Tag: The Register – Security

Ultra-Reliable Wireless Backhaul doesn’t live up to its name Cisco is issuing a critical alert notice about a flaw that makes its so-called Ultra-Reliable Wireless Backhaul systems easy to subvert.… This article has been indexed from The Register – Security…

Read more →

10,000 of Kim Jong Un’s soldiers believed to be headed for front line The EU has joined US and South Korean officials in expressing concern over a Russian transfer of technology to North Korea in return for military assistance against…

Read more →

In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos Fresh from a series of serious reports detailing its five-year battle with Chinese cyberattackers, Sophos has dropped a curious story about users of a popular infostealer-cum-RAT targeting…

Read more →

22,000 IP addresses taken down, 59 servers seized, 41 arrests in 95 countries Interpol is reporting a big win after a massive combined operation against online criminals made 41 arrests and seized hardware thought to be used for nefarious purposes.……

Read more →

Experts say incident has ‘all the hallmarks of ransomware’ Telematics tech biz Microlise says an attack that hit its network likely did not expose customer data, although staff aren’t so lucky.… This article has been indexed from The Register –…

Read more →

Alleged intrusion spotted in June Chinese government cyberspies Volt Typhoon reportedly breached Singapore Telecommunications over the summer as part of their ongoing attacks against critical infrastructure operators.… This article has been indexed from The Register – Security Read the original…

Read more →

Data pinched from pwned outside supplier, thief says IntelBroker, a notorious peddler of stolen data, claims to have pilfered source code, private keys, and other sensitive materials belonging to Nokia.… This article has been indexed from The Register – Security…

Read more →

Hellcat crew claimed to have gained access via the company’s Atlassian Jira system Schneider Electric confirmed that it is investigating a breach as a ransomware group Hellcat claims to have stolen more than 40 GB of compressed data — and demanded…

Read more →

FBI recovers just $8M after scam crashes Heartland Tri-State Bank The FBI has recovered $8 million in funds from a cryptocurrency scam that netted $47 million and devastated the Kansas city of Elkhart.… This article has been indexed from The…

Read more →

Why? Because that’s where the money is Business email compromise scammers are trying to up their success rate by using a DocuSign API.… This article has been indexed from The Register – Security Read the original article: Criminals open DocuSign’s…

Read more →

Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials An ongoing typosquatting campaign is targeting developers via hundreds of popular JavaScript libraries, whose weekly downloads number in the tens of millions, to infect…

Read more →

Justice still being served, but many systems are down A statewide IT outage attributed to “unauthorized activity” is affecting the availability of services provided by all courts in Washington.… This article has been indexed from The Register – Security Read…

Read more →

You snooze, you lose, er, win Google claims one of its AI models is the first of its kind to spot a memory safety vulnerability in the wild – specifically an exploitable stack buffer underflow in SQLite – which was…

Read more →

Victims were placed in serious danger following highly sensitive data dump The City of Columbus, Ohio, has confirmed half a million people’s data was accessed and potentially stolen when Rhysida’s ransomware raided its systems over the summer.… This article has…

Read more →

Mondays are for checking months of logs, apparently, if MFA’s not enabled In potentially bad news for those with long names and/or employers with verbose domain names, Okta spotted a security hole that could have allowed crims to pass Okta…

Read more →

Is that a walrus in your server logs, or aren’t you pleased to see me? Opinion  At the start of September, Transport for London was hit by a major cyber attack. TfL is the public body that moves many of…

Read more →

Also, ecommerce fraud ring disrupted, another Operation Power Off victory, Sino SOHO botnet spotted, and more in brief  The US Department of Justice has charged six people with two separate schemes to defraud Uncle Sam out of millions of dollars…

Read more →

Calls for improvements will soon turn into demands when new rules come into force The UK’s finance regulator is urging all institutions under its remit to better prepare for IT meltdowns like that of CrowdStrike in July.… This article has…

Read more →

Local authority websites downed in response to renewed support for Ukraine Multiple UK councils had their websites either knocked offline or were inaccessible to residents this week after pro-Russia cyber nuisances added them to a daily target list.… This article…

Read more →

How ‘Gary’ defeated Bowser broke into the interactive alarm clock A hacker who uses the handle GaryOderNichts has found a way to break into Nintendo’s recently launched Alarmo clock, and run code on the device.… This article has been indexed…

