News

Under oath in French Senate, exec says it would be compelled – however unlikely – to pass local customer info to US admin

Microsoft says it "cannot guarantee" data sovereignty to customers in France – and by implication the wider European Union – should the Trump administration demand access to customer information held on its servers.…

Policy management not affected, but some personal data may have been snaffled

Business insurance and employment status specialist Qdos has confirmed that an intruder has stolen some customers personal data, according to a communication to tech contractors that was seen by The Register.…

Nobody thinks of running a website without HTTPs. Safer DNS still seems optional

Systems Approach  Last week I turned on DNSSEC (Domain Name System Security Extensions) for the systemsapproach.org domain. No need to applaud; I was just trying to get an understanding of what the barriers to adoption might be while teaching myself about the technology.…

Plus she has to cough up a slice of Pyongyang’s payday

An Arizona woman who ran a laptop farm from her home - helping North Korean IT operatives pose as US-based remote workers - has been sentenced to eight and a half years behind bars for her role in a $17 million fraud that hit more than 300 American companies.…

Good luck getting an appointment with your doctor

The AMEOS Group, which runs over 100 hospitals across Europe, has shut down its entire network after crims busted in.…

Shadowserver claims miscreants were already poking at a critical hole in early July, long before Switchzilla patched it

Threat actors have actively exploited a newly patched vulnerability in Cisco's Identity Services Engine (ISE) software since early July, weeks before the networking giant got around to issuing a fix.…

Boffins insist your deepfake tracking tech won't work

Computer scientists with the University of Waterloo in Ontario, Canada, say they've developed a way to remove watermarks embedded in AI-generated images.…

Let the games begin

Ransomware has officially entered the Microsoft SharePoint exploitation ring.…

Some coyotes hunt squirrels, this one hunts users' financial apps

A new variant of the Coyote banking trojan abuses Microsoft's UI Automation (UIA), making it the first reported malware to use UIA for credential theft.…

Palantir, data brokers, and judicial overreach are all on the horizon, executive director Cindy Cohn warns

Interview  In July 1990, before the World Wide Web even existed, an unusual alliance was formed to fight for the rights of the emerging online community.…

Malicious actor reportedly sought to expose AWS 'security theater'

The official Amazon Q extension for Visual Studio Code (VS Code) was compromised to include a prompt to wipe the user's home directory and delete all their AWS resources.…

French fashion house dishes out notices after hackers raided a client database – ShinyHunters suspected

Updated  Fashion house Dior has begun dropping data breach notices after cybercrooks with a taste for high-end targets made off with customer data.…

The "is" package was infected with cross-platform malware after a scam targeting maintainers

The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.…

From scams to violence, the crimes extend beyond the digital realm

A subset of an online group that recruits children and teens for contract shootings, kidnappings, and other real-life violent crimes poses a growing threat to youth, according to the FBI.…

No screenshots for you!

In an effort to protect user privacy, Brave browser 1.81 will prevent Microsoft Recall from screenshotting it by default.…

US DOE among breached government agencies

More than 400 organizations have been compromised in the Microsoft SharePoint attack, according to Eye Security, which initially sounded the alarm on the mass exploitation last Friday, even before Redmond confirmed the critical vulnerabilities.…

Despite pledging help for those who don’t sign for subs, Broadcom says validating their entitlements will delay support

Exclusive  Some customers of Broadcom’s VMware business currently cannot access security patches, putting them at greater risk of attack.…

All security questions are hard to answer, but these three are non-negotiable

Partner content  We've all seen those seemingly straightforward security questions that snowball into multi-day research projects across dozens of consoles, spreadsheets, and manual queries. The reality is that even the most fundamental security questions are notoriously difficult to answer with certainty.…

Hand us the mind bleach, we want to flush our memories of attack

Clorox is suing its service desk provider, Cognizant, for $380 million in a California state court, alleging the IT support crew "enabled a cybercriminal to gain a foothold in Clorox's network" by handing over staffers' passwords to attackers after they simply requested them.…

Total Recall: Capturing everything you do on your PC screen to become a 'true companion'

Microsoft is again throwing AI at Windows 11 to see what sticks, releasing features including the even more eyebrow-raising successor to its controversial Recall, a screen-streaming remotely processed backseat driver dubbed Copilot Vision.…