News

With no idea when engines restart, families gear down on spending ahead of Christmas

Jaguar Land Rover is extending the shutdown of its production plants another week in a move that experts say could cost the business in the multiple billions.…

Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer

Suspected Iranian government-backed online attackers have expanded their European cyber ops with fake job portals and new malware targeting organizations in the defense, manufacturing, telecommunications, and aviation sectors.…

Reeves points finger at Moscow in interview when authorities reckon it's local lads

UK chancellor Rachel Reeves is blaming Moscow for Britain's latest cyber woes, an attribution that seems about as solid as wet cardboard given the trail of evidence pointing to attackers much closer to home.…

Names, emails unplugged in DCS support snafu – but 'billing is safe'

An electric vehicle charging point provider is telling users that their data may be compromised, following a recent security "incident" at a service provider.…

Not old enough to drink, old enough to be accused of causing millions in damage

A teen surrendered to Las Vegas police and was booked on suspicion of breaking into multiple Las Vegas casino networks in 2023, as part of a series of hacks attributed to Scattered Spider.…

Airport staff revert to manual ops as travellers urged to use self-service check-in where possible

The EU's cybersecurity agency today confirmed that ransonmware is the cause of continued disruption blighting major airports across Europe.…

Automaker insists only names and emails exposed, no financials

Car giant Stellantis is admitting that attackers targeted one of its third-party partners, spilling its own customers' details in the process.…

Lloyds Data and AI lead doesn't want devs downloading models from the likes of Hugging Face – too risky

Lloyds Banking Group is leaning into 21st century tech - yet trying to do so in a way that the data of its 28 million customers is kept away from untested AI models developers might be tempted to deploy.…

The Register looks forward to learning more about a possible Dell hyperscale sovereign social SaaS platform

Dell CEO Michael Dell is part of the consortium that intends to acquire TikTok’s US operations, according to US president Donald Trump.…

‘Cyber-attack’ on ticketing outfit Collins and cable cuts at Dallas ground hundreds of flights

Technology problems hit the commercial aviation industry hard over the weekend, leading to hundreds of cancelled flights and myriad delays on both sides of the Atlantic.…

PLUS: Luxury brands under fire; FBI warns crims are spoofing it again; ICE buys phone cracking software

Infosec in brief  Online criminals prefer to deal in digital assets, but a side effect of a ransomware attack has seen a French museum robbed of $705,000 in physical gold nuggets.…

Could this bot-prevention technique now be obsolete?

ChatGPT can be tricked via cleverly worded prompts to violate its own policies and solve CAPTCHA puzzles, potentially making this human-proving security mechanism obsolete, researchers say.…

Unnamed org compromised with two malware sets

An unknown attacker has abused a couple of flaws in Ivanti Endpoint Manager Mobile (EPMM) and deployed two sets of malware against an unnamed organization, according to the US Cybersecurity and Infrastructure Security Agency.…

Outside experts say the vulnerability has probably already been exploited

Budding ransomware crooks have another shot at exploiting Fortra's GoAnywhere MFT product now that a new 10/10 severity vulnerability needs patching.…

Bad opsec

Thalha Jubair, one of the two UK teens arrested on Tuesday and accused of being members of the notorious Scattered Spider cybercrime gang, allegedly played a role in bilking more than 100 organizations out of at least $115 million in ransom payments. The cops nabbed him after following a number of clues, including paying for gift cards from a wallet on the same server that also held wallets receiving extortion payments.…

Until Microsoft lobbed it into a virtual volcano

A security researcher claims to have found a flaw that could have handed him the keys to almost every Entra ID tenant worldwide.…

Radware says flaw enabled hidden email prompts to trick Deep Research agent into exfiltrating sensitive data

ChatGPT's research assistant sprung a leak – since patched – that let attackers steal Gmail secrets with just a single carefully crafted email.…

Another blow for the legislation as Parliament continues to hear stakeholder views

As UK ministers continue to quiz stakeholders over the effectiveness of the Online Safety Act, one charity chief raised concerns over the robustness of Ofcom's enforcement of the controversial legislation.…

YouTube vids explain digital tradecraft to reach spooks over Tor or VPN without blowing your cover

The UK’s Secret Intelligence Service, aka MI6, has created a dark web portal called “Silent Courier” that it hopes would-be foreign informants will find a suitably secure means of sharing secrets.…

Sixth such Chrome flaw this year spotted by the Chocolate Factory, already in play

Google pushed an emergency patch for a high-severity Chrome flaw, already under active exploitation. So it's time to make sure you're running the most recent version of the web browser.…