Tag: The Register – Security

Follow us down this deep rabbit hole of privacy policy after privacy policy Feature  In April, attorney Christine Dudley was listening to a book on her iPhone while playing a game on her Android tablet when she started to see…

Read more →

For starters: Crypto, import tariffs, and Microsoft shipping out staff Kettle  It’s been a fairly troubling week in terms of the relationship between China and the Western world.… This article has been indexed from The Register – Security Read the…

Read more →

Feds scoff at blockchain integrity while software bug said to have been at heart of the matter The US Department of Justice has booked two brothers on allegations that they exploited open source software used in the Ethereum blockchain world…

Read more →

Throw another healthcare biz on the barby, mate Australian prescriptions provider MediSecure is the latest healthcare org to fall victim to a ransomware attack, with crooks apparently stealing patients’ personal and health data.… This article has been indexed from The…

Read more →

Your local nail tech could be a secret agent for Kim’s cunning plan Three individuals accused of helping North Korea fund its weapon programs using US money are now in handcuffs.… This article has been indexed from The Register –…

Read more →

Your local nail tech could be a secret agent for Kim’s cunning plan Three individuals accused of facilitating North Korea’s bid to fund its weapon program using US money are now in handcuffs.… This article has been indexed from The…

Read more →

Your local nail tech could be a secret agent for Kim’s cunning plan Three individuals accused of facilitating North Korea’s bid to fund its weapon program using US money are now in handcuffs.… This article has been indexed from The…

Read more →

TLDR: Peace in our time is really really hard Interview  On Wednesday the FBI and international cops celebrated yet another cybercrime takedown – of ransomware brokerage site BreachForums – just a week after doxing and imposing sanctions on the LockBit…

Read more →

Spoiler alert: it’s not really IT support controlling your device A cybercrime gang has been abusing Microsoft’s Quick Assist application in social engineering attacks that ultimately allow the crew to infect victims with Black Basta ransomware.… This article has been…

Read more →

Has social media biz done enough to comply with Digital Services Act? Maybe not The European Commission has opened formal proceedings to assess whether Meta, the provider of Facebook and Instagram, may have breached the Digital Services Act (DSA) in…

Read more →

Annual conference of cyber intel unit shows UK’s alarm over China blaring louder than ever Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre (NCSC), will know that in addition to the…

Read more →

It may take ten years but vendors must be held accountable for the vulnerabilities they introduce CYBERUK  National Cyber Security Centre (NCSC) CTO Ollie Whitehouse kicked off day two of British infosec conference CYBERUK with a tirade on the tech…

Read more →

More government data allegedly stolen by prolific criminals An extortionist claims to have stolen files from the US Army Aviation and Missile Command in August 2023, and now claims they are selling access to a $75 billion aerospace and defense…

Read more →

No more illicit gains, for a while at least The FBI, in combination with police around the world, have taken control of the website and Telegram channel of ransomware brokerage site BreachForums.… This article has been indexed from The Register…

Read more →

Developing an effective strategy is a continuous process which requires recurring evaluation and refinement Partner Content  A cyber defense strategy outlines policies, procedures, and technologies to prevent, detect, and respond to cyber attacks. This helps avoid financial loss, reputational damage,…

Read more →

Plus: Google Chrome, Apple bugs also exploited in the wild Happy May Patch Tuesday. We’ve got a lot of vendors joining this month’s patchapalooza, which includes a handful of bugs that have been exploited — either in the wild or…

Read more →

Agency is on the lookout for a Prince among men The US Federal Communications Commission has named its first robocall gang, dubbing the crew “Royal Tiger,” and detailed its operations in an attempt to encourage international action against the scammers.……

Read more →

Guidebook aims to undermine the criminal business model The latest effort to reduce the number of ransom payments sent to cybercriminals in the UK involves the country’s National Cyber Security Centre (NCSC) locking arms with insurance associations.… This article has…

Read more →

Drama between two of the leading secure messaging services Telegram CEO Pavel Durov issued a scathing criticism of Signal, alleging the messaging service is not secure and has ties to US intelligence agencies.… This article has been indexed from The…

Read more →

After years of people being victimized, it’s about time Google and Apple are rolling out an anti-stalking feature for Android 6.0+ and iOS 17.5 that will issue an alert if some scumbag is using a gadget like an AirTag or…

Read more →

How to empower CISOs and mitigate cyber security risks in a rapidly evolving threat landscape Sponsored Post  Defending against the cyber threats of today isn’t dissimilar to protecting a medieval castle from attack a thousand years ago.… This article has…

