GitGuardian takes on enterprise secrets sprawl Partner Content With Non-Human Identities (NHIs) now outnumbering human users 100 to one in enterprise environments, managing secrets across multiple vaults has become a significant security concern.… This article has been indexed from The…
Category: The Register – Security
North Korea’s fake IT worker scam hauled in at least $88 million over six years
DoJ thinks it’s found the folks that ran it, and some of the ‘IT warriors’ sent out to fleece employers North Korea’s fake IT worker scams netted the hermit kingdom $88 million over six years, according to the US Department…
Apache issues patches for critical Struts 2 RCE bug
More details released after devs allowed weeks to apply fixes We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE.… This article has…
Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push
Holiday cheer comes in the form of three arrests and 27 shuttered domains The Europol-coordinated Operation PowerOFF struck again this week as cross-border cops pulled the plug on 27 more domains tied to distributed denial of service (DDoS) criminality.… This…
British Army zaps drones out of the sky with laser trucks
High-energy weapon proves its mettle in testing The British Army has successfully destroyed flying drones for the first time using a high-energy laser mounted on an armored vehicle. If perfected, the technology could form an effective counter-measure against drone attacks.… This article…
Firefox ditches Do Not Track because nobody was listening anyway
Few websites actually respect the option, says Mozilla When Firefox 135 is released in February, it’ll ship with one less feature: Mozilla plans to remove the Do Not Track toggle from its Privacy and Security settings. … This article has been…
Citrix goes shopping in Europe and returns with gifts for security-conscious customers
Acquires two companies that offer stuff for those on the nice list to keep naughty list types at bay Citrix has gone on a European shopping trip, and come home with its bag of gifts bulging thanks to a pair…
Blocking Chinese spies from intercepting calls? There ought to be a law
Sen. Wyden blasts FCC’s ‘failure’ amid Salt Typhoon hacks US telecoms carriers would be required to implement minimum cyber security standards and ensure their systems are not susceptible to hacks by nation-state attackers – like Salt Typhoon – under legislation…
Krispy Kreme Doughnut Corporation admits to hole in security
Belly-busting biz says it’s been hit by cowardly custards Doughnut slinger Krispy Kreme has admitted to an attack that has left many customers unable to order online.… This article has been indexed from The Register – Security Read the original…
Three more vulns spotted in Ivanti CSA, all critical, one 10/10
Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker Ivanti just put out a security advisory warning of three critical vulnerabilities in its Cloud Services Application (CSA), including a perfect 10.… This article has been…
US names Chinese national it alleges was behind 2020 attack on Sophos firewalls
Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware The US Departments of Treasury and Justice have named a Chinese business and one of its employees as the actors behind the 2020 exploit of a…
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins
Twas the night before Christmas, and all through the house, patching was done with the click of a mouse Microsoft hasn’t added too much coal to the stocking this Patch Tuesday, with just 72 fixes, only one of which scored…
US military grounds entire Osprey tiltrotor fleet over safety concerns
Boeing-Bell V-22 can’t outfly its checkered past, it seems The US Navy, Air Force, and Marine Corps have grounded their fleet of Boeing-Bell-made Osprey V-22s on safety grounds.… This article has been indexed from The Register – Security Read the…
AMD secure VM tech undone by DRAM meddling
Boffins devise BadRAM attack to pilfer secrets from SEV-SNP encrypted memory Researchers have found that the security mechanism AMD uses to protect virtual machine memory can be bypassed with $10 of hardware – and perhaps not even that.… This article…
Fully patched Cleo products under renewed ‘zero-day-ish’ mass attack
Thousands of servers targeted while customers wait for patches Researchers at security shop Huntress are seeing mass exploitation of a vulnerability affecting three Cleo file management products, even on patched systems.… This article has been indexed from The Register –…
Heart surgery device maker’s security bypassed, data encrypted and stolen
Sounds like th-aorta get this sorted quickly A manufacturer of devices used in heart surgeries says it’s dealing with “a cybersecurity incident” that bears all the hallmarks of a ransomware attack.… This article has been indexed from The Register –…
Bitfinex heist gets the Netflix treatment after ‘cringey couple’ sentenced
Streamer’s trademark dramatic style takes on Bitcoin Bonnie and Clyde A documentary examining the 2016 Bitfinex burglars hits Netflix, bringing the curious case to living rooms for the first time.… This article has been indexed from The Register – Security…
WhatsApp finally fixes View Once flaw that allowed theft of supposedly vanishing pics
