Azure Blob Storage, AWS, and Twilio keys all up for grabs An analysis of widely used mobile apps offered on Google Play and the Apple App Store has found hardcoded and unencrypted cloud service credentials, exposing millions of users to…
Tag: The Register – Security
US lawmakers push DoJ to prosecute tax prep firms for leaking taxpayer data to big tech
TaxSlayer, H&R Block, TaxAct, and Ramsey Solutions accused of sharing info with Meta and Google A quartet of lawmakers have penned a letter to the Department of Justice asking it to prosecute tax preparation companies for sharing customer data, including…
US lawmakers push DOJ to prosecute tax prep firms for leaking taxpayer data to big tech
TaxSlayer, H&R Block, TaxAct, and Ramsey Solutions accused of sharing info with Meta and Google A quartet of Democratic lawmakers have penned a letter to the US Department of Justice asking it to prosecute tax preparation companies for sharing customer…
TSMC blows whistle on potential sanctions-busting shenanigans from Huawei
Chip giant tells Uncle Sam someone could be making orders on the sly TSMC has reportedly tipped off US officials to a potential attempt by Huawei to circumvent export controls and obtain AI chips manufactured by the Taiwanese company.… This…
VMware fixes critical RCE, make-me-root bugs in vCenter – for the second time
If the first patches don’t work, try, try again VMware has pushed a second patch for a critical, heap-overflow bug in the vCenter Server that could allow a remote attacker to fully compromise vulnerable systems after the first software update,…
Tech firms to pay millions in SEC penalties for misleading SolarWinds disclosures
Unisys, Avaya, Check Point, and Mimecast settled with the agency without admitting or denying wrongdoing Four high-profile tech companies reached an agreement with the Securities and Exchange Commission to pay millions of dollars in penalties for misleading investors about their…
Akira ransomware is encrypting victims again following pure extortion fling
Crooks revert to old ways for greater efficiency Experts believe the Akira ransomware operation is up to its old tricks again, encrypting victims’ files after a break from the typical double extortion tactics.… This article has been indexed from The…
Pixel perfect Ghostpulse malware loader hides inside PNG image files
Miscreants combine it with an equally tricky piece of social engineering The Ghostpulse malware strain now retrieves its main payload via a PNG image file’s pixels. This development, security experts say, is “one of the most significant changes” made by…
China’s Spamouflage cranks up trolling of US Senator Rubio as election day looms
Note to Xi: Marco and Ted Cruz aren’t the same person China’s Spamouflage disinformation crew has been targeting US Senator Marco Rubio (R-Florida) with its fake news campaigns over the past couple of months, trolling the Republican lawmaker’s official X…
Sophos to snatch Secureworks in $859M buyout: Why fight when you can just buy?
Private equity giant Thoma Bravo adds another trophy to its growing collection British security biz Sophos has announced a plan to gobble up competitor Secureworks in an $859 million deal that will make Dell happy.… This article has been indexed…
The billionaire behind Trump’s ‘unhackable’ phone is on a mission to fight Tesla’s FSD
Dan O’Dowd tells El Reg about the OS secrets and ongoing clash with Musk Interview This month, presidential hopeful Donald Trump got a tool in his arsenal, some allegedly “unhackable” communications kit, and The Register has talked to the man…
macOS HM Surf vuln might already be under exploit by major malware family
Like keeping your camera and microphone private? Patch up In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems.… This article has been indexed from The Register –…
Tesla, Intel, deny they’re the foreign company China just accused of making maps that threaten national security
As TSMC defends itself against report it may have helped Huawei Tesla has denied it was involved in illegal-map making activities in China after Beijing asserted an unnamed foreign firm working on a smart car project had done so –…
Internet Archive exposed again – this time through Zendesk
Org turns its woes into a fundraising opportunity Despite the Internet Archive’s assurances it’s back on its feet after a recent infosec incident, the org still appears to be in trouble after parties unknown claimed to hold access tokens to…
Open source LLM tool primed to sniff out Python zero-days
The static analyzer uses Claude AI to identify vulns and suggest exploit code Researchers with Seattle-based Protect AI plan to release a free, open source tool that can find zero-day vulnerabilities in Python codebases with the help of Anthropic’s Claude…
Jetpack fixes 8-year-old flaw affecting millions of WordPress sites