Read more →

When PoC code is released within a day of disclosure, it’s only a matter of time before attacks kick off The UK’s NHS is warning of the possibility that vulnerabilities in Arcserve Unified Data Protection (UDP) software are being actively…

Read more →

Going once, going twice, going offline Christie’s website remains offline as of Monday after a “technology security issue” shut it down Thursday night – just days before the venerable auction house planned to flog $840 million of art.… This article…

Read more →

Emergency ambulances diverted while experts restore systems Multiple US security agencies have published advisories on Black Basta after the ransomware gang claimed responsibility for the recent attack on US healthcare provider Ascension.… This article has been indexed from The Register…

Read more →

Hint: It’s the ‘the largest’ maker of a key computer component RSAC  An unnamed tech business hired IBM’s X-Force penetration-testing team to break in and search for security vulnerabilities in their networks. … This article has been indexed from The Register…

Read more →

Intelligence-sharing platform remains down for maintenance Europol is investigating a cybercriminal’s claims that they stole confidential data from a number of the agency’s sources.… This article has been indexed from The Register – Security Read the original article: Europol confirms…

Read more →

The Register’s Tim Philips gets down and dirty on cyber security in this interview with Rubrik CISO Richard Cassidy Sponsored Post  There were hard words about the state of Britain’s cyber security in parliament recently, but it’s not just the…

Read more →

But breaking E2EE and blanket bans aren’t thinking at all Opinion  If your cranky uncle was this fixated about anything, you’d always be somewhere else at Christmas. Yet here we are again. Europol has been sounding off at Meta for…

Read more →

Cloudflare’s Everywhere Security platform offers unified protection for on and off-premise applications Sponsored Post  Organizations across the Asia Pacific need to urgently ramp up their IT security infrastructures in response to a significantly increasing level of cyber threats, security experts…

Read more →

PLUS: More data leaks at the US Patent Office; LockBit still tough enough for Wichita; and some critical vulnerabilities in brief  Encrypted email service Proton Mail is in hot water again, and for the same thing that earned it flack…

Read more →

As gang tactics get nastier while attacks hit all-time highs Interview  Ransomware hit an all-time high last year, with more than 60 criminal gangs listing at least 4,500 victims – and these infections don’t show any signs of slowing.… This…

Read more →

Claroty CEO Yaniv Vardi tells us what’s needed to defend vital networks Interview  Take a glance at the cybersecurity headlines of late, and you’ll see a familiar phrase that keeps cropping up: Critical infrastructure. … This article has been indexed from…

Read more →

Claroty CEO Yaniv Vardi tells us what’s needed to defend vital networks Interview  Take a glance at the cybersecurity headlines of late, and you’ll see a familiar phrase that keeps cropping up: Critical infrastructure. … This article has been indexed from…

Read more →

But China’s the most technologically advanced Interview  China remains the biggest cyber threat to the US government, America’s critical infrastructure, and its private-sector networks, the nation’s intelligence community has assessed.… This article has been indexed from The Register – Security…

Read more →

Not a lotto luck for these powerball hunters More than half a million gamblers with a penchant for powerballs will be receiving some fairly unwelcome news very soon, if not already, as cybercriminals have made off with their personal data.……

Read more →

Major intrusions by both China and Russia leave a lot to be answered for The US government wants to make Microsoft’s vice chair and president, Brad Smith, the latest tech figurehead to field questions from a House committee on its…

Read more →

Cameras tested are specced for Baidu’s Apollo Six boffins mostly hailing from Singapore-based universities have proven it’s possible to attack autonomous vehicles by exploiting the system’s reliance on camera-based computer vision and cause it to not recognize road signs.… This…

Read more →

‘This was a no sh*tter’ RSAC  A malware-laced USB stick, inserted into a military laptop at a base in Afghanistan in 2008, led to what has been called the worst military breach in US history, and to the creation of…

Read more →

Spoiler alert: We’re gonna talk about AI Interview  Mick Baccio, global security advisor at Splunk, has watched the evolution of election security threats in real time.… This article has been indexed from The Register – Security Read the original article:…

Read more →

Sources claim ransomware is to blame Healthcare organization Ascension is the latest of its kind in the US to say its network has been affected by what it believes to be a “cybersecurity event.”… This article has been indexed from…