And it only took four months, tut WhatsApp has fixed a problem with its View Once feature, designed to protect people’s privacy with automatically disappearing pictures and videos.… This article has been indexed from The Register – Security Read the…
Police arrest suspect in murder of UnitedHealthcare CEO, with grainy pics the only tech involved
McDonald’s worker called it in, cops swooped, found ‘gun, suppressor, manifesto’ Police in Pennsylvania have arrested a man suspected of killing the CEO of insurer UnitedHealthcare in New York City, thanks to a McDonald’s employee who recognized the suspect in…
China’s Salt Typhoon recorded top American officials’ calls, says White House
No word yet on who was snooped on. Any bets? Chinese cyberspies recorded “very senior” US political figures’ calls, according to White House security boss Anne Neuberger.… This article has been indexed from The Register – Security Read the original…
Salt Typhoon recorded top US officials’ calls, says White House
No word yet on who. Any bets? Chinese cyberspies recorded “very senior” US political figures’ calls, according to White House security boss Anne Neuberger.… This article has been indexed from The Register – Security Read the original article: Salt Typhoon…
Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket
ShinyHunters-linked heist thought to have been ongoing since March Exclusive A massive online heist targeting AWS customers during which digital crooks abused misconfigurations in public websites and stole source code, thousands of credentials, and other secrets remains “ongoing to this…
OpenWrt orders router firmware updates after supply chain attack scare
A couple of bugs lead to a potentially bad time OpenWrt users should upgrade their images to the same version to protect themselves from a possible supply chain attack reported to the open source Wi-Fi router project last week.… This…
Microsoft dangles $10K for hackers to hijack LLM email service
Outsmart an AI, win a little Christmas cash Microsoft and friends have challenged AI hackers to break a simulated LLM-integrated email client with a prompt injection attack – and the winning teams will share a $10,000 prize pool.… This article…
Blue Yonder ransomware termites claim credit
Also: Mystery US firm compromised by Chinese hackers for months; Safe links that aren’t; Polish spy boss arrested, and more Infosec in brief Still smarting over that grocery disruption caused by a ransomware attack on supply chain SaaS vendor Blue…
How Chinese insiders are stealing data scooped up by President Xi’s national surveillance system
‘It’s a double-edged sword,’ security researchers tell The Reg Feature Chinese tech company employees and government workers are siphoning off user data and selling it online – and even high-ranking Chinese Communist Party officials and FBI-wanted hackers’ sensitive information is…
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+
Microsoft’s OS sure loves throwing your creds at remote systems Acros Security claims to have found an unpatched bug in Microsoft Windows 7 and onward that can be exploited to steal users’ OS account credentials.… This article has been indexed…
Facing sale or ban, TikTok tossed under national security bus by appeals court
Video slinger looks to Supremes for salvation, though anything could happen under Trump A US federal appeals court has rejected a challenge to the law that prevents popular apps that collect data on Americans from being controlled by a foreign…
Salt Typhoon forces FCC’s hand on making telcos secure their networks
Proposal pushes stricter infosec safeguards after Chinese state baddies expose vulns The head of America’s Federal Communications Commission (FCC) wants to force telecoms operators to tighten network security in the wake of the Salt Typhoon revelations, and to submit an…
Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware
Threatened with life in prison, Kyiv charity worker gives middle finger to state spies A Russian programmer defied the Federal Security Service (FSB) by publicizing the fact his phone was infected with spyware after being confiscated by authorities.… This article…
Protect your clouds
Get best practice advice on how to safeguard your cloud infrastructure from SANS Sponsored Post According to the 2024 IBM Cost of the Data Breach Report 40 percent of data breaches identified between March 2023 and February 2024 involved data…
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files
Still unpatched 100+ days later, watchTowr says A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive files on vulnerable instances. … This article…
Microsoft: Another Chinese cyberspy crew targeting US critical orgs ‘as of yesterday’
Redmond threat intel maven talks explains this persistent pain to The Reg A Chinese government-linked group that Microsoft tracks as Storm-0227 yesterday started targeting critical infrastructures organisations and US government agencies, according to Redmond’s threat intel team.… This article has…
Solana blockchain’s popular web3.js npm package backdoored to steal keys, funds
Damage likely limited to those running bots with private key access Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project maintainer Steven Luscher.… This article…
