Best way to boost your package is to leave, or pretend to A survey of nearly 700 CISOs in the US and Canada has found that salaries have risen over the last year to an average of $565,000 and a…
Tag: The Register – Security
Two British-Nigerian men sentenced over multimillion-dollar business email scam
Fraudsters targeted local government, colleges, and construction firms in Texas and North Carolina Two British-Nigerian men were sentenced for serious business email compromise schemes in the US this week, netting them millions of dollars from local government entities, construction companies,…
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant
Crooks ‘like a sysadmin, with a malicious slant’ Exclusive An extortionist armed with a new variant of MedusaLocker ransomware has infected more than 100 organizations a month since at least 2022, according to Cisco Talos, which recently discovered a “substantial”…
Brits hate how big tech handles their data, but can’t be bothered to do much about it
Managing the endless stream of cookie banners leaves little energy for anything else Fewer than one in five Brits report being happy with the way their personal data is handled by big tech companies, yet the furthest many will go…
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking
With 14 serious security flaws found, what a gift for spies and crooks Fourteen bugs in DrayTek routers — including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating — could be abused by…
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing
Poor use of PHP include() strikes again Two trivial but critical security holes have been found in Optigo’s Spectra Aggregation Switch, and so far no patch is available.… This article has been indexed from The Register – Security Read the…
NIST’s security flaw database still backlogged with 17K+ unprocessed bugs. Not great
Logjam ‘hurting infosec processes world over’ one expert tells us as US body blows its own Sept deadline NIST has made some progress clearing its backlog of security vulnerability reports to process – though it’s not quite on target as…
‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln
Attacks began the day after public disclosure “Patch yesterday” is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.… This article has been indexed from The Register – Security Read the…
Protecting private data in AI deployments
Strategies for securing intellectual property in AI systems Webinar As enterprises increasingly incorporate AI, the challenge of protecting private intellectual property (IP) often becomes more difficult.… This article has been indexed from The Register – Security Read the original article:…
The fix for BGP’s weaknesses has big, scary, issues of its own, boffins find
Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works The Resource Public Key Infrastructure (RPKI) protocol has “software vulnerabilities, inconsistent specifications, and operational challenges” according to…
Euro cops arrest 4 including suspected LockBit dev chilling on holiday
And also: What looks like proof that stolen data was never deleted even after ransom was paid Building on the success of what’s known around here as LockBit Leak Week in February, the authorities say they’ve arrested a further four…
Evil Corp’s deep ties with Russia and NATO member attacks exposed
Ransomware criminals believed to have taken orders from intel services The relationship between infamous cybercrime outfit Evil Corp and the Russian state is thought to be extraordinarily close, so close that intelligence officials allegedly ordered the criminals to carry out…
NCA unmasks man it suspects is both ‘Evil Corp kingpin’ and LockBit affiliate
Aleksandr Ryzhenkov alleged to have extorted around $100M from victims, built 60 LockBit attacks The latest installment of the National Crime Agency’s (NCA) series of ransomware revelations from February’s LockBit Leak Week emerges today as the agency identifies a man…
T-Mobile US to cough up $31.5M after that long string of security SNAFUs
At least seven intrusions in five years? Yeah, those promises of improvement more than ‘long overdue’ T-Mobile US has agreed to fork out $31.5 million to improve its cybersecurity and pay a fine after a string of network intrusions affected…
Ransomware forces hospital to turn away ambulances
Only level-one trauma unit in 400 miles crippled Ransomware scumbags have caused a vital hospital to turn away ambulances after infecting its computer systems with malware.… This article has been indexed from The Register – Security Read the original article:…
Rackspace monitoring systems hit by zero-day
Intruders accessed internal web servers via ScienceLogic hole, ‘limited’ info taken, customers told not to worry Exclusive Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into…
Australian e-tailer digiDirect customers’ info allegedly stolen and dumped online
Full names, contact details, and company info – all the fixings for a phishing holiday Data allegedly belonging to more than 304,000 customers of Australian camera and tech e-tailer digiDirect has been leaked to an online cyber crime forum.… This…
If you’re holding important data, Iran is probably trying spearphish it
It’s election year for more than 50 countries and the Islamic Republic threatens a bunch of them US and UK national security agencies are jointly warning about Iranian spearphishing campaigns, which remain an ongoing threat to various industries and governments.……
Remote ID verification tech is often biased, bungling, and no good on its own
Only 2 out of 5 tested products were equitable across demographics A study by the US General Services Administration (GSA) has revealed that five remote identity verification (RiDV) technologies are unreliable, inconsistent, and marred by bias across different demographic groups.……