Read more →

Emeraldwhale gang looked sharp – until it made a common S3 bucket mistake A criminal operation dubbed Emeraldwhale has been discovered after it dumped more than 15,000 credentials belonging to cloud service and email providers in an open AWS S3…

Read more →

A scary few Halloween hours for team behind hugely popular web plugin LottieFiles is overcoming something of a Halloween fright after battling to regain control of a compromised developer account that was used to exploit users’ crypto wallets.… This article…

Read more →

Motherboard missing, leaving space for a million hits of meth Australian police have arrested a man after finding he imported what appear to be tower PC cases that were full of illicit drugs.… This article has been indexed from The…

Read more →

India makes it onto list of likely threats for the first time A report by Canada’s Communications Security Establishment (CSE) revealed that state-backed actors have collected valuable information from government networks for five years.… This article has been indexed from…

Read more →

Plus a free micropatch until Redmond fixes the flaw There’s a Windows Themes spoofing zero-day bug on the loose that allows attackers to steal people’s NTLM credentials.… This article has been indexed from The Register – Security Read the original…

Read more →

If you’re gonna come at the mouse, you need to be better at hiding your tracks A disgruntled ex-Disney employee has been arrested and charged with hacking his former employer’s systems to alter restaurant menus with potentially deadly consequences. … This…

Read more →

If you’re gonna come at the mouse, you need to be better at hiding your tracks A disgruntled ex-Disney employee has been arrested and charged with hacking his former employer’s systems to alter restaurant menus with potentially deadly consequences. … This…

Read more →

The prolific Midnight Blizzard crew cast a much wider net in search of scrummy intel Microsoft says a mass phishing campaign by Russia’s foreign intelligence services (SVR) is now in its second week, and the spies are using a novel…

Read more →

Release the Kraken! China has accused unnamed foreign entities of using devices hidden in the seabed and bobbing on the waves to learn its maritime secrets.… This article has been indexed from The Register – Security Read the original article:…

Read more →

Or: why using the same iCloud account for malware development and gaming is a bad idea The US government has named and charged a Russian national, Maxim Rudometov, with allegedly developing and administering the notorious Redline infostealer. … This article has…

Read more →

‘It was like watching a robot going rogue’ says researcher OpenAI’s language model GPT-4o can be tricked into writing exploit code by encoding the malicious instructions in hexadecimal, which allows an attacker to jump the model’s built-in security guardrails and…

Read more →

‘It was like watching a robot going rogue’ says researcher OpenAI’s language model GPT-4o can be tricked into writing exploit code by encoding the malicious instructions in hexadecimal, which allows an attacker to jump the model’s built-in security guardrails and…

Read more →

US also charges an alleged Redline dev, no mention of an arrest International law enforcement officials have arrested two individuals and charged another in connection with the use and distribution of the Redline and Meta infostealer malware strains.… This article…

Read more →

Health care breaches lead to legislation Partner Content  Breaches breed regulation; which hopefully in turn breeds meaningful change.… This article has been indexed from The Register – Security Read the original article: The story behind the Health Infrastructure Security and…

Read more →

Patch up: The Spring framework dominates the Java ecosystem If you’re running an application built using the Spring development framework, now is a good time to check it’s fully updated – a new, critical-severity vulnerability has just been disclosed.… This…

Read more →

It’s not just the French president, Biden and Putin also reportedly trackable The French equivalent of the US Secret Service may have been letting their guard down, as an investigation showed they are easily trackable via the fitness app Strava.……

Read more →

Only took ’em a year to dish up some scary travel advice, and a Secure Innovation … Placemat? Cyber security agencies from the Five Eyes nations have delivered on a promise to offer tech startups more guidance on how to…

Read more →

GCHQ job ads seek top talent with bottom-end pay packets While the wages paid by governments seldom match those available in the private sector, it appears that the UK’s intelligence, security and cyber agency is a long way short of…

Read more →

ATMs paid customers thousands … and now the bank wants its money back JPMorgan Chase has begun suing fraudsters who allegedly stole thousands of dollars from the bank’s ATMs after a check fraud glitch went viral on social media.… This…

Read more →

‘They’re taunting us,’ investigator says and it looks like it’s working The feds are investigating Chinese government-linked cyberspies breaking into the infrastructure of US telecom companies, as reports suggest Salt Typhoon – the same crew believed to be behind those…

Read more →

The platform ‘continues to take action’ against illegal posts, we’re told Exclusive  Brazen crooks are selling people’s pilfered financial information on Meta’s Threads, in some cases posting full credit card details, plus stolen credentials, alongside images of the cards themselves.……

