Tag: The Register – Security

Crims put a February 4 deadline for software provider to pay up UK regulators are investigating a cyberattack against financial technology firm ION, while the LockBit ransomware gang has threatened to publish the stolen data on February 4 if the…

Read more →

Nickolas Sharp now faces up to 35 years in prison A former Ubiquiti Networks employee accused of hatching an elaborate plot to first steal nearly $2 million from his employer, extort more, then later orchestrating a smear campaign against the…

Read more →

Well what do you know – plenty of hard-nosed regulation by central authorities actually protected investors Collapsed crypto exchange FTX’s Japanese outpost has told customers it will permit them to withdraw assets in February.… This article has been indexed from…

Read more →

How to keep unstructured data secure Webinar  If your IT team is making new year resolutions, one of them might be to ramp up safeguarding measures for the increasing amount of unstructured data being captured by businesses and organizations.… This…

Read more →

The campaign illustrates another option for miscreants who had relied on Microsoft macros Malvertising attacks are being used to distribute virtualized .NET loaders that are highly obfuscated and dropping info-stealer malware.… This article has been indexed from The Register –…

Read more →

It’s listed alongside issues like tackling gang violence, drugs, and sex crimes South Korea’s Ministry of Justice will create a “Virtual Currency Tracking System” to crack down on money laundering facilitated by cryptocurrencies, and rated the establishment of the facility…

Read more →

Portugal’s biggest exporter of beer warns of retrictions to supply chain Super Bock Group, Portugal’s largest beverage biz, is warning of potential interruption to supplies as it manages the fallout from cybercrooks attacking its tech infrastructure.… This article has been…

Read more →

Max reward per project integration is now $30k Google sweetened the potential pot to $30,000 for bug hunters in its open source OSS-Fuzz code testing project.… This article has been indexed from The Register – Security Read the original article:…

Read more →

XPS doc display issues fixed – until the next patch, at least Microsoft this week rolled out fixes to issues caused by security updates released in December 2022 that botched how XPS documents are displayed in various versions of .NET…

Read more →

Malicious OAuth apps were the tickets into victims’ systems Miscreants using malicious OAuth applications abused Microsoft’s “verified publisher” status to gain access to organizations’ cloud environments, then steal data and pry into to users’ mailboxes, calendars, and meetings.… This article…

Read more →

Ballmer thought this kernel was cancer, Nadella may disagree Organizations using Microsoft’s Defender for Endpoint will now be able to isolate Linux devices from their networks to contain intrusions and whatnot.… This article has been indexed from The Register –…

Read more →

Ballmer thought Linux was ‘cancer,’ Nadella disagrees Organizations using Microsoft’s Defender for Endpoint will now be able to isolate Linux devices from their networks to stop miscreants from remotely connecting to them.… This article has been indexed from The Register…

Read more →

Well what do you know – plenty of hard-nosed regulation by central authorities actually protected investors Collapsed crypto exchange FTX’s Japanese outpost has told customers it will permit them to withdraw assets in February.… This article has been indexed from…

Read more →

How to keep unstructured data secure Webinar  If your IT team is making new year resolutions, one of them might be to ramp up safeguarding measures for the increasing amount of unstructured data being captured by businesses and organizations.… This…

Read more →

Well what do you know – plenty of hard-nosed regulation by central authorities actually protected investors Collapsed crypto exchange FTX’s Japanese outpost has told customers it will permit them to withdraw assets in February.… This article has been indexed from…

Read more →

It’s listed alongside issues like tackling gang violence, drugs, and sex crimes South Korea’s Ministry of Justice will create a “Virtual Currency Tracking System” to crack down on money laundering facilitated by cryptocurrencies, and rated the establishment of the facility…

Read more →

Schools’ laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.… This article has been…

Read more →

Salary report shows OKish pay, plus the possibility of getting ripped off and the whole prison thing Malware developers and penetration testers are in high demand across dark web job posting sites, with a few astonishing – but mostly average…

Read more →

Perhaps a good time to check for unwelcome visitors The operators behind Gootloader, a crew dubbed UNC2565, have upgraded the code in cunning ways to make it more intrusive and harder to find.… This article has been indexed from The…

Read more →

No payment details exposed in breach, says retailer, but shoppers told to be ‘vigilant about potential scams’ Sports fashion retailer JD Sports has confirmed miscreants broke into a system that contained data on a whopping 10 million customers, but no…

