Tag: The Register – Security

How to protect personal data Partner Content  For people who haven’t personally experienced them, terms like data leak or data breach may seem unfamiliar and foreign – much like visiting a new destination abroad.… This article has been indexed from…

Read more →

Back story to replacement for banned security app isn’t enormously reassuring Some US-based users of Kaspersky antivirus products have found their software replaced by product from by a low-profile entity named “UltraAV” – a change they didn’t ask for, and…

Read more →

Maybe a spell in a French cell changed Durov’s mind In a volte-face, Telegram CEO Pavel Durov announced that the made-in-Russia messaging platform will become a lot less cozy for criminals.… This article has been indexed from The Register –…

Read more →

11M devices exposed to trojan, Kaspersky says The Necro trojan is once again making a move against Android users, with up to eleven million individuals thought to be exposed to infected apps.… This article has been indexed from The Register…

Read more →

Still no ‘R’ word, but smells like ransomware from here A “cybersecurity issue” has shut down MoneyGram’s systems and payment services since Friday, and the fintech leader has yet to update customers as to when it expects to have its…

Read more →

No room for your spy mobiles on our streets The US Commerce Department has decided not to wait for the inevitable, and today announced plans that would ban connected vehicle technology – and vehicles using it – from Chinese and…

Read more →

34,000 engineers pledged to the cause, but no word on exec pay Microsoft took a victory lap today, touting the 34,000 full-time engineers it has dedicated to its Secure Future Initiative (SFI) since it launched almost a year ago and…

Read more →

That ‘third party’ person sure is responsible for a lot of IT blunders, eh? A major IT hardware manufacturer is correcting a recent security update after customers complained of a password character limit being introduced when there previously wasn’t one.……

Read more →

No malware crew linked to this latest red-teaming tool yet Attackers are using Splinter, a new post-exploitation tool, to wreak havoc in victims’ IT environments after initial infiltration, utilizing capabilities such as executing Windows commands, stealing files, collecting cloud service…

Read more →

PLUS: Payer of $75M ransom reportedly identified; Craigslist founder becomes security philanthropist, and more Infosec In Brief  Something’s wrong with macOS Sequoia, and it’s breaking security software installed on some updated Apple systems.… This article has been indexed from The…

Read more →

Just one victim milked of nearly a quarter of a billion bucks Two individuals are in cuffs and facing serious charges in connection to a major theft of cryptocurrency worth more than $230 million from a single victim.… This article…

Read more →

Fears over chained attacks affecting EOL product The US Cybersecurity and Infrastructure Security Agency (CISA) just added the latest Ivanti weakness to its Known Exploited Vulnerability (KEV) catalog, a situation sure to annoy some – given that it’s yet another…

Read more →

Nothing high-end about the sparsely detailed, poorly publicized breach High-end British department store Harvey Nichols is writing to customers to confirm some of their data was exposed in a recent cyberattack.… This article has been indexed from The Register –…

Read more →

Write better code, urges Jen Easterly. And while you’re at it, give crime gangs horrible names like ‘Evil Ferret’ Software developers who ship buggy, insecure code are the real villains in the cyber crime story, Jen Easterly, boss of the…

Read more →

Boasts ‘appear to be credible’ experts tell El Reg A California city, a Spanish fashion giant, an Indian paper manufacturer, and two pharmaceutical companies are the alleged victims of what looks like a new ransomware gang that started leaking stolen…

Read more →

Boasts ‘appear to be credible’ experts tell El Reg A California city, a Spanish fashion giant, an Indian paper manufacturer, and two pharmaceutical companies are the alleged victims of what looks like a new ransomware gang that started leaking stolen…

Read more →

Says Lina Khan in latest push to rein in Meta, Google, Amazon and pals Buried beneath the endless feeds and attention-grabbing videos of the modern internet is a network of data harvesting and sale that’s perhaps far more vast than…

Read more →

To be fair, Joe was probably taking a nap The Iranian cyber snoops who stole files from the Trump campaign, with the intention of leaking those documents, tried to slip the data to the Biden camp — but were apparently…

Read more →

Many left reeling from July’s IT meltdown, but not to worry, it was all unavoidable Germany’s Federal Office for Information Security (BSI) says one in ten organizations in the country affected by CrowdStrike’s outage in July are dropping their current…

Read more →

Better check your widgets, people Security researchers say that thousands of companies are potentially leaking secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations.… This article has been indexed from The Register – Security Read the original article:…