Explore strategies for effective endpoint control
Discover how automation can simplify endpoint management in this webinar Webinar Managing endpoints in today’s dynamic IT environments is becoming increasingly complex.… This article has been indexed from The Register – Security Read the original article: Explore strategies for effective…
British hospitals hit by cyberattacks still battling to get systems back online
Children’s hospital and cardiac unit say criminals broke in via shared ‘digital gateway service’ Both National Health Service trusts that oversee the various hospitals hit by separate cyberattacks last week have confirmed they’re still in the process of restoring systems.……
BT Group confirms attackers tried to break into Conferencing division
Sensitive data allegedly stolen from US subsidiary following Black Basta post BT Group confirmed it is dealing with an attempted attack on one of its legacy business units after the Black Basta ransomware group claimed they broke in.… This article…
Shape the future of UK cyber security
Support the industry by sponsoring the UK Cyber Team Competition Partner Content The opportunity to identify, foster and nurture talented young people towards a cyber security career should always be grabbed with both hands.… This article has been indexed from…
Ransomware hangover, Putin grudge blamed for vodka maker’s bankruptcy
Stoli Group on the rocks in the US Two US subsidiaries of alcohol giant Stoli Group filed for bankruptcy protection this week over financial difficulties exacerbated by an August ransomware attack.… This article has been indexed from The Register –…
T-Mobile US CSO: Spies jumped from one telco to another in a way ‘I’ve not seen in my career’
Security chief talks to El Reg as Feds urge everyone to use encrypted chat interview While Chinese-government-backed spies maintained access to US telecommunications providers’ networks for months – and in some cases still haven’t been booted out – T-Mobile US…
Cops arrest suspected admin of German-language crime bazaar
Drugs, botnets, forged docs, and more generated fortune for platform sellers German authorities say they have again shut down the perhaps unwisely named Crimenetwork platform and arrested a suspected admin.… This article has been indexed from The Register – Security…
Microsoft says premature patch could make Windows Recall forget how to work
Installed the final non-security preview update of 2024? Best not hop onto the Dev Channel Microsoft has pinned down why some eager Windows Insiders could not persuade the Recall preview to save any snapshots. It’s all down to a pesky…
Severity of the risk facing the UK is widely underestimated, NCSC annual review warns
National cyber emergencies increased threefold this year The number of security threats in the UK that hit the country’s National Cyber Security Centre’s (NCSC) maximum severity threshold has tripled compared to the previous 12 months.… This article has been indexed…
Major energy contractor reports ‘limited’ access to IT after ransomware locks files
ENGlobal customers include the Pentagon as well as major oil and gas producers American energy contractor ENGlobal disclosed that access to its IT systems remains limited following a ransomware infection in late November.… This article has been indexed from The…
Perfect 10 directory traversal vuln hits SailPoint’s IAM solution
20-year-old info disclosure class bug still pervades security software It’s time to rev up those patch engines after SailPoint disclosed a perfect 10/10 severity vulnerability in its identity and access management (IAM) platform IdentityIQ.… This article has been indexed from…
FTC scolds two data brokers for allegedly selling your location to the metre
‘Where we go is who we are’ totally isn’t a creepy ad slogan at all The FTC has reached a settlement with two data brokerages over allegations they harvested precise location data that shows when people entered hospitals, places of…
Eurocops take down ‘secure’ criminal chat system known as Matrix
They took the red pill Updated French and Dutch police have taken down the Matrix chat app, which was designed by criminals for criminals to be a secure encrypted messaging tool.… This article has been indexed from The Register –…
Put your usernames and passwords in your will, advises Japan’s government
Digital end of life planning saves your loved ones from a little extra anguish Japan’s National Consumer Affairs Center on Wednesday suggested citizens start “digital end of life planning” and offered tips on how to do it.… This article has…
Now Online Safety Act is law, UK has ‘priorities’ – but still won’t explain ‘spy clause’
Draft doc struggles to describe how theoretically encryption-busting powers might be used The UK government has set out plans detailing how it will use the new law it has created to control online platforms and social media – with one…
‘Alarming’ security bugs lay low in Linux’s needrestart server utility for 10 years
Update now: Qualys says flaws give root to local users, are ‘easily exploitable’ Researchers at Qualys refuse to release exploit code for five bugs in the Linux world’s needrestart utility that allow unprivileged local attackers to gain root access without…
Chinese ship casts shadow over Baltic subsea cable snipfest