Read more →

Having China, Russia, and Iran routinely rummaging around is cause for concern, says ex-NSA man RSAC  Digital intruders from China, Russia, and Iran breaking into US water systems this year should be a “wake-up call,” according to former National Security…

Read more →

IT giant tries to downplay leak as just names, addresses, info about kit Dell has confirmed information about its customers and their orders has been stolen from one of its portals. Though the thief claimed to have swiped 49 million…

Read more →

BogusBazaar ripped off shoppers and scraped card details, but not in China A crime ring dubbed BogusBazaar has scammed 850,000 people out of tens of millions of dollars via a network of dodgy shopping websites.… This article has been indexed…

Read more →

It’s ‘essential to national security’ ex-Navy intel officer tells us Interview  As undersea cables carry increasing amounts of information, cyber and physical attacks against them will cause a greater impact on the wider internet.… This article has been indexed from…

Read more →

It’s ‘essential to national security’ ex-Navy intel officer tells us Interview  As undersea cables carry ever-increasing amounts of data, they become even higher priority targets for both cyber and physical attacks.… This article has been indexed from The Register –…

Read more →

And it would seriously inconvenience the Chinese and Russians, too RSAC  There’s a way to vastly reduce the scale and scope of ransomware attacks plaguing critical infrastructure, according to CISA director Jen Easterly: Make software secure by design.… This article…

Read more →

Nearly 95M people in total snagged by flaw in file transfer tool Just short of a year after the initial incident, the state of Georgia’s higher education government agency has confirmed that it was the victim of an attack on…

Read more →

China vehemently denies involvement UK Government has confirmed a cyberattack on the payroll system used by the Ministry of Defence (MoD) led to “malign” forces accessing data on current and a limited number of former armed forces personnel.… This article…

Read more →

On the plus side, infosec’s a good bet for a long, stable career Interview  This year is an unfortunate anniversary for information security: We’re told it’s a decade since ransomware started infecting corporations.… This article has been indexed from The…

Read more →

Keynotes, physical security, playlists … the buck stops with Linda Gray Martin Interview  The 33rd RSA Conference is underway this week, and no one feels that more acutely than the cybersecurity event’s SVP Linda Gray Martin.… This article has been…

Read more →

‘I’m blown away by the fact that they weren’t using MFA’ Interview  The cybersecurity practices that led up to the stunning Change Healthcare ransomware infection indicate “egregious negligence” on the part of parent company UnitedHealth, according to Tom Kellermann, SVP…

Read more →

‘I’m blown away by the fact that they weren’t using MFA’ Interview  The cybersecurity practices that led up to the stunning Change Healthcare ransomware infection indicate “egregious negligence” on the part of parent company UnitedHealth, according to Tom Kellermann, SVP…

Read more →

Or at least it might well be if these trial programs work out, with some civil lib oversight etc etc etc RSAC  AI is a double-edged sword in that the government can see ways in which the tech can protect…

Read more →

Avoid traffic-redirecting snoops who have TunnelVision A newly discovered vulnerability undermines countless VPN clients in that their traffic can be quietly routed away from their encrypted tunnels and intercepted by snoops on the network.… This article has been indexed from…

Read more →

In the first year alone, that’s saved us all a lot of money and woe RSAC  As ransomware gangs step up their attacks against healthcare, schools, and other US critical infrastructure, CISA is ramping up a program to help these…

Read more →

Nothing like folks in Beijing lecturing us on the Constitution TikTok and its China-based parent ByteDance sued the US government today to prevent the forced sale or shutdown of the video-sharing giant.… This article has been indexed from The Register…

Read more →

Dmitry Yuryevich Khoroshev’s $10M question is answered at last Updated  Police have finally named who they firmly believe is the kingpin of the LockBit ransomware ring: Dmitry Yuryevich Khoroshev.… This article has been indexed from The Register – Security Read…

Read more →

Dmitry Yuryevich Khoroshev’s $10M question is answered at last The kingpin of the LockBit ransomware operation has finally been named by law enforcement as Dmitry Yuryevich Khoroshev.… This article has been indexed from The Register – Security Read the original…

Read more →

More work to do as most deadlines are missed and worst bugs still take months to fix The deadlines associated with CISA’s Known Exploited Vulnerabilities (KEV) catalog only apply to federal agencies, but fresh research shows they’re having a positive…

Read more →

Thousands of guards’ ID cards and CCTV snaps of suspects found online Exclusive  A UK-based physical security business let its guard down, exposing nearly 1.3 million documents via a public-facing database, according to an infosec researcher.… This article has been…