Also, new EU cyber reporting rules are live, exploiters hit the gas pedal, free PDNS for UK schools, and more in brief A critical security update for the near-ubiquitous WordPress plugin Jetpack was released last week. Site administrators should ensure…
Alleged Bitcoin crook faces 5 years after SEC’s X account pwned
SIM swappers strike again, warping cryptocurrency prices An Alabama man faces five years in prison for allegedly attempting to manipulate the price of Bitcoin by pwning the US Securities and Exchange Commission’s X account earlier this year.… This article has…
ESET denies it was compromised as Israeli orgs targeted with ‘ESET-branded’ wipers
Says ‘limited’ incident isolated to ‘partner company’ ESET denies being compromised after an infosec researcher highlighted a wiper campaign that appeared to victims as if it was launched using the Slovak security shop’s infrastructure.… This article has been indexed from…
Intel lightly hits back at China’s accusations it bakes in NSA backdoors
Chipzilla says it obeys the law … which could mean anything Intel has responded to Chinese claims that its chips include security backdoors at the direction of America’s NSA.… This article has been indexed from The Register – Security Read…
Intel robustly refutes China’s accusations it bakes in NSA backdoors
Chipzilla uses WeChat post to defend record of following local laws Intel has roundly rebutted Chinese accusations that its chips include security backdoors at the direction of the US National Security Agency (NSA).… This article has been indexed from The…
Biz hired, and fired, a fake North Korean IT worker – then the ransom demands began
‘My webcam isn’t working today’ is the new ‘The dog ate my network’ It’s a pattern cropping up more and more frequently: a company fills an IT contractor post, not realizing it’s mistakenly hired a North Korean operative. The phony…
Uncle Sam puts $10M bounty on Russian troll farm Rybar
Propaganda op focuses on anti-West narratives to meddle with elections The US has placed a $10 million bounty on Russian media network Rybar and a number of its key staffers following alleged attempts to sway the upcoming US presidential election.……
Troubled US insurance giant hit by extortion after data leak
Globe Life claims blackmailers shared stolen into with short sellers US insurance provider Globe Life, already grappling with legal troubles, now faces a fresh headache: an extortion attempt involving stolen customer data.… This article has been indexed from The Register…
Brazilian police claim they’ve cuffed serial cybercrook behind FBI and Airbus attacks
Early stage opsec failures lead to landmark arrest of suspected serial data thief Brazilian police are being cagey with the details about the arrest of a person suspected to be responsible for various high-profile data thefts.… This article has been…
WeChat devs introduced security flaws when they modded TLS, say researchers
No attacks possible, but enough issues to cause concern Messaging giant WeChat uses a network protocol that the app’s developers modified – and by doing so introduced security weaknesses, researchers claim.… This article has been indexed from The Register – Security…
Anonymous Sudan isn’t any more: Two alleged operators named, charged
Gang said to have developed its evilware on GitHub – then DDoSed GitHub Hacktivist gang Anonymous Sudan appears to have lost its anonymity after the US Attorney’s Office on Wednesday unsealed an indictment identifying two of its alleged operators.… This…
Anonymous Sudan isn’t any more: two alleged operators named, charged
Gang said to have developed its evilware on GitHub – then DDoSed GitHub Hacktivist gang Anonymous Sudan appears to have lost its anonymity after the US Attorney’s Office on Wednesday unsealed an indictment identifying two of its alleged operators.… This…
US contractor pays $300K to settle accusation it didn’t properly look after Medicare users’ data
Resolves allegations it improperly stored screenshots containing PII that were later snaffled A US government contractor will settle claims it violated cyber security rules prior to a breach that compromised Medicare beneficiaries’ personal data.… This article has been indexed from…
US contractor pays $300k to settle accusation it didn’t properly look after Medicare users’ data
Resolves allegations it improperly stored screenshots containing PII that were later snaffled A US government contractor will settle claims it violated cyber security rules prior to a breach that compromised Medicare beneficiaries’ personal data.… This article has been indexed from…
Critical default credential bug in Kubernetes Image Builder allows SSH root access
It’s called leaving the door wide open – especially in Proxmox A critical bug in Kubernetes Image Builder could allow unauthorized SSH access to virtual machines (VMs) due to default credentials being enabled during the image build process.… This article…
Volkswagen monitoring data dump threat from 8Base ransomware crew
