News

Not-so-OpenAI allegedly never bothered to report 2023 data breach

The Register - Mon, 08/07/2024 - 02:45
Also: F1 authority breached; Prudential victim count skyrockets; a new ransomware actor appears; and more

security in brief  It's been a week of bad cyber security revelations for OpenAI, after news emerged that the startup failed to report a 2023 breach of its systems to anybody outside the organization, and that its ChatGPT app for macOS was coded without any regard for user privacy.…

Categories: News

A decade after collapsing, crypto exchange Mt Gox repays some investors

The Register - Mon, 08/07/2024 - 01:44
Plus: Samsung strike; India likely upping chip subsidies; Asian nations link payment schemes

Asia In Brief  Mt Gox, the Japanese crypto exchange that dominated trading for a brief time in the early 2010s before collapsing amid the disappearance of nearly half a billion dollars worth of the digicash, likely as a result of its own shoddy software, has said it will start to repay some investors – in Bitcoin.…

Categories: News

Devs claim Apple is banning VPNs in Russia 'more effectively' than Putin

The Register - Fri, 05/07/2024 - 22:27
Mozilla shows guts with its extensions – but that's the way the Cook, he crumbles

Updated  At least two VPNs are no longer available for Russian iPhone users, seemingly after the Kremlin's internet regulatory agency Roskomnadzor demanded Apple take them down.…

Categories: News

Cancer patient forced to make terrible decision after Qilin attack on London hospitals

The Register - Fri, 05/07/2024 - 18:00
Skin-sparing mastectomy and breast reconstruction scrapped as result of ransomware at supplier

Exclusive  The latest figures suggest that around 1,500 medical procedures have been canceled across some of London's biggest hospitals in the four weeks since Qilin's ransomware attack hit pathology services provider Synnovis. But perhaps no single person was affected as severely as Johanna Groothuizen.…

Categories: News

Latest Ghostscript vulnerability haunts experts as the next big breach enabler

The Register - Fri, 05/07/2024 - 13:34
There's also chatter about whether medium severity scare is actually code red nightmare

Infosec circles are awash with chatter about a vulnerability in Ghostscript some experts believe could be the cause of several major breaches in the coming months.…

Categories: News

Europol says mobile roaming tech is making its job too hard

The Register - Fri, 05/07/2024 - 09:26
Privacy measures apparently helping criminals evade capture

Top Eurocops are appealing for help from lawmakers to undermine a privacy-enhancing technology (PET) they say is hampering criminal investigations – and it's not end-to-end encryption this time. Not exactly.…

Categories: News

Europol nukes nearly 600 IP addresses in Cobalt Strike crackdown

The Register - Thu, 04/07/2024 - 09:30
Private sector helped out with week-long operation – but didn't touch China

Europol just announced that a week-long operation at the end of June dropped nearly 600 IP addresses that supported illegal copies of Cobalt Strike.…

Categories: News

Ransomware scum who hit Indonesian government apologizes, hands over encryption key

The Register - Thu, 04/07/2024 - 06:47
Brain Cipher was never getting the $8 million it demanded anyway

Brain Cipher, the group responsible for hacking into Indonesia's Temporary National Data Center (PDNS) and disrupting the country's services, has seemingly apologized for its actions and released an encryption key to the government.…

Categories: News

Traeger security bugs bad news for grillers with neighborly beef

The Register - Wed, 03/07/2024 - 17:24
Never risk it when it comes to brisket – make sure those updates are applied

Keen meatheads better hope they haven't angered any cybersecurity folk before allowing their Traeger grills to update because a new high-severity vulnerability could be used for all kinds of high jinks.…

Categories: News

Affirm admits customer info pwned in ransomware raid at Evolve Bank

The Register - Tue, 02/07/2024 - 14:16
Number of partners acknowledging data theft continues to rise

The number of financial institutions hit by the breach at Evolve Bank & Trust continues to rise as fintech businesses Wise and Affirm both confirm they have been materially affected.…

