News

That WhatsApp from an Israeli infosec expert could be a Iranian phish

The Register - Thu, 26/06/2025 - 07:28
Charming Kitten unsheathes its claws and tries to catch credentials

The cyber-ops arm of Iran's Islamic Revolutionary Guard Corps has started a spear-phishing campaign intent on stealing credentials from Israeli journalists, cybersecurity experts, and computer science professors from leading Israeli universities.…

Categories: News

Citrix bleeds again: This time a zero-day exploited - patch now

The Register - Wed, 25/06/2025 - 22:10
Two emergency patches issued in two weeks

Hot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued an emergency patch for yet another super-serious flaw in the same products — but not before criminals found and exploited it as a zero-day.…

Categories: News

Amazon's Ring can now use AI to 'learn the routines of your residence'

The Register - Wed, 25/06/2025 - 20:02
It's meant to cut down on false positives but could be a trove for mischief-makers

Ring doorbells and cameras are using AI to "learn the routines of your residence," via a new feature called Video Descriptions.…

Categories: News

Computer vision research feeds surveillance tech as patent links spike 5×

The Register - Wed, 25/06/2025 - 18:55
A bottomless appetite for tracking people as "objects"

A new study shows academic computer vision papers feeding surveillance-enabling patents jumped more than fivefold from the 1990s to the 2010s.…

Categories: News

Supply chain attacks surge with orgs 'flying blind' about dependencies

The Register - Wed, 25/06/2025 - 18:36
Who is the third party that does the thing in our thing? Yep. Attacks explode over past year

The vast majority of global businesses are handling at least one material supply chain attack per year, but very few are doing enough to counter the growing threat.…

Categories: News

French cybercrime police arrest five suspected BreachForums admins

The Register - Wed, 25/06/2025 - 16:34
Twentysomethings claimed to be linked to spate of high-profile cybercrimes

The Paris police force's cybercrime brigade (BL2C) has arrested a further four men as part of a long-running investigation into the criminals behind BreachForums.…

Categories: News

UK govt dept website that campaigns against encryption hijacked to advertise ... payday loans

The Register - Wed, 25/06/2025 - 10:26
Company at center of findings blamed SEO on outsourcer

A website developed for the UK Home Office's 2022 "flop" anti-encryption campaign has seemingly been hijacked to push a payday loan scheme.…

Categories: News

Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack

The Register - Tue, 24/06/2025 - 22:01
Why are you even reading this story? Patch now!

Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other cyber scum, although there haven't been any reports of active exploitation. Yet.…

Categories: News

Beware of fake SonicWall VPN app that steals users' credentials

The Register - Tue, 24/06/2025 - 18:22
A good reminder not to download apps from non-vendor sites

Unknown miscreants are distributing a fake SonicWall app to steal users' VPN credentials.…

Categories: News

The vulnerability management gap no one talks about

The Register - Tue, 24/06/2025 - 16:01
If an endpoint goes ping but isn't on the network, does anyone hear it?

Partner content  Recently, I've been diving deep into security control data across dozens of organizations, and what I've found has been both fascinating and alarming. Most security teams I work with can rattle off their vulnerability management statistics with confidence. They know their scan schedules, their remediation timelines, and their critical vulnerability counts. They point to clean dashboards and comprehensive reports as proof that their programs are working.…

Categories: News

Four REvil ransomware crooks walk free, escape gulag fate, after admitting guilt

The Register - Tue, 24/06/2025 - 12:46
Russian judge lets off accused with time served – but others who refused to plead guilty face years in penal colony

Four convicted members of the once-supreme ransomware operation REvil are leaving captivity after completing most of their five-year sentences.…

Categories: News

'Psylo' browser tries to obscure digital fingerprints by giving every tab its own IP address

The Register - Tue, 24/06/2025 - 07:32
Gotta keep 'em separated so the marketers and snoops can't come out and play

Psylo, which bills itself as a new kind of private web browser, debuted last Tuesday in Apple's App Store, one day ahead of a report warning about the widespread use of browser fingerprinting for ad tracking and targeting.…

Categories: News

Typhoon-like gang slinging TLS certificate 'signed' by the Los Angeles Police Department

The Register - Tue, 24/06/2025 - 00:45
Chinese crew built 1,000+ device network that runs on home devices then targets critical infrastructure

A stealthy, ongoing campaign to gain long-term access to networks bears all the markings of intrusions conducted by China’s ‘Typhoon’ crews and has infected at least 1,000 devices, primarily in the US and South East, according to Security Scorecard's Strike threat intel analysts. And it uses a phony certificate purportedly signed by the Los Angeles police department to try and gain access to critical infrastructure.…

Categories: News

Iran cyberattacks against US biz more likely following air strikes

The Register - Mon, 23/06/2025 - 19:41
Plus 'low-level' hacktivist attempts

The US Department of Homeland Security has warned American businesses to guard their networks against Iranian government-sponsored cyberattacks along with "low-level" digital intrusions by pro-Iran hacktivists.…

Categories: News

Second attack on McLaren Health Care in a year affects 743k people

The Register - Mon, 23/06/2025 - 16:48
Criminals targeted the hospital and physician network’s Detroit cancer clinic this time

McLaren Health Care is in the process of writing to 743,131 individuals now that it fully understands the impact of its July 2024 cyberattack.…

Categories: News

Experts count staggering costs incurred by UK retail amid cyberattack hell

The Register - Mon, 23/06/2025 - 12:29
Cyber Monitoring Centre issues first severity assessment since February launch

Britain's Cyber Monitoring Centre (CMC) estimates the total cost of the cyberattacks that crippled major UK retail organizations recently could be in the region of £270-440 million ($362-591 million).…

Categories: News

Former US Army Sergeant pleads guilty after amateurish attempt at selling secrets to China

The Register - Mon, 23/06/2025 - 01:33
PLUS: 5.4M healthcare records leak; AI makes Spam harder to spot; Many nasty Linux vulns; and more

Infosec in brief  A former US Army sergeant has admitted he attempted to sell classified data to China.…

Categories: News

Netflix, Apple, BofA websites hijacked with fake help-desk numbers

The Register - Fri, 20/06/2025 - 22:10
Don’t trust mystery digits popping up in your search bar

Scammers are hijacking the search results of people needing 24/7 support from Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal in an attempt to trick victims into handing over personal or financial info, according to Malwarebytes senior director of research Jérôme Segura.…

Categories: News

Looks like Aflac is the latest insurance giant snagged in Scattered Spider’s web

The Register - Fri, 20/06/2025 - 18:55
If it looks like a duck and walks like a duck...

Aflac is the latest insurance company to disclose a security breach following a string of others earlier this week, all of which appear to be part of Scattered Spider's most recent data theft campaign.…

Categories: News

Qilin ransomware top dogs treat their minions to on-call lawyers for fierier negotiations

The Register - Fri, 20/06/2025 - 18:31
It's a marketing move to lure more affiliates, says infosec veteran

The latest marketing ploy from the ransomware crooks behind the Qilin operation involves offering affiliates access to a crack team of lawyers to ramp up pressure in ransom negotiations.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News