The Register

Sixth such Chrome flaw this year spotted by the Chocolate Factory, already in play

Google pushed an emergency patch for a high-severity Chrome flaw, already under active exploitation. So it's time to make sure you're running the most recent version of the web browser.…

Vendor pulls plug on cloud backup feature, urges admins to reset passwords and re-secure devices

SonicWall is telling some customers to reset passwords after attackers broke into its cloud backup service and accessed firewall configuration data.…

Three US medical centers fess up to serious breaches

Cybercriminals broke in and stole nearly a million Americans' data in the space of a week, in the course of three digital burglaries at healthcare providers.…

Decisive action comes nearly a year after the attack and first arrest took place

Two teenagers are set to appear in court today after being charged with offences related to the cyberattack on Transport for London (TfL) in August 2024.…

Dashboard loop caused API outage that was hard to troubleshoot

Cloudflare has confessed to a coding error using a React useEffect hook, notorious for being problematic if not handled carefully, that caused an outage for the platform's dashboard and many of its APIs.…

VC giant rebuilt boxes, patched holes, and says it’s beefed up security – but won’t say who did it

Venture capital giant Insight Partners has confirmed that a January ransomware attack compromised the personal data of more than 12,000 people, including employees, former staff, and the firm's usually-secretive limited partners.…

Proofpoint spots efforts to spy on US economic policy nerds

Chinese state-aligned online attackers are back at it, targeting US trade policy wonks as Washington and Beijing spar over economic ties.…

As the Trump administration guts efforts to counter election disinfo

The Russian troll farm that in the lead-up to the 2024 US presidential election posted a bizarro video claiming Democratic candidate Kamala Harris was a rhino poacher, is back with hundreds of new fake news websites serving up phony political commentary with an AI assist.…

You didn't really trust the crims to keep their word, did you?

Spiders don't change their stripes. Despite gang members' recent retirement claims, Scattered Spider hasn't exited the cybercrime business and instead has shifted focus to the financial sector, with a recent digital intrusion at a US bank.…

But will the International Space Station still be there to host its node?

Axiom Space and Spacebilt have announced plans to add optically interconnected Orbital Data Center (ODC) infrastructure to the International Space Station (ISS).…

Prosecutors say Conor Fitzpatrick's crimes caused 'incalculable' damage

The founder of the popular cybercrime website BreachForums will spend three years in prison after previously being let off with a slap on the wrist.…

Pentesters confirm key system is safe but core products remain unavailable

Brit telco Colt Technology Services says its recovery from an August cyberattack might not be completed until late November.…

Still exotic for now, but moves are afoot

Arm devices are everywhere today and many of them run Linux. The operating system also powers cloud computing and IT environments all over the world. However, x86 is still the dominant architecture of global computer hardware, where the Unified Extensible Firmware Interface (UEFI) with Secure Boot incorporated is a standard. But what does UEFI look like from an Arm perspective?…

Google and ETH Zurich found problems with AMD/SK Hynix combo, will probe other hardware

Researchers from Google and Swiss university ETH Zurich have found a new class of Rowhammer vulnerability that could allow attackers to access info stored in DDR5 memory.…

Suggests using multiple overlapping approaches and being kind to kids who get kicked off

Australia’s eSafety commissioner has told social media operators it expects them to employ multiple age assurance techniques and technologies to keep children under sixteen off social media, as required by local law from December 10th.…

Redmond names alleged ringleader, claims 5K+ creds stolen and $100k pocketed

Microsoft has seized 338 websites associated with RaccoonO365 and identified the leader of the phishing service - Joshua Ogundipe - as part of a larger effort to disrupt what Redmond's Digital Crimes Unit calls the "fastest-growing tool used by cybercriminals to steal Microsoft 365 usernames and passwords."…

Talk about an inside job

Google confirmed that miscreants created a fraudulent account in its Law Enforcement Request System (LERS) portal, which police and other government agencies use to ask for data about Google users.…

May have been used in 'extremely sophisticated' attacks against 'specific targeted individuals'

Apple backported a fix to older iPhones and iPads for a serious bug it patched last month – but only after it may have been exploited in what the company calls "extremely sophisticated" attacks.…

Intrusions bear the same hallmarks as recent Nx mess

The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.…

Tech evolved from PoC to global campaign in under two months

An attack called FileFix is masquerading as a Facebook security alert before ultimately dropping the widely used StealC infostealer and malware downloader.…