News
CEO arranged his own cybersecurity, with predictable results
On Call It’s the last Friday of 2023, but because the need for tech support never goes away neither does On Call, The Register’s Friday column in which readers share their tales of being asked to fix the unfeasible, in circumstances that are often indefensible.…
A tale of 2 casino ransomware attacks: One paid out, one did not
Feature The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains.…
Kaspersky reveals previously unknown hardware 'feature' used in iPhone attacks
Kaspersky's Global Research and Analysis Team (GReAT) has exposed a previously unknown 'feature' in Apple iPhones that allows attackers to bypass hardware-based memory protection.…
Iranian cyberspies target US defense orgs with a brand new backdoor
Iranian cyberspies are targeting defense industrial base organizations with a new backdoor called FalseFont, according to Microsoft.…
Cyber sleuths reveal how they infiltrate the biggest ransomware gangs
Feature When AlphV/BlackCat's website went dark this month, it was like Chrimbo came early for cybersecurity defenders, some of whom seemingly believed law enforcement had busted one of the most menacing cyber criminal crews.…
Lapsus$ teen sentenced to indefinite detention in hospital after Nvidia, GTA cyberattacks
Two British teens who were members of the Lapsus$ gang have been sentenced for their roles in a cyber-crime spree that included compromising Uber, Nvidia, and fintech firm Revolut, and also blackmailing Grand Theft Auto maker Rockstar Games.…
Four in five Apache Struts 2 downloads are for versions featuring critical flaw
Security vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code.…
Mozilla decides Trusted Types is a worthy security feature
Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser.…
Data loss prevention isn't rocket science, but NASA hasn't made it work in Microsoft 365
NASA's Office of Inspector General has run its eye over the aerospace agency's privacy regime and found plenty to like – but improvements are needed.…
Something nasty injected login-stealing JavaScript into 50K online banking sessions
IBM Security has dissected some JavaScript code that was injected into people's online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023.…
Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials
Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season.…
Manchester's finest drowning in paperwork as Freedom of Information requests pile up
Greater Manchester Police (GMP) must clear the backlog of hundreds of Freedom of Information (FOI) Act requests – some years old – or find itself in contempt of court.…
SSH shaken, not stirred by Terrapin vulnerability
A vulnerability in the SSH protocol can be exploited by a well-placed adversary to weaken the security of people's connections, if conditions are right.…
Philippines, South Korea, Interpol cuff 3,500 suspected cyber scammers, seize $300M
A transnational police operation has resulted in the arrest of 3,500 alleged cybercriminals and the seizure of $300 million in cash and digital assets.…
Millions of Xfinity customers' info, hashed passwords feared stolen in cyberattack
Millions of Comcast Xfinity subscribers' personal data – including potentially their usernames, hashed passwords, contact details, and secret security question-answers – was likely stolen by one or more miscreants exploiting Citrix Bleed in October.…
Before you go away for Xmas: You've patched that critical Perforce Server hole, right?
Four vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched "immediately," according to Microsoft, which spotted the flaws and disclosed them to the software vendor.…
AlphV/BlackCat hacked back as feds offer decryptor to ransomware victims
The US Justice Department is passing a decryptor to more than 500 victims of AlphV/BlackCat's ransomware following a disruption campaign.…
Qakbot's backbot: FBI-led takedown keeps crims at bay for just 3 months
Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet.…
Hacktivists boast: We shut down Iran's gas pumps today
Hacktivists reportedly disrupted services at about 70 percent of Iran's gas stations in a politically motivated cyberattack.…
Mr Cooper cyberattack laid bare: 14.7M people's info stolen, costs hit $25M
Mortgage lender Mr Cooper has now admitted almost 14.7 million people's private information, including addresses and bank account numbers, were stolen in an earlier IT security breach, which is expected to cost the business at least $25 million to clean up.…