedly using them to fraudulently…

Read more →

Healthcare chiefs say impact will persist for months NHS execs admit that last year’s cyberattack on hospitals in Wirral, northwest England, continues to “significantly” impact waiting times for cancer treatments, and suspect this will last for “months.”… This article has…

Read more →

When cloud customers don’t clean up after themselves, part 97 Abandoned AWS S3 buckets could be reused to hijack the global software supply chain in an attack that would make Russia’s “SolarWinds adventures look amateurish and insignificant,” watchTowr Labs security…

Read more →

Tackle longstanding issues around productivity, cyber resilience and public sector culture, advises spending watchdog The UK’s government spending watchdog has called on the current administration to make better use of technology to kickstart the misfiring economy and ensure better delivery…

Read more →

Also, Netgear fixes critical router, access point vulnerabilities Google has released its February Android security updates, including a fix for a high-severity kernel-level vulnerability, which is suspected to be in use by targeted exploits.… This article has been indexed from…

Read more →

Going beyond the traditional “Prevent, Detect, and Respond” framework and taking a proactive approach Partner Content  In today’s highly connected and technology-driven world, digital resilience is not just a competitive advantage for banks – it is a necessity.… This article…

Read more →

Senators ask, Homeland Security watchdog answers: Is it worth the money? The Department of Homeland Security’s Inspector General has launched an audit of the Transportation Security Administration’s use of facial recognition technology at US airports, following criticism from lawmakers and…

Read more →

Investigating compensation to police whose sensitive info was leaked in 2023 The Police Service of Northern Ireland (PSNI) has bailed two officers after they were arrested as part of a fraud investigation related to the payments to cops whose sensitive…

Read more →

Australian government staff mixed medical info for folk who share names and birthdays Australia’s privacy commissioner has found that government agencies down under didn’t make enough of an effort to protect data describing “digital doppelgangers” – people who share a…

Read more →

PLUS: MGM settles breach suits; AWS doesn’t trust you with security defaults; A new .NET backdoor; and more Infosec in brief  The United States Food and Drug Administration has told medical facilities and caregivers that monitor patients using Contec equipment…

Read more →

As if secure design is the only bullet point in a list of software engineering best practices Systems Approach  As my Systems Approach co-author Bruce Davie and I think through what it means to apply the systems lens to security,…

Read more →

Nulled and Cracked had a Lorelai-cal rise – until Operation Talent stepped in Law enforcement officers across Europe assembled again to collectively disrupt major facilitators of cybercrime, with at least one of those cuffed apparently a fan of the dramedy…

Read more →

How to communicate risk to executives Partner Content  Have you ever watched ? It’s one of my all-time favorite movies, not just for the story but for how it handles complexity.… This article has been indexed from The Register –…

Read more →

And it doesn’t take a crystal ball to predict the future If the nonstop flood of ransomware attacks doesn’t already make every day feel like Groundhog Day, then a look back at 2024 – and predictions for 2025 – definitely…

Read more →

And you, China, Russia, North Korea … Guardrails block malware generation Google says it’s spotted Chinese, Russian, Iranian, and North Korean government agents using its Gemini AI for nefarious purposes, with Tehran by far the most frequent naughty user out…

Read more →

Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom’s virtualization giant Broadcom has fixed five flaws, collectively deemed “high severity,” in VMware’s IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that…

Read more →

Why organizations should protect everything, everywhere, all at once Sponsored Feature  Considering it has such a large share of the data protection market, Veeam doesn’t talk much about backups in meetings with enterprise customers these days.… This article has been…

Read more →

‘No one was kicked off the NTSB in the middle of investigating a crash’ interview  Gutting the Cyber Safety Review Board as it was investigating how China’s Salt Typhoon breached American government and telecommunications networks was “foolish” and “bad for…

Read more →

400 hospitals and med centers across 15 states rely on its products New York Blood Center Enterprises (NYBCe) is currently in its fifth day of handling a ransomware attack that has led to system disruption.… This article has been indexed…

Read more →

Neither Labour, Conservatives, nor the Lib Dems offered a retort to rights org’s report The Open Rights Group (ORG) has raised concerns about a number of security issues it found in all three of the canvassing apps developed on behalf…

Read more →

Employers remain blissfully unaware/wilfully ignorant of the impact of surveillance on staff More than three-quarters of UK employers admit to using some form of surveillance tech to spy on their remote workers’ productivity.… This article has been indexed from The…

Read more →

Digital canvas slinger indicates dot-com was skimmed for over a month Graphics tablet maker Wacom has warned customers their credit card details may well have been stolen by miscreants while they were buying stuff from its website.… This article has…

Read more →

Oh someone’s in DeepShi… China-based AI biz DeepSeek may have developed competitive, cost-efficient generative models, but its cybersecurity chops are another story.… This article has been indexed from The Register – Security Read the original article: Guess who left a…

Read more →

Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? North Korea’s Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing as of earlier this month,…

Read more →

Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? North Korea’s Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing as of earlier this month,…

Read more →

And now you won’t stop calling me, I’m kinda busy A new variant of the Mirai-based malware Aquabot is actively exploiting a vulnerability in Mitel phones to build a remote-controlled botnet, according to Akamai’s Security Intelligence and Response Team.… This…

Read more →

Watch this webinar on-demand and learn how to safeguard your organisation’s future Webinar  The cybersecurity landscape continues to change at pace, leaving IT professionals constantly battling threats.… This article has been indexed from The Register – Security Read the original…

Read more →

Mastermind begs colluders to bury evidence later used to imprison him In announcing the sentencing of three Brits who ran OTP Agency, an account-takeover business, the National Crime Agency (NCA) revealed how a 2021 report sent the fraudsters into a…

Read more →

Think government cybersecurity is bad? Guess again. It’s alarmingly so The UK government is significantly behind on its 2022 target to harden systems against cyberattacks by 2025, with a new report from the spending watchdog suggesting it may not achieve…

Read more →

Lawsuit challenges effort to create federal-wide centralized inbox expected to be used for mass firings Two anonymous US government employees have sued Uncle Sam’s HR department – the Office of Personnel Management – claiming the Trump administration’s rapid roll out…

Read more →