Tag: The Register – Security

Allowed access to 150k cameras, some in sensitive spots, but has been done for spamming Physical security biz Verkada has agreed to cough up $2.95 million following an investigation by the US Federal Trade Commission (FTC) – but the payment…

Read more →

Russia has seemingly decided who it wants Putin the Oval Office The Biden administration on Wednesday seized 32 websites and charged two employees of a state-owned media outlet connected to a $10 million scheme to distribute pro-Kremlin propaganda, and claimed…

Read more →

Feds warn of ‘highly tailored, difficult-to-detect social engineering campaigns’ The FBI has warned that North Korean operatives are plotting “complex and elaborate” social engineering attacks against employees of decentralized finance (DeFi) organizations, as part of ongoing efforts to steal cryptocurrency.……

Read more →

Big Blue also shifts to Prisma SASE to secure its 250,000 workforce Palo Alto Networks has completed its purchase of IBM’s QRadar SaaS offering, spending $500 million to buy up the service’s customers and hopefully shift them into its own…

Read more →

Big Blue also shift to Prisma SASE to secure its 250,000 workforce Palo Alto Networks has completed its purchase of IBM’s QRadar SaaS service, spending $500 million to buy up customer share for PAN’s next-gen AI security Cortex platform.… This…

Read more →

Loads of governance issues to worry about, and the chance it might spout utter garbage Microsoft has published a Transparency Note for Copilot for Microsoft 365, warning enterprises to ensure user access rights are correctly managed before rolling out the…

Read more →

93GB of info feared pilfered in Montana by heartless crooks Planned Parenthood of Montana’s chief exec says the org is responding to a cyber-attack on its systems, and has drafted in federal law enforcement and infosec professionals to help investigate…

Read more →

Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials The Cicada3301 ransomware, which has claimed at least 20 victims since it was spotted in June, shares “striking similarities” with the notorious BlackCat ransomware, according to…

Read more →

Unclear if this is a sign controversial service is cleaning up its act everywhere Controversial social network Telegram has co-operated with South Korean authorities and taken down 25 videos depicting sex crimes.… This article has been indexed from The Register…

Read more →

Bagging two posh properties, three luxury cars on a govt salary a bit of a giveaway – allegedly The US Department of Justice has accused a now-former senior official of the New York State government of illegally advancing the interests…

Read more →

Better late than never The White House on Tuesday indicated it hopes to shore up the weak security of internet routing, specifically the Border Gateway Protocol (BGP).… This article has been indexed from The Register – Security Read the original…

Read more →

The group bragged they could steal one-time passwords from Apply Pay and 30+ sites A trio of men have pleaded guilty to running a multifactor authentication (MFA) bypass ring in the UK, which authorities estimate has raked in millions in…

Read more →

No, Abbey is not really a “pure patriotic girl” Spamouflage, the Beijing-linked trolls known for spreading fake news about American politics, is back with new accounts on X and TikTok that claim to be frustrated US voters in “more aggressive”…

Read more →

Selfie-scraper again claims European law does not apply to it The Dutch Data Protection Authority (DPA) has fined controversial facial recognition company Clearview AI €30.5 million ($33 million) over the “illegal” collation of images.… This article has been indexed from…

Read more →

Government body claims there is no evidence of customer data being compromised Transport for London (TfL) – responsible for much of the public network carrying people around England’s capital – is battling to stay on top of an unfolding “cyber…

Read more →

Head down to Grey Matter ISV Partner Day to learn about the latest Microsoft technologies Sponsored Post  This year’s Grey Matter ISV Partner Day will bring together Microsoft-focused ISVs, SaaS Providers and application builders from the UK and Ireland to…

Read more →

CEO Pavel Durov charged in France, messaging platform insists it abides by EU laws Telegram CEO Pavel Durov, who was cuffed and charged by the French police last week, was “too free” in his approach to managing the global messaging…

Read more →

Resources hosted at Tencent Cloud involved in Cobalt Strike campaign Chinese web champ Tencent’s cloud is being used by unknown attackers as part of a phishing campaign that aims to achieve persistent network access at Chinese entities.… This article has…

Read more →

Also, US offering $2.5M for Belarusian hacker, Backpage kingpins jailed, additional MOVEit victims, and more in brief  A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to…

Read more →

The ransomware gang recruits high-profile affiliates from LockBit and ALPHV As RansomHub continues to scoop up top talent from the fallen LockBit and ALPHV operations while accruing a smorgasbord of victims, security and law enforcement agencies in the US feel…

