Tag: The Register – Security

Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack Patch Tuesday  Microsoft kicked off our summer season with a relatively light June Patch Tuesday, releasing updates for 49 CVE-tagged security flaws in its…

Read more →

Secure storage company hasn’t spilled details on how they got in Pure Storage is the latest company to confirm it’s a victim of mounting Snowflake-related data breaches.… This article has been indexed from The Register – Security Read the original…

Read more →

Customers, partners, operations remain uncompromised, BlackBerry says BlackBerry-owned cybersecurity shop Cylance says the data allegedly belonging to it and being sold on a crime forum doesn’t endanger customers, yet it won’t say where the information was stored originally.… This article…

Read more →

Three-pronged approach aims to uncover any malpractice at the Silicon Valley biotech biz The data protection watchdogs of the UK and Canada are teaming up to hunt down the facts behind last year’s 23andMe data breach.… This article has been…

Read more →

Mandiant warns criminal gang UNC5537, which may be friendly with Scattered Spider, is on the rampage An unknown financially motivated crime crew has swiped a “significant volume of records” from Snowflake customers’ databases using stolen credentials, according to Mandiant.… This…

Read more →

Total rebuild needed after four days off the air Japanese media conglomerate Kadokawa and several of its properties have been offline for four days after a major cyber attack.… This article has been indexed from The Register – Security Read…

Read more →

A far cry from the half-million claim that crims originally boasted Auction house to the wealthy Christie’s says 45,798 people were affected by its recent cyberattack and resulting data theft.… This article has been indexed from The Register – Security…

Read more →

Also, industry begs Uncle Sam for infosec reg harmony, dueling container-compromise campaigns, and crit vulns infosec in brief  Cloud data analytics platform Snowflake said it is going to begin forcing customers to implement multi-factor authentication to prevent more intrusions. … This…

Read more →

Thousands of dodgy SMS messages bypassed network filters in UK-first case British police have arrested two individuals following an investigation into illegal homebrew phone masts used for SMS-based phishing campaigns.… This article has been indexed from The Register – Security…

Read more →

Scott Small tells us gang’s ‘intent and capability’ should get the attention of CSOs Interview  It might not be as big a name as BlackCat or LockBit, but the Akira ransomware is every bit as dangerous, says one cybersecurity researcher…

Read more →

Lessons learned from the infosec chief convicted and punished for covering up theft of data from taxi app maker Interview  Joe Sullivan – the now-former Uber chief security officer who was found guilty of covering-up a theft of data from…

Read more →

Breaking breaking-news news A 4chan user claims to have leaked 270GB of internal New York Times data, including source code, via the notorious image board.… This article has been indexed from The Register – Security Read the original article: ‘New…

Read more →

How’s your RPKI-based security plan coming along? Feds want to know US broadband providers will soon have to provide proof to Uncle Sam that they are taking steps to prevent Border Gateway Protocol (BGP) hijacking and locking down internet routing…

Read more →

Windows maker acknowledges ‘clear signal’ from everyone, then mostly ignores it Microsoft is not giving up on its controversial Windows Recall, though says it will give customers an option to opt in instead of having it on by default, and…

Read more →

Company says just names and SSNs affected, watering down RansomHub’s claims Frontier Communications has confirmed more than 750,000 individuals were affected in an April cyberattack on its systems, according to a regulatory filing.… This article has been indexed from The…

Read more →

Researchers were able to glean data from 10,000 meetings held by top Dutch gov officials Cisco squashed some bugs this week that allowed anyone to view WebEx meeting information and join them, potentially opening up security and privacy concerns for…

Read more →

Meeting the challenges of managing risk for cyber-physical systems Webinar  The risk of cyber attack hangs over every digital environment but cyber physical systems (CPS) tend to be more vulnerable – after all, they weren’t usually designed with security in…

Read more →

But do they get to wear ‘I DDoSed’ stickers? A Russian hacktivist crew has threatened to attack European internet infrastructure as four days of EU elections begin on Thursday.… This article has been indexed from The Register – Security Read…

Read more →

Spammers will probably bid to buy it, so community is trying to find a better home for decades-old service Exclusive  The Spam and Open Relay Blocking System (SORBS) – a longstanding source of info on known sources of spam widely…

Read more →

You upgraded when this was fixed in April, right? Right?? If you haven’t yet upgraded to version 1.3.0 of Apache HugeGraph, now’s a good time because at least two proof-of-concept exploits for a CVSS 9.8-rated remote command execution bug in…

