Tag: The Register – Security

Italian operator calls for lawmakers to wake up to the critical role played by peering Internet Exchange Points are an underappreciated resource that all internet users rely on, but governments have unfortunately ignored them, despite their status as critical infrastructure.……

Read more →

Infosec issues spill into the real world and regional politics Analysis  Thai and Cambodian tensions relating to issues including cybersecurity concerns boiled over into a kinetic skirmish at the border last week.… This article has been indexed from The Register…

Read more →

Few passengers are told they can opt out, and when they do, airport staff may push back US lawmakers are trying to extend the use of facial recognition at airports, despite many airline passengers objecting to the practice.… This article…

Read more →

IBM report shows a rush to embrace technology without safeguarding it, and as for governance… Organizations rushing to implement AI are neglecting security and governance, IBM claims, with attackers already taking advantage of lax protocols to target models and applications.……

Read more →

The lure? Identity security and privileged access management tools to verify humans and… machines Palo Alto Networks will buy Israeli security biz CyberArk in a $25 billion cash-and-stock deal confirmed today.… This article has been indexed from The Register –…

Read more →

Distie insists global operations restored despite some websites only now coming back online The cybercriminals claiming responsibility for Ingram Micro’s ransomware attack put a deadline on leaking its data nearly a month after the raid.… This article has been indexed…

Read more →

The security nerds’ equivalent of the Epstein files saga The US Cybersecurity and Infrastructure Security Agency on Tuesday finally agreed to make public an unclassified report from 2022 about American telecommunications networks’ poor security practices.… This article has been indexed…

Read more →

New malware, even better social engineering chops The FBI and a host of international cyber and law enforcement agencies on Tuesday warned that Scattered Spider extortionists have changed their tactics and are now breaking into victims’ networks using savvier social…

Read more →

5 V-tolerant GPIO opens the way to some intriguing retro-nerdery The Raspberry Pi team has released an update to the RP2350 microcontroller with bug fixes, hardening, and a GPIO tweak that will delight retro hardware enthusiasts.… This article has been…

Read more →

Troopers to swap radios for Turtle Beaches in preparation for ‘21st century challenges’ The UK’s Ministry of Defence (MoD) is doubling down on its endorsement of esports by tasking the British Esports Federation to establish a new tournament to upskill…

Read more →

Look over there! Amidst its own failure to fix a couple of bugs now under mass exploitation and being abused for espionage, data theft, and ransomware infections, Microsoft said Monday that it spotted a macOS vulnerability some months ago that…

Read more →

Plus, 60% don’t have enough analysts to make sense of it Too many threats, too much data, and too few skilled security analysts are making companies more vulnerable to cyberattacks, according to the IT and security leaders tasked with protecting…

Read more →

No word on who’s behind it, but attack has hallmarks of the usual suspects Financial services biz Allianz says the majority of customers of one of its North American subsidiaries had their data stolen in a cyberattack.… This article has…

Read more →

Russia’s top airline cancels 49 flights, delays affect many more Russia’s largest airline, Aeroflot, canceled numerous flights on Monday morning following what it says was a failure in its IT systems – something hacktivists are claiming responsiblity for.… This article…

Read more →

Plus, leak site for BlackSuit seized, Tea spilt, and avoid crime if you’ve got a famous dad Infosec in brief  A computer intrusion hit the US spy satellite agency, but officials insist no classified secrets were lost – just some…

Read more →

Surveillance-based pricing? Two lawmakers say enough Two Democratic members of Congress, Greg Casar (D-TX) and Rashida Tlaib (D-MI,) have introduced legislation in the US House of Representatives to ban the use of AI surveillance to set prices and wages.… This…

Read more →

MAPP program to blame? A week after Microsoft told the world that its July software updates didn’t fully fix a couple of bugs, which allowed miscreants to take over on-premises SharePoint servers and remotely execute code, researchers have assembled much…

Read more →

AT&T and Verizon refused to hand over the security assessments, says Cantwell US Senator Maria Cantwell (D-WA) has demanded that Google-owned incident response firm Mandiant hand over the Salt Typhoon-related security assessments of AT&T and Verizon that, according to the…

Read more →

Malicious code lurking in over 5,000 downloads, says Socket researcher Developer freelancing platform Toptal has been inadvertently spreading malicious code after attackers broke into its systems and began distributing malware through developer accounts.… This article has been indexed from The…