Read more →

Relax, it’s just a drill. This time at least. US Army Special Forces, aka the Green Berets, have been demonstrating their hacking chops in the recent Swift Response 24 military exercises in May, the military has now confirmed.… This article…

Read more →

Infosec hounds say they spotted vulnerability during routine travel in the US Cybersecurity researchers say they’ve found a vulnerability that allowed them to skip US airport security checks and even fly in the cockpit on some scheduled flights.… This article…

Read more →

Farsi-language posts target possibly-pro-Israel individuals Government-backed Iranian actors allegedly set up dozens of fake recruiting websites and social media accounts to hunt down double agents and dissidents suspected of collaborating with the nation’s enemies, including Israel.… This article has been…

Read more →

Targeted elected officials and others with over 100 fake crime reports and threats The US government has indicted two men for allegedly reporting almost 120 fake emergencies or crimes in the hope of provoking action by armed law enforcement agencies.……

Read more →

Google researchers note similarities, can’t find smoking-gun link Google’s Threat Analysis Group (TAG) has spotted an interesting pattern: A Kremlin-linked cyber-espionage crew and commercial spyware makers exploiting specific security vulnerabilities in pretty much the same way.… This article has been…

Read more →

Google researchers note the similarities, can’t find a link Google’s Threat Analysis Group (TAG) has spotted a disturbing similarity in attack tactics used by commercial spyware vendors and Russia-linked attack gangs.… This article has been indexed from The Register –…

Read more →

Sordid search history ‘evidence’ in case that could see him spend 35 years for extortion and wire fraud A former infrastructure engineer who allegedly locked IT department colleagues out of their employer’s systems, then threatened to shut down servers unless…

Read more →

Google revises Chrome Vulnerability Rewards Program with higher payouts for bug hunters Google’s Chrome Vulnerability Rewards Program (VRP) is now significantly more rewarding – with a top payout that’s at least twice as substantial.… This article has been indexed from…

Read more →

French police reckon financial system targeted during Summer Games Nearly four weeks after the cyberattack on dozens of French national museums during the Olympic Games, the Brain Cipher ransomware group claims responsibility for the incident and says 300 GB of…

Read more →

Total revenue for Q2 grew 32 percent CrowdStrike’s major meltdown a month ago doesn’t look like affecting the cyber security vendor’s market dominance anytime soon, based on its earnings reported Wednesday.… This article has been indexed from The Register –…

Read more →

CrowdStrike, other vendors, friendly govt reps…but not anyone would can tell you what happened op-ed  Microsoft will host a security summit next month with CrowdStrike and other “key” endpoint security partners joining the fun — and during which the CrowdStrike-induced…

Read more →

If you haven’t deployed August’s patches, get busy before others do Windows users who haven’t yet installed the latest fixes to their operating systems will need to get a move on, as code now exists to exploit a critical Microsoft…

Read more →

The government-backed crew also enjoys ransomware as a side hustle Iranian government-backed cybercriminals have been hacking into US and foreign networks as recently as this month to steal sensitive data and deploy ransomware, and they’re breaking in via vulnerable VPN…

Read more →

Authorities probing unwanted intrusion; hard questions ahead Dick’s Sporting Goods, America’s largest retail chain for outdoorsy types, has admitted that it suffered a cyberattack last week.… This article has been indexed from The Register – Security Read the original article:…

Read more →

Prompt injection, ASCII smuggling, and other swashbuckling attacks on the horizon Microsoft has fixed flaws in Copilot that allowed attackers to steal users’ emails and other personal data by chaining together a series of LLM-specific attacks, beginning with prompt injection.……

Read more →

Sword or plowshare? That depends on whether you’re an attacker or a defender Sponsored Feature  Artificial intelligence: saviour for cyber defenders, or shiny new toy for online thieves? As with most things in tech, the answer is a bit of…

Read more →

Phew! Consumer-grade tracking devices are good for more than finding your keys and stalking Theft of packages is an ongoing problem, so one California woman tried a high tech solution to the problem – and her use of Apple’s consumer-grade…

Read more →

Ground stations are the perfect place for the Great Firewall to block things China finds unpleasant The multiple constellations of broadband-beaming satellites planned by Chinese companies could conceivably run the nation’s “Great Firewall” content censorship system, according to think tank…

Read more →

More of a storm in a teacup Today’s news that Intel’s Software Guard Extensions (SGX) security system is open to abuse may be overstated.… This article has been indexed from The Register – Security Read the original article: Intel’s Software…