Cloud threats have execs the most freaked out because they’re not prepared
Ransomware? More like ‘we don’t care’ for everyone but CISOs Efficiency and scalability are key benefits of enterprise cloud computing, but they come at a cost. Security threats specific to cloud environments are the leading cause of concern among top…
AI code helpers just can’t stop inventing package names
LLMs are helpful, but don’t use them for anything important AI models just can’t seem to stop making things up. As two recent studies point out, that proclivity underscores prior warnings not to rely on AI advice for anything that…
Forget the Kia Boyz: Hackers could hijack your car with just a smartphone
PLUS: UK man charged with hacking US firms for stock secrets; ransomware actor foils self; and more Infosec In Brief Put away that screwdriver and USB charging cable – the latest way to steal a Kia just requires a cellphone…
Binance claims it helped to bust Chinese crypto scam app in India
Plus: SpaceX plans Vietnam investment; Yahoo! Japan content moderation secrets; LG offloads Chinese display factory; and more ASIA IN BRIEF It’s not often The Register writes about a cryptocurrency outfit being on the right side of a scam or crime,…
Red team hacker on how she ‘breaks into buildings and pretends to be the bad guy’
Alethe Denis exposes tricks that made you fall for that return-to-office survey Interview A hacker walked into a “very big city” building on a Wednesday morning with no keys to any doors or elevators, determined to steal sensitive data by…
Feds charge 3 Iranians with ‘hack-and-leak’ of Trump 2024 campaign
Snoops allegedly camped out in inboxes well into September The US Department of Justice has charged three Iranians for their involvement in a “wide-ranging hacking campaign” during which they allegedly stole massive amounts of materials from Donald Trump’s 2024 presidential…
Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable
AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more Microsoft has revised the Recall feature for its Copilot+ PCs and insists that the self-surveillance system is secure.… This article has been indexed from The Register – Security Read…
Recall that Recall recall? Now Microsoft thinks it can make Windows feature palatable
AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more Microsoft has revised the Recall feature for its Copilot+ PCs and insists that the self-surveillance system is secure.… This article has been indexed from The Register – Security Read…
Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud
Defenders beware: Data theft, extortion, and backdoors on Storm-0501’s agenda Microsoft’s latest threat intelligence blog issues a warning to all organizations about Storm-0501’s recent shift in tactics, targeting, and backdooring hybrid cloud environments.… This article has been indexed from The…
Patch now: Critical Nvidia bug allows container escape, complete host takeover
33% of cloud environments using the toolkit impacted, we’re told A critical bug in Nvidia’s widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host.… This…
HPE patches three critical security holes in Aruba PAPI
More 9.8 bugs? Ay, papi! Aruba access points running AOS-8 and AOS-10 need to be patched urgently after HPE emitted fixes for three critical flaws in its networking subsidiary’s networking access points.… This article has been indexed from The Register…
HPE patches three critical flaws in Aruba proprietary access protocol Interface
More 9.8 bugs? Ai PAPI! Aruba access points running AOS-8 and AOS-10 need to be patched urgently after HPE issued emergency fixes for three critical flaws in its networking subsidiary’s networking access points.… This article has been indexed from The…
Doomsday ‘9.9 RCE bug’ might hit every Linux system
No fix yet plus criticalness plus uncertainty plus talk of example exploit equals nightmare Details about an as-yet-non-public critical 9.9-out-of-10-severity unauthenticated remote-code execution vulnerability affecting all GNU/Linux systems could be revealed today.… This article has been indexed from The Register –…
Doomsday ‘9.9 RCE bug’ could hit every Linux system
No fix yet plus criticalness plus uncertainty plus talk of example exploit equals nightmare Details about an as-yet-non-public critical 9.9-out-of-10-severity unauthenticated remote-code execution vulnerability affecting all GNU/Linux systems could be revealed today.… This article has been indexed from The Register –…
Securing intellectual property in AI-powered enterprises
Protect your enterprise data while leveraging AI models Webinar As organizations adopt AI technologies, safeguarding private intellectual property (IP) has become more challenging.… This article has been indexed from The Register – Security Read the original article: Securing intellectual property…
Victims lose $70k to one single wallet-draining app on Google’s Play Store
Attacker got 10k people to download ‘trusted’ web3 brand cheat before Mountain view intervened The latest in a long line of cryptocurrency wallet-draining attacks has stolen $70,000 from people who downloaded a dodgy app in a single campaign researchers describe…
Public Wi-Fi operator investigating cyberattack at UK’s busiest train stations
See it, say it… not sorted just yet as network access remains offline A cybersecurity incident is being probed at Network Rail, the UK non-departmental public body responsible for repairing and developing train infrastructure, after unsavory messaging was displayed to…
UK government’s bank data sharing plan slammed as ‘financial snoopers’ charter’