Read more →

Under oath in French Senate, exec says it would be compelled – however unlikely – to pass local customer info to US admin Microsoft says it “cannot guarantee” data sovereignty to customers in France – and by implication the wider…

Read more →

Policy management not affected, but some personal data may have been snaffled Business insurance and employment status specialist Qdos has confirmed that an intruder has stolen some customers personal data, according to a communication to tech contractors that was seen…

Read more →

Nobody thinks of running a website without HTTPs. Safer DNS still seems optional Systems Approach  Last week I turned on DNSSEC (Domain Name System Security Extensions) for the systemsapproach.org domain. No need to applaud; I was just trying to get…

Read more →

Plus she has to cough up a slice of Pyongyang’s payday An Arizona woman who ran a laptop farm from her home – helping North Korean IT operatives pose as US-based remote workers – has been sentenced to eight and…

Read more →

Good luck getting an appointment with your doctor The AMEOS Group, which runs over 100 hospitals across Europe, has shut down its entire network after crims busted in.… This article has been indexed from The Register – Security Read the…

Read more →

Shadowserver claims miscreants were already poking at a critical hole in early July, long before Switchzilla patched it Threat actors have actively exploited a newly patched vulnerability in Cisco’s Identity Services Engine (ISE) software since early July, weeks before the…

Read more →

Boffins insist your deepfake tracking tech won’t work Computer scientists with the University of Waterloo in Ontario, Canada, say they’ve developed a way to remove watermarks embedded in AI-generated images.… This article has been indexed from The Register – Security…

Read more →

Let the games begin Ransomware has officially entered the Microsoft SharePoint exploitation ring.… This article has been indexed from The Register – Security Read the original article: Microsoft: SharePoint attacks now officially include ransomware infections

Read more →

Some coyotes hunt squirrels, this one hunts users’ financial apps A new variant of the Coyote banking trojan abuses Microsoft’s UI Automation (UIA), making it the first reported malware to use UIA for credential theft.… This article has been indexed…

Read more →

Palantir, data brokers, and judicial overreach are all on the horizon, executive director Cindy Cohn warns Interview  In July 1990, before the World Wide Web even existed, an unusual alliance was formed to fight for the rights of the emerging…

Read more →

Malicious actor reportedly sought to expose AWS ‘security theater’ The official Amazon Q extension for Visual Studio Code (VS Code) was compromised to include a prompt to wipe the user’s home directory and delete all their AWS resources.… This article…

Read more →

French fashion house dishes out notices after hackers raided a client database – ShinyHunters suspected Fashion house Dior has begun dropping data breach notices after cybercrooks with a taste for high-end targets made off with customer data.… This article has…

Read more →

The “is” package was infected with cross-platform malware after a scam targeting maintainers The popular npm package “is” was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with…

Read more →

From scams to violence, the crimes extend beyond the digital realm A subset of an online group that recruits children and teens for contract shootings, kidnappings, and other real-life violent crimes poses a growing threat to youth, according to the…

Read more →

No screenshots for you! In an effort to protect user privacy, Brave browser 1.81 will prevent Microsoft Recall from screenshotting it by default.… This article has been indexed from The Register – Security Read the original article: Nothing to see…

Read more →

US DOE among breached government agencies More than 400 organizations have been compromised in the Microsoft SharePoint attack, according to Eye Security, which initially sounded the alarm on the mass exploitation last Friday, even before Redmond confirmed the critical vulnerabilities.……

Read more →

Despite pledging help for those who don’t sign for subs, Broadcom says validating their entitlements will delay support Exclusive  Some customers of Broadcom’s VMware business currently cannot access security patches, putting them at greater risk of attack.… This article has…

Read more →

All security questions are hard to answer, but these three are non-negotiable Partner content  We’ve all seen those seemingly straightforward security questions that snowball into multi-day research projects across dozens of consoles, spreadsheets, and manual queries. The reality is that…

Read more →

Hand us the mind bleach, we want to flush our memories of attack Clorox is suing its service desk provider, Cognizant, for $380 million in a California state court, alleging the IT support crew “enabled a cybercriminal to gain a…

Read more →

Total Recall: Capturing everything you do on your PC screen to become a ‘true companion’ Microsoft is again throwing AI at Windows 11 to see what sticks, releasing features including the even more eyebrow-raising successor to its controversial Recall, a…

Read more →

Suggests buying local tech to avoid infosec worries China’s Ministry of State Security has spent the week warning of backdoored devices on land and at sea.… This article has been indexed from The Register – Security Read the original article:…

