Tag: The Register – Security

PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering’s new cuts; and the week’s critical vulns Infosec in brief  T-Mobile US has had another bad week on the infosec front – this time stemming from a system glitch that…

Read more →

PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering’s new cuts; and the week’s critical vulns Infosec in brief  T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that exposed…

Read more →

Holes in iOS, macOS and more fixed up after tip off from Google, Citizen Lab Apple has emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.… This article has been indexed…

Read more →

IRIS2 oversight deal signed as constellation’s schedule slips, and Ariane 6 hits another snag The European Space Agency has signed up to build and launch the European Union’s Infrastructure for Resilience, Interconnectivity and Security by Satellite constellation.… This article has…

Read more →

IRIS2 oversight deal signed as constellation’s schedule slips, and Ariane 6 hits another snag The European Space Agency has signed up to build and launch the European Union’s Infrastructure for Resilience, Interconnectivity and Security by Satellite constellation.… This article has…

Read more →

National defense files can earn you $55K … and espionage charges A US government worker has been arrested and charged with spying for Ethiopia, according to court documents unsealed Thursday.… This article has been indexed from The Register – Security…

Read more →

Prolific info-thief strikes again Days after a miscreant boasted leaking a 3GB-plus database from TransUnion containing financial information on 58,505 people, the credit-checking agency has claimed the info was actually swiped from a third party.… This article has been indexed…

Read more →

Prolific info-thief strikes again Days after a miscreant boasted leaking a 3GB-plus database from TransUnion containing financial information on 58,505 people, the credit-checking agency has claimed the info was actually swiped from a third party.… This article has been indexed…

Read more →

$157/share cash deal is the largest acquisition in networking titan’s history Cisco is making its most expensive acquisition ever – by far – with an announcement it’s buying data crunching software firm Splunk for $157 per share, or approximately $28…

Read more →

Five businesses facing half a million in collective penalties for illegally phoning folk registered with TPS The UK data watchdog has penalized five businesses it says collectively made 1.9 million cold calls to members of the public, illegally, as those…

Read more →

Global tech companies’ Bharat offices attract the wrong sort of interest India is grappling with a three-and-a-half year surge in cyber crime, with analysis suggesting cities like Bengaluru and Gurgaon – centers of India’s tech development – are also hubs…

Read more →

Pizza Hut Australia warns 190,000 customers’ data – including order history – has been accessed Pizza Hut’s Australian outpost has suffered a data breach.… This article has been indexed from The Register – Security Read the original article: Data breach…

Read more →

Invasion of the data snatchers The Snatch ransomware crew has listed on its dark-web site the Florida Department of Veterans’ Affairs as one of its latest victims – as the Feds warn organizations to be on the lookout for indicators…

Read more →

X3DH readied for retirement as PQXDH is rolled out Signal has adopted a new key agreement protocol in an effort to keep encrypted Signal chat messages protected from any future quantum computers.… This article has been indexed from The Register…

Read more →

ICC admits breach in social media post, says response remains ongoing The International Criminal Court said criminals breached its IT systems last week but it isn’t over yet, with the ICC saying the “cybersecurity incident” is still ongoing.… This article…

Read more →

Beijing accuses US of breaking into Huawei servers in 2009 The ongoing face-off between Washington and Beijing over technology and security issues has taken a new twist, with China accusing the US of hacking into the servers of Huawei in…

Read more →

Part of network of crims who used ‘trickery and threats’ to target elderly, says US Attorney Two Indian nationals each received 41-month prison sentences for their involvement in $1.2 million worth of robocall scams targeting the elderly, according to the…

Read more →

Will spend 20 years in prison after selling $88M in ADI software keys A sysadmin and his partner pleaded guilty this week to being part of a “massive” international ring that sold software licenses worth $88 million for “significantly below…

Read more →

November’s two day conference sees experts from the cyber security community share their insight and knowledge Sponsored Post  Cyber security remains a top three priority for most, if not all, organisations. The risks associated with failure to implement adequate defences…

Read more →

Allegations date back a decade to leaked Snowden docs Cavium, a maker of semiconductors acquired in 2018 by Marvell, was allegedly identified in documents leaked in 2013 by Edward Snowden as a vendor of semiconductors backdoored for US intelligence. Marvell…