Access to account info needed to tackle benefit fraud, latest bill claims Privacy campaigners are criticizing UK proposals to force banks to share data from the accounts of government benefit claimants, saying the ploy amounts to “a financial snoopers’ charter…
WordPress.org denies service to WP Engine, potentially putting sites at risk
That escalated quickly WordPress on Wednesday escalated its conflict with WP Engine, a hosting provider, by blocking the latter’s servers from accessing WordPress.org resources – and therefore from potentially vital software updates.… This article has been indexed from The Register…
China’s Salt Typhoon cyber spies are deep inside US ISPs
Expecting a longer storm season this year? Another Beijing-linked cyberspy crew, this one dubbed Salt Typhoon, has reportedly been spotted on networks belonging to US internet service providers in stealthy data-stealing missions and potential preparation for future cyberattacks.… This article…
China claims Taiwan, not civilians, behind web vandalism
Taipei laughs it off – and so does Beijing, which says political slurs hit sites nobody reads anyway Taiwan has dismissed Chinese allegations that its military sponsored a recent wave of anti-Beijing cyber attacks.… This article has been indexed from…
RansomHub genius tries to put the squeeze on Delaware Libraries
Extorting underfunded public services for $1M isn’t a good look Despite being top of the ransomware tree at the moment, RansomHub – specifically, one of its affiliates – clearly isn’t that bright as they are reportedly trying to extort Delaware…
CrowdStrike apologizes to Congress for ‘perfect storm’ that caused global IT outage
Argues worse could happen if it loses kernel access CrowdStrike is “deeply sorry” for the “perfect storm of issues” that saw its faulty software update crash millions of Windows machines, leading to the grounding of thousands of planes, passengers stranded…
China claims Taiwan, not civilian hackers, behind website vandalism
Taiwan laughs it off – and so does Beijing, which says political slurs hit sites nobody reads anyway Taiwan has dismissed Chinese allegations that its military sponsored a recent wave of anti-Beijing cyber attacks.… This article has been indexed from…
Who’s watching you the closest online? Google, duh
Four Chocolate Factory trackers cracked the Top 25 in all regions Google, once again, is the “undisputed leader” when it comes to monitoring people’s behavior on the internet, according to Kaspersky’s annual web tracking report.… This article has been indexed…
Russia’s digital warfare on Ukraine shows no signs of slowing: Malware hits surge
Severe incidents may be down, but Putin had to throw one in for good measure Russia’s use of malware to support its military efforts in Ukraine is showing no signs of waning while its tactics continually evolve to bypass protections.……
10 nasty software bugs put thousands of fuel storage tanks at risk of cyberattacks
Thousands of devices remain vulnerable, US most exposed to the threat Tens of thousands of fuel storage tanks in critical infrastructure facilities remain vulnerable to zero-day attacks due to buggy Automatic Tank Gauge systems from multiple vendors, say infosec researchers. ……
10 nasty bugs put thousands of fuel storage tanks at risk of attacks
Thousands of devices remain vulnerable and the US is most exposed to the threat Tens of thousands of fuel storage tanks in critical infrastructure facilities remain vulnerable to zero-day attacks due to buggy Automatic Tank Gauge systems from multiple vendors,…
How to spot a North Korean agent before they get comfy inside payroll
Mandiant publishes cheat sheet for weeding out fraudulent IT staff Against a backdrop of rising exposure to North Korean agents seeking (mainly) US IT roles, organizations now have a cheat sheet to help spot potential operatives.… This article has been…
A data leak and a data breach
How to protect personal data Partner Content For people who haven’t personally experienced them, terms like data leak or data breach may seem unfamiliar and foreign – much like visiting a new destination abroad.… This article has been indexed from…
Some US Kaspersky customers find their security software replaced by ‘UltraAV’
Back story to replacement for banned security app isn’t enormously reassuring Some US-based users of Kaspersky antivirus products have found their software replaced by product from by a low-profile entity named “UltraAV” – a change they didn’t ask for, and…
Telegram will now hand over IP addresses, phone numbers of suspects to cops
Maybe a spell in a French cell changed Durov’s mind In a volte-face, Telegram CEO Pavel Durov announced that the made-in-Russia messaging platform will become a lot less cozy for criminals.… This article has been indexed from The Register –…
Necro malware continues to haunt side-loaders of dodgy Android mods
11M devices exposed to trojan, Kaspersky says The Necro trojan is once again making a move against Android users, with up to eleven million individuals thought to be exposed to infected apps.… This article has been indexed from The Register…
‘Cybersecurity issue’ takes MoneyGram offline for three days – and counting
Still no ‘R’ word, but smells like ransomware from here A “cybersecurity issue” has shut down MoneyGram’s systems and payment services since Friday, and the fintech leader has yet to update customers as to when it expects to have its…
US proposes ban on Chinese, Russian connected car tech over security fears
No room for your spy mobiles on our streets The US Commerce Department has decided not to wait for the inevitable, and today announced plans that would ban connected vehicle technology – and vehicles using it – from Chinese and…
So how’s Microsoft’s Secure Future Initiative going?