Read more →

CyberSentry work grinds to a halt Government funding for a program that hunts for threats on America’s critical infrastructure networks expired on Sunday, preventing Lawrence Livermore National Laboratory from analyzing activity that could indicate a cyberattack, the program director told Congress…

Read more →

The distro’s greatest asset is arguably also its greatest weakness If you installed the Firefox, LibreWolf, or Zen web browsers from the Arch User Repository (AUR) in the last few days, delete them immediately and install fresh copies.… This article…

Read more →

With more to come, no doubt At least three Chinese groups are attacking on-premises SharePoint servers via a couple of recently disclosed Microsoft bugs, according to Redmond.… This article has been indexed from The Register – Security Read the original…

Read more →

Used stolen info to pitch for Chinese tech talent program A Silicon Valley engineer has pleaded guilty to stealing thousands of trade secrets worth hundreds of millions of dollars, including crucial military technology.… This article has been indexed from The…

Read more →

Wi-Fi spy with my little eye that same guy I saw at another hotspot Researchers in Italy have developed a way to create a biometric identifier for people based on the way the human body interferes with Wi-Fi signal propagation.……

Read more →

Admins urged to rotate machine keys, restart IIS after emergency fix Microsoft has good news for administrators running SharePoint Server 2016. The cloud and software megacorp has published updates to close a gaping hole in the document management service.… This…

Read more →

‘We’re going to smash the business model’ NHS, local council and schools told by politicos UK government is proposing to “ban” public sector organizations and critical national infrastructure from paying criminal operators behind ransomware attacks, under new measures outlined today.……

Read more →

The modern art form that redeemed a Windows utility has lessons for all Opinion  The speedrun is one of the internet’s genuinely new artforms. At its best, it’s akin to a virtuoso piano recital. Less emotional depth, more adrenalin. Watching…

Read more →

No customer, partner info stolen, spokesperson tells The Reg Dell has confirmed that criminals broke into its IT environment and stole some of its data — but told The Register that it’s “primarily synthetic (fake) data.”… This article has been indexed…

Read more →

Move along, nothing to see here comment  Here we go again. Another major Microsoft attack, with this one seeing someone — most likely government-backed hackers — exploiting a zero-day bug in SharePoint Server that Redmond failed to fix.… This article…

Read more →

Persians added snooping capabilities to DCHSpy after Israeli bombs fell Four new samples of Android spyware linked to the Iranian Ministry of Intelligence and Security (MOIS) that collects WhatsApp data, records audio and video, and hunts for files by name,…

Read more →

Now flying again, but not saying what went wrong UPDATED  US carrier Alaska Airlines has grounded its fleet due to an unspecified IT issue.… This article has been indexed from The Register – Security Read the original article: Alaska Airlines…

Read more →

Dare we suggest Scattered Spider has poisoned another carrier? US carrier Alaska Airlines has grounded its fleet due to an unspecified IT issue.… This article has been indexed from The Register – Security Read the original article: Alaska Airlines grounds…

Read more →

PLUS: Perplexity AI scores 360-million-customer win in India; Australian billionaire’s political party suffers data breach, won’t contact victims; and more Asia In Brief  Japan’s National Astronomical Observatory last week announced the discovery of a small body with an orbit beyond…

Read more →

PLUS: China upgrades smartphone surveillance tools; Ring eases anti-snooping stance; and more Infosec In Brief  Microsoft has warned users of SharePoint Server that three on-prem versions of the product include a zero-day flaw that is under attack – and that…

Read more →

Fancy Bear can’t keep its claws out of Outlook inboxes The UK government is warning that Russia’s APT28 (also known as Fancy Bear or Forest Blizzard) has been deploying previously unknown malware to harvest Microsoft email credentials and steal access…

Read more →

Keep It Simple, Stupid Interview  Scattered Spider and Iranian government-backed cyber units have more in common than a recent uptick in hacking activity, according to Ariel Parnes, a former colonel in the Israeli Defense Forces’ cyber unit 8200.… This article…

Read more →

WeTransfer added the magic words “machine learning” to its ToS and users reacted predictably Analysis  WeTransfer this week denied claims it uses files uploaded to its ubiquitous cloud storage service to train AI, and rolled back changes it had introduced…

Read more →

Ads giant complains of damage to its reputation and finances … and crime, too Google has filed a lawsuit against 25 unnamed individuals in China it accuses of breaking into more than 10 million devices worldwide and using them to…