Danish military confirms it is monitoring as Swedish police investigate. Cloudflare says impact was ‘minimal’ The Danish military has confirmed it is tracking a Chinese ship that is under investigation after two optical fiber internet cables under the Baltic Sea…
Simplifying endpoint security
Discover unified strategies to secure and manage all endpoints across your organization Webinar As organizations expand their digital footprint, the range of endpoints – spanning from laptops to IoT devices – continues to grow.… This article has been indexed from…
Bitfinex burglar bags 5 years behind bars for Bitcoin heist
A nervous wait for rapper wife who also faces a stint in the clink The US is sending the main figure behind the 2016 intrusion at crypto exchange Bitfinex to prison for five years after he stole close to 120,000…
Microsoft Power Pages misconfigurations exposing sensitive data
NHS supplier that leaked employee info fell victim to fiddly access controls that can leave databases dangling online Private businesses and public-sector organizations are unwittingly exposing millions of people’s sensitive information to the public internet because they misconfigure Microsoft’s Power…
Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost
Plus a bonus hard-coded local API key A now-patched, high-severity bug in Fortinet’s FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher privileges from another user, execute code and possibly…
Cybercriminal devoid of boundaries gets 10-year prison sentence
Serial extortionist of medical facilities stooped to cavernous lows in search of small payouts A rampant cybercrook and repeat attacker of medical facilities in the US is being sentenced to a decade in prison, around seven years after the first…
Kids’ shoemaker Start-Rite trips over security again, spilling customer card info
Full details exposed, putting shoppers at serious risk of fraud Children’s shoemaker Start-Rite is dealing with a nasty “security incident” involving customer payment card details, its second significant lapse during the past eight years.… This article has been indexed from…
NatWest blocks bevy of apps in clampdown on unmonitorable comms
From guidance to firm action… no more WhatsApp, Meta’s Messenger, Signal, Telegram and more The full list of messaging apps officially blocked by Brit banking and insurance giant NatWest Group is more extensive than WhatsApp, Meta’s Messenger, and Skype –…
Asda security chief replaced, retailer sheds jobs during Walmart tech divorce
British grocer’s workers called back to office as clock ticks for contractors The head of tech security at Asda, the UK’s third-largest food retailer, has left amid an ongoing tech divorce from US grocery giant Walmart.… This article has been…
Five Eyes infosec agencies list 2024’s most exploited software flaws
Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities, and…
Reminder: China-backed crews compromised ‘multiple’ US telcos in ‘significant cyber espionage campaign’
Feds don’t name Salt Typhoon, but describe Beijing band’s alleged deeds The US government has confirmed there was “a broad and significant cyber espionage campaign” conducted by China-linked snoops against “multiple” American telecommunications providers’ networks.… This article has been indexed…
China-backed crews compromised ‘multiple’ US telcos in ‘significant cyber espionage campaign’
Feds don’t name Salt Typhoon, but describe Beijing band’s alleged deeds The US government has detected “a broad and significant cyber espionage campaign” conducted by China-linked attackers and directed at “multiple” US telecommunications providers’ networks.… This article has been indexed…
ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue
Plus: CISA’s ScubaGear dives deep to fix M365 misconfigs Bitdefender has released a free decryption tool that can unlock data encrypted by the ShrinkLocker ransomware.… This article has been indexed from The Register – Security Read the original article: ShrinkLocker…
Data broker amasses 100M+ records on people – then someone snatches, sells it
We call this lead degeneration What’s claimed to be more than 183 million records of people’s contact details and employment info has been stolen or otherwise obtained from a data broker and put up for sale by a miscreant.… This…
Ransomware fiends boast they’ve stolen 1.4TB from US pharmacy network
American Associated Pharmacies yet to officially confirm infection American Associated Pharmacies (AAP) is the latest US healthcare organization to have had its data stolen and encrypted by cyber-crooks, it is feared.… This article has been indexed from The Register –…
Microsoft slips Task Manager and processor count fixes into Patch Tuesday
Sore about cores no more Microsoft has resolved two issues vexing Windows 11 24H2 and Windows Server 2025 users among the many security updates that emerged on Patch Tuesday.… This article has been indexed from The Register – Security Read…
China’s Volt Typhoon crew and its botnet surge back with a vengeance
Ohm, for flux sake China’s Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.… This article has been indexed from The…
Admins can give thanks this November for dollops of Microsoft patches