The German car giant appears to be unconcerned The 8Base ransomware crew claims to have stolen a huge data dump of Volkswagen files and is threatening to publish them, but the German car giant appears to be unconcerned.… This article…
SolarWinds critical hardcoded credential bug under active exploit
No word yet on scope of attacks A critical, hardcoded credential bug in SolarWinds’ Web Help Desk products has been found and exploited by criminals, according to the US Cybersecurity and Infrastructure Security Agency, which has added the flaw to…
China’s infosec leads accuse Intel of NSA backdoor, cite chip security flaws
Uncle Sam having a secret way into US tech? Say it ain’t so A Chinese industry group has accused Intel of backdooring its CPUs, in addition to other questionable security practices while calling for an investigation into the chipmaker, claiming…
Strengthen your cybersecurity with automation
Find out how to enhance efficiency using Google Security Operations Webinar In an era of ever-evolving cyber threats, staying ahead of potential security risks is essential.… This article has been indexed from The Register – Security Read the original article:…
Internet Archive wobbles back online, with limited functionality
DDoS detectives deduce Mirai used to do the deed, using home entertainment boxes in Korea, China, and Brazil The Internet Archive has come back online, in slightly degraded mode, after repelling an October 9 DDoS attack and then succumbing to…
IBM acquires Indian SaaS startup Prescinto to shine a light on renewable energy assets
ALSO: Crypto-hub Binance helps Delhi police shut down solar power scam IBM announced on Tuesday it has acquired Prescinto, a Bangalore-based provider of asset performance management software for renewable energy.… This article has been indexed from The Register – Security…
WhatsApp may expose the OS you use to run it – which could expose you to crooks
Messaging service creates persistent user IDs that have different qualities on each device An analysis of Meta’s WhatsApp messaging software reveals that it may expose which operating system a user is running, and their device setup information – including the…
Cisco confirms ‘ongoing investigation’ after crims brag about selling tons of data
IntelBroker claims the breach impacts Microsoft, SAP, AT&T, Verizon, T-Mobile US, and more Cisco has confirmed it is investigating claims of stealing — and now selling — data belonging to the networking giant.… This article has been indexed from The Register…
Microsoft says more ransomware stopped before reaching encryption
Volume of attacks still surging though, according to Digital Defense Report Microsoft says ransomware attacks are up 2.75 times compared to last year, but claims defenses are actually working better than ever.… This article has been indexed from The Register…
AI amplifies systemic risk to financial sector, says India’s Reserve Bank boss
Who also worries misinformation on social media could threaten liquidity The governor of India’s Reserve Bank, Shri Shaktikanta Das, yesterday warned that AI – and the platforms that provide it – could worsen systemic risk to the nation’s financial system.……
China again claims Volt Typhoon hack gang was invented by the US to discredit it
Enough with the racist-sounding ‘dragons’ and ‘pandas’, Beijing complains – then points the finger at koalas Chinese authorities have published another set of allegations that assert the Volt Typhoon threat actor is an invention of the US and its allies,…
US healthcare org admits up to 400,000 people’s personal info was snatched
It waited till just before Columbus Day weekend to make mandated filing, but don’t worry, we saw it A Houston-based services provider to healthcare organizations says a crook may have grabbed up to 400,000 people’s information after the miscreant accessed…
Leveraging AI/ML for next-gen SOC environments
Technologies that help SOCs detect, analyze, and respond to emerging threats faster and more accurately Sponsored Post This article discusses some of the challenges traditional SOCs face and how integrating artificial intelligence/machine learning (AI/ML) modules could help solve the challenges…
Trump campaign arms up with ‘unhackable’ phones after Iranian intrusion
Florida man gets his hands on ‘the best ever’ With less than a month to go before American voters head to the polls to choose their next president, the Trump campaign has been investing in secure tech to make sure…
Thousands of Fortinet instances vulnerable to actively exploited flaw
No excuses for not patching this nine-month-old issue More than 86,000 Fortinet instances remain vulnerable to the critical flaw that attackers started exploiting last week, according to Shadowserver’s data.… This article has been indexed from The Register – Security Read…
How to head off data breaches with CIAM
Let Okta lift the lid on customer identity in this series of webinars Sponsored Post Recent reports suggest that stolen identity and privileged access credentials now account for 61 percent of all data breaches.… This article has been indexed from…
Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption
With an off-the-shelf D-Wave machine Chinese researchers claim they have found a way to use D-Wave’s quantum annealing systems to develop a promising attack on classical encryption.… This article has been indexed from The Register – Security Read the original…
Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between
Reading, writing, and cyber mayhem, amirite? If we were to draw an infosec Venn diagram, with one circle representing “sensitive info that attackers would want to steal” and the other “limited resources plus difficult-to-secure IT environments,” education would sit in…
US and UK govts warn: Russia scanning for your unpatched vulnerabilities
Also, phishing’s easier over the phone, and your F5 cookies might be unencrypted, and more in brief If you need an excuse to improve your patching habits, a joint advisory from the US and UK governments about a massive, ongoing…
INC ransomware rebrands to Lynx – same code, new name, still up to no good
Researchers point to evidence that scumbags visited the strategy boutique Researchers at Palo Alto’s Unit 42 believe the INC ransomware crew is no more and recently rebranded itself as Lynx over a three-month period.… This article has been indexed from…
US lawmakers seek answers on alleged Salt Typhoon breach of telecom giants
Cyberspies abusing a backdoor? Groundbreaking Lawmakers are demanding answers about earlier news reports that China’s Salt Typhoon cyberspies breached US telecommunications companies Verizon, AT&T, and Lumen Technologies, and hacked their wiretapping systems. They also urge federal regulators to hold these…
RAC duo busted for stealing and selling crash victims’ data
Roadside assistance biz praised for deploying security monitoring software and reporting workers to cops Two former workers at roadside assistance provider RAC were this week given suspended sentences after illegally copying and selling tens of thousands of lines of personal…
Keir Starmer hands ex-Darktrace boss investment minister gig
What’s harder? Convincing people to invest in a beleaguered security business or a tiny island everybody hates? Keir Starmer’s decision to appoint Poppy Gustafsson as the UK’s new investment minister is being resoundingly praised despite the former Darktrace boss spending…
FBI created a cryptocurrency so it could watch it being abused
It worked – alleged pump and dump schemers arrested in UK, US and Portugal this week The FBI created its own cryptocurrency so it could watch suspected fraudsters use it – an idea that worked so well it produced arrests…
Healthcare attacks spread beyond US – just ask India’s Star Health
Acknowledges bulk customer data leak weeks after Telegram channels dangled it online Leading Indian health insurance provider Star Health has admitted to being the victim of a cyber attack after criminals claimed they had posted records of 30-milion-plus clients online.……
Crooks stole personal info of 77k Fidelity Investments customers
But hey, no worries, the firm claims no evidence of data misuse Fidelity Investments has notified 77,099 people that their personal information was stolen in an August data breach. … This article has been indexed from The Register – Security Read…
Fore-get about privacy, golf tech biz leaves 32M data records on the fairway
Researcher spots 110 TB of sensitive info sitting in unprotected database Nearly 32 million records belonging to users of tech from Trackman were left exposed to the internet, sitting in a non-password protected database, for an undetermined amount of time,…
Secure your AI initiatives
Unlock the power of generative AI with AWS Webinar Generative AI (GenAI) has quickly transitioned from an emerging concept to a core driver of innovation across lots of different industries.… This article has been indexed from The Register – Security…
CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame
Usual three-week window to address significant risks to federal agencies applies The US Cybersecurity and Infrastructure Security Agency (CISA) says vulnerabilities in Fortinet and Ivanti products are now being exploited, earning them places in its Known Exploited Vulnerabilities (KEV) catalog.……
Mozilla patches critical Firefox vuln that attackers are already exploiting
Firefixed: It’s maintenance time for low-complexity, high-impact security flaw It’s patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser.… This article has been indexed from The Register – Security…
How to enable secure use of AI
Let the SANS AI Toolkit promote secure and responsible use of AI tools in the workplace Sponsored Post It’s Cybersecurity Awareness Month again this October – a timely reminder for public and private sector organisations to work together and raise…
How should CISOs respond to the rise of GenAI?
