Tag: The Register – Security

Also, don’t download that ‘ChatGPT Windows client,’ and this week’s critical vulnerabilities to keep an eye on In brief  A Russian national has been hit with a five-count indictment alleging he smuggled hardware and software used for counterintelligence operations out…

Read more →

Software giant takes some files and processes off the exclusion list Microsoft is recommending that Exchange server users scan certain objects for viruses and other threats that until now had been excluded.… This article has been indexed from The Register…

Read more →

Beware the Dark Side Dutch police have arrested three men for their alleged involvement with a ransomware gang that stole sensitive data and extorted hundreds of thousands of euros from thousands of companies.… This article has been indexed from The…

Read more →

Ten cities panic after emergency systems start Putin out warnings of an impending attack Millions of Russians in almost a dozen cities throughout the country were greeted Wednesday morning by radio alerts, text messages, and sirens warning of an air…

Read more →

$50k buys you ‘1,000 unique repositories’ that may or may not be legit Canadian communications giant Telus is investigating whether crooks have stolen employee data and its source code, all of which is being offered for sale on a criminal…

Read more →

rm -rf’ing staff chat logs can’t go unpunished, says Uncle Sam The US Department of Justice (DoJ) asked the judge hearing its antitrust case against Google to sanction the search advertising giant for destruction of evidence.… This article has been…

Read more →

Don’t blame the kids! Ex-city employee charged with $17k power theft Pics  A Massachusetts man accused of using his job as a city’s assistant facilities director to hide a cryptocurrency mining operation in the crawlspace of a school has surrendered…

Read more →

Cyber Europe cyber worried about cyber threats, doesn’t cyber use the other C word (China) The European Commission on Thursday banned the use of the TikTok short video app on corporate devices and on the personal devices of employees enrolled…

Read more →

There’s no HumOR in cyberattacks At last year’s Ignite show, Microsoft talked up a capability in its 365 Defender that automatically detects and disrupts a cyberattack while still in progress, hopefully stopping or reducing any resulting damage. Now it’s extending…

Read more →

Study: Old pacts ditched the moment Moscow moved in The so-called “brotherhood” or Russian-speaking cybercriminals is yet another casualty of the war in Ukraine, albeit one that few outside of Moscow are mourning.… This article has been indexed from The…

Read more →

Dariy Pankov accused of infiltrating systems, selling tool and passwords to other miscreants A Russian national accused of developing the NLBrute brute-force hacking tool has made his first court appearance this week in Florida over accusations that he used the…

Read more →

Yes, we have no bananas, and things aren’t looking peachy on the salad front Irish agricultural megacorp Dole has confirmed that it has fallen victim to a ransomware infection that reportedly shut down some of its North American production plants.……

Read more →

Fake donors allegedly padded politicians’ pockets, both Republican and Democrat FTX founder Sam Bankman-Fried’s eight-count indictment related to the collapse of his crypto empire has been superseded by a new 12-count indictment unsealed in New York which provide graphic details…

Read more →

AWS, Google and Oracle may benefit as Microsoft blames the Pentagon and the Pentagon blames Microsoft A hole in a Department of Defense email server operated by Microsoft left more than a terabyte of sensitive data exposed less than a…

Read more →

Infiltrators tried to create fake remote hands tasks, alter visitor lists Criminals have targeted datacenter operators in Singapore and China, tapping into their CCTV cameras, accessing their tenant lists and then attacking those customers.… This article has been indexed from…

Read more →

Ten cities panic after emergency systems start Putin out warnings of an impending attack Millions of Russians in almost a dozen cities throughout the country were greeted Wednesday morning by radio alerts, text messages, and sirens warning of an air…

Read more →

Infiltrators tried to create fake remote hands tasks, alter visitor lists Criminals have targeted datacenter operators in Singapore and China, tapping into their CCTV cameras, accessing their tenant lists and then attacking those customers.… This article has been indexed from…

Read more →

Did the financial watchdog just do the impossible and herd cats? More than 80 law firms say they are “deeply troubled” by the US Securities and Exchange Commission’s demand that Covington & Burling hand over names of its clients whose…

Read more →

While app development is faster and easier, security is still a concern Analysis  Open source components play an increasingly central role in the software development scene, proving to be a boon in a time of continuous integration and deployment, DevOps,…

Read more →

Settles lawsuit with two states after wider leak that affected millions A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on…