Read more →

The same Beijing-backed cyber spy crew the feds say burrowed into US critical infrastructure It looks like China’s Volt Typhoon has found a new way into American networks as Versa has disclosed a nation-state backed attacker has exploited a high-severity…

Read more →

Cracked Labs examines how workplace surveillance turns workers into suspects Software designed to address legitimate business concerns about cyber security and compliance treats employees as threats, normalizing intrusive surveillance in the workplace, according to a report by Cracked Labs.… This…

Read more →

Legitimate emails misclassified in software snafu Updated  Many administrators have had a trying Monday after getting spammed out with false malware reports by Microsoft.… This article has been indexed from The Register – Security Read the original article: Microsoft mistake…

Read more →

No word yet on if ransomware is to blame The Port of Seattle, which operates the Seattle-Tacoma International Airport, is investigating a “possible cyberattack” after computer outages disrupted the airport’s operations and delayed flights.… This article has been indexed from…

Read more →

National security data up for grabs, Office of the Inspector General finds The FBI has made serious slip-ups in how it processes and destroys electronic storage media seized as part of investigations, according to an audit by the Department of…

Read more →

Second sensitive info theft claimed by the same crims since June Digital data thieves have reportedly breached AMD’s internal communications and are offering the allegedly stolen goods for sale. … This article has been indexed from The Register – Security Read…

Read more →

Unprotected database with 12 years of biz records yanked offline Exclusive  Nearly 2.7 TB of sensitive data — 31.5 million invoices, contracts, HIPPA patient consent forms, and other business documents regarding numerous companies across industries — has been exposed to…

Read more →

Plus: Microsoft issues workaround for dual-boot crashes; ARRL cops to ransom payment, and more Infosec in brief  Deniss Zolotarjovs, a suspected member of the Russian Karakurt ransomware gang, has been charged in a US court with allegedly conspiring to commit…

Read more →

Rap sheet spells out major no-nos after disgruntled staff blow whistle The US is suing one of its leading research universities over a litany of alleged failures to meet cybersecurity standards set by the Department of Defense (DoD) for contract…

Read more →

Immerse is Cloudflare’s premier annual conference in Southeast Asia Partner Content  Cloudflare is excited to present Immerse, our flagship event designed to connect attendees directly with the ideas, technologies and business leaders driving network and security transformation.… This article has…

Read more →

Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway SolarWinds left hardcoded credentials in its Web Help Desk product that can be used by remote, unauthenticated attackers to log into vulnerable…

Read more →

Not related to the massive outage in July, security biz spokesperson told us Some IT administrators suffered a moment of deja vu on Thursday morning as CrowdStrike blamed a cloud service issue for performance problems and lagging boot times affecting…

Read more →

What could the problem be? Reportedly, a cyberattack American oil giant Halliburton is investigating an “issue,” reportedly a cyberattack, that has disrupted some business operations and global networks.… This article has been indexed from The Register – Security Read the…

Read more →

Whether attack slowdown continues downward trend is the million dollar question that security researchers can’t answer Critical industrial organizations continued to be hammered by ransomware skids in July, while experts suggest the perps are growing in confidence that law enforcement…

Read more →

Needless to say, it backfired in a big way University of California Santa Cruz (UCSC) students may be relieved to hear that an emailed warning about a staff member infected with the Ebola virus was just a phishing exercise.… This…

Read more →

Visit IGEL’s DISRUPT Munich event this September to learn more about the latest end user computing technologies Sponsored Post  The IGEL DISRUPT Munich event promises an opportunity to explore the latest innovations in end user computing (EUC), with a focus…

Read more →

Echoes human rights groups’ concerns that it could suppress free speech and more Networking giant Cisco has suggested the United Nations’ first-ever convention against cyber crime is dangerously flawed and should be revised before being put to a formal vote.……

Read more →

Why accurate threat detection and faster response times require a comprehensive view of the threat landscape Partner Content  In today’s digital landscape, the threat of automated attacks has escalated, fuelled by advancements in artificial intelligence (AI).… This article has been…

Read more →

Unless you’re cool with an unauthorized criminal enjoying admin privileges to comb through your code A critical bug in GitHub Enterprise Server could allow an attacker to gain unauthorized access to a user account with administrator privileges and then wreak…

Read more →

If you needed yet another reminder of what happens when security basics go awry It’s a good news day for organizations that don’t leave their AWS environment files publicly exposed because infosec experts say those that do may be caught…

