The Register
Chinese spies spent months inside aerospace engineering firm's network via legacy IT
Exclusive Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server.…
Cops across the world arrest 51 in orchestrated takedown of Ghost crime platform
Hours after confirming they had pwned the supposedly uncrackable encrypted messaging platform used for all manner of organized crime, Ghost, cops have now named the suspect they cuffed last night, who is charged with being the alleged mastermind.…
Despite Russia warnings, Western critical infrastructure remains unprepared
Feature As Russian special forces push more overtly into online operations, network defenders should be on the hunt for digital intruders looking to carry out cyberattacks that end in physical destruction and harm.…
Australian Police conducted supply chain attack on criminal collaborationware
Australia's Federal Police (AFP) yesterday arrested and charged a man with creating and administering an app named Ghost that was allegedly "a dedicated encrypted communication platform … built solely for the criminal underworld" and which enabled crims to arrange acts of violence, launder money, and traffic illicit drugs.…
WhatsApp fix to make View Once chats actually disappear is beaten in less than a week
A fix deployed by Meta to stop people repeatedly viewing WhatsApp’s so-called View Once messages – photos, videos, and voice recordings that disappear from chats after a recipient sees them – has been defeated in less than a week by white-hat hackers.…
VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation
Broadcom has emitted a pair of patches for vulnerabilities in VMware vCenter Server that a miscreant with network access to the software could exploit to completely commandeer a system. This also affects Cloud Foundation.…
Google Cloud Document AI flaw (still) allows data theft despite bounty payout
Overly permissive settings in Google Cloud's Document AI service could be abused by data thieves to break into Cloud Storage buckets and steal sensitive information.…
Lebanon: At least nine dead, thousands hurt after Hezbollah pagers explode
Lebanon says at least nine people, including an eight-year-old girl, were killed today after pagers used by Hezbollah members exploded across the country. Israel has been blamed.…
Rhysida ransomware gang ships off Port of Seattle data for $6M
The trend of ransomware crews claiming to sell stolen data privately instead of leaking it online continues with Rhysida marketing the data allegedly belonging to Port of Seattle for 100 Bitcoin (around $5.9 million).…
Secure your organization
Sponsored Event Join us on October 24 in Boston for an exclusive event designed for IT professionals and industry leaders dedicated to mastering cybersecurity in multi-cloud environments.…
Predator spyware kingpins added to US sanctions list
Five individuals and one company with ties to spyware developer Intellexa are the latest to earn sanctions as the US expands efforts to stamp out spyware.…
China claims Starlink signals can reveal stealth aircraft – and what that really means
According to a Chinese state-sanctioned study, signals from SpaceX Starlink broadband internet satellites could be used to track US stealth fighters, such as the F-22.…
Chinese national accused by Feds of spear-phishing for NASA, military source code
A Chinese national has been accused of conducting a years-long spear-phishing campaign that aimed to steal source code from the US Army and NASA, plus other highly sensitive software used in aerospace engineering and military applications.…
Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day
Analysis Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched.…
The empire of C++ strikes back with Safe C++ blueprint
After two years of being beaten with the memory-safety stick, the C++ community has published a proposal to help developers write less vulnerable code.…
Snowflake slams 'more MFA' button again – months after Ticketmaster, Santander breaches
Snowflake continues to push forward in strengthening its users' cybersecurity posture by making multi-factor authentication the default for all new accounts.…
Germany’s CDU still struggling to restore data months after June cyberattack
One of Germany's major political parties is still struggling to restore member data more than three months after a June cyberattack targeting its systems.…
Prison just got rougher as band of heinously violent cybercrims sentenced to lengthy stints
One cybercriminal of the most violent kind will spend his best years behind bars, as will 11 of his thug pals for a string of cryptocurrency robberies in the US.…
China’s quantum* crypto tech may be unhackable, but it's hardly a secret
Opinion We have a new call to arms in the 21st century battlefront between the West and China. The Middle Kingdom is building an uncrackable national infrastructure based on quantum key distribution (QKD). The laws of physics are being used against us, and we're not keeping up, claims a think tank.…
23andMe settles class-action breach lawsuit for $30 million
Infosec In Brief Genetic testing outfit 23andMe has settled a proposed class action case related to a 2023 data breach for $30 million.…