Read more →

Allegations date back a decade to leaked Snowden docs Cavium, a maker of semiconductors acquired in 2018 by Marvell, was identified in the documents leaked in 2013 by Edward Snowden as a vendor that cooperated with US intelligence agencies to…

Read more →

Feds claim sniper scope displays sold in sanctions-busting move A Russian national helped smuggle, via shell companies in Hong Kong, more than $1.6 million in microelectronics to Moscow potentially to support its war against Ukraine, it is claimed.… This article…

Read more →

Feds claim sniper scope displays sold in sanctions-busting move A Russian national helped smuggle, via shell companies in Hong Kong, more than $1.6 million in microelectronics to Moscow potentially to support its war against Ukraine, it is claimed.… This article…

Read more →

Back to ‘manual’ order processing for $7B household cleaning biz, financial impact will be ‘material’ The Clorox Company, makers of bleach and other household cleaning products, doesn’t expect operations to return to normal until near month end as it combs…

Read more →

Local corporate regulator warns boards that cyber is totally a directorial duty Australia will build “six cyber shields around our nation” declared home affairs minister Clare O’Neill yesterday, as part of a national cyber security strategy.… This article has been…

Read more →

Flaws fixed in August, admins seem to have taken the summer off About 79 percent of public-facing Juniper SRX firewalls remain vulnerable to a single security flaw can allow an unauthenticated attacker to remotely execute code on the devices, according…

Read more →

Now-NASA boffin not impressed Last October, Pennsylvania State University (Penn State) was sued by a former chief information officer for allegedly falsifying government security compliance reports.… This article has been indexed from The Register – Security Read the original article:…

Read more →

Included secrets, private keys, passwords, 30,000+ internal Teams messages A Microsoft employee accidentally exposed 38 terabytes of private data while publishing a bucket of open-source AI training data on GitHub, according to Wiz security researchers who spotted the leaky account…

Read more →

Also, LockBit gets a new second stringer, AirTag owners find yet another illicit use, and this week’s critical vulns Infosec in brief  Californians may be on their way to the nation’s first “do not broker” list with the passage of…

Read more →

AMBERSQUID operation takes AWS’s paths less travelled in search of compute As cloud native computing continues to gain popularity, so does the risk posed by criminals seeking to exploit the unwary. One newly spotted method targets services on the AWS…

Read more →

Oh s#!t, Sherlock Israeli software maker Insanet has reportedly developed a commercial product called Sherlock that can infect devices via online adverts to snoop on targets and collect data about them for the biz’s clients.… This article has been indexed…

Read more →

Mandiant warns casino raiders are doubling down on ‘monetization strategies’ Scattered Spider, the crew behind at least one of the recent Las Vegas casino IT security breaches, has already hit some 100 organizations during its so-far brief tenure in the…

Read more →

Half a percent of last quarter’s net income? That’ll teach ’em Google has been hit with another lawsuit alleging it deceived users about its collection, storage, and use of their location data, this time from the state of California. Yet it’s…

Read more →

Are you the weakest link? The UK’s Greater Manchester Police (GMP) has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked.… This article has been indexed from…

Read more →

NoEscape promises ‘colossal wave of problems’ if IJC doesn’t pay up The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB…

Read more →

Zero-days are so 2022. Why not just social engineer the help desk? Casino giant Caesars Entertainment has confirmed miscreants stole a database containing customer info, including driver license and social security numbers for a “significant number” of its loyalty program…

Read more →

Company noticed data warehouse break-in via compromised account a month later Cloud-based bug tracking and monitoring platform Rollbar has warned users that attackers have rifled through their data.… This article has been indexed from The Register – Security Read the…

Read more →

Homeland Security told to mind costs, fix up privacy controls Twice delayed and over budget, the US Department of Homeland Security (DHS) has been told by the Government Accountability Office (GAO) that it needs to correct shortcomings in its biometric…

Read more →

No, you CEO is not on Teams asking you to transfer money Deepfakes are coming for your brand, bank accounts, and corporate IP, according to a warning from US law enforcement and cyber agencies.… This article has been indexed from…

Read more →

Ransomware group nicked info from employee of airline, say researchers Aerospace giant Airbus has fallen victim to a data breach, thanks in part to the inattention of a third party.… This article has been indexed from The Register – Security…

Read more →

Cut and shut is so last century, now it’s copy and clone Researchers have found almost 15,000 automotive accounts for sale online and pointed at a credential-stuffing attack that targeted car makers.… This article has been indexed from The Register…