Read more →

Forget about your love life too, no dating apps until the war is over Russia’s Ministry of Internal Affairs is warning residents of under-siege regions to switch off home surveillance systems and dating apps to stop Ukraine from using them…

Read more →

Hoped to dodge child support payments, now faces 81 months inside – and a bigger bill than ever A US man has been sentenced to 81 months in jail for faking his own death by hacking government systems and officially…

Read more →

Defense contractor gets hacked – what’s the worst that could happen US semiconductor manufacturing firm Microchip Technology has revealed an “unauthorized party disrupted the Company’s use of certain servers and some business operation.”… This article has been indexed from The…

Read more →

Notification omits a number of key details Popular flight-tracking app FlightAware has admitted that it was exposing a bunch of users’ data for more than three years.… This article has been indexed from The Register – Security Read the original…

Read more →

Notification omits a number of key details Popular flight-tracking app FlightAware has admitted that it was exposing a bunch of users’ data for more than three years.… This article has been indexed from The Register – Security Read the original…

Read more →

Political stirrer Roger Stone may have been a weak link after personal emails cracked US authorities have named Iran as the likely source of a recent attack on the campaign of the US Republican Party’s presidential nominee, Donald Trump.… This…

Read more →

Researchers find it’s possible to downgrade authentication checks, and shabby token refresh policies Digital wallets like Apple Pay, Google Pay, and PayPal can be used to conduct transactions using stolen and cancelled payment cards, according to academic security researchers.… This…

Read more →

12 on X and one on Instagram caught in the crackdown OpenAI has banned ChatGPT accounts linked to an Iranian crew suspected of spreading fake news on social media sites about the upcoming US presidential campaign.… This article has been…

Read more →

Windows giant tells Cisco Talos it isn’t fixing them Cisco Talos says eight vulnerabilities in Microsoft’s macOS apps could be abused by nefarious types to record video and sound from a user’s device, access sensitive data, log user input, and…

Read more →

Investigators previously said the number was much, much higher The data broker at the center of what may become one of the more significant breaches of the year is telling officials that just 1.3 million people were affected.… This article…

Read more →

Also: Your external-facing NetSuite sites need a review; five popular malware varieties for Q2, and more in brief  Malware that kills endpoint detection and response (EDR) software has been spotted on the scene and, given it’s deploying RansomHub, it could…

Read more →

Names, addresses, Social Security numbers, more all out there A Florida firm has all but confirmed that millions of people’s sensitive personal info was stolen from it by cybercriminals and publicly leaked.… This article has been indexed from The Register…

Read more →

Attacker locked out all staff for four days The cryptocurrency offshoot of reality TV and entrepreneurship show Unicorn Hunters has confirmed that an unknown attacker compromised its G-Suite, locking all staff out of their accounts.… This article has been indexed…

Read more →

Take a deep dive into the world of emerging cyber threats and defense strategies with Cloudflare Webinar  In a world where cyber threats are continually evolving, staying informed is critical for IT and security professionals.… This article has been indexed…

Read more →

Teams wanting the cash have to commit to handing their models to OpenSSF after next year’s final One year after it began, the DARPA AI Cyber Challenge (AIxCC) has whittled its pool of contestants down to seven semifinalists.… This article…

Read more →

US politicians and Israeli officials among the top targets for the IRGC’s cyber unit Google has joined Microsoft in publishing intel on Iranian cyber influence activity following a recent uptick in attacks that led to data being leaked from the…

Read more →

He’ll also have to pay back $1.2 million from fraudulent transactions he facilitated A Russian national is taking a trip to prison in the US after being found guilty of peddling stolen credentials on a popular dark web marketplace.… This…

Read more →

Anydesk is its access tool of choice A new extortion gang called Mad Liberator uses social engineering and the remote-access tool Anydesk to steal organizations’ data and then demand a ransom payment, according to Sophos X-Ops.… This article has been…

Read more →

Payment arm of Korean messaging app denies any illegal activity Kakao Pay, a subsidiary of Korea’s WhatsApp analog Kakao, handed over data from more than 40 million users to the Singaporean arm of Chinese payment platform Alipay, without user consent,…

Read more →

No, no, go ahead, don’t let us stop you, Xi Cyber-spies suspected of connections with China have infected “dozens” of computers belonging to Russian government agencies and IT providers with backdoors and trojans since late July, according to Kaspersky.… This…