Read more →

4 file complaint with London’s Met, alleging malware maker helped autocratic states violate their privacy Four UK-based proponents of human rights and critics of Middle Eastern states today filed a report with London’s Metropolitan Police they hope will lead to…

Read more →

Outdated software blamed for cracks in the armor The Tor project has insisted its privacy-preserving powers remain potent, countering German reports that user anonymity on its network can be and has been compromised by police.… This article has been indexed…

Read more →

Add ‘ransomware’ to the list of certainties in life? Notorious ransomware gang LockBit claims once again to have compromised eFile.com, which offers online services for electronically filing tax returns with the US Internal Revenue Service (IRS).… This article has been…

Read more →

Plus: Wray tells how bureau helps certain victims negotiate with ransomware crooks China-backed spies are said to have tore down their own 260,000-device botnet after the FBI and its international pals went after them.… This article has been indexed from…

Read more →

US govt, Microsoft report on Kremlin trolls’ latest antics to Make America Grate Again Russia really wants Donald Trump to be the next US President, judging by reports from American government agencies and now Microsoft’s threat intelligence team.… This article…

Read more →

Add ‘ransomware’ to the list of certainties in life? Notorious ransomware gang LockBit claims to have compromised eFile.com, which offers online services for electronically filing tax returns with the US Internal Revenue Service (IRS).… This article has been indexed from…

Read more →

Second wave of exploding gear kills at least 14 today First it was pagers, now Lebanon is being rocked by Hezbollah’s walkie-talkies detonating across the country, leaving at least a dozen dead.… This article has been indexed from The Register…

Read more →

Getting sloppy, Xi Exclusive  Chinese state-sponsored spies have been spotted inside a global engineering firm’s network, having gained initial entry using an admin portal’s default credentials on an IBM AIX server.… This article has been indexed from The Register –…

Read more →

Italian mafia mobsters and Irish crime families scuppered by international cops Hours after confirming they had pwned the supposedly uncrackable encrypted messaging platform used for all manner of organized crime, Ghost, cops have now named the suspect they cuffed last…

Read more →

‘Lives will be lost’ as Moscow ramps up offensive cyber military units Feature  As Russian special forces push more overtly into online operations, network defenders should be on the hunt for digital intruders looking to carry out cyberattacks that end…

Read more →

Sting led to cuffing of alleged operator behind Ghost – an app for drug trafficking, money laundering, and violence-as-a-service Australia’s Federal Police (AFP) yesterday arrested and charged a man with creating and administering an app named Ghost that was allegedly…

Read more →

View Forever, more like it, as Meta’s privacy feature again revealed to be futile with a little light hacking A fix deployed by Meta to stop people repeatedly viewing WhatsApp’s so-called View Once messages – photos, videos, and voice recordings…

Read more →

Bug reports made in China Broadcom has emitted a pair of patches for vulnerabilities in VMware vCenter Server that a miscreant with network access to the software could exploit to completely commandeer a system. This also affects Cloud Foundation.… This…

Read more →

Bug reports made in China Broadcom has emitted a pair of patches for vulnerabilities in VMware vCenter Server that a miscreant with network access to the software could exploit to completely commandeer a system. This also affects Cloud Foundation.… This…

Read more →

Eight-year-old among those slain, Israel blamed, Iran’s Lebanese ambassador wounded, it’s said Lebanon says at least nine people, including an eight-year-old girl, were killed today after pagers used by Hezbollah members exploded across the country. Israel has been blamed.… This…

Read more →

Chocolate Factory downgrades risk, citing the need for attacker access Overly permissive settings in Google Cloud’s Document AI service could be abused by data thieves to break into Cloud Storage buckets and steal sensitive information.… This article has been indexed…

Read more →

Eight-year-old among those slain, Israel blamed, Iran’s Lebanese ambassador wounded, it’s reported Lebanon says at least nine people, including an eight-year-old girl, were killed today after pagers used by Hezbollah members exploded across the country. Israel has been blamed.… This…

Read more →

Iran’s Lebanese ambassador reportedly among the injured Terrorist group Hezbollah is claiming that eight people have died and dozens are injured after pagers used by its troops exploded.… This article has been indexed from The Register – Security Read the…

Read more →

Auction acts as payback after authority publicly refuses to pay up The trend of ransomware crews claiming to sell stolen data privately instead of leaking it online continues with Rhysida marketing the data allegedly belonging to Port of Seattle for…