Don’t be a turkey – get these fixed Patch Tuesday Patch Tuesday has swung around again, and Microsoft has released fixes for 89 CVE-listed security flaws in its products – including two under active attack – and reissued three more.……
Air National Guardsman gets 15 years after splashing classified docs on Discord
Jack Teixeira, 22, talked of ‘culling the weak minded’ – hmm! A former Air National Guard member who stole classified American military secrets, and showed them to his gaming buddies on Discord, has been sentenced to 15 years in prison.……
Here’s what we know about the suspected Snowflake data extortionists
A Canadian and an American living in Turkey ‘walk into’ cloud storage environments… Two men allegedly compromised what’s believed to be multiple organizations’ Snowflake-hosted cloud environments, stole sensitive data within, and extorted at least $2.5 million from at least three…
‘Cybersecurity issue’ at Food Lion parent blamed for US grocery mayhem
Stores still open, but customers report delayed deliveries, invoicing issues, and more at Stop & Shop and others Retail giant Ahold Delhaize, which owns Food Lion and Stop & Shop, among others, is confirming outages at several of its US…
HTTP your way into Citrix’s Virtual Apps and Desktops with fresh exploit code
‘Once again, we’ve lost a little more faith in the internet,’ researcher says Researchers are publicizing a proof of concept (PoC) exploit for what they’re calling an unauthenticated remote code execution (RCE) vulnerability in Citrix’s Virtual Apps and Desktops.… This…
Managing third-party risks in complex IT environments
Key steps to protect your organization’s data from unauthorized external access Webinar With increasing reliance on contractors, partners, and vendors, managing third-party access to systems and data is a complex security challenge.… This article has been indexed from The Register…
Amazon confirms employee data exposed in leak linked to MOVEit vulnerability
Over 5 million records from 25 organizations posted to black hat forum Amazon employees’ data is part of a stolen trove posted to a cybercrime forum linked to last year’s MOVEit vulnerability.… This article has been indexed from The Register…
FBI issues warning as crooks ramp up emergency data request scams
Just because it’s .gov doesn’t mean that email is trustworthy Cybercrooks abusing emergency data requests in the US isn’t new, but the FBI says it’s becoming a more pronounced issue as the year draws to a close.… This article has…
Dark web crypto laundering kingpin sentenced to 12.5 years in prison
Prosecutors hand Russo-Swede a half-billion bill The operator of the longest-running money laundering machine in dark web history, Bitcoin Fog, has been sentenced to 12 years and six months in US prison.… This article has been indexed from The Register…
Alleged Snowflake attacker gets busted by Canadians – politely, we assume
Also: Crypto hacks will continue; CoD hacker gets thousands banned, and more in brief One of the suspected masterminds behind the widespread Snowflake breach has been arrested in Canada – but the saga isn’t over, eh. … This article has been…
Scattered Spider, BlackCat claw their way back from criminal underground
We all know by now that monsters never die, right? Two high-profile criminal gangs, Scattered Spider and BlackCat/ALPHV, seemed to disappear into the darkness like their namesakes following a series of splashy digital heists last year, after which there were…
Winos4.0 abuses gaming apps to infect, control Windows machines
‘Multiple’ malware samples likely targeting education orgs Criminals are using game-related applications to infect Windows systems with a malicious software framework called Winos4.0 that gives the attackers full control over compromised machines.… This article has been indexed from The Register…
Don’t open that ‘copyright infringement’ email attachment – it’s an infostealer
Curiosity gives crims access to wallets and passwords Organizations should be on the lookout for bogus copyright infringement emails as they might be the latest ploy by cybercriminals to steal their data.… This article has been indexed from The Register…
Cisco scores a perfect CVSS 10 with critical flaw in its wireless system
Ultra-Reliable Wireless Backhaul doesn’t live up to its name Cisco is issuing a critical alert notice about a flaw that makes its so-called Ultra-Reliable Wireless Backhaul systems easy to subvert.… This article has been indexed from The Register – Security…
Officials warn of Russia’s tech-for-troops deal with North Korea amid Ukraine conflict
10,000 of Kim Jong Un’s soldiers believed to be headed for front line The EU has joined US and South Korean officials in expressing concern over a Russian transfer of technology to North Korea in return for military assistance against…
Cybercrooks are targeting Bengal cat lovers in Australia for some reason
In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos Fresh from a series of serious reports detailing its five-year battle with Chinese cyberattackers, Sophos has dropped a curious story about users of a popular infostealer-cum-RAT targeting…
Operation Synergia II sees Interpol swoop on global cyber crims