Read more →

Three perfect 10s in the last month – ISE, ISE, baby Cisco has issued a patch for a critical 10 out of 10 severity bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow…

Read more →

Computer scientist Peter Gutmann tells The Reg why it’s ‘bollocks’ The US National Institute for Standards and Technology (NIST) has been pushing for the development of post-quantum cryptographic algorithms since 2016.… This article has been indexed from The Register –…

Read more →

Two Russian suspects in cuffs, seven warrants out International cops shut down more than 100 servers belonging to the pro-Russian NoName057(16) network this week as part of the Europol-led Operation Eastwood.… This article has been indexed from The Register –…

Read more →

‘Deeply penetrated’ Gaskar ‘to the very tonsils of demilitarization’ Ukrainian hackers claim to have taken out the IT infrastructure at Russia’s Gaskar Integration plant, one of the largest suppliers of drones for its army, and also destroyed massive amounts of…

Read more →

It looks like enough of you are struggling to migrate that Redmond is willing to help out – for a price that might buy nothing Microsoft has extended its security update programs for Exchange Server 2016 and 2019, and Skype…

Read more →

Someone’s OVERSTEPing the mark Unknown miscreants are exploiting fully patched, end-of-life SonicWall VPNs to deploy a previously unknown backdoor and rootkit, likely for data theft and extortion, according to Google’s Threat Intelligence Group.… This article has been indexed from The…

Read more →

Supermarket announces white hat education scheme as four suspects released on bail Co-op Group’s chief executive officer has confirmed that all 6.5 million of the organization’s members had their data stolen during its April cyberattack – Scattered Spider is believed…

Read more →

Attack enters day 11 and still no public disclosure of what insider claims to be ‘deep breach’ of Active Directory Exclusive  Aviation insiders say Serbia’s national airline, Air Serbia, was forced to delay issuing payslips to staff as a result…

Read more →

Former staffers of struggling UK biz say they don’t expect to be paid for July UK cybersecurity shop Adarma has confirmed it has entered administration.… This article has been indexed from The Register – Security Read the original article: Security…

Read more →

Maintainers struggle to handle growing flow of low-quality bug reports written by bots Daniel Stenberg, founder and lead developer of the open-source curl command line utility, just wants the AI slop to stop.… This article has been indexed from The…

Read more →

File this one under what not to search if you’ve committed a crime A former US Army soldier, who reportedly hacked AT&T, bragged about accessing President Donald Trump’s call logs, and then Googled “can hacking be treason,” and “US military…

Read more →

Stealth jets can’t fight, can’t fly much, and can’t shoot UK missiles, says NAO The F-35 stealth fighter is not meeting its potential in British service because of availability issues, a shortage of support personnel, and delays in integrating key…

Read more →

Anyone investigated Grok? Just sayin’… Someone hacked Elmo’s X account on Sunday, making it appear as if the lovable Sesame Street monster with the habit of referring to themselves in the third-person spewed a series of now-removed antisemitic, racist, and…

Read more →

Rowhammer returns for more memory-meddling fun The Rowhammer attack on computer memory is back, and for the first time, it’s able to mess with bits in Nvidia GPUs, despite defenses designed to protect against this kind of hacking.… This article…

Read more →

Neil Smith has been trying to get the railroad industry to listen since 2012, but it took a CISA warning to get there When independent security researcher Neil Smith reported a vulnerability in a comms standard used by trains to…

Read more →

Cross-Channel pact aims to bolster navigation and timing tech as satellite signals face growing jamming threats Britain and France are to work more closely on technology to back up the familiar Global Positioning System (GPS), which is increasingly subject to…

Read more →

Report on serious organized crime fails to account for differences, agency says The UK’s National Crime Agency (NCA) has hit back at a think tank after it assessed its US counterpart, the FBI, to be nearly three times more effective.……

Read more →

Despite loathing the USA, Iran wants providers who match NIST’s definition of cloud computing The Information Technology Organization of Iran (ITOI), the government body that develops and implements IT services for the country, is looking for suppliers of cloud computing.……

Read more →

PLUS: Bluetooth mess leaves cars exposed; Bitcoin ATMs attacked; Deepfakers imitate US secretary of state Marco Rubio; and more Infosec In Brief  Nvidia last week advised customers to ensure they employ mitigations against Rowhammer attacks, after researchers found one of…

Read more →

Thick resumes with thin LinkedIn connections are one sign. Refusing an in-person interview is another By now, the North Korean fake IT worker problem is so ubiquitous that if you think you don’t have any phony resumes or imposters in…