Apply comprehensive security with access control, secure coding, infrastructure protection and AI governance Partner Content As generative AI (GenAI) becomes increasingly integrated into the corporate world, it is transforming everyday operations across various industries.… This article has been indexed from…
Dutch cops reveal takedown of ‘world’s largest dark web market’
Two arrested after allegedly trying to make off with their ill-gotten gains The alleged administrators of the infamous Bohemia and Cannabia dark web marketplaces have been arrested after apparently shuttering the sites and trying to flee with their earnings.… This…
Internet Archive leaks user info and succumbs to DDoS
31 million users’ usernames, email addresses and salted-encrypted passwords are out there The Internet Archive had a bad day on the infosec front, after being DDoSed and exposing user data.… This article has been indexed from The Register – Security…
Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware
USB sticks help, but it’s unclear how tools that suck malware from them are delivered A cyberespionage APT crew named GoldenJackal hacked air-gapped PCs belonging to government and diplomatic entities at least twice using two sets of custom malware, according…
Smart TVs are spying on everyone
Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change Smart TVs are watching their viewers and harvesting their data to benefit brokers using the same ad technology that denies…
Marriott settles for a piddly $52M after series of breaches affecting millions
Intruders stayed for free on the network between 2014 and 2020 Marriott has agreed to pay a $52 million penalty and develop a comprehensive infosec program following a series of major data breaches between 2014 and 2020 that affected more…
National Public Data files for bankruptcy, admits ‘hundreds of millions’ potentially affected
One-man-band faces a mountain of lawsuits but has few assets The Florida business behind data brokerage National Public Data has filed for bankruptcy, admitting “hundreds of millions” of people were potentially affected in one of the largest information leaks of…
Microsoft cleans up hot mess of Patch Tuesday preview
Go forth and install your important security fixes Microsoft says that the problems with the Windows 11 Patch Tuesday preview have now been resolved.… This article has been indexed from The Register – Security Read the original article: Microsoft cleans…
Ransomware gang Trinity joins pile of scumbags targeting healthcare
As if hospitals and clinics didn’t have enough to worry about At least one US healthcare provider has been infected by Trinity, an emerging cybercrime gang with eponymous ransomware that uses double extortion and other “sophisticated” tactics that make it…
Microsoft issues 117 patches – some for flaws already under attack
Plus: SAP re-patches a failed patch for critical-rated flaw Patch Tuesday It’s the second Tuesday of the month, which means Patch Tuesday, bringing with it fixes for numerous flaws, bugs and vulnerabilities in major software. And this one is a…
Qualcomm urges device makers to push patches after ‘targeted’ exploitation
Given Amnesty’s involvement, it’s a safe bet spyware is in play Qualcomm has issued 20 patches for its chipsets’ firmware, including one Digital Signal Processor (DSP) software flaw that has been exploited in the wild.… This article has been indexed…
Using iPhone Mirroring at work? You might have just overshared to your boss
What does IT see but a dating app on your wee little screen If you’re using iPhone Mirroring at work: it’s time to stop, lest you give your employer’s IT department the capability to snoop through your dating apps, photos,…
Happy birthday, Putin – you’ve been pwned
Pro-Ukraine hackers claim credit for Russian state broadcasting shutdown Ukrainian hackers shut down Russian state news agency VGTRK’s online broadcasting and streaming services on Monday – president Vladimir Putin’s 72nd birthday – as Kremlin officials vowed to bring those responsible…
Google brings better bricking to Androids, to curtail crims
Improved security features teased in May now appearing around the world Google has apparently started a global rollout of three features in Android designed to make life a lot harder for thieves to profit from purloined phones.… This article has…
American Water rinsed in cyberattack, turns off app
It’s still safe to drink, top provider tells us American Water, which supplies over 14 million people in the US and numerous military bases, has stopped issuing bills and has taken its MyWater app offline while it investigates a cyberattack…
Feds reach for sliver of crypto-cash nicked by North Korea’s notorious Lazarus Group
A couple million will do for a start … but Kim’s crews are suspected of stealing much more The US government is attempting to claw back more than $2.67 million stolen by North Korea’s Lazarus Group, filing two lawsuits to…
American Water stops billing for H2O due to ‘cybersecurity incident’
Water is still safe to drink, it confirms American Water, which supplies over 14 million people in the US and numerous military bases, has stopped issuing bills and has taken its MyWater app offline while it investigates a hacking incident.……
Cops love facial recognition, and withholding info on its use from the courts
Withholding exculpatory evidence from suspects isn’t a great look when the tech is already questionable Police around the United States are routinely using facial recognition technology to help identify suspects, but those departments rarely disclose they’ve done so – even…
Chinese cyberspies reportedly breached Verizon, AT&T, Lumen
Salt Typhoon may have accessed court-ordered wiretaps and US internet traffic Verizon, AT&T, and Lumen Technologies were among the US broadband providers whose networks were reportedly hacked by Chinese cyberspies, possibly compromising the wiretapping systems used for court-ordered surveillance.… This…