Read more →

Mitigating the risks of human error in digital defenses Webinar  It’s a startling truth but 45 percent of workers in the US believe using public Wi-Fi is safe.… This article has been indexed from The Register – Security Read the…

Read more →

Also: a week of leaks; Riot Games says ‘LoL’ to source code ransom demands; and Yandex source also appears online in brief  Russian hackers have proved yet again how quickly cyber attacks can be used to respond to global events…

Read more →

Man seized in Morocco is now presumably sleepless in Seattle A French citizen was scheduled to appear before a US court on Friday on a nine-count indictment related to his alleged involvement in the ShinyHunters cybercrime gang that trafficked in…

Read more →

If you want to keep the miscreants out, put the updates in, Redmond says Microsoft is urging organizations to protect their Exchange servers from cyberattacks by keeping them updated and hardened, since online criminals are still going after valuable data…

Read more →

New meaning to sweetening the pot Uncle Sam has put up a $10 million reward for intel on Hive ransomware criminals’ identities and whereabouts, while Russia has blocked the FBI and CIA websites, along with the Rewards for Justice site…

Read more →

SANS Institute meets fast-growing demand for cyber security training in Latin America Sponsored Post  The scale of cybersecurity threats facing Latin America was brought into focus by recently when it published details of NICKEL, a “China-based threat actor”. The malware…

Read more →

Ongoing probe into cloud storage attack finds customer data exfiltrated Remote access outfit GoTo has admitted that a threat actor exfiltrated an encryption key that allowed access to “a portion” of encrypted backup files.… This article has been indexed from…

Read more →

Well played, feds. What’s next? Ransomware is rampant? Strong passwords are important? The FBI has confirmed what cybersecurity researchers have been saying for months: the North Korean-sponsored Lazarus Group was behind the theft last year of $100 million in crypto…

Read more →

You know the drill: patch before criminals use these bugs in vRealize to sniff your systems VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software. … This article has…

Read more →

Uncle Sam doles out decryption keys to 300+ victims amid sting op The FBI said it has shut down the Hive’s ransomware network, seizing control of the notorious gang’s servers and websites, and thwarting the pesky criminals’ ability to sting…

Read more →

Sign up to SANS Institute to keep up to speed with all aspects of the fast-evolving infosec sector Sponsored Post  They say there’s no such thing as a free lunch, but in fact there’s a veritable feast of valuable resources…

Read more →

Nice people on LinkedIn want to harvest logins from politicians, boffins, and defense types The UK’s National Cyber Security Centre (NSCS) has warned of two similar spear-phishing campaigns, one originating from Russia, the other from Iran.… This article has been…

Read more →

If you yell ‘death to America’ and no one watches the video, does it make a sound? Google’s Threat Analysis Group (TAG) has burned more than 50,000 spammy fake news stories and other content posted by the pro-China ‘Dragonbridge’ gang.……

Read more →

If true, was it worth the $500k and prison jumpsuit? A man suspected of stealing personal data belonging to tens of millions of people worldwide and selling that info on cybercrime forums has been arrested by Dutch police.… This article…

Read more →

You know when we all said quit using MD5? We really meant it Most Windows-powered datacenter systems and applications remain vulnerable to a spoofing bug in CryptoAPI that was disclosed by the NSA and the UK National Cyber Security Center…

Read more →

More of them used by baddies since Redmond blocked VBA macros Microsoft in March will start blocking Excel XLL add-ins from the internet to shut down an increasingly popular attack vector for miscreants.… This article has been indexed from The…

Read more →

How to locate cybersecurity risks in remote working Webinar  The implementation of lockdowns during the maelstrom of the Coronavirus pandemic led to fast track changes to traditional work practices. To meet the challenges of operating in a global emergency, businesses…

Read more →

SANS Institute meets fast-growing demand for cyber security training in Latin America Sponsored Post  The scale of cybersecurity threats facing Latin America was brought into focus by recently when it published details of NICKEL, a “China-based threat actor”. The malware…

Read more →

Ongoing investigation into cloud storage attack finds customer data exfiltrated Remote access outfit GoTo has admitted that a threat actor exfiltrated an encryption key that allowed access to “a portion” of encrypted backup files.… This article has been indexed from…

Read more →

You know the drill: patch before criminals uses these bugs in vRealize to sniff your systems VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software. … This article has…

