India gives local techies 60 days to hit 6-hour deadline for infosec incident reporting

The Register - Fri, 29/04/2022 - 11:46
Customer data collection and retention requirements also increased, including for crypto operators

India's Computer Emergency Response Team (CERT-In) has given many of the nation's IT shops a big job that needs to be done in a hurry: complying with a new set of rules that require organizations to report 20 different types of infosec incidents within six hours of detection, be they a ransomware attack or mere compromise of a social media account.…

Categories: News

Sina Weibo, China's Twitter analogue, reveals users' locations and IP addresses

The Register - Fri, 29/04/2022 - 09:02
Sssshhhh! Nobody tell Elon Musk

To the surprise of many users, China's largest Twitter-esque microblogging website, Sina Weibo, announced on Thursday that it will publish users' IP addresses and location data in an effort to keep their content honest and nice.…

Categories: News

Bumblebee malware loader emerges as Conti's BazarLoader fades

The Register - Fri, 29/04/2022 - 06:17
At least three threat groups are using the loader in malicious email campaigns

A sophisticated malware loader dubbed Bumblebee is being used by at least three cybercriminal groups that have links to ransomware gangs, according to cybersecurity researchers.…

Categories: News

Cloudflare stomps huge DDoS attack on crypto platform

The Register - Thu, 28/04/2022 - 16:30
At 15.3 million requests per second, the assault was the largest HTTPS blitz on record lasting 15 seconds

Cloudflare this month halted a massive distributed denial-of-service (DDoS) attack on a cryptocurrency platform that not only was unusual in its sheer size but also because it was launched over HTTPS and primarily originated from cloud datacenters rather than residential internet service providers (ISPs).…

Categories: News

Money or your business: Ensure your ransomware defense strategy beats off disruptions, extortions

The Register - Thu, 28/04/2022 - 08:15
Multi-layered protection from Huawei curbs ransomware attacks

Sponsored Feature  The mass pandemic-driven migration to remote working has been a significant threat vector which precipitated a surge in cyberattacks last year. Prominent among these were ransomware attacks, which rose by 92.7 percent year-on-year in 2021, according to consulting firm NCC Group.…

Categories: News

Five Eyes nations reveal 2021's fifteen most-exploited flaws

The Register - Thu, 28/04/2022 - 02:46
Malicious cyber actors go after 2021's biggest misses, spend less time on the classics

Security flaws in Log4j, Microsoft Exchange, and Atlassian's workspace collaboration software were among the bugs most frequently exploited by "malicious cyber actors" in 2021 , according to a joint advisory by the Five Eyes nations' cybersecurity and law enforcement agencies.…

Categories: News

Microsoft points at Linux and shouts: Look, look! Privilege-escalation flaws here, too!

The Register - Wed, 27/04/2022 - 23:15
Will Redmond start code-naming Windows make-me-admin bugs?

Flaws in networkd-dispatcher, a service used in some parts of the Linux world, can be exploited by a rogue logged-in user or application to escalate their privileges to root level, allowing the box to be commandeered, Microsoft researchers said Wednnesday.…

Categories: News

Looking for the latest insight to ensure cyber security in the long term? It’s right here

The Register - Wed, 27/04/2022 - 20:56
Because digital transformation means transforming security first

Sponsored Post  The threat of ransomware or nation state attacks might open-up corporate wallets for short-term cyber-security investment but working out how to develop both your security team and your defenses for the long-term calls for a little more sophistication.…

Categories: News

Feds offer big rewards for info on suspected Russian Sandworm intel officers

The Register - Wed, 27/04/2022 - 18:46
A different type of bug bounty

Uncle Sam will dole out up to $10 million for vital information on each of six Russian GRU officers linked to the Kremlin-backed Sandworm gang, who, according to the Feds, have plotted to carry out destructive cyber-attacks against American critical infrastructure.…

Categories: News

China turns cyber-espionage eyes to Russia as Ukraine invasion grinds on

The Register - Wed, 27/04/2022 - 15:00
State-sponsored Bronze President group launches cyber-espionage malware campaign against notional ally