Read more →

The bad news? Gang wasn’t deleting victim data after payments LockBit victims who are still trying to clean up their encrypted files are in luck: the FBI has a big set of decryption keys it would love to let you…

Read more →

Funds are currently seized after being sent to offshore accounts The US Justice Department is seeking permission to recover more than $5 million worth of funds stolen from a trade union by business email compromise (BEC) scammers.… This article has…

Read more →

Time to get moving if you still rely on this deprecated feature Microsoft has finally decided to add the venerable NTLM authentication protocol to the Deprecated Features list.… This article has been indexed from The Register – Security Read the…

Read more →

Experts say Big Red will probably re-release patch in an upcoming cycle A seven-year-old Oracle vulnerability is the latest to be added to CISA’s Known Exploited Vulnerability (KEV) catalog, meaning the security agency considers it a significant threat to federal…

Read more →

As tool emerges to probe OS feature’s SQLite-based store of user activities Asked to explore the data privacy issues arising from Microsoft Recall, the Windows maker’s poorly received self-surveillance tool, Jaime Teevan, chief scientist and technical fellow at Microsoft Research,…

Read more →

Beware of zero-click malware sliding into your DMs Miscreants exploited a zero-day in TikTok to compromised the accounts of CNN and other big names. The app maker has confirmed there was a cyberattack, and that it has scrambled to secure…

Read more →

Malware code potentially sold off, tweaked, back at it infecting victims RansomHub, a newish cyber-crime operation that has claimed to be behind the theft of data from Christie’s auction house and others, is “very likely” some kind of rebrand of…

Read more →

Same folks, different faces RansomHub, a newish cyber-crime operation that has claimed to be behind the theft of data from Christie’s auction house and others, is “very likely” some kind of rebrand of the Knight ransomware gang, according to threat…

Read more →

That backdoor’s not meant to be there? Zyxel just released security fixes for two of its obsolete network-attached storage (NAS) devices after an intern at a security vendor reported critical flaws months ago.… This article has been indexed from The…

Read more →

Public officials allegedly bribed to allow extradition-dodging travel Four arrests were made this week as part of an international probe into two overlapping corruption schemes that allowed cybercrims on INTERPOL watch lists to travel freely without flagging any alerts.… This…

Read more →

Let customers interfere with other tenants? That’s our cloud working by design, Redmond seems to say A vulnerability — or just Azure working as intended, depending on who you ask — in Microsoft’s cloud potentially allows miscreants to wave away…

Read more →

In the Navy, no, you cannot have an unauthorized WLAN. In the Navy, no, that’s not a good plan The US Navy has cracked down on an illicit Wi-Fi network installed on a combat ship by demoting the command senior…

Read more →

Meanwhile Mr Smith goes to Washington to testify before Congress The Pentagon is “doubling down” on its investment in Microsoft products despite the serious failings at the IT giant that put America’s national security at risk, say two US senators.……

Read more →

Pathology lab provider targeted, affecting blood transfusions and surgeries Hospitals in London are struggling to deliver pathology services after a ransomware attack at a service partner downed some key systems.… This article has been indexed from The Register – Security…

Read more →

Experts say auctioning the auctioneer’s data is unlikely to have been genuinely successful The cybercrims who claimed the attack on Christie’s fancy themselves as auctioneers as well, after they allegedly sold off the company’s data to the highest bidder instead…

Read more →

Privacy group seeks clarification of whether EU data protection law has been breached A privacy campaign group with a strong record in legal upheavals has asked the Austrian data protection authority to investigate Microsoft 365 Education to clarify if it…

Read more →

Some of the biggest names in the game are hopping on the trend Malware miscreants are increasingly showing a penchant for abusing legitimate, commercial packer apps to evade detection.… This article has been indexed from The Register – Security Read…

Read more →

Cloud storage giant lawyers up against infosec house Analysis  Hudson Rock, citing legal pressure from Snowflake, has removed its online report that claimed miscreants broke into the cloud storage and analytics giant’s underlying systems and stole data from potentially hundreds…

Read more →

Aims to get CVE logjam cleared by the end of FY 24 Facing a growing backlog of reported flaws, NIST has extended a commercial contract with an outside consultancy to help it get on top of its National Vulnerability Database…

Read more →

Turns out opting out actually works? Billions of records detailing people’s personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks and other requests for folks’ private info.… This article has…

Read more →

Featuring Tom Cruise deepfakes and multiple made-up terrorism threats Still throwing toys out the pram over its relationship with international sport, Russia is engaged in a multi-pronged disinformation campaign against the Olympic Games and host nation France that’s intensifying as…