Embattled users worn down by privacy options? Let them eat code
Struggle ye not with cookies, lest ye become a cookie monster Opinion The people are defeated. Worn out, deflated, and apathetic about the barrage of banners and pop-ups about cookies and permissions.… This article has been indexed from The Register…
Ryanair faces GDPR turbulence over customer ID checks
Irish data watchdog opens probe after ‘numerous complaints’ Ireland’s Data Protection Commission (DPC) has launched an inquiry into Ryanair’s Customer Verification Process for travelers booking flights through third-party websites or online travel agents (OTA).… This article has been indexed from…
UK’s Sellafield nuke waste processing plant fined £333K for infosec blunders
Radioactive hazards and cyber failings … what could possibly go wrong? The outfit that runs Britain’s Sellafield nuclear waste processing and decommissioning site has been fined £332,500 ($440,000) by the nation’s Office for Nuclear Regulation (ONR) for its shoddy cybersecurity…
About a quarter million Comcast subscribers had their data stolen from debt collector
Cable giant says ransomware involved, FBCS keeps schtum Comcast says data on 237,703 of its customers was in fact stolen in a cyberattack on a debt collector it was using, contrary to previous assurances it was given that it was…
About a quarter million Comcast subscribers had data stolen from debt collector
Cable giant says ransomware involved, FBCS keeps schtum Comcast says data on 237,703 of its customers was in fact stolen in a cyberattack on a debt collector it was using, contrary to previous assurances it was given that it was…
Apple fixes bug that let VoiceOver shout your passwords
Not a great look when the iGiant just launched its first password manager Apple just fixed a duo of security bugs in iOS 18.0.1 and iPadOS 18.0.1, one of which might cause users’ saved passwords to be read aloud. It’s…
Visit CyberThreat 2024 to hone your cybersecurity skills
Get together with the European cybersecurity community at a two-day conference in London this December Sponsored Post This year’s CyberThreat returns to London to provide a place for cybersecurity professionals to share experiences, new tools and techniques to help organisations…
Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds
‘You can build this in a few days – even as a very naïve developer’ A pair of inventive Harvard undergraduates have created what they believe could be one of the most intrusive devices ever built – a wake-up call,…
Big names among thousands infected by payment-card-stealing CosmicSting crooks
Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of stealing shoppers’ payment…
Average North American CISO pay now $565K, mainly thanks to one weird trick
Best way to boost your package is to leave, or pretend to A survey of nearly 700 CISOs in the US and Canada has found their pay has risen over the past year to an average of $565,000 and a…
DOJ, Microsoft seize 107 domains used in Russia’s Star Blizzard phishing attacks
Winter is coming The US Department of Justice and Microsoft have seized 107 websites used by Russian cyberspies in a phishing campaign to steal sensitive information from US government agencies, think tanks, and other victims.… This article has been indexed…
Average North American CISO salary now $565K, mainly thanks to one weird trick
Best way to boost your package is to leave, or pretend to A survey of nearly 700 CISOs in the US and Canada has found that salaries have risen over the last year to an average of $565,000 and a…
Two British-Nigerian men sentenced over multimillion-dollar business email scam
Fraudsters targeted local government, colleges, and construction firms in Texas and North Carolina Two British-Nigerian men were sentenced for serious business email compromise schemes in the US this week, netting them millions of dollars from local government entities, construction companies,…
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant
Crooks ‘like a sysadmin, with a malicious slant’ Exclusive An extortionist armed with a new variant of MedusaLocker ransomware has infected more than 100 organizations a month since at least 2022, according to Cisco Talos, which recently discovered a “substantial”…
Brits hate how big tech handles their data, but can’t be bothered to do much about it
Managing the endless stream of cookie banners leaves little energy for anything else Fewer than one in five Brits report being happy with the way their personal data is handled by big tech companies, yet the furthest many will go…
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking
With 14 serious security flaws found, what a gift for spies and crooks Fourteen bugs in DrayTek routers — including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating — could be abused by…
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing
Poor use of PHP include() strikes again Two trivial but critical security holes have been found in Optigo’s Spectra Aggregation Switch, and so far no patch is available.… This article has been indexed from The Register – Security Read the…
NIST’s security flaw database still backlogged with 17K+ unprocessed bugs. Not great
Logjam ‘hurting infosec processes world over’ one expert tells us as US body blows its own Sept deadline NIST has made some progress clearing its backlog of security vulnerability reports to process – though it’s not quite on target as…
‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln
Attacks began the day after public disclosure “Patch yesterday” is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.… This article has been indexed from The Register – Security Read the…
Protecting private data in AI deployments
Strategies for securing intellectual property in AI systems Webinar As enterprises increasingly incorporate AI, the challenge of protecting private intellectual property (IP) often becomes more difficult.… This article has been indexed from The Register – Security Read the original article:…