Read more →

Legal action comes months after alleging negligence by Falcon vendor Delta Air Lines is suing CrowdStrike in a bid to recover the circa $500 million in estimated lost revenue months after the cybersecurity company “caused” an infamous global IT outage.……

Read more →

Legal proceedings underway with more details to follow Dutch police (Politie) say they’ve dismantled the servers powering the Redline and Meta infostealers – two key tools in a modern cyber crook’s arsenal.… This article has been indexed from The Register…

Read more →

One told to take down posts that said nice things about WP Engine Organisers of WordCamps, community-organized events for WordPress users, have been ordered to take down some social media posts and share their login credentials for social networks.… This…

Read more →

Also, Change Healthcare sets a record, cybercrime cop suspect indicted, a new Mallox decryptor, and more in brief  Senate intelligence committee chair Mark Warner (D-VA) is demanding to know why, in the wake of the bust-up of a massive online…

Read more →

US Consumer Financial Protection Bureau demands transparency, accountability from sellers of employee metrics The US Consumer Financial Protection Bureau on Thursday published guidance advising businesses that third-party reports about workers must comply with the consent and transparency requirements set forth…

Read more →

Also updates bug bounty program with $1M payout In June, Apple used its Worldwide Developer Conference to announce the creation of the Private Cloud Compute platform to run its AI Intelligence applications, and now it’s asking people to stress test…

Read more →

Plus: Iran’s IRGC probes election-related websites in swing states Russian, Iranian, and Chinese trolls are all ramping up their US election disinformation efforts ahead of November 5, but – aside from undermining faith in the democratic process and confidence in the…

Read more →

Remember Bucket Monopoly? Yeah, it gets worse Amazon Web Services has fixed a flaw in its open source Cloud Development Kit that, under the right conditions, could allow an attacker to hijack a user’s account completely.… This article has been…

Read more →

Who doesn’t love abusing buggy appliances, really? Cisco has patched an already exploited security hole in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that miscreants have been brute-forcing in attempted denial of service attacks.… This article…

Read more →

Arguments continue but change suggests it’s not Free Software anymore The Bitwarden online credentials storage service is changing its build requirements – which some commentators feel mean it’s no longer FOSS.… This article has been indexed from The Register –…

Read more →

389 US healthcare orgs infected this year alone Ransomware infected 389 US healthcare organizations this fiscal year, putting patients’ lives at risk and costing facilities up to $900,000 a day in downtime alone, according to Microsoft.… This article has been…

Read more →

All for the low, low price of a mere dollar Scammers, rejoice. OpenAI’s real-time voice API can be used to build AI agents capable of conducting successful phone call scams for less than a dollar.… This article has been indexed…

Read more →

Google and WhatsApp also binned, which is far easier to explain than canning a local hero Hong Kong’s government has updated infosec guidelines to restrict the use of Chinese messaging app WeChat, alongside Meta and Google products like WhatsApp and…

Read more →

For starters, it could launch a prompt injection attack on itself… The latest version of AI startup Anthropic’s Claude 3.5 Sonnet model can use computers – and the developer makes it sound like that’s a good thing.… This article has…

Read more →

Attacks on unprotected servers reach ‘critical level’ An unknown attacker is abusing exposed Docker Remote API servers to deploy perfctl cryptomining malware on victims’ systems, according to Trend Micro researchers.… This article has been indexed from The Register – Security…

Read more →

Don’t ignore this nasty zero day exploit says TAG A nasty bug in Samsung’s mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google security…

Read more →

Fight On, State? Not this time Pennsylvania State University has agreed to pay the Justice Department $1.25 million to settle claims of misrepresenting its cybersecurity compliance to the federal government and leaving sensitive data improperly secured. … This article has been…

Read more →

Security shop and CISA urge rapid action Fortinet has gone public with news of a critical flaw in its software management platform.… This article has been indexed from The Register – Security Read the original article: Warning! FortiManager critical vulnerability…

Read more →

We know where you got your skinny jeans – big deal A data thief calling themselves Satanic claims to have purloined the records of around 350 million customers of fashion retailer Hot Topic.… This article has been indexed from The…

Read more →

Plus, a POC to make it extra easy for attackers A Microsoft SharePoint bug that can allow an attacker to remotely inject code into vulnerable versions is under active exploitation, according to the US Cybersecurity and Infrastructure Security Agency (CISA).……