Read more →

Crims SIM swap execs’ kids to freak out their parents, Mandiant CTO says RSAC  Ransomware infections and extortion attacks have become “a psychological attack against the victim organization,” as criminals use increasingly personal and aggressive tactics to force victims to…

Read more →

And the iOS titan doesn’t seem that bothered with this data leaking out Last week, Apple began requiring iOS developers justify the use of a specific set of APIs that could be used for device fingerprinting. Yet the iGiant doesn’t…

Read more →

After very boring first reveal, this could be the real deal Cops around the world have relaunched LockBit’s website after they shut it down in February – and it’s now counting down the hours to reveal documents that could unmask…

Read more →

Decentralization is great until everyone wants to grab data from your web server Updated  Mastodon has pushed back an update that’s expected to fully address the issue of link previews sparking accidental distributed denial of service (DDoS) attacks.… This article…

Read more →

Decentralization is great, except when many servers grab data from a site Mastodon has pushed back an update that would have addressed the issue of link previews creating accidental distributed denial of service (DDoS) attacks.… This article has been indexed…

Read more →

Accused of stealing data after losing his job A cybersecurity expert could face a 20-year prison sentence after being accused of allegedly trying to extort a multinational IT infrastructure services biz out of $1.5 million.… This article has been indexed…

Read more →

Recent attacks on healthcare thrust infosec agency into alert mode CISA is calling on the software industry to stamp out directory traversal vulnerabilities following recent high-profile exploits of the 20-year-old class of bugs.… This article has been indexed from The…

Read more →

ALSO: Microsoft promises to git gud on cybersecurity; unqualified attackers are targeting your water systems, and more infosec in brief  It was just around a year ago that a spate of allegedly Russian-orchestrated cyberattacks hit government agencies in Germany, and…

Read more →

Internet Society’s Robin Wilton tells us the war on privacy won’t be won by the plod interview  Police can complain all they like about strong end-to-end encryption making their jobs harder, but it doesn’t matter because the technology is here…

Read more →

Privacy Not Included label slapped on 22 of 25 top lonely-hearts corners Dating apps ask people to disclose all kinds of personal information in the hope of them finding love, or at least a hook-up.… This article has been indexed…

Read more →

Ready, set, sanctions? If volunteer intelligence gatherers are correct, the US may have a good reason to impose sanctions on Russian infosec firm Kaspersky, whose AI was allegedly used to help Russia produce drones for its war on Ukraine.… This…

Read more →

Ready, set, sanctions? If volunteer intelligence gatherers are correct, the US may have a good reason to impose sanctions on Russian infosec firm Kaspersky, which has been accused of helping Russia design drones used in the invasion of Ukrainian.… This…

Read more →

Ready, set, sanctions? If volunteer intelligence gatherers are correct, the US might have a good reason to impose sanctions on Russian infosec firm Kaspersky, which has been accused of helping Russia design drones used in the Ukrainian war.… This article…

Read more →

Sure, we’re waking to the risk, but we gotta get outta bed, warns Endor Labs founder Varun Badhwar interview  The more cybersecurity news you read, the more often you seem to see a familiar phrase: Software supply chain (SSC) vulnerabilities.…

Read more →

Cops prevented crims from bilking victims out of more than €10m – but couldn’t stop crime against art A Europol-led operation dubbed “Pandora” has shut down a dozen phone scam centers, and arrested 21 suspects. The cops reckon the action…

Read more →

A ‘murky’ web sees many purchases run through Singapore in a way that hides potential users Indonesia has acquired spyware and surveillance technologies through a “murky network” that extends into Israel, Greece, Singapore and Malaysia for equipment sourcing, according to…

Read more →

Bad configurations, insecure versions of jQuery, and crummy cookies are some of myriad problems Exclusive  Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according…

Read more →

Windows giant extends passwordless tech to everyone else Microsoft today said it will now let us common folk — not just commercial subscribers — sign into their Microsoft accounts and apps using passkeys with their face, fingerprint, or device PIN.… This…

Read more →

Operation busted after dodgy devices ended up at Air Force Miami resident Onur Aksoy has been sentenced to six and a half years in prison for running a multi-million-dollar operation selling fake Cisco equipment that ended up in the US…

Read more →

Ten vulnerabilities in total for admins to apply Network admins are being urged to patch a bundle of critical vulnerabilities in ArubaOS that lead to remote code execution as a privileged user.… This article has been indexed from The Register…