Read more →

Also: Yay for Data Privacy Day! Apple has issued an emergency patch for older kit to fix a WebKit security flaw that Cupertino warns is under active attack.… This article has been indexed from The Register – Security Read the…

Read more →

Also: Yay for Data Privacy Day! Apple has issued an emergency patch for older kit to fix a WebKit security flaw that Cupertino warns is under active attack.… This article has been indexed from The Register – Security Read the…

Read more →

Heavily hyped tech bound for big time by decade end Research conducted by Fujitsu suggests there is no need to panic about quantum computers being able to decode encrypted data – this is unlikely to happen in the near future,…

Read more →

Adapt or die Microsoft’s move last year to block macros by default in Office applications is forcing miscreants to find other tools with which to launch cyberattacks, including the software vendor’s LNK files – the shortcuts Windows uses to point…

Read more →

Also: US terrorist no-fly list found left on unsecured server, Russian dark web drug markets go to war In brief  Nearly 3,000 immigrants seeking asylum in the United States have been released from custody after Immigration and Customs Enforcement (ICE)…

Read more →

PLUS: Taiwan’s new supercomputer; China-linked cybercrims strike; Australian content clampdown; and more Asia In Brief  India’s IT minister has signaled he is willing to revisit a proposal to use government fact checkers to decide what is fake news that should…

Read more →

You’ve got 6 months to get into compliance, it tells yak-yak app Ireland’s data protection authority has fined WhatsApp Ireland €5.5 million for breaches of the GDPR relating to its service and told it comply with data processing laws within…

Read more →

You’ve got 6 months to bring data processing ops into compliance, it tells comms app Ireland’s data protection authority has fined WhatsApp Ireland €5.5 million for breaches of the GDPR relating to its service and told it comply with data…

Read more →

Thanks for putting all your data in one basket As enterprises around the world continue to move to the cloud, cybercriminals are following right behind them.… This article has been indexed from The Register – Security Read the original article:…

Read more →

Sixth snafu in five years? Crooks have this useless carrier on speed dial T-Mobile US today said someone abused an API to download the personal information of 37 million subscribers.… This article has been indexed from The Register – Security…

Read more →

Get your eyepatch out: Cyber attacks on the high seas are trending A Norwegian maritime risk management business is getting a lesson in that very area, after a ransomware attack forced its ShipManager software offline and left 1,000 ships without…

Read more →

That passwordless option is looking really good right about now The personal information of 35,000 PayPal users was exposed in December, according to a notification letter sent to the online payment company’s customers this week.… This article has been indexed…

Read more →

That passwordless option is looking really good right about now The personal information of 35,000 PayPal users was exposed in December, according to a notification letter sent to the online payment company’s customers this week.… This article has been indexed…

Read more →

That passwordless option is looking really good right about now The personal information of 35,000 PayPal users was exposed in December, according to a notification letter sent to the online payment company’s customers this week.… This article has been indexed…

Read more →

Dosh shelled out in 2022 dropped 40% over 2021, or so it says here The amount of money paid to ransomware attackers dropped significantly in 2022, and not because the number of attacks fell.… This article has been indexed from…

Read more →

Great, now staff and students can stop scrolling and get back to work Faculty and students at the University of Texas at Austin (UT) this week became the latest members of a public US university to lose access to Chinese…

Read more →

Great, now staff and students can stop scrolling and get back to work Faculty and students at the University of Texas at Austin (UT) this week became the latest members of a public US university to lose access to Chinese…

Read more →

Social engineering helped intruders break into customers’ inboxes again Email marketing service Mailchimp has confirmed intruders have gained access to more than 100 customer accounts after successfully deploying a social engineering attack.… This article has been indexed from The Register…

Read more →

Get your eyepatch out: Cyber attacks on the high seas are trending A Norwegian maritime risk management business is getting a lesson in that very area, after a ransomware attack forced its ShipManager software offline and left 1,000 ships without…

Read more →

And no more geofencing around health clinics either A bill proposed by Washingston state lawmakers would make it illegal for period-tracking apps, Google or any other website to sell consumers’ health data while also making it harder for them to…

Read more →

As hundreds of staff axed this week More than 4,000 public-facing Sophos firewalls remain vulnerable to a critical remote code execution bug disclosed last year and patched months later, according to security researchers.… This article has been indexed from The…