Read more →

Citizen Lab also spots a COLDWASTREL swimming in the Rivers of Phish Russia’s Federal Security Service (FSB) cyberspies, joined by a new digital snooping crew, have been conducting a massive online phishing espionage campaign via phishing against targets in the…

Read more →

Lone Star State alleges GM cashed in with “millions in lump sum payments” from the sale Texas has sued General Motors for what it said is a years-long scheme to collect and sell drivers’ data to third parties – including…

Read more →

Three state attorneys general probed the company and found plenty to chastise Biotech biz Enzo Biochem is being forced to pay three state attorneys general a $4.5 million penalty following a 2023 ransomware attack that compromised the data of more…

Read more →

Company admits turning human women into faceless, sexualized furniture was a ‘tone deaf’ marketing ploy If you attended the Black Hat conference in Vegas last week and found yourself over in Palo Alto Networks’ corner of the event, you may…

Read more →

Questions raised as one of the world’s largest PC makers joins America’s critical defense team Opinion  Lenovo’s participation in a cybersecurity initiative has reopened old questions over the company’s China origins, especially in light of the growing mistrust between Washington…

Read more →

There’s a blockchain involved so it’s totally going to stop you getting those calls India’s Telecom Regulatory Authority (TRAI) on Tuesday directed telcos to stop calls from unregistered telemarketers – and prevent them from using networks again for up to…

Read more →

Nicely ahead of that always-a-decade-away moment when all our info becomes an open book The National Institute of Standards and Technology (NIST) today released the long-awaited post-quantum encryption standards, designed to protect electronic information long into the future – when…

Read more →

Plus more pain for Intel which fixed 43 bugs, SAP and Adobe also in on the action Patch Tuesday  Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that…

Read more →

Plus many more newbies waiting in the wings Despite a law enforcement takedown six months ago, LockBit 3.0 remains the most prolific encryption and extortion gang, at least so far, this year, according to Palo Alto Networks’ Unit 42.… This…

Read more →

Authorities allege ‘J.P. Morgan’ practiced ‘extreme operational and online security’ The US has charged a suspect they claim is a Belarusian-Ukrainian cybercriminal whose offenses date back to 2011.… This article has been indexed from The Register – Security Read the…

Read more →

The takedown may be small but any ransomware gang sent to the shops is good news in our book The Dispossessor ransomware group is the latest to enter the cybercrime graveyard with the Feds proudly laying claim to the takedown.……

Read more →

Incident sounds like a BEC fraud targeting an unwitting staffer Luxembourg-based chemicals and manufacturing giant Orion SA is telling US regulators that it will lose out on around $60 million after it was targeted by a criminal wire fraud scheme.……

Read more →

Because apps talking like pirates and creating ASCII art never gets old Despite worries about criminals using prompt injection to trick large language models (LLMs) into leaking sensitive data or performing other destructive actions, most of these types of AI…

Read more →

Bad guys claim they’re cops, keep you on hold for hours until you pay to make loved ones’ crimes go away A woman in the Indian city of Delhi last week found herself under “digital arrest” – a form of…

Read more →

Kernel mode not good enough for you? Maybe you’ll like SMM of this Some AMD processors dating back to 2006 have a security vulnerability that’s a boon for particularly underhand malware and rogue insiders, though the chip designer is only…

Read more →

Nearly 50 different data points were accessed by cybercrim An Arizona tech school will send letters to 208,717 current and former students, staff, and parents whose data was exposed during a January break-in that allowed an attacker to steal nearly…

Read more →

Nearly 50 different data points were accessed by cybercrim An Arizona tech school will send letters to 208,717 current and former students, staff, and parents whose data was exposed during a January break-in that allowed an attacker to steal nearly…

Read more →

It also attracts exactly the type of unempathetic people you would think it does Black Hat  Recently published interviews with known doxxers reveal the incredible finances behind the practice and how their extortion tactics are becoming increasingly violent.… This article…

Read more →

Let SANS help you get to grips with the shifting landscape of cloud security Sponsored Post  Our reliance on the cloud continues to grow steadily, with a greater variety of services than ever being hosted in it.… This article has…

Read more →

Dots have been joined, but hard evidence is not apparent Former US president Donald Trump’s re-election campaign has claimed it’s been the victim of a cyber attack.… This article has been indexed from The Register – Security Read the original…

Read more →

Also: British nuke subs get code from Russia; and BlackSuit begs for $500M Infosec in brief  The United Nations often reaches consensus rather than complete agreement, but last week a proposal from Russia to cut down on cyber crime was…

Read more →