Read more →

Azure Blob Storage, AWS, and Twilio keys all up for grabs An analysis of widely used mobile apps offered on Google Play and the Apple App Store has found hardcoded and unencrypted cloud service credentials, exposing millions of users to…

Read more →

TaxSlayer, H&R Block, TaxAct, and Ramsey Solutions accused of sharing info with Meta and Google A quartet of lawmakers have penned a letter to the Department of Justice asking it to prosecute tax preparation companies for sharing customer data, including…

Read more →

TaxSlayer, H&R Block, TaxAct, and Ramsey Solutions accused of sharing info with Meta and Google A quartet of Democratic lawmakers have penned a letter to the US Department of Justice asking it to prosecute tax preparation companies for sharing customer…

Read more →

Chip giant tells Uncle Sam someone could be making orders on the sly TSMC has reportedly tipped off US officials to a potential attempt by Huawei to circumvent export controls and obtain AI chips manufactured by the Taiwanese company.… This…

Read more →

If the first patches don’t work, try, try again VMware has pushed a second patch for a critical, heap-overflow bug in the vCenter Server that could allow a remote attacker to fully compromise vulnerable systems after the first software update,…

Read more →

Unisys, Avaya, Check Point, and Mimecast settled with the agency without admitting or denying wrongdoing Four high-profile tech companies reached an agreement with the Securities and Exchange Commission to pay millions of dollars in penalties for misleading investors about their…

Read more →

Crooks revert to old ways for greater efficiency Experts believe the Akira ransomware operation is up to its old tricks again, encrypting victims’ files after a break from the typical double extortion tactics.… This article has been indexed from The…

Read more →

Miscreants combine it with an equally tricky piece of social engineering The Ghostpulse malware strain now retrieves its main payload via a PNG image file’s pixels. This development, security experts say, is “one of the most significant changes” made by…

Read more →

Note to Xi: Marco and Ted Cruz aren’t the same person China’s Spamouflage disinformation crew has been targeting US Senator Marco Rubio (R-Florida) with its fake news campaigns over the past couple of months, trolling the Republican lawmaker’s official X…

Read more →

Private equity giant Thoma Bravo adds another trophy to its growing collection British security biz Sophos has announced a plan to gobble up competitor Secureworks in an $859 million deal that will make Dell happy.… This article has been indexed…

Read more →

Dan O’Dowd tells El Reg about the OS secrets and ongoing clash with Musk Interview  This month, presidential hopeful Donald Trump got a tool in his arsenal, some allegedly “unhackable” communications kit, and The Register has talked to the man…

Read more →

Like keeping your camera and microphone private? Patch up In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems.… This article has been indexed from The Register –…

Read more →

As TSMC defends itself against report it may have helped Huawei Tesla has denied it was involved in illegal-map making activities in China after Beijing asserted an unnamed foreign firm working on a smart car project had done so –…

Read more →

Org turns its woes into a fundraising opportunity Despite the Internet Archive’s assurances it’s back on its feet after a recent infosec incident, the org still appears to be in trouble after parties unknown claimed to hold access tokens to…

Read more →

The static analyzer uses Claude AI to identify vulns and suggest exploit code Researchers with Seattle-based Protect AI plan to release a free, open source tool that can find zero-day vulnerabilities in Python codebases with the help of Anthropic’s Claude…

Read more →

Also, new EU cyber reporting rules are live, exploiters hit the gas pedal, free PDNS for UK schools, and more in brief  A critical security update for the near-ubiquitous WordPress plugin Jetpack was released last week. Site administrators should ensure…

Read more →

SIM swappers strike again, warping cryptocurrency prices An Alabama man faces five years in prison for allegedly attempting to manipulate the price of Bitcoin by pwning the US Securities and Exchange Commission’s X account earlier this year.… This article has…

Read more →

Says ‘limited’ incident isolated to ‘partner company’ ESET denies being compromised after an infosec researcher highlighted a wiper campaign that appeared to victims as if it was launched using the Slovak security shop’s infrastructure.… This article has been indexed from…

Read more →

Chipzilla says it obeys the law … which could mean anything Intel has responded to Chinese claims that its chips include security backdoors at the direction of America’s NSA.… This article has been indexed from The Register – Security Read…