34,000 engineers pledged to the cause, but no word on exec pay Microsoft took a victory lap today, touting the 34,000 full-time engineers it has dedicated to its Secure Future Initiative (SFI) since it launched almost a year ago and…
UPS supplier’s password policy flip-flops from unlimited, to 32, then 64 characters
That ‘third party’ person sure is responsible for a lot of IT blunders, eh? A major IT hardware manufacturer is correcting a recent security update after customers complained of a password character limit being introduced when there previously wasn’t one.……
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town
No malware crew linked to this latest red-teaming tool yet Attackers are using Splinter, a new post-exploitation tool, to wreak havoc in victims’ IT environments after initial infiltration, utilizing capabilities such as executing Windows commands, stealing files, collecting cloud service…
Apple’s latest macOS release is breaking security software, network connections
PLUS: Payer of $75M ransom reportedly identified; Craigslist founder becomes security philanthropist, and more Infosec In Brief Something’s wrong with macOS Sequoia, and it’s breaking security software installed on some updated Apple systems.… This article has been indexed from The…
US indicts two over socially engineered $230M+ crypto heist
Just one victim milked of nearly a quarter of a billion bucks Two individuals are in cuffs and facing serious charges in connection to a major theft of cryptocurrency worth more than $230 million from a single victim.… This article…
Ivanti patches exploited admin command execution flaw
Fears over chained attacks affecting EOL product The US Cybersecurity and Infrastructure Security Agency (CISA) just added the latest Ivanti weakness to its Known Exploited Vulnerability (KEV) catalog, a situation sure to annoy some – given that it’s yet another…
Cybercrooks strut away with haute couture Harvey Nichols data
Nothing high-end about the sparsely detailed, poorly publicized breach High-end British department store Harvey Nichols is writing to customers to confirm some of their data was exposed in a recent cyberattack.… This article has been indexed from The Register –…
CISA boss: Makers of insecure software are the real cyber villains
Write better code, urges Jen Easterly. And while you’re at it, give crime gangs horrible names like ‘Evil Ferret’ Software developers who ship buggy, insecure code are the real villains in the cyber crime story, Jen Easterly, boss of the…
Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims
Boasts ‘appear to be credible’ experts tell El Reg A California city, a Spanish fashion giant, an Indian paper manufacturer, and two pharmaceutical companies are the alleged victims of what looks like a new ransomware gang that started leaking stolen…
Valencia Ransomware crew explodes on the scene, claims California city, fashion giant, more as victims
Boasts ‘appear to be credible’ experts tell El Reg A California city, a Spanish fashion giant, an Indian paper manufacturer, and two pharmaceutical companies are the alleged victims of what looks like a new ransomware gang that started leaking stolen…
No way? Big Tech’s ‘lucrative surveillance’ of everyone is terrible for privacy, freedom
Says Lina Khan in latest push to rein in Meta, Google, Amazon and pals Buried beneath the endless feeds and attention-grabbing videos of the modern internet is a network of data harvesting and sale that’s perhaps far more vast than…
Iran’s cyber-goons emailed stolen Trump info to Team Biden – which ignored them
To be fair, Joe was probably taking a nap The Iranian cyber snoops who stole files from the Trump campaign, with the intention of leaking those documents, tried to slip the data to the Biden camp — but were apparently…
1 in 10 orgs dumping their security vendors after CrowdStrike outage
Many left reeling from July’s IT meltdown, but not to worry, it was all unavoidable Germany’s Federal Office for Information Security (BSI) says one in ten organizations in the country affected by CrowdStrike’s outage in July are dropping their current…
Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations
Better check your widgets, people Security researchers say that thousands of companies are potentially leaking secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations.… This article has been indexed from The Register – Security Read the original article:…
UK activists targeted with Pegasus spyware ask police to charge NSO Group
4 file complaint with London’s Met, alleging malware maker helped autocratic states violate their privacy Four UK-based proponents of human rights and critics of Middle Eastern states today filed a report with London’s Metropolitan Police they hope will lead to…
Tor insists its network is safe after German cops convict CSAM dark-web admin