Read more →

Fun technique – but how practical is it? Some smart cookies at institutions in China and Singapore have devised a technique for reading keystrokes and pilfering passwords or passcodes from Wi-Fi-connected mobile devices on public networks, without any hardware hacking.……

Read more →

Pensioners, employees and medical pros among those aiming to be compensated for data exposure The number of claimants signing up to a Class Action against Capita over the infamous March cyber security break-in and subsequent data exposure keeps going up,…

Read more →

Running unsupported and unpatched versions of Exchange Server will do that to a country Sri Lanka’s Computer Emergency Readiness Team (CERT) is currently investigating a ransomware attack on the government’s cloud infrastructure that affected around 5,000 email accounts, it revealed…

Read more →

‘Obtaining a disruptive capability could be one possible motivation behind this surge in attacks’ Espionage-ware thought to have been developed by China has once again been spotted within the power grid of a neighboring nation.… This article has been indexed…

Read more →

Plus: Adobe and Android also tackle abused-in-the-wild flaws Patch Tuesday  It’s every Windows admin’s favorite day of the month: Patch Tuesday. Microsoft emitted 59 patches for its September update batch, including two for bugs that have already been exploited.… This…

Read more →

$50k to breathe new life into its corpse. The rest of us must move on to OpenSSL 3.0 OpenSSL 1.1.1 has reached the end of its life, making a move to a later version essential for all, bar those with…

Read more →

Exploit observed in the wild as Mountain View pushes out updates Google has rushed out a fix for a vulnerability in its Chrome browser, noting that an exploit already exists in the wild.… This article has been indexed from The…

Read more →

Would be a new low, even for these lowlifes Cybercrime crew BianLian claims to have broken into the IT systems of a top non-profit and stolen a ton of files, including what the miscreants claim is financial, health, and medical…

Read more →

Ransomware? Some would be willing to bet on that MGM Resorts has shut down some of its IT systems following a “cybersecurity incident” that the casino-and-hotel giant says is currently under investigation.… This article has been indexed from The Register…

Read more →

Ransomware? Some would be willing to bet on that MGM Resorts has shut down some of its IT systems following a “cybersecurity incident” that the casino-and-hotel giant says is currently under investigation.… This article has been indexed from The Register…

Read more →

Akamai reckons traffic flood peaked at 55.1 million packets per second Akamai says it thwarted a major distributed denial-of-service (DDoS) attack aimed at a US bank that peaked at 55.1 million packets per second earlier this month.… This article has been indexed…

Read more →

Defence against the dark arts of phishing Webinar  Almost half of all losses to cybercrime come from Business Email Compromise (BEC), according to the FBI. It appears that even the most astute among us can fall foul of a cunningly…

Read more →

ALSO: Verizon turns self in for reduced fine, malvertising comes to macOS, and this week’s critical vulnerabilities In brief  Watch out, cyber security researchers: Suspected North Korean-backed hackers are targeting members of the infosec community again, according to Google’s Threat…

Read more →

How to protect organizations from Business Email Compromise Webinar  It is a stratospheric number of emails pinging around the globe and the sheer volume offers a seductively lucrative phishing opportunity to the legion of bad actors out there.… This article…

Read more →

No user interaction needed for this one as Pegasus turns up via iMessage Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild.… This article has been indexed…

Read more →

Sometimes using AI to make hilariously wrong images that still drive social media engagement Microsoft, which earlier this week admitted not being able to detect a Chinese attack on its own infrastructure, has published a report [PDF] titled “Digital threats…

Read more →

Confidential figures for Tesla, Snap, Roku, Avnet, others swiped and used to rack up millions in ill-gotten gains Vladislav Klyushin, the Russian owner of security penetration testing firm M-13, was jailed for nine years in the US on Thursday, for…

Read more →

Top admin, HR managers, devs go on transatlantic deny-list The US and UK governments named and sanctioned 11 Russians said to be connected to the notorious Trickbot cybercrime crew this week.… This article has been indexed from The Register –…

Read more →

Sueball alleges company at fault after employee info leaked, including Musk’s An ex-Tesla staffer has filed a proposed class action lawsuit that blames poor access control at the carmaker for a data leak, weeks after Tesla itself sued the alleged…

Read more →

You’re just giving manufacturers carte blanche to profit off personal data Depressingly predictable research from Which? serves as another reminder, if one was needed, that furnishing your home with internet-connected “smart” devices could be a dumb idea if you’d rather…