Read more →

Ransomware resilience in a multi-cloud world: attend this exclusive event in Boston, MA Sponsored Event  Join us on October 24 in Boston for an exclusive event designed for IT professionals and industry leaders dedicated to mastering cybersecurity in multi-cloud environments.……

Read more →

Designations come as new infrastructure spins up in Africa Five individuals and one company with ties to spyware developer Intellexa are the latest to earn sanctions as the US expands efforts to stamp out spyware.… This article has been indexed…

Read more →

If this really was that useful, they wouldn’t be telling us According to a Chinese state-sanctioned study, signals from SpaceX Starlink broadband internet satellites could be used to track US stealth fighters, such as the F-22.… This article has been…

Read more →

The C in these CVEs stands for Confusing Analysis  Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched.… This article has…

Read more →

May have reeled in blueprints related to weapons development A Chinese national has been accused of conducting a years-long spear-phishing campaign that aimed to steal source code from the US Army and NASA, plus other highly sensitive software used in…

Read more →

You pipsqueaks want memory safety? We’ll show you memory safety! We’ll borrow that borrow checker After two years of being beaten with the memory-safety stick, the C++ community has published a proposal to help developers write less vulnerable code.… This…

Read more →

Now it’s the default for all new accounts Snowflake continues to push forward in strengthening its users’ cybersecurity posture by making multi-factor authentication the default for all new accounts.… This article has been indexed from The Register – Security Read…

Read more →

Putting a spanner in work for plans of opposition party to launch a comeback during next year’s elections One of Germany’s major political parties is still struggling to restore member data more than three months after a June cyberattack targeting…

Read more →

Orchestrators of abductions, torture, crypto thefts, and more get their comeuppance One cybercriminal of the most violent kind will spend his best years behind bars, as will 11 of his thug pals for a string of cryptocurrency robberies in the…

Read more →

* Quite Unlikely A New Technology’s Useful, Man Opinion  We have a new call to arms in the 21st century battlefront between the West and China. The Middle Kingdom is building an uncrackable national infrastructure based on quantum key distribution…

Read more →

Also: Apple to end NSO Group lawsuit; Malicious Python dev job offers; Dark web kingpins busted; and more Infosec In Brief  Genetic testing outfit 23andMe has settled a proposed class action case related to a 2023 data breach for $30…

Read more →

No love for months-long wait to fix this, either Security researchers have revealed a litany of failures in the Feeld dating app that could be abused to access all manner of private user data, including the most sensitive images not…

Read more →

Do not go on holiday to the O Smach Resort The US Department of the Treasury’s Office of Foreign Assets Control issued sanctions on Thursday against Cambodian entrepreneur and senator Ly Yong Phat, for his “role in serious human rights…

Read more →

With social media age limits, anti-scam laws, privacy tweaks, and misinformation rules Elon Musk labelled ‘fascist’ Australia’s government has spent the week reining in Big Tech.… This article has been indexed from The Register – Security Read the original article:…

Read more →

Illegal goods allegedly shipped to the US labeled as toys or jewels The US Attorney’s Office in the District of Massachusetts has seized more than 350 internet domains allegedly used by Chinese outfits to sell US residents kits that convert…

Read more →

Nastyware seeks creds, mines crypto, and plants ransomware that isnt deployed – for now? An unknown attacker is exploiting weak passwords to break into Oracle WebLogic servers and deploy an emerging Linux malware called Hadooken, according to researchers from cloud…

Read more →

That would explain this 440GB leak, then Fortinet has admitted that bad actors accessed cloud-hosted data about its customers, but insisted it was a “limited number” of files. The question is: how limited is “limited”?… This article has been indexed…

Read more →

Allegedly pilfered database has source code, private keys, staff info, T-Mobile VM logs, more A miscreant claims to have broken into Capgemini and leaked a large amount of sensitive data stolen from the technology services giant – including source code,…

Read more →

SaaS seller sets severity to ‘critical’ Adobe’s patch for a remote code execution (RCE) bug in Acrobat this week doesn’t mention that the vulnerability is considered a zero-day nor that a proof-of-concept (PoC) exploit exists, a researcher warns.… This article…

Read more →

Oh, turns out there are some things money can buy Mastercard has added another security asset to its growing portfolio, laying down $2.65 billion for threat intelligence giant Recorded Future.… This article has been indexed from The Register – Security…

Read more →

Browser becomes more proactive about trimming unneeded permissions and deceptive notifications Google has enhanced Chrome’s Safety Check so that it can make some security decisions on the user’s behalf.… This article has been indexed from The Register – Security Read…

