News

CEO arranged his own cybersecurity, with predictable results

The Register - Fri, 29/12/2023 - 08:01
Cleaning up after hackers is easy compared to surviving the politics of consultancy

On Call  It’s the last Friday of 2023, but because the need for tech support never goes away neither does On Call, The Register’s Friday column in which readers share their tales of being asked to fix the unfeasible, in circumstances that are often indefensible.…

Categories: News

A tale of 2 casino ransomware attacks: One paid out, one did not

The Register - Thu, 28/12/2023 - 17:05
What can be learned from MGM's and Caesars' infosec moves

Feature  The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains.…

Categories: News

Kaspersky reveals previously unknown hardware 'feature' used in iPhone attacks

The Register - Thu, 28/12/2023 - 15:50
'This is no ordinary vulnerability' sec pros explain

Kaspersky's Global Research and Analysis Team (GReAT) has exposed a previously unknown 'feature' in Apple iPhones that allows attackers to bypass hardware-based memory protection.…

Categories: News

Iranian cyberspies target US defense orgs with a brand new backdoor

The Register - Sat, 23/12/2023 - 12:47
Also: International cops crackdown on credit card stealers and patch these critical vulns

Iranian cyberspies are targeting defense industrial base organizations with a new backdoor called FalseFont, according to Microsoft.…

Categories: News

Cyber sleuths reveal how they infiltrate the biggest ransomware gangs

The Register - Fri, 22/12/2023 - 15:55
How do you break into the bad guys' ranks? Master the lingo and research, research, research

Feature  When AlphV/BlackCat's website went dark this month, it was like Chrimbo came early for cybersecurity defenders, some of whom seemingly believed law enforcement had busted one of the most menacing cyber criminal crews.…

Categories: News

Lapsus$ teen sentenced to indefinite detention in hospital after Nvidia, GTA cyberattacks

The Register - Thu, 21/12/2023 - 22:15
Arion Kurtaj will remain hospitalized until a mental health tribunal says he can leave

Two British teens who were members of the Lapsus$ gang have been sentenced for their roles in a cyber-crime spree that included compromising Uber, Nvidia, and fintech firm Revolut, and also blackmailing Grand Theft Auto maker Rockstar Games.…

Categories: News

Four in five Apache Struts 2 downloads are for versions featuring critical flaw

The Register - Thu, 21/12/2023 - 14:13
Seriously, people - please check the stuff you fetch more carefully

Security vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code.…

Categories: News

Mozilla decides Trusted Types is a worthy security feature

The Register - Thu, 21/12/2023 - 11:03
DOM-XSS attacks have become scarce on Google websites since TT debuted

Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser.…

Categories: News

Data loss prevention isn't rocket science, but NASA hasn't made it work in Microsoft 365

The Register - Thu, 21/12/2023 - 04:31
Privacy review finds breach response plan is a mess, training could be better, but protection regime mostly holds up

NASA's Office of Inspector General has run its eye over the aerospace agency's privacy regime and found plenty to like – but improvements are needed.…

Categories: News

Something nasty injected login-stealing JavaScript into 50K online banking sessions

The Register - Wed, 20/12/2023 - 23:45
Why keeping your PC secure and free of malware remains paramount

IBM Security has dissected some JavaScript code that was injected into people's online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023.…

Categories: News

Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials

The Register - Wed, 20/12/2023 - 21:30
Research highlights how major attacks like those exploiting Booking.com are executed

Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season.…

Categories: News

Manchester's finest drowning in paperwork as Freedom of Information requests pile up

The Register - Wed, 20/12/2023 - 10:28
Enforcement notice issued months after data regulator schooled police force

Greater Manchester Police (GMP) must clear the backlog of hundreds of Freedom of Information (FOI) Act requests – some years old – or find itself in contempt of court.…

Categories: News

SSH shaken, not stirred by Terrapin vulnerability

The Register - Wed, 20/12/2023 - 08:34
No need to panic, but grab those updates or mitigations anyway just to be safe

A vulnerability in the SSH protocol can be exploited by a well-placed adversary to weaken the security of people's connections, if conditions are right.…

Categories: News

Philippines, South Korea, Interpol cuff 3,500 suspected cyber scammers, seize $300M

The Register - Wed, 20/12/2023 - 00:32
Alleged crims used AI to pose as friends, family, romantic partners – and sold dodgy NFTs

A transnational police operation has resulted in the arrest of 3,500 alleged cybercriminals and the seizure of $300 million in cash and digital assets.…

Categories: News

Millions of Xfinity customers' info, hashed passwords feared stolen in cyberattack

The Register - Tue, 19/12/2023 - 20:43
35M-plus Comcast user IDs accessed by intruder via Citrix Bleed

Millions of Comcast Xfinity subscribers' personal data – including potentially their usernames, hashed passwords, contact details, and secret security question-answers – was likely stolen by one or more miscreants exploiting Citrix Bleed in October.…

Categories: News

Before you go away for Xmas: You've patched that critical Perforce Server hole, right?

The Register - Tue, 19/12/2023 - 19:57
Microsoft bug hunters highlight weaknesses in source-wrangling suite

Four vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched "immediately," according to Microsoft, which spotted the flaws and disclosed them to the software vendor.…

Categories: News

AlphV/BlackCat hacked back as feds offer decryptor to ransomware victims

The Register - Tue, 19/12/2023 - 14:59
Domain seized while gang shrugs at loss of 'stupid old key'

The US Justice Department is passing a decryptor to more than 500 victims of AlphV/BlackCat's ransomware following a disruption campaign.…

Categories: News

Qakbot's backbot: FBI-led takedown keeps crims at bay for just 3 months

The Register - Tue, 19/12/2023 - 09:26
Experts say malware strain make take years to die off completely

Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet.…

Categories: News

Hacktivists boast: We shut down Iran's gas pumps today

The Register - Mon, 18/12/2023 - 22:45
Predatory Sparrow previously knocked out railways and a steel plant

Hacktivists reportedly disrupted services at about 70 percent of Iran's gas stations in a politically motivated cyberattack.…

Categories: News

Mr Cooper cyberattack laid bare: 14.7M people's info stolen, costs hit $25M

The Register - Mon, 18/12/2023 - 20:54
Mortgage lender says no evidence of identity theft (yet) after SSNs, DoBs, addresses, more swiped

Mortgage lender Mr Cooper has now admitted almost 14.7 million people's private information, including addresses and bank account numbers, were stolen in an earlier IT security breach, which is expected to cost the business at least $25 million to clean up.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News