Outdated software blamed for cracks in the armor The Tor project has insisted its privacy-preserving powers remain potent, countering German reports that user anonymity on its network can be and has been compromised by police.… This article has been indexed…
Deja blues… LockBit boasts once again of ransoming IRS-authorized eFile.com
Add ‘ransomware’ to the list of certainties in life? Notorious ransomware gang LockBit claims once again to have compromised eFile.com, which offers online services for electronically filing tax returns with the US Internal Revenue Service (IRS).… This article has been…
FBI boss says China ‘burned down’ 260,000-device botnet when confronted by Feds
Plus: Wray tells how bureau helps certain victims negotiate with ransomware crooks China-backed spies are said to have tore down their own 260,000-device botnet after the FBI and its international pals went after them.… This article has been indexed from…
Putin really wants Trump back in the White House
US govt, Microsoft report on Kremlin trolls’ latest antics to Make America Grate Again Russia really wants Donald Trump to be the next US President, judging by reports from American government agencies and now Microsoft’s threat intelligence team.… This article…
LockBit boasts of ransoming IRS-authorized eFile.com
Add ‘ransomware’ to the list of certainties in life? Notorious ransomware gang LockBit claims to have compromised eFile.com, which offers online services for electronically filing tax returns with the US Internal Revenue Service (IRS).… This article has been indexed from…
Lebanon now hit with deadly walkie-talkie blasts as Israel declares ‘new phase’ of war
Second wave of exploding gear kills at least 14 today First it was pagers, now Lebanon is being rocked by Hezbollah’s walkie-talkies detonating across the country, leaving at least a dozen dead.… This article has been indexed from The Register…
Chinese spies spent months inside aerospace engineering firm’s network via legacy IT
Getting sloppy, Xi Exclusive Chinese state-sponsored spies have been spotted inside a global engineering firm’s network, having gained initial entry using an admin portal’s default credentials on an IBM AIX server.… This article has been indexed from The Register –…
Cops across the world arrest 51 in orchestrated takedown of Ghost crime platform
Italian mafia mobsters and Irish crime families scuppered by international cops Hours after confirming they had pwned the supposedly uncrackable encrypted messaging platform used for all manner of organized crime, Ghost, cops have now named the suspect they cuffed last…
Despite Russia warnings, Western critical infrastructure remains unprepared
‘Lives will be lost’ as Moscow ramps up offensive cyber military units Feature As Russian special forces push more overtly into online operations, network defenders should be on the hunt for digital intruders looking to carry out cyberattacks that end…
Australian Police conducted supply chain attack on criminal collaborationware
Sting led to cuffing of alleged operator behind Ghost – an app for drug trafficking, money laundering, and violence-as-a-service Australia’s Federal Police (AFP) yesterday arrested and charged a man with creating and administering an app named Ghost that was allegedly…
WhatsApp fix to make View Once chats actually disappear is beaten in less than a week
View Forever, more like it, as Meta’s privacy feature again revealed to be futile with a little light hacking A fix deployed by Meta to stop people repeatedly viewing WhatsApp’s so-called View Once messages – photos, videos, and voice recordings…
VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation
Bug reports made in China Broadcom has emitted a pair of patches for vulnerabilities in VMware vCenter Server that a miscreant with network access to the software could exploit to completely commandeer a system. This also affects Cloud Foundation.… This…
VMware patches over remote make-me-root holes in vCenter Server, Cloud Foundation
Bug reports made in China Broadcom has emitted a pair of patches for vulnerabilities in VMware vCenter Server that a miscreant with network access to the software could exploit to completely commandeer a system. This also affects Cloud Foundation.… This…
Lebanon: At least nine dead, thousands hurt after Hezbollah pagers explode
Eight-year-old among those slain, Israel blamed, Iran’s Lebanese ambassador wounded, it’s said Lebanon says at least nine people, including an eight-year-old girl, were killed today after pagers used by Hezbollah members exploded across the country. Israel has been blamed.… This…
Google Cloud Document AI flaw (still) allows data theft despite bounty payout
Chocolate Factory downgrades risk, citing the need for attacker access Overly permissive settings in Google Cloud’s Document AI service could be abused by data thieves to break into Cloud Storage buckets and steal sensitive information.… This article has been indexed…
At least nine dead, thousands hurt in Lebanon after Hezbollah pagers explode
