Crooks use fake emergency data requests to get personal info out of Big Tech – report

The Register - Sat, 02/04/2022 - 16:11
Plus: Hive hits health-care org, law enforcement ransomware response is lacking, and orgs can't meet new disclosure rules

In Brief  Cybercriminals have used fake emergency data requests (EDRs) to steal sensitive customer data from service providers and social media firms. At least one report suggests Apple, and Facebook's parent company Meta, were victims of this fraud.…

Categories: News

GitLab issues critical update after hard-coding passwords into accounts

The Register - Fri, 01/04/2022 - 20:21
Fixed passphrases for OmniAuth users not such a great idea

GitLab on Thursday issued security updates for three versions of GitLab Community Edition (CE) and Enterprise Edition (EE) software that address, among other flaws, a critical hard-coded password bug.…

Categories: News

More charged in UK Lapsus$ investigation

The Register - Fri, 01/04/2022 - 14:30
Two teenagers arrested as part of police probe into extortion group

British police have charged two teenagers as part of an international investigation into the Lapsus$ cyber extortion gang.…

Categories: News

Google: Russian credential thieves target NATO, Eastern European military

The Register - Fri, 01/04/2022 - 11:20
Also: Belarusian miscreants pivot to browser-in-the-browser attacks

A Russian cybercrime gang has lately sent credential-phishing emails to the military of Eastern European countries and a NATO Center of Excellence, according to a Google threat report this week. …

Categories: News

Modem-wiping malware caused Viasat satellite broadband outage in Europe

The Register - Fri, 01/04/2022 - 08:25
And software nasty may have a VPNFilter link, too

Tens of thousands of Viasat satellite broadband modems that were disabled in a cyber-attack some weeks ago were wiped by malware with possible links to Russia's destructive VPNFilter, according to SentinelOne.…

Categories: News

Defending the endpoint with AI

The Register - Fri, 01/04/2022 - 08:00
Darktrace Enterprise Immune System collates and crunches network traffic patterns

Paid feature  Remember the good old days, when the only devices a company had to worry about were the PCs on its own network? Today, security teams must yearn for those times as they struggle to protect endpoint devices everywhere.…

Categories: News

National Security Agency employee indicted for 'leaking top secret info'

The Register - Fri, 01/04/2022 - 06:33
Managed to send material from his private email address, it is claimed

The United States Department of Justice (DoJ) has revealed it has indicted an NSA employee for allegedly sharing top secret national security information with an unnamed person who worked in the private sector.…

Categories: News

Apple emits macOS, iOS, iPadOS patches for 'exploited' security bugs

The Register - Thu, 31/03/2022 - 22:35
Nothing like a little kernel-level memory snooping, code execution

Apple has released updates for its mobile and desktop operating systems to patch security holes that may well have been exploited in the wild.…

Categories: News

Patch now: RCE Spring4shell hits Java Spring framework

The Register - Thu, 31/03/2022 - 16:00
You didn't have any plans for the weekend anyway, did you?

Another Java Remote Code Execution vulnerability has reared its head, this time in the popular Spring Framework and, goodness, it's a nasty one.…

Categories: News

Nvidia DGX systems prone to side channel, covert attacks

The Register - Thu, 31/03/2022 - 14:43
Reverse engineering yields sticky microarchitectural vulnerabilities

Nvidia's ultra-dense GPU-driven AI training and inference systems are prone to covert and side channel attacks, according to research just published from a team led by Pacific Northwest National Laboratory (PNNL). This might be less concerning for those with on-prem DGX systems, but for cloud vendors selling time on the AI training boxes, the vulnerabilities are worth noting.…

Categories: News

Expect 'long tail of cyber retaliation' from Russia for sanctions, says ExtraHop CEO

The Register - Thu, 31/03/2022 - 10:32
'We have this small moment in time where we can make improvements in our defensive posture'

The US and its NATO allies should expect a "long tail of retaliation," in the form of cyberattacks, for the sanctions imposed on Russia, says cloud security shop ExtraHop's CEO Patrick Dennis.…

Categories: News

Cryptomining groups fight fiercely for cloud resources

The Register - Thu, 31/03/2022 - 07:27
Oh look, someone else who thinks on-prem is old hat

Cryptocurrency mining groups that typically have targeted on-premises servers are now competing fiercely for servers in the cloud.…

Categories: News

UK spy boss warns China hopes Russia will help it take over tech standards

The Register - Thu, 31/03/2022 - 05:01
Speech also alleges Russian troops in Ukraine have mutinied, shot down own plane

The director of UK intelligence agency Government Communications Headquarters (GCHQ), Sir Jeremy Fleming, has warned that China is trying to introduce "undemocratic values as the default for vast swathes of future tech and the standards that govern it."…

Categories: News

Russia, Iran, Saudi Arabia are top sources of online misinformation

The Register - Thu, 31/03/2022 - 03:30
Think tank fears future studies of this sort may be harder as social networks withdraw data

Russia, Iran and Saudi Arabia are the top three proliferators of state-linked Twitter misinformation campaigns, according to a report released Wednesday by the Australian Strategic Policy Institute (ASPI).…

Categories: News

Yale finance director stole $40m in computers to resell on the sly

The Register - Thu, 31/03/2022 - 02:28
Ill-gotten gains bankrolled swish life of flash cars and real estate

A now-former finance director stole tablet computers and other equipment worth $40 million from the Yale University School of Medicine, and resold them for a profit.…

Categories: News

Zlib crash-an-app bug finally squashed, 17 years later

The Register - Thu, 31/03/2022 - 00:33
Better late than never

The widely used Zlib data-compression library finally has a patch to close a vulnerability that could be exploited to crash applications and services — four years after the vulnerability was first discovered but effectively left unfixed.…

Categories: News

Ubiquiti sues Krebs on Security for defamation

The Register - Wed, 30/03/2022 - 20:46
Network equipment maker insists it acted responsibly following intrusion

Network equipment maker Ubiquiti on Tuesday filed a lawsuit against infosec journalist Brian Krebs, alleging he defamed the company by falsely accusing the firm of covering up a cyber-attack.…

Categories: News

Viasat spills on the Russian attack, warns of continued risks

The Register - Wed, 30/03/2022 - 17:45
A misconfigured VPN appliance is to blame

It turns out the only thing Russian forces needed to knock thousands of Ukrainian satellite broadband customers offline was a misconfigured VPN.…

Categories: News

VMware Horizon platform pummeled by Log4j-fueled attacks

The Register - Wed, 30/03/2022 - 16:30
Miscreants deployed cryptominers, backdoors since late December, Sophos says

VMware's Horizon virtualization platform has become an ongoing target of attackers exploiting the high-profile Log4j flaw to install backdoors and cryptomining malware.…

Categories: News

Electric Vehicle DC charging tripped by a wireless hack

The Register - Wed, 30/03/2022 - 12:31
No EVs were damaged in the making of this report

Researchers from the University of Oxford published details of a vulnerability in the Combined Charging System that has the potential to abort charging.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News