Read more →

NCA confirms arrest of teen ‘on suspicion of Computer Misuse Act offences’ now bailed, as TfL hauls in 30k staff to do in-person password resets Breaking  Transport for London’s ongoing cyber incident has taken a dark turn as the organization…

Read more →

Privacy regulator taking a closer look at data privacy and PaLM 2 The European Union’s key regulator for data privacy, Ireland’s Data Protection Commission (DPC), has launched a cross-border inquiry into Google’s AI model to ascertain if it complies with…

Read more →

What kind of OS can be hijacked by clicking a link at just the right time? Microsoft’s In this week’s Patch Tuesday Microsoft alerted users to, among other vulnerabilities, a flaw in Windows Installer that can be exploited by malware…

Read more →

It could lead to a costly BEC situation Palo Alto’s Unit 42 threat intel team wants to draw the security industry’s attention to an increasingly common tactic used by phishers to harvest victims’ credentials.… This article has been indexed from…

Read more →

Get essential insights for IT security compliance and effectiveness from SANS Webinar  As cybersecurity threats evolve, so do the regulations designed to protect businesses.… This article has been indexed from The Register – Security Read the original article: NIS2, DORA,…

Read more →

Augmented reality meets warped reality A defense ministry official from Belarus has claimed augmented reality game Pokémon GO was a tool of Western intelligence agencies.… This article has been indexed from The Register – Security Read the original article: Pokémon…

Read more →

Academically interesting technique for poking holes in paywalled tech specs An anti-piracy system to protect online video streams from unauthorized copying is flawed – and can be broken to allow streamed media from Amazon, Netflix, and others to be saved,…

Read more →

Would paying a ransom – or better security – have been cheaper and safer? A US healthcare giant will pay out $65 million to settle a class-action lawsuit brought by its own patients after ransomware crooks stole their data –…

Read more →

No class: Black Suit ransomware gang boasts of 200GB haul from one raid Cybercriminals closed some schools in America and Britain this week, preventing kindergarteners in Washington state from attending their first-ever school day and shutting down all internet-based systems…

Read more →

You hate to see it The Meow ransomware group has grabbed the second most active gang spot in an unexpected surge in activity following a major brand overhaul.… This article has been indexed from The Register – Security Read the…

Read more →

Allegedly swiped more than 5.2M files and threatens to publish the lot Ransomware gang Hunters International reportedly claims to have stolen more than 5.2 million files belonging to the London branch of the Industrial and Commercial Bank of China (ICBC),…

Read more →

A really big oh sh*t moment, for sure For C-suite execs and security leaders, discovering your organization has been breached, your critical systems locked up and your data stolen, then receiving a ransom demand, is probably the worst day of…

Read more →

What happens at Black Hat… While trying to escape the Las Vegas heat during Black Hat last month, watchTowr Labs researchers decided to poke around for weaknesses in the WHOIS protocol. They claim to have found a way to undermine…

Read more →

ISC2 argues security training needs to steer toward what hiring managers want The shortfall between the number of working security professionals and the number of security job openings has reached 4.8 million – a new high, according to cyber security…

Read more →

Minister reckons dedicated cops necessary to protect digital transactions India has announced a plan to train a specialized wing of 5000 “Cyber Commandos” in the next five years, as part of its efforts to address cyber crime.… This article has…

Read more →

CISA wants you to leap on Citrix and Ivanti issues. Adobe, Intel, SAP also bid for patching priorities Patch Tuesday  Another Patch Tuesday has dawned, as usual with the unpleasant news that there are pressing security weaknesses and blunders to…

Read more →

Beijing aimed research at immediate needs – like blocking leaks – while the US sought abstract knowledge China has an undeniable lead in quantum networking technology – a state of affairs that should give the US pause, despite its lead…

Read more →

Elderly people report the greatest losses The FBI just dropped its annual report examining the costs of crypto-related cybercrime, painting a predictably grim picture as total losses in the US exceeded $5.6 billion in 2023 – a 45 percent year-on-year…

Read more →

Beijing aimed research at immediate needs – like blocking leaks – while the US sought abstract knowledge China has an undeniable lead in quantum networking technology – a state of affairs that should give the US pause, despite its lead…

Read more →

It promised vanishing messages, but now ‘it’s privacy theater’ Video  A popular privacy feature in WhatsApp is “completely broken and can be trivially bypassed,” according to developers at cryptowallet startup Zengo.… This article has been indexed from The Register –…