Eight-year-old among those slain, Israel blamed, Iran’s Lebanese ambassador wounded, it’s reported Lebanon says at least nine people, including an eight-year-old girl, were killed today after pagers used by Hezbollah members exploded across the country. Israel has been blamed.… This…
Hezbollah claims dozens dead as its pagers go boom, not beep
Iran’s Lebanese ambassador reportedly among the injured Terrorist group Hezbollah is claiming that eight people have died and dozens are injured after pagers used by its troops exploded.… This article has been indexed from The Register – Security Read the…
Rhysida ransomware gang ships off Port of Seattle data for $6M
Auction acts as payback after authority publicly refuses to pay up The trend of ransomware crews claiming to sell stolen data privately instead of leaking it online continues with Rhysida marketing the data allegedly belonging to Port of Seattle for…
Secure your organization
Ransomware resilience in a multi-cloud world: attend this exclusive event in Boston, MA Sponsored Event Join us on October 24 in Boston for an exclusive event designed for IT professionals and industry leaders dedicated to mastering cybersecurity in multi-cloud environments.……
Predator spyware kingpins added to US sanctions list
Designations come as new infrastructure spins up in Africa Five individuals and one company with ties to spyware developer Intellexa are the latest to earn sanctions as the US expands efforts to stamp out spyware.… This article has been indexed…
China claims Starlink signals can reveal stealth aircraft – and what that really means
If this really was that useful, they wouldn’t be telling us According to a Chinese state-sanctioned study, signals from SpaceX Starlink broadband internet satellites could be used to track US stealth fighters, such as the F-22.… This article has been…
Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day
The C in these CVEs stands for Confusing Analysis Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched.… This article has…
Chinese national accused by Feds of spear-phishing for NASA, military source code
May have reeled in blueprints related to weapons development A Chinese national has been accused of conducting a years-long spear-phishing campaign that aimed to steal source code from the US Army and NASA, plus other highly sensitive software used in…
The empire of C++ strikes back with Safe C++ blueprint
You pipsqueaks want memory safety? We’ll show you memory safety! We’ll borrow that borrow checker After two years of being beaten with the memory-safety stick, the C++ community has published a proposal to help developers write less vulnerable code.… This…
Snowflake slams ‘more MFA’ button again – months after Ticketmaster, Santander breaches
Now it’s the default for all new accounts Snowflake continues to push forward in strengthening its users’ cybersecurity posture by making multi-factor authentication the default for all new accounts.… This article has been indexed from The Register – Security Read…
Germany’s CDU still struggling to restore data months after June cyberattack
Putting a spanner in work for plans of opposition party to launch a comeback during next year’s elections One of Germany’s major political parties is still struggling to restore member data more than three months after a June cyberattack targeting…
Prison just got rougher as band of heinously violent cybercrims sentenced to lengthy stints
Orchestrators of abductions, torture, crypto thefts, and more get their comeuppance One cybercriminal of the most violent kind will spend his best years behind bars, as will 11 of his thug pals for a string of cryptocurrency robberies in the…
China’s quantum* crypto tech may be unhackable, but it’s hardly a secret
* Quite Unlikely A New Technology’s Useful, Man Opinion We have a new call to arms in the 21st century battlefront between the West and China. The Middle Kingdom is building an uncrackable national infrastructure based on quantum key distribution…
23andMe settles class-action breach lawsuit for $30 million
Also: Apple to end NSO Group lawsuit; Malicious Python dev job offers; Dark web kingpins busted; and more Infosec In Brief Genetic testing outfit 23andMe has settled a proposed class action case related to a 2023 data breach for $30…
Feeld dating app’s security too open-minded as private data swings into public view
No love for months-long wait to fix this, either Security researchers have revealed a litany of failures in the Feeld dating app that could be abused to access all manner of private user data, including the most sensitive images not…
Cambodian senator sanctioned by US over alleged forced labor cyber-scam camps
Do not go on holiday to the O Smach Resort The US Department of the Treasury’s Office of Foreign Assets Control issued sanctions on Thursday against Cambodian entrepreneur and senator Ly Yong Phat, for his “role in serious human rights…