Read more →

Also, free pianos are the latest internet scam bait, Cooler Master gets pwned, and some critical vulnerabilities Infosec in brief  Cybersecurity software vendor Check Point is warning customers to update their software immediately in light of a zero day vulnerability…

Read more →

How to strengthen cyber risk management for cyber physical systems (CPS) Webinar  Can organizations ever scale back on the relentless task of identifying, prioritizing, and remediating vulnerabilities, and misconfigurations across their industrial and critical infrastructure environments?… This article has been…

Read more →

The fusion of Lidar, radar, and cameras can be fooled by stuff from your kids’ craft box A team of researchers from prominent universities – including SUNY Buffalo, Iowa State, UNC Charlotte, and Purdue – were able to turn an…

Read more →

Who needs experts when you have an army of hand-picked super users telling you what you want to hear? Twitch has reportedly dismantled its Safety Advisory Council, and apparently plans to replace the panel with chosen “ambassadors.”… This article has…

Read more →

Infosec house claims Ticketmaster, Santander hit via cloud storage Infosec analysts at Hudson Rock believe Snowflake was compromised by miscreants who used that intrusion to steal data on hundreds of millions of people from Ticketmaster, Santander, and potentially other customers…

Read more →

Similar cases have resulted in serious sanctions, and they were on a far smaller scale Serial tech and digital privacy critic Senator Ron Wyden (D-OR) laid into UnitedHealth Group’s (UHG) CEO for appointing a CISO Wyden deemed “unqualified”– a decision…

Read more →

Follows arrests and takedowns of recent days After the big dog revelations from the past week, the cops behind Operation Endgame are now calling for help in tracking down the brains behind the Emotet operation.… This article has been indexed…

Read more →

Sector-agnostic group is after your data, wherever you are Infosec researchers revealed today a previously unknown cybercrime group that’s been on the prowl for three years and is behaving like some of the more dangerous cyber baddies under Kim Jong-Un’s…

Read more →

Starting Monday, users will gradually be warned the end is near On Monday, June 3, 2024, some people using Beta, Dev, and Canary builds of Google’s Chrome browser will be presented with a warning banner when they access their extension…

Read more →

Kremlin-aligned gang used Cloudflare and GitHub resources, and they didn’t like that one bit Cloudflare’s threat intel team claims to have thwarted a month-long phishing and espionage attack targeting Ukraine which it has attributed to Russia-aligned gang FlyingYeti.… This article…

Read more →

Source and motive of ‘Pumpkin Eclipse’ assault unknown Unknown miscreants broke into more than 600,000 routers belonging to a single ISP late last year and deployed malware on the devices before totally disabling them, according to security researchers.… This article…

Read more →

Source and motive of ‘Pumpkin Eclipse’ attack unknown Unknown miscreants broke into more than 600,000 routers belonging to a single ISP late last year and deployed malware on the devices before totally disabling them, according to security researchers.… This article…

Read more →

That said, use of generative ML to sway public opinion may not always be weak sauce OpenAI on Thursday said it has disrupted five covert influence operations that were attempting to use its AI services to manipulate public opinion and…

Read more →

Narco kingpins aren’t coming for your apes, but internet con artists still are The US Treasury Department has assessed the risk of non-fungible tokens (NFTs) being used for illicit finance, and has found them wanting for lack of proper roadblocks…

Read more →

Operation Endgame just beginning: ‘Stay tuned,’ says Europol An international law enforcement operation led by Europol has kicked off with the announcement of multiple arrests, searches, seizures and takedowns of malware droppers and their operators.… This article has been indexed…

Read more →

This just in: We lost your personal info, but here’s 2 years’ worth of Experian The BBC has emailed more than 25,000 current and former employees on one of its pension schemes after an unauthorized party broke into a database…

Read more →

His hospital employer is also being sued for not stepping in sooner In an ongoing civil lawsuit, an IT worker is accused of launching a “destructive cyber campaign of hate and revenge” against a police officer and his family after…

Read more →

Five current and former employees file formal charges with US employment watchdog Exclusive  Kyndryl, the IT services firm spun out of IBM, has been accused by multiple employees within its CISO Defense security group of discrimination on the basis of…

Read more →

More cybercrime means more problems and understaffed teams stretched to the limit Managed Service Partners (MSPs) say cybersecurity dwarfs all other main concerns about staying competitive in today’s market.… This article has been indexed from The Register – Security Read…