Read more →

US alarmed by heightened Kremlin naval activity worldwide Russia’s naval activity near undersea cables is reportedly drawing the scrutiny of US officials, further sparking concerns that the Kremlin may be plotting to “sabotage” underwater infrastructure via a secretive, dedicated military…

Read more →

‘Insider wrongdoing’ to blame for the breach Avis Rent A Car System has alerted 299,006 customers across multiple US states that their personal information was stolen in an August data breach.… This article has been indexed from The Register –…

Read more →

Criminals with plenty of time on their hands may now have credit card details Around 1.7 million people will receive a letter from Florida-based Slim CD, if they haven’t already, after the company detected an intrusion dating back nearly a…

Read more →

Watch this webinar for tips on enhancing resilience with advanced protection strategies Webinar  As cyberattacks like ransomware and malware grow more sophisticated, organizations need to ensure their enterprise storage systems are robust and resilient.… This article has been indexed from…

Read more →

The latest of many attempts to stifle perceived threats to Putin’s regime A pro-democracy NGO in Russia says it looks like the Kremlin-linked COLDRIVER group was behind last month’s hack-and-leak job that saw files and inboxes dumped online.… This article…

Read more →

Understanding new NIS2, DORA, and Tiber-EU legislation is essential to improving IT security, explains SANS Webinar  As cybersecurity regulations tighten, organisations face new challenges that require more than just compliance checklists.… This article has been indexed from The Register –…

Read more →

Plus: Trump family X accounts hijacked to promote crypto scam; Fog ransomware spreads; Hijacked PyPI packages; and more Infosec in brief  After activating its chameleon field and going to ground following press attention earlier this year, the dangerous Predator commercial…

Read more →

Plus: Trump family X accounts hijacked to promote crypto scam; Fog ransomware spreads; Hijacked PyPI packages; and more Infosec in brief  After activating its chameleon field and going to ground following press attention earlier this year, the dangerous Predator commercial…

Read more →

White House floats round two of regulations It sounds like the start of a bad joke: Digital trespassers from China, Russia, and Iran break into US water systems.… This article has been indexed from The Register – Security Read the…

Read more →

Not so much when trying to convert coding veterans Google recently rewrote the firmware for protected virtual machines in its Android Virtualization Framework using the Rust programming language and wants you to do the same, assuming you deal with firmware.……

Read more →

The ‘security issue’ was caused by a 9.8-rated Magento flaw Adobe patched back in June Bad news for anyone who purchased a Cisco hoodie earlier this month: Suspected Russia-based attackers injected data-stealing JavaScript into the networking giant’s online store selling…

Read more →

When maintenance windows are hard to open, a little lubrication helps On Call  The Register understands consuming alcohol is quite a popular way to wind down from the working week, but each Friday we get the party started early with…

Read more →

Supply chains, 13M jobs and $649B a year at risk, so Uncle Sam is fighting back – with a request for info The US Department of Homeland Security is seeking help to assess the security of tech at maritime ports,…

Read more →

Now do your patriotic duty and fill one of those 500k open roles, please? The White House has unveiled a new strategy to fill some of the hundreds of thousands of critical cybersecurity vacancies across the US: Pitch cyber as…

Read more →

Feds post $10M bounty for each of the six’s whereabouts The US today charged five Russian military intelligence officers and one civilian for their alleged involvement with the data-wiping WhisperGate campaign conducted against Ukraine in January 2022 before the ground…

Read more →

Feds post $10 million bounty for each of the six’s whereabouts The US today charged five Russian military intelligence officers and one civilian for their involvement with the data-wiping WhisperGate campaign conducted against Ukraine in January 2022 before the ground…

Read more →

Two critical holes including hardcoded admin credential If you’re running Cisco’s supposedly Smart Licensing Utility, there are two flaws you ought to patch right now.… This article has been indexed from The Register – Security Read the original article: Cisco’s…

Read more →

Good news? Security is still getting a growing part of IT budget It looks like security budgets are coming up against belt-tightening policies, with chief security officers reporting budgets rising more slowly than ever and over a third saying their…

Read more →

Are you prepared for the day that quantum computing breaks today’s encryption? Sponsored Feature  The internet is all about transparency and openness – connecting people and information, shoppers and vendors, or businesses. But it’s also all about security and trust.……

Read more →

Network admins take a ride on the Fright Bus The Transport for London (TfL) “cyber incident” is heading into its third day amid claims that a popular appliance might have been the gateway for criminals to gain access to the…

Read more →