Read more →

But don’t celebrate yet … it has simply kicked the online safety can down the road, Westminster style Comment  Sanity appears to have prevailed in the debate over the UK Online Safety bill after the government agreed to ditch proposals…

Read more →

So what? Smartphones are routinely restricted in, or excluded from, sensitive locations Analysis  Chinese authorities have reportedly banned Apple’s iPhones from some government offices.… This article has been indexed from The Register – Security Read the original article: China reportedly…

Read more →

Mistakes were made, lessons learned, stuff now fixed, says Windows maker Remember that internal super-secret Microsoft security key that China stole and used to break into US government email accounts back in July? … This article has been indexed from The…

Read more →

What? Yogurt Monster isn’t really a legitimate customer’s name?! A California man has admitted he failed to bake anti-money laundering protections into his cryptocurrency exchange, thus allowing scammers and drug traffickers to launder millions of dollars through the service.… This…

Read more →

Did you potentially miss the love match of your life in week-long blackout? Nope, nobody could access it If you got snubbed by the object of your affections on dating app Coffee Meets Bagel (CMB) in late August, don’t feel…

Read more →

Company boards, on the other hand, aren’t letting cybersecurity disturb their sleep as much Chief information security officers (or CISOs) see human error as the most significant risk to data protection compared to other UK board directors.… This article has…

Read more →

We’re number one! We’re number one! We’re… It’s generally accepted that security flaws in Microsoft’s products are a top magnet for crooks and fraudsters: its sprawling empire of hardware and software is a target-rich ecosystem in that there is a…

Read more →

In Putin’s Russia, the planet hacks you The power of the EU’s Digital Services Act (DSA) to actually police the world’s very large online platforms (VLOPs) has been tested in a new study focused on Russian social media disinformation.… This…

Read more →

Change your passwords. And maybe give the recycling a miss this time Freecycle, the charity aimed at recycling detritus that would otherwise be headed for landfill, has become the latest organization to suffer at the hands of cyber attackers and…

Read more →

Simon Byrne faced backlash over FoI blunder, plus claims officers were ‘punished’ to appease Sinn Féin Northern Ireland’s police chief, Simon Byrne, resigned last night after an emergency meeting of the Policing Board amid discontent in the rank and file…

Read more →

Irony, not barbed wire, cuts the deepest The risk of running obsolete code and hardware was highlighted after attackers exfiltrated data from a UK supplier of high-security fencing for military bases. The initial entry point? A Windows 7 PC.… This…

Read more →

Mitigating the threat of bot-driven DDoS attacks Webinar  It’s sometimes easy to be lulled into a sense of false security and imagine that your organization or business will not become a target of highly professional cybercriminals, hacktivists and even nation-state…

Read more →

Hold onto your SQL Server, enterprise admins Microsoft has reminded users that TLS 1.0 and 1.1 will soon be disabled by default in Windows.… This article has been indexed from The Register – Security Read the original article: Microsoft calls…

Read more →

Came in wake of the force publishing their own people’s data in botched FoI Nearly four weeks after the Police Service of Northern Ireland (PSNI) published data on 10,000 employees in a botched response to a Freedom of Information request,…

Read more →

ALSO: Brazilian stalkerware database ripped by the short hairs, a fast fashion breach, and this week’s critical vulns Infosec in brief  The latest round of Apple’s Security Research Device (SRD) program is open, giving security researchers a chance to get…

Read more →

Big blow to blighters’ blow-by-the-boatload blueprint Video  Efforts by cops to seize and shut down encrypted messaging apps favored by criminals, and then mine their conversations for evidence, appear to have led to more arrests — plus the seizure of…

Read more →

Oktapus phishing campaign criminals are back in action Customers of cloudy identification vendor Okta are reporting social engineering attacks targeting their IT service desks in attempts to compromise user accounts with administrator permissions.… This article has been indexed from The…

Read more →

Defeating a DDoS swarm Webinar  Any organization can lose service, revenue, and reputation as a result. If you are particularly unlucky, a DDoS attack can defenestrate your network defences. You may find yourself facing an cyber criminal who wants to…

Read more →

That’s what we call a static shock Even ransomware operators make mistakes, and in the case of ransomware gang the Key Group, a cryptographic error allowed a team of security researchers to develop and release a decryption tool to restore…

Read more →