Read more →

Intruders looked up how to use curl mid-attack – rookie errors kept damage minimal Huntress security researchers observed exploitation of the CVSS 10.0 remote code execution (RCE) flaw in Wing FTP Server on July 1, just one day after its…

Read more →

Last summer’s riots show how some content can be harmful but not illegal The Online Safety Act fails to tackle online misinformation, leaving the UK in need of further regulation to curb the viral spread of false content, a report…

Read more →

First came the dodgy lawyer, then the explosively angry HR person, leaving a whistleblower techie to save his career On Call  Welcome once again to On Call, The Register‘s Friday column that shares your stories of tech support terror and…

Read more →

Alleges Singaporean infosec outfit sent feeble legal demands to hosting company, which caved Anti-censorship organization GreatFire.org has accused Singapore infosec outfit Group-IB of helping Chinese web giant Tencent to quell its activities.… This article has been indexed from The Register…

Read more →

Oh my sweet secret informant lover, what happened in that NATO meeting today? A lovestruck US Air Force employee has pleaded guilty to conspiring to transmit confidential national defense information after sharing military secrets information about the Russia-Ukraine war with…

Read more →

Add CISA to the list The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitation and abused to hijack user…

Read more →

‘Whether those files were allowed to go to Russia? I didn’t ask’ A former ASML and NXP semiconductor engineer will spend three years in a Dutch prison after stealing secret chip technology from his employers and sharing it with Russia.……

Read more →

Politicians uneasy over potential impact on national security, local reports say Russia, home to some of the world’s most lucrative and damaging cybercrime operations, has rejected a bill to legalize ethical hacking.… This article has been indexed from The Register…

Read more →

Crimefighting agency cagey on details, probes into intrusions at M&S, Harrods, and Co-op continue The UK’s National Crime Agency (NCA) arrested four individuals suspected of being involved with the big three cyberattacks on UK retail businesses in recent weeks.… This…

Read more →

Processing and storage for Gemini 2.5 Flash to stay in Blighty Google Cloud is attempting to ease concerns about where AI data is stored by offering organizations the option to keep Gemini 2.5 Flash machine learning processing entirely within the…

Read more →

A simple interface and new roles-based capabilities make this venerable password manager an attractive proposition Sponsored feature  Passwords are necessary for businesses, but look away for a minute and they quickly get out of control. If your users do things…

Read more →

Boffins outsmart smart contracts with evil automation Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one.… This article has been indexed from The Register – Security…

Read more →

Boffins outsmart smart contracts with evil automation Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one.… This article has been indexed from The Register – Security…

Read more →

No, really, those are the magic words A clever AI bug hunter found a way to trick ChatGPT into disclosing Windows product keys, including at least one owned by Wells Fargo bank, by inviting the AI model to play a…

Read more →

Turns out outsourcing coders to bankroll Kim’s nukes doesn’t jibe with Uncle Sam The US Treasury has imposed sanctions on 38-year-old Song Kum Hyok, a North Korean accused of attempting to hack the Treasury Department and posing as an IT…

Read more →

Low-severity bugs but infosec pros claim they are a ‘critical’ overall threat – patch accordingly AMD is warning users of a newly discovered form of side-channel attack affecting a broad range of its chips that could lead to information disclosure.……

Read more →

A little skill in business communication can help get the board on board Partner content  Cybersecurity executives and their teams are under constant pressure and scrutiny. As the barrier to entry for attackers gets lower, organizations need to improve their…

Read more →

Plus: Confirms less serious data points like meal preferences also leaked Qantas says that when cybercrooks attacked a “third party platform” used by the airline’s contact center systems, they accessed the personal information and frequent flyer numbers of the “majority”…

Read more →

Activists argue the resources spent on tech aren’t leading to worthwhile numbers Privacy activists are unimpressed with London’s Metropolitan Police and its use of live facial recognition (LFR) to catch criminals, saying it is not effective use of taxpayer money…

Read more →

Customers say things are still far from perfect as lengthy support queues hamper business dealings Ingram Micro says it is gradually reactivating customer’s ordering capabilities across the world, region by region, now its ransomware attack is thought to be “contained”.……

Read more →

Tells would-be affiliates they don’t need to worry because cyberattacks don’t violate a cease fire An Iranian ransomware-as-a-service operation with ties to a government-backed cyber crew has reemerged after a nearly five-year hiatus, and is offering would-be cybercriminals cash to…

Read more →