The Register

OFAC, Office of the Treasury Secretary feared hit in data-snarfing swoop

Chinese spies who compromised the US Treasury Department's workstations reportedly stole data belonging to a government office responsible for sanctions against organizations and individuals.…

Even the sound of a zip could be enough to start the recordings, according to claims

Apple has filed a proposed settlement in California suggesting it will pay $95 million to settle claims that Siri recorded owners' conversations without consent and allowed contractors to listen in.…

2024's Tech Fail Roll Of Dishonor

Opinion  Happy new year! Tradition says that this is when we boldly look forward to what may happen in the 12 months to come. Do you really want to know that? Didn’t think so.…

Brings the arrest count related to the Snowflake hacks to 3

A US Army soldier has been arrested in Texas after being indicted on two counts of unlawful transfer of confidential phone records information. …

Data pilfered as miscreants roamed affected workstations

The US Department of the Treasury has admitted that miscreants were in its systems, accessing documents in what has been called a "major incident."…

From targeted espionage to pre-positioning - not that they are mutually exclusive

The Chinese government's intrusions into America's telecommunications and other critical infrastructure networks this year appears to signal a shift from cyberspying as usual to prepping for destructive attacks.…

The intrusions allowed Beijing to 'geolocate millions of individuals'

AT&T, Verizon, and Lumen Technologies confirmed that Chinese government-backed snoops accessed portions of their systems earlier this year, while the White House added another, yet-unnamed telecommunications company to the list of those breached by Salt Typhoon.…

'The greatest concern is with spear phishing and social engineering'

Interview  Now that criminals have realized there's no need to train their own LLMs for any nefarious purposes - it's much cheaper and easier to steal credentials and then jailbreak existing ones - the threat of a large-scale supply chain attack using generative AI becomes more real.…

Cut off one head, two more grow back in its place

RansomHub, the ransomware collective that emerged earlier this year, quickly gained momentum, outpacing its criminal colleagues and hitting its victims especially hard. The group named and shamed hundreds of organizations on its leak site, while demanding exorbitant payments across various industries.…

Santa Satya pops one more issue into his sack just in time for Christmas

The trickle of known issues with Windows 11 24H2 has continued with a new one just in time for festive season: installed the operating system using removable media? There's a chance it might stop receiving security updates.…

Rob Joyce explains how it's done

Video  In 2018, Rob Joyce, then Donald Trump's White House Cybersecurity Coordinator, gave a surprise talk at the legendary hacking conference Shmoocon about his hobby.…

Botnet's operators 'driven by similar interests as that of the Chinese state'

After the Mozi botnet mysteriously disappeared last year, a new and seemingly more powerful botnet, Androxgh0st, rose from its ashes and has quickly become a major threat to critical infrastructure.…

35 years since AIDS first borked a PC and we're still no closer to a solution

Feature  Your Christmas holidays looked quite different in the '80s to how they do today. While some will remember what it was like to wake up on the 25th back then, some of you won't even have been born. The food hasn't changed much. Turkey, stuffing, Brussels sprouts… that's all been around for some time.…

Easier to let those old phones gather dust in a drawer, survey finds

The UK's Information Commissioner's Office (ICO) has warned that many adults don't know how to wipe their old devices, and a worrying number of young people just don't care.…

Mummy, where do zero days come from?

Opinion  One of the charms of coding is that malice can be indistinguishable from incompetence. Last week's Who, Me? story about financial transfer test software running amok is a case in point.…

Dual Russian-Israeli national arrested in August

An alleged LockBit ransomware developer is in custody in Israel and awaiting extradition to the United States.…

Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more

in brief  Google has announced plans to allow its business customers to begin "fingerprinting" users next year, and the UK Information Commissioner's Office (ICO) isn't happy about it. …

Yes, LLMs can do the heavy lifting. But good luck getting one to give evidence

CANALYS FORUMS APAC  Generative AI is being enthusiastically adopted in almost every field, but infosec experts are divided on whether it is truly helpful for red team raiders who test enterprise systems.…

Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns

Unknown criminals went on a phishing expedition that targeted about 20,000 users across the automotive, chemical and industrial compound manufacturing sectors in Europe, and tried to steal account credentials and then hijack the victims' Microsoft Azure cloud infrastructure.…

It could end up like Huawei -Trump's gonna get ya, get ya, get ya

The Feds may ban the sale of TP-Link routers in the US over ongoing national security concerns about Chinese-made devices being used in cyberattacks.…