Bugs fixed, updating to the latest version is advisable Security sleuths found two critical vulnerabilities in a third-party library that MongoDB relies on, which means bad guys can potentially steal data and run code.… This article has been indexed from…
Tag: The Register – Security
Two arrested after pensioner scammed out of six-figure crypto nest egg
The latest in a long line of fraud stings worth billions each year Two men are in police custody after being arrested in connection with a July cryptocurrency fraud involving a man in his seventies.… This article has been indexed…
Ghost ransomware crew continues to haunt IT depts with scarily bad infosec
FBI and CISA issue reminder – deep sigh – about the importance of patching and backups The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities…
Medusa ransomware gang demands $2M from UK private health services provider
2.3 TB held to ransom as biz formerly known as Virgin Care tells us it’s probing IT ‘security incident’ Exclusive HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which…
US Army soldier linked to Snowflake extortion rampage admits breaking the law
That’s the way the cookie melts A US Army soldier suspected of hacking AT&T and Verizon has admitted leaking online people’s private call records.… This article has been indexed from The Register – Security Read the original article: US Army…
US Army soldier linked to Snowflake extortion admits breaking the law
That’s the way the cookie melts A US Army soldier suspected of hacking AT&T and Verizon has admitted leaking online people’s private call records.… This article has been indexed from The Register – Security Read the original article: US Army…
Trump’s DoD CISO pick previously faced security clearance suspension
Hey, at least Katie Arrington brings a solid resume Donald Trump’s nominee for a critical DoD cybersecurity role sports a resume that outshines many of his past picks, despite previously suspended security clearance.… This article has been indexed from The…
Check out this free automated tool that hunts for exposed AWS secrets in public repos
You can find out if your GitHub codebase is leaking keys … but so can miscreants A free automated tool that lets anyone scan public GitHub repositories for exposed AWS credentials has been released.… This article has been indexed from…
Hundreds of Dutch medical records bought for pocket change at flea market
15GB of sensitive files traced back to former software biz Typically shoppers can expect to find tie-dye t-shirts, broken lamps and old disco records at flea markets, now it seems storage drives filled with huge volumes of sensitive data can…
London celebrity talent agency reports itself to ICO following Rhysida attack claims
Showbiz members’ passport scans already plastered online A London talent agency has reported itself to the UK’s data protection watchdog after the Rhysida ransomware crew last week claimed it had attacked the business, which represents luminaries of stage and screen.……
Healthcare outfit that served military personnel settles allegations it faked infosec compliance for $11 million
If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help An alleged security SNAFU that occurred during the Obama administration has finally been settled under the second Trump administration.… This article has…
Palo Alto firewalls under attack as miscreants chain flaws for root access
If you want to avoid urgent patches, stop exposing management consoles to the public internet A flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two older vulnerabilities, allows attackers to gain…
Snake Keylogger slithers into Windows, evades detection with AutoIt-compiled payload
Because stealing your credentials, banking info, and IP just wasn’t enough A new variant of Snake Keylogger is making the rounds, primarily hitting Windows users across Asia and Europe. This strain also uses the BASIC-like scripting language AutoIt to deploy…
US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware
Called it an ‘incident’ in SEC filing, but encrypted apps and data exfiltration suggest Lee just can’t say the R word US newspaper publisher Lee Enterprises is blaming its recent service disruptions on a “cybersecurity attack,” per a regulatory filing,…
FreSSH bugs undiscovered for years threaten OpenSSH security
Exploit code now available for MitM and DoS attacks Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released.… This article has been indexed from The Register – Security Read the original article: FreSSH bugs undiscovered…
Time to make C the COBOL of this century
Lions juggling chainsaws are fun to watch, but you wouldn’t want them trimming your trees Opinion Nobody likes The Man. When a traffic cop tells you to straighten up and slow down or else, profound thanks are rarely the first…
Indian authorities seize loot from collapsed BitConnect crypto scam
Devices containing crypto wallets tracked online, then in the real world Indian authorities seize loot from BitConnect crypto-Ponzi scheme Devices containing crypto wallets tracked online, then in the real world India’s Directorate of Enforcement has found and seized over $200…
XCSSET macOS malware returns with first new version since 2022
Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Microsoft says there’s a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.… This article has…
Twin Google flaws allowed researcher to get from YouTube ID to Gmail address in a few easy steps
PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more! Infosec In Brief A security researcher has found that Google could leak the email addresses of YouTube channels, which wasn’t good because the search and ads…
Twin Google flaws allowed attacker to get from YouTube ID to Gmail address in a few easy steps
PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more! Infosec In Brief A security researcher has found that Google could leak the email addresses of YouTube channels, which wasn’t good because the search and ads…