Read more →

Warning comes exactly a year after the vulnerability was introduced The US Cybersecurity and Infrastructure Security Agency (CISA) is forcing all federal agencies to patch a critical vulnerability in GitLab’s Community and Enterprise editions, confirming it is very much under…

Read more →

Taking down TikTok won’t stop the CCP’s attempt to control global narratives Chinese tech companies that serve as important links in the world’s digital supply chains are helping Beijing to execute and refine its propaganda strategy, according to an Australian…

Read more →

After extorting $700 million from thousands of victims A Ukrainian man has been sentenced to almost 14 years in prison and ordered to pay more than $16 million in restitution for his role in infecting thousands of victims with REvil…

Read more →

Taking down TikTok won’t stop the CCP’s attempt to control global narratives Chinese tech companies that serve as important links in the world’s digital supply chains are helping Beijing to execute and refine its propaganda strategy, according to an Australian…

Read more →

Allegations fly regarding unpaid contractors and iffy infosec Over a million records describing Australians who visited local pubs and clubs have apparently been posted online.… This article has been indexed from The Register – Security Read the original article: A…

Read more →

Only from its digital doc-signing service, which is isolated from its cloudy storage Dropbox has revealed a major attack on its systems that saw customers’ personal information accessed by unknown and unauthorized entities.… This article has been indexed from The…

Read more →

Developer of Square and Cash App reportedly has big back-end problems it was slow to fix Fintech biz Block is reportedly under investigation by US prosecutors over claims by a former employee that lax compliance checks mean its Square and…

Read more →

Intrusion investors went through Blount farce trauma, says SEC Jack Blount, the now-ex CEO of Intrusion, has settled with the SEC over allegations he made false and misleading statements about his infosec firm’s product as well as his own background…

Read more →

Vulnerable elderly people tricked into paying tens of thousands over fake car accidents Sixteen people are facing charges from US prosecutors for allegedly preying on the elderly and scamming them out of millions of dollars.… This article has been indexed…

Read more →

Issue now resolved and isn’t thought to be the work of criminals Aussie airline Qantas says its app is now stable following a data breach that saw boarding passes take off from passengers’ accounts.… This article has been indexed from…

Read more →

An ACE in the hole for miscreants The open source R programming language – popular among statisticians and data scientists for performing visualization, machine learning, and suchlike – has patched an arbitrary code execution hole that scored a preliminary CVSS…

Read more →

An ACE in the hole for miscreants The open source R programming language has patched an arbitrary code execution hole that scored a preliminary CVSS severity rating of 8.8 out of 10.… This article has been indexed from The Register…

Read more →

Vastaamo villain more than doubled reported crime in Nordic nation A cyber-thief who snatched tens of thousands of patients’ sensitive records from a psychotherapy clinic before blackmailing them and then leaking their files online has been caged for six years…

Read more →

Congress to hear how Citrix MFA snafu led to massive data theft, $870M+ loss UnitedHealth CEO Andrew Witty will tell US lawmakers Wednesday the cybercriminals who hit Change Healthcare with ransomware used stolen credentials to remotely access a Citrix portal…

Read more →

Tried to sell top secret docs for the low, low price of $85K A former NSA employee has been sentenced to 262 months in prison for attempting to do freelance as a Russian spy.… This article has been indexed from…

Read more →

Tried to sell top secret docs for the low, low price of $85k A former NSA employee has been sentenced to 262 months in prison for attempting to do freelance as a Russian spy.… This article has been indexed from…

Read more →

Europe takes action after Facebook parent withdraws monitoring tool The European Commission has launched formal proceedings against Meta, alleging failure to properly monitor distribution by “foreign actors” of political misinformation before June’s European elections.… This article has been indexed from…

Read more →

Infosec eggheads find iGiant left EU iOS 17 users open to being tracked around the web Apple’s grudging accommodation of European antitrust rules by allowing third-party app stores on iPhones has left users of its Safari browser exposed to potential…

Read more →

Carriers claim real culprits are getting away with it – the data brokers The FCC on Monday fined four major US telcos almost $200 million for “illegally” selling subscribers’ location information to data brokers.… This article has been indexed from…

Read more →

Third of a million developer accounts kiboshed, too Google says it stopped 2.28 million Android apps from being published in its official Play Store last year because they violated security rules.… This article has been indexed from The Register –…

Read more →