Read more →

SANS Institute ramps up delivery of new security training courses to help keep info sec pros ahead of cyber criminals Sponsored Post  The global impact of cyber threats on businesses, governments, organisations and individuals around the world is ramping up…

Read more →

Blame it on phone number recycling (yes, that’s a thing, too) A stranger may be receiving your private WhatsApp messages, and also be able to send messages to all of your contacts – if you have changed your phone number…

Read more →

No longer a blind spot, printer security is now a grown up conversation says Brother Sponsored Feature  As businesses journey deeper into an era of restless digital change, it’s surprising how inventions from past decades still define the office environment.……

Read more →

Settles lawsuit with two states after wider leak that affected millions A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on…

Read more →

Tech has changed in 400 years. The rules haven’t Opinion  Mary, Queen of Scots, was a hapless CEO, even by the standards of 1600s Europe. Mother of the first Stuart King of England, James I (and VI of Scotland; let’s…

Read more →

Also: Russia may legalize hacking; Oakland declares ransomware emergency; the CVEs you should know about this week In brief  Web hosting and domain name concern GoDaddy has disclosed a fresh attack on its infrastructure, and concluded that it is one…

Read more →

Eggheads prove they can mimic messages and bag bug bounty bucks Analysis  Over the past two decades, efforts have been made to make email more secure. Alas, defensive protocols implemented during this period, such as SPF, DKIM, and DMARC, remain…

Read more →

Committee: Something about complaints process being dealt with in total secrecy doesn’t sit right Lawmakers in the European Parliament have urged the European Commission not to issue the “adequacy decision” needed for the EU-US Data Privacy Framework (DPF) to officially…

Read more →

In other words, script kiddies up to shenanigans again A series of distributed denial-of-service (DDoS) attacks shut down seven German airports’ websites on Thursday, a day after a major IT glitch at Lufthansa grounded flights.… This article has been indexed…

Read more →

Move along, totally nothing to see here The FBI says it has dealt with a cybersecurity “incident” that reportedly involved computer systems being used to investigate child sexual exploitation.… This article has been indexed from The Register – Security Read…

Read more →

Move along, totally nothing to see here The FBI has confirmed a cyber “incident” that reportedly involved computer systems being used to investigate child sexual exploitation.… This article has been indexed from The Register – Security Read the original article:…

Read more →

Move along, nothing to see here The FBI confirmed a cyber “incident” that reportedly involved computer systems being used to investigate child sexual exploitation.… This article has been indexed from The Register – Security Read the original article: FBI says…

Read more →

Gone in 60 seconds using a USB-A plug and brute force instead of a key Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to…

Read more →

WebKit flaw ‘may have been exploited’ – just like Tim Cook ‘may have’ made a million bucks this week Apple this week released bug-splatting updates to its operating systems and Safari browser, to fix a zero-day vulnerability in its WebKit…

Read more →

In other words, script kiddies up to shenanigans again A series of distributed denial-of-service (DDoS) attacks shut down seven German airports’ websites on Thursday, a day after a major IT glitch at Lufthansa grounded flights.… This article has been indexed…

Read more →

Committee: Something about complaints process being dealt with in total secrecy doesn’t sit right Lawmakers in the European Parliament have urged the European Commission not to issue the “adequacy decision” needed for the EU-US Data Privacy Framework (DPF) to officially…

Read more →

Undisclosed earnings reports swiped, exploited A Russian national with ties to the Kremlin exploited stolen upcoming financial filings belonging to hundreds of companies to help him and his associates net more than $90 million.… This article has been indexed from…

Read more →

ThreatLabz finds free alternative to Cobalt Strike and other tools used in the wild There’s a fresh open-source command-and-control (C2) framework on the loose, dubbed Havoc, as an alternative to the popular Cobalt Strike, and other mostly legitimate tools, that…

Read more →

Committee: Something about complaints process being dealt with in total secrecy doesn’t sit right Lawmakers in the European Parliament have urged the European Commission not to issue the “adequacy decision” needed for the EU-US Data Privacy Framework (DPF) to officially…

Read more →

Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution Antivirus software is supposed to be an important part of an organization’s defense against the endless tide of malware.… This article has been indexed from The Register…

Read more →

Meanwhile South Korea’s Do Kwon is sought for fraud by US authorities Norwegian authorities announced on Thursday that they had recovered $5.9 million of cryptocurrency stolen in the Axie Infinity hack – an incident widely held to have been perpetrated…