Read more →

Chipzilla uses WeChat post to defend record of following local laws Intel has roundly rebutted Chinese accusations that its chips include security backdoors at the direction of the US National Security Agency (NSA).… This article has been indexed from The…

Read more →

‘My webcam isn’t working today’ is the new ‘The dog ate my network’ It’s a pattern cropping up more and more frequently: a company fills an IT contractor post, not realizing it’s mistakenly hired a North Korean operative. The phony…

Read more →

Propaganda op focuses on anti-West narratives to meddle with elections The US has placed a $10 million bounty on Russian media network Rybar and a number of its key staffers following alleged attempts to sway the upcoming US presidential election.……

Read more →

Globe Life claims blackmailers shared stolen into with short sellers US insurance provider Globe Life, already grappling with legal troubles, now faces a fresh headache: an extortion attempt involving stolen customer data.… This article has been indexed from The Register…

Read more →

Early stage opsec failures lead to landmark arrest of suspected serial data thief Brazilian police are being cagey with the details about the arrest of a person suspected to be responsible for various high-profile data thefts.… This article has been…

Read more →

No attacks possible, but enough issues to cause concern Messaging giant WeChat uses a network protocol that the app’s developers modified – and by doing so introduced security weaknesses, researchers claim.… This article has been indexed from The Register – Security…

Read more →

Gang said to have developed its evilware on GitHub – then DDoSed GitHub Hacktivist gang Anonymous Sudan appears to have lost its anonymity after the US Attorney’s Office on Wednesday unsealed an indictment identifying two of its alleged operators.… This…

Read more →

Gang said to have developed its evilware on GitHub – then DDoSed GitHub Hacktivist gang Anonymous Sudan appears to have lost its anonymity after the US Attorney’s Office on Wednesday unsealed an indictment identifying two of its alleged operators.… This…

Read more →

Resolves allegations it improperly stored screenshots containing PII that were later snaffled A US government contractor will settle claims it violated cyber security rules prior to a breach that compromised Medicare beneficiaries’ personal data.… This article has been indexed from…

Read more →

Resolves allegations it improperly stored screenshots containing PII that were later snaffled A US government contractor will settle claims it violated cyber security rules prior to a breach that compromised Medicare beneficiaries’ personal data.… This article has been indexed from…

Read more →

It’s called leaving the door wide open – especially in Proxmox A critical bug in Kubernetes Image Builder could allow unauthorized SSH access to virtual machines (VMs) due to default credentials being enabled during the image build process.… This article…

Read more →

The German car giant appears to be unconcerned The 8Base ransomware crew claims to have stolen a huge data dump of Volkswagen files and is threatening to publish them, but the German car giant appears to be unconcerned.… This article…

Read more →

No word yet on scope of attacks A critical, hardcoded credential bug in SolarWinds’ Web Help Desk products has been found and exploited by criminals, according to the US Cybersecurity and Infrastructure Security Agency, which has added the flaw to…

Read more →

Uncle Sam having a secret way into US tech? Say it ain’t so A Chinese industry group has accused Intel of backdooring its CPUs, in addition to other questionable security practices while calling for an investigation into the chipmaker, claiming…

Read more →

Find out how to enhance efficiency using Google Security Operations Webinar  In an era of ever-evolving cyber threats, staying ahead of potential security risks is essential.… This article has been indexed from The Register – Security Read the original article:…

Read more →

DDoS detectives deduce Mirai used to do the deed, using home entertainment boxes in Korea, China, and Brazil The Internet Archive has come back online, in slightly degraded mode, after repelling an October 9 DDoS attack and then succumbing to…

Read more →

ALSO: Crypto-hub Binance helps Delhi police shut down solar power scam IBM announced on Tuesday it has acquired Prescinto, a Bangalore-based provider of asset performance management software for renewable energy.… This article has been indexed from The Register – Security…

Read more →

Messaging service creates persistent user IDs that have different qualities on each device An analysis of Meta’s WhatsApp messaging software reveals that it may expose which operating system a user is running, and their device setup information – including the…

Read more →

IntelBroker claims the breach impacts Microsoft, SAP, AT&T, Verizon, T-Mobile US, and more Cisco has confirmed it is investigating claims of stealing — and now selling — data belonging to the networking giant.… This article has been indexed from The Register…

Read more →

Volume of attacks still surging though, according to Digital Defense Report Microsoft says ransomware attacks are up 2.75 times compared to last year, but claims defenses are actually working better than ever.… This article has been indexed from The Register…

Read more →