Read more →

Requests for pricing will soon be encrypted, after implementation deadline was extended India’s Bombay Stock Exchange (BSE) has told market participants they need to adopt encryption – which, shockingly, isn’t already implemented – for certain messages sent to its trading…

Read more →

DoJ says 911 S5 crew earned $100M from 19 million PCs pwned by fake VPNs US authorities have arrested the alleged administrator of what FBI director Christopher Wray has described as “likely the world’s largest botnet ever,” comprising 19 million…

Read more →

All that data allegedly going for a song on revived BreachForums Ticketmaster is believed to have had its IT breached by cybercriminals who claim to have stolen 1.3TB of data on 560 million of the corporation’s customers – and are…

Read more →

Think this is bad? See what Big Media wants to do to us, warns founder The Internet Archive has been under a distributed-denial-of-service (DDoS) attack since Sunday, and is trying to keep services going.… This article has been indexed from…

Read more →

Microsoft says Kim’s hermit nation is pivoting to latest tools as it evolves in cyberspace A brand-new cybercrime group that Microsoft ties to North Korea is tricking targets using fake job opportunities to launch malware and ransomware, all for financial…

Read more →

Theft happened in October, only now are details coming to light Sav-Rx has started notifying about 2.8 million people that their personal information was likely stolen during an IT intrusion that happened more than seven months ago.… This article has…

Read more →

Website whack-a-mole getting worse BreachForums is back online just weeks after the notorious dark-web marketplace for stolen data was seized by law enforcement.… This article has been indexed from The Register – Security Read the original article: BreachForums returns just…

Read more →

Website whack-a-mole getting worse BreachForums is back online just weeks after the notorious ransomware leak site was seized by law enforcement.… This article has been indexed from The Register – Security Read the original article: BreachForums returns, just weeks after…

Read more →

One tricky cluster is causing outrage among longstanding customers Over a month after an April datacenter upgrade coincided with problems with some of its customers’ backups, secure storage biz SpiderOak still isn’t fully operational, and some angry users say they’re…

Read more →

Centuries-old institution dodges questions on how it happened as ransomware gang claims credit International auctioning giant Christie’s has confirmed data was stolen during an online attack after a top-three ransomware group claimed credit.… This article has been indexed from The…

Read more →

In evolving smarter security, open source is the missing link Opinion  Some ideas work better than others. Take DARPA, the US Defense Advanced Research Projects Agency. Launched by US President Dwight Eisenhower in 1957 response to Sputnik, its job is…

Read more →

Former Pentagon deputy CIO Rob Carey tells us guardrails should steer Feds away from bad ML Interview  President Biden’s October executive order encouraging the safe use of AI included a ton of requirements for federal government agencies that are developing…

Read more →

PLUS: US water systems fail at cyber security More than a dozen big pharmaceutical suppliers have begun notifying individuals that their data was stolen when US drug wholesaler Cencora was breached in February.… This article has been indexed from The…

Read more →

FCC wants to hit this political genius with first-of-a-kind punishment The political consultant who admitted paying $150 to create a deepfake anti-Biden robocall has been indicted on charges of felony voter suppression and misdemeanor impersonation of a candidate.… This article…

Read more →

But criminals posing as Microsoft workers scored the most ill-gotten gains The Federal Trade Commission (FTC) has shared data on the most impersonated companies in 2023, which include Best Buy, Amazon, and PayPal in the top three.… This article has…

Read more →

An open and shut case, but the perps remain at large – whoever they are Justice is served… or should that be saved now that audio-visual software deployed in more than 10,000 courtrooms is once again secure after researchers uncovered…

Read more →

We know IT admins have busy schedules but c’mon An improper access control bug in Apache Flink that was fixed in January 2021 has been added to the US government’s Known Exploited Vulnerabilities Catalog, meaning criminals are right now abusing…

Read more →

We know IT admins have busy schedules but c’mon An improper access control bug in Apache Flink that was fixed in January 2021 has been added to the US government’s Known Exploited Vulnerabilities Catalog, meaning criminals are right now abusing…

Read more →

ShrinkLocker throws steel and vaccine makers into the hurt locker Yet more ransomware is using Microsoft BitLocker to encrypt corporate files, steal the decryption key, and then extort a payment from victim organizations, according to Kaspersky.… This article has been…

Read more →

Clock is ticking to it’s time for the handcuffs, we’re told Interview  The cyberattacks against Las Vegas casinos over the summer put a big target on the backs of Scattered Spider, the suspected perps, according to Mandiant Consulting’s CTO Charles…