Read more →

Devs missed warnings plus tons of code relying on a lone open source maintainer Google this week reversed an overhaul of one of its security-related file formats after the transition broke Android apps.… This article has been indexed from The…

Read more →

OS won’t start on some systems with ESXi VMs, while Win11 updates may not make it to devices Microsoft is sorting through two issues with Windows Server 2022 that affect VMware virtual machines and updates not getting passed on to…

Read more →

Happy Valentine’s Day! Now don’t get fooled It sounds like the plot of a somewhat far-fetched romcom-slash-thriller Netflix series, maybe billed as You meets Your Place or Mine, dropping just in time for Valentine’s Day.… This article has been indexed…

Read more →

UK-based Coin Publishers were conned out of $206,000 after meeting in a Barcelona hotel Exclusive  When Ahad Shams detailed on Twitter how his company was scammed out of $4 million in cryptocurrency after a face-to-face meeting, Chris Hunter immediately recognized…

Read more →

That’s not what I like Crooks have breached Pepsi Bottling Ventures’ network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers.… This article has been indexed from The Register…

Read more →

Want a clue to what you’re dealing with? Check the ransom note That didn’t take long.… This article has been indexed from The Register – Security Read the original article: ESXiArgs ransomware fights off Team America’s data recovery script

Read more →

Plus bugs squashed in Server Platform Services and more Intel’s Software Guard Extensions (SGX) are under the spotlight again after the chipmaker disclosed several newly discovered vulnerabilities affecting the tech, and recommended users update their firmware.… This article has been…

Read more →

Giving storage platforms enhanced built-in security features will be a significant step toward counteracting the impacts of cybercrime in 2023, Dell experts predict Sponsored Feature  Cybercriminals tend not to discriminate when it comes to the type of data they steal.…

Read more →

Gone in 60 seconds using a USB-A plug and brute force instead of a key Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to…

Read more →

WebKit flaw ‘may have been exploited’ just like Tim Cook ‘may have’ made a million bucks this week Apple this week released bug-splatting updates to its operating systems and Safari browser, to fix a zero-day vulnerability in its WebKit browser…

Read more →

Undisclosed earnings reports swiped, exploited A Russian national with ties to the Kremlin exploited stolen upcoming financial filings belonging to hundreds of companies to help him and his associates net more than $90 million.… This article has been indexed from…

Read more →

Adobe, SAP, Intel, AMD, Android also show up with bouquet of fixes Patch Tuesday  Happy Patch Tuesday for February, 2023, which falls on Valentine’s Day.… This article has been indexed from The Register – Security Read the original article: Microsoft…

Read more →

And growing abuse of cloud – because using hijacked Brazilian cable modems to down sites is so 2013 Dozens of companies over the weekend were hit by distributed denial-of-service (DDoS) attacks, including the largest one yet recorded, or so Cloudflare…

Read more →

Chocolate Factory’s ad tech renovation is moving ahead, like it or not Google on Tuesday began rolling out a beta test of its Privacy Sandbox software for a small portion of Android 13 devices to learn how its purportedly privacy-protecting…

Read more →

Happy Valentine’s Day! Now don’t get fooled It sounds like the plot of a somewhat far-fetched romcom-slash-thriller Netflix series, maybe billed as You meets Your Place or Mine, dropping just in time for Valentine’s Day.… This article has been indexed…

Read more →

That’s not what I like Crooks have breached Pepsi Bottling Ventures’ network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers.… This article has been indexed from The Register…

Read more →

Blames ‘third-party provider’ as phishers drain Ethereum wallets Domain registrar Namecheap blamed a “third-party provider” that sends its newsletters after customers complained of receiving phishing emails from Namecheap’s system.… This article has been indexed from The Register – Security Read…

Read more →

Also: Russian wiper malware authors turn to data theft, plus this week’s critical vulns in brief  The notorious LockBit ransomware gang has taken credit for an attack on the Royal Mail – but a deadline it gave for payment has…

Read more →

Smart-alec worker found a way to avoid nasty, boring jobs – by doing what he was told Who, Me?  Ah, gentle reader, welcome back once again to the comfortable backwater of The Register we call Who, Me? in which readers’…

Read more →

US Commerce Department can’t just let red balloons go by The US Department of Commerce added six more entities to its blacklist on Friday on grounds of national security after an errant Chinese surveillance balloon was shot down over the…