Categories: News

'Almost every Apple device' vulnerable to CocoaPods supply chain attack

The Register - Tue, 02/07/2024 - 08:32
Dependency manager used in millions of apps leaves a bitter taste

CocoaPods, an open-source dependency manager used in over three million applications coded in Swift and Objective-C, left thousands of packages exposed and ready for takeover for nearly a decade – thereby creating opportunities for supply chain attacks on iOS and macOS apps, according to security researchers.…

Categories: News

Baddies hijack Korean ERP vendor's update systems to spew malware

The Register - Tue, 02/07/2024 - 06:31
Notorious 'Andariel' crew takes a bite of HotCroissant backdoor for fresh attack

A South Korean ERP vendor's product update server has been attacked and used to deliver malware instead of product updates, according to local infosec outfit AhnLab.…

Categories: News

Nasty regreSSHion bug in OpenSSH puts around 700K Linux boxes at risk

The Register - Mon, 01/07/2024 - 15:01
Full system takeovers on the cards, for those with enough patience to pull it off

Glibc-based Linux systems are vulnerable to a new bug (CVE-2024-6387) in OpenSSH's server (sshd) and should upgrade to the latest version.…

Categories: News

Juniper Networks flings out emergency patches for perfect 10 router vuln

The Register - Mon, 01/07/2024 - 12:32
Get 'em while they're hot

A critical vulnerability affecting Juniper Networks routers forced the vendor to issue emergency patches last week, and users are advised to apply them as soon as possible.…

Categories: News

Poyfill.io claims reveal new cracks in supply chain, but how deep do they go?

The Register - Mon, 01/07/2024 - 11:32
There will always be bad actors in the system. We can always learn from the drama they create

Opinion  Libraries. Hushed temples to the civilizing power of knowledge, or launchpads of global destruction? Yep, another word tech has borrowed and debased. Code libraries are essential for adding just the right standard tested functionality to a project. They're also a natural home for supply chain attacks that materialize malware in the heart of the enterprise like shock troops of Klingons arriving by transporter beam.…

Categories: News

CISA director: US is 'not afraid' to shout about Big Tech's security failings

The Register - Mon, 01/07/2024 - 10:35
Jen Easterly hopes CSRB's Microsoft report won't impede future private sector collaboration

CISA director Jen Easterly says the Cybersecurity Safety Review Board (CSRB) "is not afraid to say when something is amiss" in response to questions about fears around private sector collaboration following the board's scathing Microsoft report.…

Categories: News

Police allege ‘evil twin’ of in-flight Wi-Fi used to steal passenger’s credentials

The Register - Mon, 01/07/2024 - 06:45
Fasten your seat belts, secure your tray table, and try not to give away your passwords

Australia’s Federal Police (AFP) has charged a man with running a fake Wi-Fi networks on at least one commercial flight and using it to harvest fliers’ credentials for email and social media services.…

Categories: News

Indonesian government didn't have backups of ransomwared data, because DR was only an option

The Register - Mon, 01/07/2024 - 05:56
President has ordered a datacenter audit and made backups mandatory

Indonesia’s president Joko Widodo has ordered an audit of government datacenters after it was revealed that most of the data they store is not backed up.…

Categories: News

Microsoft tells yet more customers their emails have been stolen

The Register - Mon, 01/07/2024 - 04:35
Plus: US auto dealers still offline; Conti coders sanction; Rabbit R1 hardcoded API keys; and more

security in brief  It took a while, but Microsoft has told customers that the Russian criminals who compromised its systems earlier this year made off with even more emails than it first admitted. …

Categories: News

CISA looked at C/C++ projects and found a lot of C/C++ code. Wanna redo any of it in Rust?

The Register - Fri, 28/06/2024 - 21:55
So, so many lines of memory-unsafe routines in crucial open source, and unsafe dependencies

The US government's Cybersecurity and Infrastructure Security Agency (CISA) has analyzed 172 critical open source projects and found that more than half contain code written in languages like C and C++ that are not naturally memory safe.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News