The Register
SBF likely off the hook for misplaced FTX funds after cops bust SIM swap ring
Infosec In Brief The recent indictment of a massive SIM-swapping ring may mean convicted crypto conman Sam Bankman-Fried is innocent of at least one allegation still hanging over his head: The theft of more than $400 million in crypto hacked from wallets belonging to his crypto firm, FTX, just before it declared bankruptcy.…
Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs
Criminals could remotely tamper with the data that apps used by airplane pilots rely on to inform safe takeoff and landing procedures, according to fresh research.…
Blackbaud settles with FTC after that IT breach exposed millions of people's info
Blackbaud, which had data on millions of people stolen from it by one or more crooks, has promised to shore up its IT defenses in a proposed deal with the FTC.…
Critical vulnerability in Mastodon is pounced upon by fast-acting admins
Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers.…
Interpol's latest cybercrime intervention dismantles ransomware, banking malware servers
Interpol has arrested 31 people following a three-month operation to stamp out various types of cybercrime.…
Wikileaks source and former CIA worker Joshua Schulte sentenced to 40 years jail
Joshua Schulte, a former CIA employee and software engineer accused of sharing material with WikiLeaks, was sentenced to 40 years in prison by the US Southern District of New York on Thursday.…
Managing the hidden risks of shadow APIs
Partner Content Application programming interfaces (APIs) play a significant role in today's digital economy, but at the same time they can also represent a data security vulnerability.…
Cloudflare sheds more light on Thanksgiving security breach in which tokens, source code accessed by suspected spies
Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October.…
Rise of deepfake threats means biometric security measures won't be enough
Cyber attacks using AI-generated deepfakes to bypass facial biometrics security will lead a third of organizations to doubt the adequacy of identity verification and authentication tools as standalone protections.…
Biden will veto attempts to rip up SEC breach reporting rule
The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's (SEC) strict data breach reporting rule.…
LockBit shows no remorse for ransomware attack on children's hospital
Ransomware gang LockBit is claiming responsibility for an attack on a Chicago children's hospital in an apparent deviation from its previous policy of not targeting nonprofits.…
Congress told how Chinese attackers plan to incite 'societal chaos' in the US
Chinese attackers are preparing to "wreak havoc" on American infrastructure and "cause societal chaos" in the US, infosec, and law enforcement bosses told a US House committee on Wednesday.…
FBI confirms it issued remote kill command to blow out Volt Typhoon's botnet
China's Volt Typhoon attackers used "hundreds" of outdated Cisco and NetGear routers infected with malware in an attempt to break into US critical infrastructure facilities, according to the Justice Department.…
Ransomware payment rates drop to new low – only 29% of victims are forking over cash
Trusting a ransomware crew to honor a deal isn't the greatest idea, and the world seems to be waking up to that. The number of victims who chose to pay dropped to a new low of 29 percent in the last quarter of 2023.…
Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks
Security researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations' systems.…
We know nations are going after critical systems, but what happens when crims join in?
Volt Typhoon, the Chinese government-backed cyberspies whose infrastructure was at least partially disrupted by Uncle Sam, has been homing in on other US energy, satellite and telecommunications systems, according to Robert Lee, CEO of security shop Dragos.…
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns
Ivanti has finally released the first round of patches for vulnerability-stricken Connect Secure and Policy Secure gateways, but in doing so has also found two additional zero-days, one of which is under active exploitation.…
US shorts China's Volt Typhoon crew targeting America's criticals
The US Justice Department and FBI may have scored a win over Chinese state-sponsored snoops trying to break into American critical infrastructure.…
Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after patch released
The number of public-facing installs of Jenkins servers vulnerable to a recently disclosed critical vulnerability is in the tens of thousands.…
Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process
Juniper Networks has disclosed separate vulnerabilities it was previously accused of concealing, and apologized to customers for the error in communication.…