Read more →

NIST weighs up algorithms for small devices – and an architecture for massive systems The US National Institute of Standards and Technology wants to protect all devices great and small, and is getting closer to settling on next-gen cryptographic algorithms…

Read more →

All that data coming soon to a darkweb crime forum near you? Several California medical groups have sent security breach notification letters to more than three million patients alerting them that crooks may have stolen a ton of their sensitive…

Read more →

Demand to display wallet full of coin facilitated mystery heist Ahad Shams, the co-founder of Web3 metaverse gaming engine startup Webaverse, discovered in late November 2022 that someone had stolen $4 million of his cryptocurrency – during a real world…

Read more →

Suomi sentence expected for shrink records theft French police have arrested a 25-year-old Finnish man accused of hacking a psychotherapy clinic, stealing more than 22,000 patients’ therapy notes, demanding ransom payments from them and also leaking this very private info…

Read more →

Any act that sends so much as a ruble to seven named netizens now forbidden The US and UK have sanctioned seven Russians for their alleged roles in disseminating Conti and Ryuk ransomware and the Trickbot banking trojan.… This article…

Read more →

State Dept already has one target, FBI is identifying sources of floating surveillance platform’s components The Chinese surveillance balloon that drifted across the US last week looks set to spark a new round of sanctions against Middle Kingdom tech firms.……

Read more →

The usual suspects – Hikvision and Dahua – named as a risk to national security, prompting the usual denials Australia’s Defence Department removed all Chinese manufactured surveillance cameras after an audit detailed the number of Hikvision and Dahua devices installed…

Read more →

Don’t trust your super-hot military boyfriend you’ve never met. He doesn’t exist As Valentine’s Day approaches, if your offshore oil rig worker “boyfriend” – who looks like Bradley Cooper in his online pics and has hinted at proposing to you…

Read more →

Phishing hooked internal documents, code, and some internal business systems accessed, users’ personal info safe Colourful web forum Reddit has revealed it has suffered a security breach.… This article has been indexed from The Register – Security Read the original…

Read more →

German and Dutch authorities say the app was a favorite of organized criminals and drug smugglers An encrypted messaging service that has been on law enforcement’s radar since a 2019 raid on an old NATO bunker has been shut down…

Read more →

Digital sleuths chop through crypto challenge in ‘surreal’ search A team of codebreakers discovered – and then cracked – more than 50 secret letters written by Mary Stuart, Queen of Scots while she was imprisoned in England by her cousin, Queen…

Read more →

NIST weighs up algorithms for small devices – and an architecture for massive systems The US National Institute of Standards and Technology wants to protect all devices great and small, and is getting closer to settling on next-gen cryptographic algorithms…

Read more →

Evil code hits more than 3,800 servers globally, according to the Feds The US Cybersecurity and Infrastructure Security Agency (CISA) has released a recovery script to help companies whose servers were scrambled in the recent ESXiArgs ransomware outbreak.… This article…

Read more →

The malware has hit more than 3,800 servers globally, according to the Feds The US Cybersecurity and Infrastructure Security Agency (CISA) has released a recovery script to help companies whose servers were scrambled in the recent ESXiArgs ransomware outbreak.… This…

Read more →

Demand to display wallet full of coin facilitated mystery heist Ahad Shams, the co-founder of Web3 metaverse gaming engine startup Webaverse, discovered in late November 2022 that someone had stolen $4 million of his cryptocurrency – during a real world…

Read more →

Suomi sentence expected for shrink records theft French police have arrested a 25-year-old Finnish man accused of hacking a psychotherapy clinic, stealing more than 22,000 patients’ therapy notes, demanding ransom payments from them and also leaking this very private info…

Read more →

German and Dutch authorities say the app was a favorite of organized criminals and drug smugglers An encrypted messaging service that has been on law enforcement’s radar since a 2019 raid on an old NATO bunker has been shut down…

Read more →

‘Perils of the job’ we’re told A top US cyber diplomat said his Twitter account was compromised over the weekend.… This article has been indexed from The Register – Security Read the original article: Embarrassment as US cyber ambassador’s Twitter…

Read more →

Put pro-Putin bots on the do not call list A free tool aims is helping organizations defend against KillNet distributed-denial-of-service (DDoS) bots and comes as the US government issued a warning that the Russian cybercrime gang is stepping up its…