China appears to be entering a raging cyber-espionage battle that's grown in line with Russia's unprovoked attack on Ukraine, deploying advanced malware on the computer systems of Russian officials.…

Categories: News

Chinese drone-maker DJI suspends ops in Russia, Ukraine

The Register - Wed, 27/04/2022 - 09:15
First Middle Kingdom company to take a stance says it doesn't want anyone weaponizing its flying machines

In a first for a major Chinese tech company, drone-maker DJI Technologies announced on Tuesday that it will temporarily suspend business in both Russia and Ukraine.…

Categories: News

Should security teams be giving service with a smile?

The Register - Wed, 27/04/2022 - 08:15
Our Vectra Masked CISO series tackles some of the biggest issues in security and how to overcome them

Advertorial  As security professionals, we aren’t known for our levity. True, we’re often fire-fighting serious incidents with potentially profound consequences for the organisation, and our career prospects. But our relationships with others are usually characterised by policing and enforcement rather than engagement and support.…

Categories: News

Study: How Amazon uses Echo smart speaker conversations to target ads

The Register - Wed, 27/04/2022 - 07:52
Web giant milks advertisers with data harvested from digital assistant

Amazon and third-party services have been using smart speaker interaction data for ad targeting, in violation of privacy commitments, according to researchers at four US universities.…

Categories: News

Who is exploiting VMware right now? Probably Iran's Rocket Kitten, to name one

The Register - Tue, 26/04/2022 - 21:52
We hope you've patched that 9.8/10 severity bug

A team of Iranian cyber-spies dubbed Rocket Kitten, for one, is likely behind attempts to exploit a critical remote-code execution vulnerability in VMware's identity management software, according to endpoint security firm Morphisec.…

Categories: News

Coca-Cola probes pro-Kremlin gang's claims of 161GB data theft

The Register - Tue, 26/04/2022 - 19:58
Life tastes not so good right now

Coca-Cola confirmed it's probing a possible network intrusion after the Stormous cybercrime gang claimed it stole 161GB of data from the beverage giant.…

Categories: News

USA's plan to decouple its tech with China lacks a strategy – report

The Register - Tue, 26/04/2022 - 17:30
Thinktank, and former Google CEO Eric Schmidt, call for proper policy development

The USA's policy of decoupling its technology industries from China lacks a strategy, a theory of success, and an understanding of how to achieve its ill-defined goals, according to a new paper by Jon Bateman from the thinktank Carnegie Endowment for International Peace (CEIP).…

Categories: News

DDoS attacks at an all-time-high in Q1 2022, says Kaspersky

The Register - Tue, 26/04/2022 - 15:30
More attacks and more targeted attacks than ever before. What could have happened to cause that uptick?

Kaspersky has released a report showing Distributed Denial of Service (DDoS) attacks hit an all-time-high in the first quarter of 2022.…

Categories: News

Microsoft fixes Point of Sale bug that delayed Windows 11 startup for 40 minutes

The Register - Tue, 26/04/2022 - 12:32
You thought hunting for discount vouchers took a while? That's nothing compared to Windows booting on a till

A fresh Windows 11 patch slipped out overnight as an optional update, but contains an impressively long list of fixes for Microsoft's flagship operating system.…

Categories: News

India inks tech pact with EU – only the US has the same deal

The Register - Tue, 26/04/2022 - 08:32
Meanwhile, UK and India finally explain Cyber Security Partnership agreed to in May 2021

India's government and the European Union have signed up to create a "Trade and Technology Council" – an entity the EU has previously only created to enhance its relationship with the United States.…

Categories: News

Crooks steal NFTs worth '$3m' in Bored Ape Yacht Club heist

The Register - Tue, 26/04/2022 - 02:00
Worth doing a lot of heavy lifting there, we know

Crooks stole non-fungible tokens (NFTs) said to be worth about $3 million after breaking into the Bored Ape Yacht Club's Instagram account and posting a link to a copycat website that sought to harvest marks' assets. …

Categories: News


Subscribe to Sec Tec Limited aggregator - News