Read more →

And no more geofencing around health clinics either A bill proposed by Washingston state lawmakers would make it illegal for period-tracking apps, Google or any other website to sell consumers’ health data while also making it harder for them to…

Read more →

And no more geofencing around health clinics either A bill proposed by Washingston state lawmakers would make it illegal for period-tracking apps, Google or any other website to sell consumers’ health data while also making it harder for them to…

Read more →

Avast issues a free decryptor so victims can get their data back Cybersecurity firm Avast has released a free decryptor for victims of BianLian – an emerging ransomware threat that came into the public eye in last year.… This article…

Read more →

‘I believe they made this change deliberately’ claims researcher The Secure Boot process on almost 300 different PC motherboard models manufactured by Micro-Star International (MSI) isn’t secure, which is particularly problematic when “Secure” is part of the process description.… This…

Read more →

Scriptkiddies rush to machine intelligence to make up for lack in skills Cybercriminals are famously fast adopters of new tools for nefarious purposes, and ChatGPT is no different in that regard. … This article has been indexed from The Register –…

Read more →

Scriptkiddies rush to machine intelligence to make up for lack in skills Cybercriminals are famously fast adopters of new tools for nefarious purposes, and ChatGPT is no different in that regard. … This article has been indexed from The Register –…

Read more →

‘I believe they made this change deliberately’ claims researcher The Secure Boot process on almost 300 different PC motherboard models manufactured by Micro-Star International (MSI) isn’t secure, which is particularly problematic when “Secure” is part of the process description.… This…

Read more →

Bringing OS version into sync with Enterprise and Education editions Microsoft wants to bulk up the security in Windows Pro editions by ensuring the SMB insecure guest authentication fallbacks are no longer the default setting in the operating system.… This…

Read more →

Well whaddya know, the crypto ecosystem did the right thing by stiffing the WannaCry bandits Two cryptocurrency exchanges have frozen accounts identified as having been used by North Korea’s notorious Lazarus Group.… This article has been indexed from The Register…

Read more →

A couple have already been jailed, others shown the door for embezzling or arranging sham contracts Chinese web and gaming giant Tencent has admitted it fired more than 100 people in 2022 for various forms of corruption – some so…

Read more →

After the security breach last summer, staying put is playing with fire Opinion  For better or worse, we still need passwords, and to protect and organize them, I recommend the open source Bitwarden password manager.… This article has been indexed…

Read more →

Optimistically suggests international collaboration – including on standards – will help it get there China’s government has declared the nation’s information security industry needs to grow – fast.… This article has been indexed from The Register – Security Read the…

Read more →

Also: That Pokemon is actually a RAT, Uncle Sam fails a password audit In brief  A US intelligence boss has asked Congress to reauthorize a controversial set of powers that give snoops warrantless authorization to surveil electronic communications in the…

Read more →

And Windows updates from Microsoft, too People in Russia can reportedly once again download drivers and some other software from Intel and Microsoft, which both withdrew from the nation after its invasion of Ukraine.… This article has been indexed from…

Read more →

Happy Friday 13th sysadmins! Techies find workarounds but Redmond still ‘investigating’ Techies are reporting that Microsoft Defender for Endpoint attack surface reduction (ASR) rules have gone haywire and are removing icons and applications shortcuts from the Taskbar and Start Menu.……

Read more →

Security was nonetheless very, very, interested in hearing this comms engineer tell his tale On-Call  Welcome once again to On-Call, The Register‘s weekly compendium of tales from readers who were asked to deal with IT oddities and mostly emerged unscathed.……

Read more →

No in-the-wild exploits (yet), but there is a PoC A critical vulnerability in some end-of-life Cisco routers allowing a remote, unauthenticated attacker to gain root access won’t be fixed, according to the networking giant.… This article has been indexed from…

Read more →

Happy Friday 13th sysadmins! Techies find workarounds but Redmond still ‘investigating’ Techies are reporting that Microsoft Defender for Endpoint attack surface reduction (ASR) rules have gone haywire and are removing icons and applications shortcuts from the Taskbar and Start Menu.……

Read more →

She hoped to score thousands but laptop app had other ideas A woman in Canada failed in her claim for wrongful dismissal due to evidence from software designed to track her work time activity.… This article has been indexed from…

Read more →

Code is able to differentiate between work and leisure time, tribunal finds A woman in Canada failed in her claim for wrongful dismissal due to evidence from software designed to track her work time activity.… This article has been indexed…