Read more →

How Dell PowerScale helps defend against information breaches Webinar  There was a time when data was stored in cardboard files inside metal filing cabinets. The drawers were locked with a little key in the corner of the cabinet, which generally…

Read more →

Excuse me, citizen, did you packet this data yourself? Opinion  The tech sector is failing at cybersecurity. Global spending on the stuff is at $190 billion a year, a quarter of the US defense budget. That hasn’t stemmed an estimated…

Read more →

Also: Atlassian says Jira has a 9.4 severity bug and the TSA issues milquetoast no-fly list security advisory When a Texas school district sold some old laptops at auction last year, it probably didn’t expect to end up in a…

Read more →

You’ve had almost two years to patch and some of the software is EOL, now attackers déployer un rançongiciel France’s Computer Emergency Response Team has issued a Bulletin D’Alerte regarding a campaign to infect VMware’s ESXI hypervisor with ransomware.… This…

Read more →

From frameworks to new federal offices it’s time to get busy The hack of SolarWinds’ software more than two years ago pushed the threat of software supply chain attacks to the front of security conversations, but is anything being done?.……

Read more →

The campaign illustrates another option for miscreants who had relied on Microsoft macros Malvertising attacks are being used to distribute virtualized .NET loaders that are highly obfuscated and dropping info-stealer malware.… This article has been indexed from The Register –…

Read more →

Same gang pestered US voters during 2020 presidential election Microsoft believes the gang who boasted it had stolen and leaked more than 200,000 Charlie Hebdo subscribers’ personal information is none other than a Tehran-backed gang.… This article has been indexed…

Read more →

Portugal’s biggest exporter of beer warns of restrictions to supply chain Super Bock Group, Portugal’s largest beverage biz, is warning of potential interruption to supplies as it manages the fallout from cybercrooks attacking its tech infrastructure.… This article has been…

Read more →

$4,500 Monero per worker as they slave away while we devotin’ full time to floatin’ under the patch sea A sneaky botnet dubbed HeadCrab that uses bespoke malware to mine for Monero has infected at least 1,200 Redis servers in…

Read more →

… forcing users to insert their cards into less-secure PIN systems The reasons businesses and consumers like contactless payment transactions – high security and speed – are what make those systems bad for cybercriminals.… This article has been indexed from…

Read more →

Crims put a February 4 deadline for software provider to pay up UK regulators are investigating a cyberattack against financial technology firm ION, while the LockBit ransomware gang has threatened to publish the stolen data on February 4 if the…

Read more →

Mango Markets still offline for now … but v4 comeback release looms The man accused of bringing down decentralized crypto exchange Mango Markets through market manipulation has made his first appearance in court in connection with the theft of millions…

Read more →

Once is an accident. Twice is coincidence. Surely there won’t be a third for roadside assistance biz A former employee of RAC, one of Britain’s major roadside recovery service operators, has pleaded guilty to data theft after he stored traffic…

Read more →

Mango Markets still offline for now … but v4 comeback release looms The man accused of bringing down decentralized crypto exchange Mango Markets through market manipulation has made his first appearance in court in connection with the theft of millions…

Read more →

Max reward per project integration is now $30k Google sweetened the potential pot to $30,000 for bug hunters in its open source OSS-Fuzz code testing project.… This article has been indexed from The Register – Security Read the original article:…

Read more →

XPS doc display issues fixed – until the next patch, at least Microsoft this week rolled out fixes to issues caused by security updates released in December 2022 that botched how XPS documents are displayed in various versions of .NET…

Read more →

Floats over missile silos, shooting it down ruled more dangerous than whatever it’s up to Updated  A Chinese high-altitude potential spy balloon, spotted drifting over America, has caused concern about national security – though the US Department of Defense says…

Read more →

Floats over missile silos, shooting it down ruled more dangerous than whatever it’s up to A Chinese high-altitude surveillance balloon, spotted drifting over the US, has caused concern about national security – but the Department of Defense says it will…

Read more →

Once is an accident. Twice is coincidence. Surely there won’t a third incident for roadside assistance company A former employee of RAC, one of Britain’s major roadside recovery service operators, has pleaded guilty to data theft after he stored traffic…

Read more →

Malicious OAuth apps were the tickets into victims’ systems Miscreants using malicious OAuth applications abused Microsoft’s “verified publisher” status to gain access to organizations’ cloud environments, then steal data and pry into to users’ mailboxes, calendars, and meetings.… This article…

Read more →