Plus AI in the infosec world, why CISA should know its place, and more Interview Russia appears to be having second thoughts on how aggressively, or at least how visibly, it attempts to influence American elections, according to a former…
Tag: The Register – Security
AdTech CEO whose products detected fraud jailed for financial fraud
Made up revenue and pretended to use non-existent data The former CEO of Kubient, an advertising tech company that developed a cloudy product capable of detecting fraudulent ads, has been jailed for fraud.… This article has been indexed from The…
Paragon spyware deployed against journalists and activists, Citizen Lab claims
Plus: Customer info stolen from ‘parental control’ software slinger SpyX; F-35 kill switch denied Infosec newsbytes Israeli spyware maker Paragon Solutions pitches its tools as helping governments and law enforcement agencies to catch criminals and terrorists, but a fresh Citizen…
Capital One cracker could be sent back to prison after judges rule she got off too lightly
Feds want harsher sentence for Paige Thompson, who pinched 100M customer records Paige Thompson, the perpetrator of the Capital One data theft, may be sent back behind bars after an appeals court ruled her sentence of time served plus probation…
Dept of Defense engineer took home top-secret docs, booked a fishing trip to Mexico – then the FBI showed up
So much for that vacation A US Department of Defense electrical engineer has turned his world upside down after printing 155 pages from 20 documents, all of which were marked top secret and classified, from his DoD workspace, brought them…
Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist
Palming off the blame using an ‘unknown’ best practice didn’t go down well either In patching the latest critical remote code execution (RCE) bug in Backup and Replication, software shop Veeam is attracting criticism from researchers for the way it…
Too many software supply chain defense bibles? Boffins distill advice
How to avoid another SolarWinds, Log4j, and XZ Utils situation Organizations concerned about software supply chain attacks should focus on role-based access control, system monitoring, and boundary protection, according to a new preprint paper on the topic.… This article has…
The post-quantum cryptography apocalypse will be televised in 10 years, says UK’s NCSC
Wow, a government project that could be on time for once … cos it’s gonna be wayyyy more than a decade The UK’s National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have…
Attackers swipe data of 500k+ people from Pennsylvania teachers union
SSNs, payment details, and health info too The Pennsylvania State Education Association (PSEA) says a July 2024 “security incident” exposed sensitive personal data on more than half a million individuals, including financial and health info.… This article has been indexed…
Names, bank info, and more spills from top sperm bank
Cyber-crime is officially getting out of hand One of the world’s largest sperm banks, California Cryobank, is in a sticky situation: It’s had to tell folks their sensitive information, including names and bank account numbers, may have been stolen from…
IBM scores perfect 10 … vulnerability in mission-critical OS AIX
Big Blue’s workstation workhorse patches hole in network installation manager that could let the bad guys in IBM “strongly recommends” customers running its Advanced Interactive eXecutive (AIX) operating system apply patches after disclosing two critical vulnerabilities, one of which has…
Ex-US Cyber Command chief: Europe and 5 Eyes can’t fully replicate US intel
Cue deepening existential European dread as Rest of World contemplates Trump turning off the info tap If the United States stopped sharing cyber-threat intel with Ukraine, its European allies and the rest of the Five Eyes nations wouldn’t be able…
Show top LLMs buggy code and they’ll finish off the mistakes rather than fix them
One more time, with feeling … Garbage in, garbage out, in training and inference Researchers have found that large language models (LLMs) tend to parrot buggy code when tasked with completing flawed snippets.… This article has been indexed from The…
CISA fires, now rehires and immediately benches security crew on full pay
DOGE efficiency in action The upheaval at the US government’s Cybersecurity and Infrastructure Security Agency, aka CISA, took another twist on Tuesday, as it moved to reinstate staffers it had fired over the past few weeks – specifically those still…
US tech jobs outlook clouded by DOGE cuts, Trump tariffs
Hiring remains relatively strong as analysts warn of slowdown A pair of reports on tech sector employment trends in the United States suggest out-of-work techies right now have relatively decent prospects, but economic uncertainty and rapid policy changes initiated by…
Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying
‘Only’ a local access bug but important part of N Korea, Russia, and China attack picture An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there’s no sign of a fix from Microsoft,…
Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos
Ad giant’s cloudy arm to pay $30B in security shop deal Wiz security researchers think they’ve found the root cause of the GitHub supply chain attack that unfolded over the weekend, and they say that a separate attack may have…
UK wants dirt on data brokers before criminals get there first
Govt wants to learning mistakes of serially breached record holders so it can, er, liberalize data sharing regs under new law The UK government is inviting experts to provide insights about the data brokerage industry and the potential risks it…
Extortion crew threatened to inform Edward Snowden (?!) if victim didn’t pay up
Don’t laugh. This kind of warning shows crims are getting desperate Dark web analysts at infosec software vendor Fortra have discovered an extortion crew named Ox Thief that threatened to contact Edward Snowden if a victim didn’t pay to protect…
‘Dead simple’ hijacking hole in Apache Tomcat ‘now actively exploited in the wild’
One PUT request, one poisoned session file, and the server’s yours A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the wild within a week of…