Tag: The Register – Security

Your passwords may already be at risk. Partner Content  Ever felt that gut punch after losing something important, like your house keys? Now picture those, along with 184 million others, resting in plain sight at the wildest equivalent of Comic-Con…

Read more →

Regulator points to lack of ‘basic access controls’ between internet-facing systems, internal network South Korea’s privacy watchdog has slapped SK Telecom with a record ₩134.5 billion ($97 million) fine after finding that the mobile giant left its network wide open…

Read more →

Shadowserver counts more than 13,000 appliances still wide open – including thousands in US, Germany, and UK Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week, one of which is…

Read more →

Credit agency offers own services as compensation Credit scoring and monitoring biz TransUnion says that it recently suffered a breach affecting nearly 4.5 million individuals.… This article has been indexed from The Register – Security Read the original article: TransUnion…

Read more →

Miljödata meltdown leaves 200 local authorities scrambling over 1.5 BTC Sweden’s municipal governments have been knocked offline after ransomware crooks hit IT supplier Miljödata, reportedly demanding the bargain-basement sum of $168,000.… This article has been indexed from The Register –…

Read more →

US payments platform back in action, says it’s informing affected customers Shoppers and merchants in Germany found themselves dealing with billions of euros in frozen transactions this week, thanks to an apparent failure in PayPal’s fraud-detection systems.… This article has…

Read more →

Apology issued after names tied to redress scheme revealed in mass mailing A London law firm leaked the details of nearly 200 people who requested to receive updates about the redress scheme set up for victims of abuse at the…

Read more →

13 governments sound the alarm about ongoing unpleasantness China’s Salt Typhoon cyberspies continue their years-long hacking campaign targeting critical industries around the world, according to a joint security alert from cyber and law enforcement agencies across 13 countries.… This article…

Read more →

Harvard researchers find model guardrails tailor query responses to user’s inferred politics and other affiliations OpenAI’s ChatGPT appears to be more likely to refuse to respond to questions posed by fans of the Los Angeles Chargers football team than to…

Read more →

There’s also a rogue Russian on the list The US Treasury Department has announced sanctions against two Asian companies and two individuals for allegedly helping North Korean IT workers fake their way into US jobs.… This article has been indexed…

Read more →

AI lowers the bar for cybercrime, Anthropic admits comment  Anthropic, a maker of AI tools, says that AI tools are now commonly used to commit cybercrime and facilitate remote worker fraud.… This article has been indexed from The Register –…

Read more →

Fast-glob is widely used in government, security lab says A Node.js utility used by thousands of public projects – and more than 30 Department of Defense ones – appears to have a sole maintainer whose online profiles identify him as…

Read more →

Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM registry on Tuesday…

Read more →

Don’t let it happen to you Storm-0501, a financially motivated cybercrime crew, recently broke into a large enterprise’s on-premises and cloud environments, ultimately exfiltrating and destroying data within the org’s Azure environment. The criminals then contacted the victim via a…

Read more →

Attackers steal OAuth tokens to access third-party sales platform, then CRM data in ‘widespread campaign’ Google says a recent spate of Salesforce-related breaches was caused by attackers stealing OAuth tokens from the third-party Salesloft Drift app.… This article has been…

Read more →

Vendor insists passkeys are the future, but getting workers on board is proving difficult Infosec pros are losing confidence in their identity providers’ ability to keep attackers out, with Cisco-owned Duo warning that the industry is facing what it calls…

Read more →

Securing internet infrastructure remains a challenging endeavour Systems Approach  I’ve been working on a chapter about infrastructure security for our network security book.… This article has been indexed from The Register – Security Read the original article: BGP’s security problems…

Read more →

Suspects this was Beijing-backed Typhoon and/or Panda crew targeting diplomats in Asia Google has warned customers of a suspected state-backed attack after observing a web traffic hijacking campaign.… This article has been indexed from The Register – Security Read the…

Read more →

Oh, look, a use case for OpenAI’s gpt-oss-20b model ESET malware researchers Anton Cherepanov and Peter Strycek have discovered what they describe as the “first known AI-powered ransomware,” which they named PromptLock. … This article has been indexed from The Register…

Read more →

From hardware security chips and trusted execution pipelines to open source Root of Trust modules Hot Chips  Microsoft is one of the biggest names in cybersecurity, but it has a less-than-stellar track record in the department. Given its reputation, Redmond…

Read more →