22,000 IP addresses taken down, 59 servers seized, 41 arrests in 95 countries Interpol is reporting a big win after a massive combined operation against online criminals made 41 arrests and seized hardware thought to be used for nefarious purposes.……
Cyberattackers stole Microlise staff data following DHL, Serco disruption
Experts say incident has ‘all the hallmarks of ransomware’ Telematics tech biz Microlise says an attack that hit its network likely did not expose customer data, although staff aren’t so lucky.… This article has been indexed from The Register –…
China’s Volt Typhoon reportedly breached Singtel in ‘test-run’ for US telecom attacks
Alleged intrusion spotted in June Chinese government cyberspies Volt Typhoon reportedly breached Singapore Telecommunications over the summer as part of their ongoing attacks against critical infrastructure operators.… This article has been indexed from The Register – Security Read the original…
Scumbag puts ‘stolen’ Nokia source code, SSH and RSA keys, more up for sale
Data pinched from pwned outside supplier, thief says IntelBroker, a notorious peddler of stolen data, claims to have pilfered source code, private keys, and other sensitive materials belonging to Nokia.… This article has been indexed from The Register – Security…
Schneider Electric ransomware crew demands $125k paid in baguettes
Hellcat crew claimed to have gained access via the company’s Atlassian Jira system Schneider Electric confirmed that it is investigating a breach as a ransomware group Hellcat claims to have stolen more than 40 GB of compressed data — and demanded…
A Kansas pig butchering: CEO who defrauded bank, church, friends gets 24 years
FBI recovers just $8M after scam crashes Heartland Tri-State Bank The FBI has recovered $8 million in funds from a cryptocurrency scam that netted $47 million and devastated the Kansas city of Elkhart.… This article has been indexed from The…
Criminals open DocuSign’s Envelope API to make BEC special delivery
Why? Because that’s where the money is Business email compromise scammers are trying to up their success rate by using a DocuSign API.… This article has been indexed from The Register – Security Read the original article: Criminals open DocuSign’s…
Ongoing typosquatting campaign impersonates hundreds of popular npm packages
Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials An ongoing typosquatting campaign is targeting developers via hundreds of popular JavaScript libraries, whose weekly downloads number in the tens of millions, to infect…
Washington courts grapple with statewide outage after ‘unauthorized activity’
Justice still being served, but many systems are down A statewide IT outage attributed to “unauthorized activity” is affecting the availability of services provided by all courts in Washington.… This article has been indexed from The Register – Security Read…
Google claims Big Sleep ‘first’ AI to spot freshly committed security bug that fuzzing missed
You snooze, you lose, er, win Google claims one of its AI models is the first of its kind to spot a memory safety vulnerability in the wild – specifically an exploitable stack buffer underflow in SQLite – which was…
Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack
Victims were placed in serious danger following highly sensitive data dump The City of Columbus, Ohio, has confirmed half a million people’s data was accessed and potentially stolen when Rhysida’s ransomware raided its systems over the summer.… This article has…
Why the long name? Okta discloses auth bypass bug affecting 52-character usernames
Mondays are for checking months of logs, apparently, if MFA’s not enabled In potentially bad news for those with long names and/or employers with verbose domain names, Okta spotted a security hole that could have allowed crims to pass Okta…
Public sector cyber break-ins: Our money, our lives, our right to know
Is that a walrus in your server logs, or aren’t you pleased to see me? Opinion At the start of September, Transport for London was hit by a major cyber attack. TfL is the public body that moves many of…
6 IT contractors arrested for defrauding Uncle Sam out of millions
Also, ecommerce fraud ring disrupted, another Operation Power Off victory, Sino SOHO botnet spotted, and more in brief The US Department of Justice has charged six people with two separate schemes to defraud Uncle Sam out of millions of dollars…
Financial institutions told to get their house in order before the next CrowdStrike strikes
Calls for improvements will soon turn into demands when new rules come into force The UK’s finance regulator is urging all institutions under its remit to better prepare for IT meltdowns like that of CrowdStrike in July.… This article has…
UK councils bat away DDoS barrage from pro-Russia keyboard warriors
Local authority websites downed in response to renewed support for Ukraine Multiple UK councils had their websites either knocked offline or were inaccessible to residents this week after pro-Russia cyber nuisances added them to a daily target list.… This article…
Hack Nintendo’s alarm clock to show cat pics? Let’s-a-go!
How ‘Gary’ defeated Bowser broke into the interactive alarm clock A hacker who uses the handle GaryOderNichts has found a way to break into Nintendo’s recently launched Alarmo clock, and run code on the device.… This article has been indexed…