The Register
UK biometrics boss bows out, bemoaning bureaucratic blunders
The farewell report written by the UK's biometrics and surveillance commissioner highlights a litany of failings in the Home Office's approach to governing the technology.…
SolarWinds slams SEC lawsuit against it as 'unprecedented' victim blaming
SolarWinds – whose network monitoring software was backdoored by Russian spies so that the biz's customers could be spied upon – has accused America's financial watchdog of seeking to "revictimise the victim" after the agency sued it over the 2020 attack.…
Tesla hacks make big bank at Pwn2Own's first automotive-focused event
Infosec in brief Trend Micro's Zero Day Initiative (ZDI) held its first-ever automotive-focused Pwn2Own event in Tokyo last week, and awarded over $1.3 million to the discoverers of 49 vehicle-related zero day vulnerabilities.…
750 million Indian mobile subscribers' info for sale on dark web
Asia In Brief Indian infosec firm CloudSEK last week claimed it found records describing 750 million Indian mobile network subscribers on the dark web, with two crime gangs offering the trove of data for just $3,000.…
Microsoft sheds some light on Russian email heist – and how to learn from Redmond's mistakes
Microsoft, a week after disclosing that Kremlin-backed spies broke into its network and stole internal emails and files from its executives and staff, has now confirmed the compromised corporate account used in the genesis of the heist didn't even have multi-factor authentication (MFA) enabled. …
Wait, security courses aren't a requirement to graduate with a computer science degree?
Comment There's a line in the latest plea from CISA – the US government's cybersecurity agency – to software developers to do a better job of writing secure code that may make you spit out your coffee.…
Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months
Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts.…
Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist
The Akira ransomware gang is claiming responsiblity for the "cybersecurity incident" at British bath bomb merchant.…
Trickbot malware scumbag gets five years for infecting hospitals, businesses
A former Trickbot developer has been sent down for five years and four months for his role in infecting American hospitals and businesses with ransomware and other malware, costing victims tens of millions of dollars in losses.…
EquiLend drags systems offline after admitting attacker broke in
US securities lender EquiLend has pulled a number of its systems offline after a security "incident" in which an attacker gained "unauthorized access".…
HPE joins the 'our executive email was hacked by Russia' club
HPE has become the latest tech giant to admit it has been compromised by Russian operatives.…
US judge rejects spyware developer NSO's attempt to bin Apple's spyware lawsuit
A US court has rejected spyware vendor NSO Group's motion to dismiss a lawsuit filed by Apple that alleges the developer violated computer fraud and other laws by infecting customers' iDevices with its surveillance software.…
Major IT outage at Europe's largest caravan and RV club makes for not-so-happy campers
The UK's Caravan and Motorhome Club (CAMC) is battling a suspected cyberattack with members reporting widespread IT outages for the past five days.…
Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug
Security experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago.…
What Microsoft's latest email breach says about this IT security heavyweight
Comment For most organizations – especially security vendors – disclosing a corporate email breach, in which executives' internal messages and attachments were stolen, would noticeably ding their stock prices.…
COVID-19 test lab accused of exposing 1.3 million patient records to open internet
A password-less database containing an estimated 1.3 million sets of Dutch COVID-19 testing records was left exposed to the open internet, and it's not clear if anyone is taking responsibility.…
GCHQ's NCSC warns of 'realistic possibility' AI will help state-backed malware evade detection
The idea that AI could generate super-potent and undetectable malware has been bandied about for years – and also already debunked. However, an article published today by the UK National Cyber Security Centre (NCSC) suggests there is a "realistic possibility" that by 2025, the most sophisticated attackers’ tools will improve markedly thanks to AI models informed by data describing successful cyber-hits.…
CISA boss swatted: 'While my own experience was certainly harrowing, it was unfortunately not unique'
CISA Director Jen Easterly has confirmed she was the subject of a swatting attempt on December 30 after a bogus report of a shooting at her home.…
Accused PII seller faces jail for running underground fraud op
A Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud.…
UK water giant admits attackers broke into system as gang holds it to ransom
Southern Water confirmed this morning that criminals broke into its IT systems, making off with a "limited amount of data."…