Read more →

Happy Friday 13th sysadmins! Techies find workarounds but Redmond still ‘investigating’ Techies are reporting that Microsoft Defender for Endpoint attack surface reduction (ASR) rules have gone haywire and are removing icons and applications shortcuts from the Taskbar and Start Menu.……

Read more →

As Meta reels from €390 million EU fine, the ‘personalized ads’ case might not be over, Max Schrem’s legal group says Lengthy privacy notices included in a social media platform’s terms of service can do little to help it comply…

Read more →

Security was nonetheless very, very, interested in hearing this comms engineer tell his tale On-Call  Welcome once again to On-Call, The Register‘s weekly compendium of tales from readers who were asked to deal with IT oddities and mostly emerged unscathed.……

Read more →

If the investment opportunity sounds too good to be true … European cops arrested 15 suspected scammers and shut down a multi-country network of call centers selling fake cryptocurrency that law enforcement said stole upwards of hundreds of million euros…

Read more →

Enhanced access privileges for partners choke on double-byte characters, contribute to global delays Microsoft has messed up a zero trust upgrade its service provider partners have been asked to implement for customers.… This article has been indexed from The Register…

Read more →

Not a ‘whiff of wrongdoing’ here, says attorney now fighting off Uncle Sam The US Securities and Exchange Commission (SEC) has sued international law firm Covington & Burling for details about 298 of the biz’s clients whose information was accessed…

Read more →

No ‘whiff of wrongdoing’ here, says attorney fighting government The US Securities and Exchange Commission (SEC) has sued international law firm Covington & Burling for details about 298 of the firm’s clients whose information was accessed by a Chinese state-sponsored…

Read more →

Are you really saying what I’m hearing? Microsoft researchers are working on a text-to-speech (TTS) model that can mimic a person’s voice – complete with emotion and intonation – after a mere three seconds of training.… This article has been…

Read more →

But even a short conflict would wreck the economy, which would be bad news for semiconductor supplies Three years from now, hypothetically, China launches an amphibious invasion of Taiwan. It does not go well, according to a top Washington think…

Read more →

Don’t go postal and call it a cyberattack because nobody knows (yet) what knocked out key system Royal Mail confirmed a “cyber incident” has disrupted its ability to send letters and packages abroad, and also caused some delays on post…

Read more →

Did a criminally minded robot write this? In part, yes. GPT-3 language models are being abused to do much more than write college essays, according to WithSecure researchers.… This article has been indexed from The Register – Security Read the…

Read more →

January Patch Tuesday update resolves issue caused by Patch Tuesday update late in ’22 Included in the usual tsunami of fixes Microsoft issued this week as part of Patch Tuesday was one that took care of a connectivity problem for…

Read more →

Not transparent, not specific, and too easy to say yes to Google users don’t have enough choice over whether – and to what extent – they agree to “far-reaching processing of their data across services,” Germany’s competition regulator says, adding…

Read more →

At least the penknives are still secure A supposedly secure messaging app preferred by the Swiss government and army was infested with bugs – possibly for a long time – before an audit by ETH Zurich researchers.… This article has…

Read more →

Zurich’s Japanese outpost also leaks a couple of million records Global insurer Aflac’s Japanese branch has revealed that personal data describing more than three million customers of its cancer insurance product has been leaked online.… This article has been indexed…

Read more →

Miscreants could have tracked, modified, deleted digital plates California’s street-legal ink license plates only received a nod from the US government in October, but reverse engineers have already discovered vulnerabilities in the system allowing them to track each plate, reprogram…

Read more →

Call metadata can be ferreted out Boffins based in China and the UK have devised a telecom network attack that can expose call metadata during VoLTE/VoNR conversations.… This article has been indexed from The Register – Security Read the original…

Read more →

Plus: Intel, Adobe, SAP and Android bugs Patch Tuesday  Microsoft fixed 98 security flaws in its first Patch Tuesday of 2023 including one that’s already been exploited and another listed as publicly known. Of the new January vulnerabilities, 11 are…

Read more →

Plus Intel, Adobe, SAP and Android bugs Patch Tuesday  Microsoft fixed 98 security flaws in its first Patch Tuesday of 2023 including one that’s already been exploited and another listed as publicly known. Of the new January vulnerabilities, 11 are…

Read more →