Read more →

Current approaches aren’t working and demonize security teams A Google security bigwig has had enough of federally mandated phishing tests, saying they make colleagues hate IT teams for no added benefit.… This article has been indexed from The Register –…

Read more →

It’s still a rough one, so patch up Veeam says the recent critical vulnerability in its Backup Enterprise Manager (VBEM) can’t be used by cybercriminals to delete an organization’s backups.… This article has been indexed from The Register – Security…

Read more →

Wait, why do you want this job again? Chief information security officers around the globe “are nervously looking over the horizon,” according to a survey of 1,600 CISOs that found more than two thirds (70 percent) worry their organization is…

Read more →

Massive discount applied to save cop shop’s helicopter budget Following a data leak that brought “tangible fear of threat to life”, the UK’s data protection watchdog says it intends to fine the Police Service of Northern Ireland (PSNI) £750,000 ($955,798).……

Read more →

SpaceX is smart on this, Cupertino and GL.iNet not so much In-depth  Academics have suggested that Apple’s Wi-Fi Positioning System (WPS) can be abused to create a global privacy nightmare.… This article has been indexed from The Register – Security…

Read more →

You shouldn’t – Indian infosec researchers warn you’ll get random junk instead Indian infosec firm CloudSEK warned on Wednesday that scammers are selling counterfeit code advertised as the NSO Group’s notorious Pegasus spyware.… This article has been indexed from The…

Read more →

Unfading Sea Haze adept at staying under the radar Bitdefender says it has tracked down and exposed an online gang that has been operating since 2018 nearly without a trace – and likely working for Chinese interests.… This article has…

Read more →

Vague ML definitions subject to change – yeah, great The House Foreign Affairs Committee voted Wednesday to advance a law bill expanding the White House’s authority to police exports of AI systems – including models said to pose a national…

Read more →

Why should we get its paperwork? More than 100 medical industry groups have asked the Feds to make UnitedHealth Group, not them, go through the rigmarole of notifying everyone about the Change Healthcare ransomware infection.… This article has been indexed…

Read more →

Pharmacy says it’s ‘unwilling and unable to pay ransom’ Canadian pharmacy chain London Drugs has confirmed that ransomware thugs stole some of its corporate files containing employee information and says it is “unwilling and unable to pay ransom to these…

Read more →

Intercontinental Exchange’s Q1 revenue exceeded $1B – that’ll sure teach ’em The New York Stock Exchange’s parent company has just been hit with a $10 million fine for failing to properly inform the Securities and Exchange Commission (SEC) of a…

Read more →

$4.5M slushed through accounts from state healthcare and lonely people Georgia resident Malachi Mullings received a decade-long sentence for laundering money scored in scams against healthcare providers, private companies, and individuals to the tune of $4.5 million.… This article has…

Read more →

‘Clarification’ weighs in on material vs voluntary disclosures The US Securities and Exchange Commission (SEC) wants to clarify guidelines for public companies regarding the disclosure of ransomware and other cybersecurity incidents.… This article has been indexed from The Register –…

Read more →

Attend this Register live event to learn how Sponsored Survey and Live Event  What are the biggest risks to your organization posed by ransomware and what security defenses does it have in place to protect its sensitive data from cyber…

Read more →

Rivals ready to swoop in but drop in overall attacks illustrates LockBit’s influence The takedown of LockBit in February is starting to bear fruit for rival gangs with Play overtaking it after an eight-month period of LockBit topping the attack…

Read more →

On the bright side, someone made up to $30,000+ for finding it GitHub has patched its Enterprise Server software to fix a security flaw that scored a 10 out of 10 CVSS severity score.… This article has been indexed from…

Read more →

Boffins, why not simply invent an algorithm that autonomously fixes flaws, thereby ending ransomware forever The US government’s Advanced Research Projects Agency for Health (ARPA-H) has pledged more than $50 million to fund the development of technology that aims to…

Read more →

Guess we all have imaginary monsters to fear Zoom has rolled out what it claims is post-quantum end-to-end encryption (E2EE) for video conferencing, saying it will make it available for Phone and Rooms “soon.”… This article has been indexed from…

Read more →

Crashes galore, plus especially crafty crims could use it for much worse Infosec researchers are alerting the industry to a critical vulnerability in Fluent Bit – a logging component used by a swathe of blue chip companies and all three…

Read more →

Fewer rivals on the scene as big-gang success soars The number of new ransomware strains in circulation has more than halved over the past 12 months, suggesting there is little need for innovation given the success of the existing tools…

Read more →