The Register

Getting sloppy, Xi

Exclusive  Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server.…

Italian mafia mobsters and Irish crime families scuppered by international cops

Hours after confirming they had pwned the supposedly uncrackable encrypted messaging platform used for all manner of organized crime, Ghost, cops have now named the suspect they cuffed last night, who is charged with being the alleged mastermind.…

'Lives will be lost' as Moscow ramps up offensive cyber military units

Feature  As Russian special forces push more overtly into online operations, network defenders should be on the hunt for digital intruders looking to carry out cyberattacks that end in physical destruction and harm.…

Sting led to cuffing of alleged operator behind Ghost – an app for drug trafficking, money laundering, and violence-as-a-service

Australia's Federal Police (AFP) yesterday arrested and charged a man with creating and administering an app named Ghost that was allegedly "a dedicated encrypted communication platform … built solely for the criminal underworld" and which enabled crims to arrange acts of violence, launder money, and traffic illicit drugs.…

View Forever, more like it, as Meta's privacy feature again revealed to be futile with a little light hacking

A fix deployed by Meta to stop people repeatedly viewing WhatsApp’s so-called View Once messages – photos, videos, and voice recordings that disappear from chats after a recipient sees them – has been defeated in less than a week by white-hat hackers.…

Bug reports made in China

Broadcom has emitted a pair of patches for vulnerabilities in VMware vCenter Server that a miscreant with network access to the software could exploit to completely commandeer a system. This also affects Cloud Foundation.…

Chocolate Factory downgrades risk, citing the need for attacker access

Overly permissive settings in Google Cloud's Document AI service could be abused by data thieves to break into Cloud Storage buckets and steal sensitive information.…

Eight-year-old among those slain, Israel blamed, Iran's Lebanese ambassador wounded, it's said

Lebanon says at least nine people, including an eight-year-old girl, were killed today after pagers used by Hezbollah members exploded across the country. Israel has been blamed.…

Auction acts as payback after authority publicly refuses to pay up

The trend of ransomware crews claiming to sell stolen data privately instead of leaking it online continues with Rhysida marketing the data allegedly belonging to Port of Seattle for 100 Bitcoin (around $5.9 million).…

Ransomware resilience in a multi-cloud world: attend this exclusive event in Boston, MA

Sponsored Event  Join us on October 24 in Boston for an exclusive event designed for IT professionals and industry leaders dedicated to mastering cybersecurity in multi-cloud environments.…

Designations come as new infrastructure spins up in Africa

Five individuals and one company with ties to spyware developer Intellexa are the latest to earn sanctions as the US expands efforts to stamp out spyware.…

If this really was that useful, they wouldn't be telling us

According to a Chinese state-sanctioned study, signals from SpaceX Starlink broadband internet satellites could be used to track US stealth fighters, such as the F-22.…

May have reeled in blueprints related to weapons development

A Chinese national has been accused of conducting a years-long spear-phishing campaign that aimed to steal source code from the US Army and NASA, plus other highly sensitive software used in aerospace engineering and military applications.…

The C in these CVEs stands for Confusing

Analysis  Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched.…

You pipsqueaks want memory safety? We'll show you memory safety! We'll borrow that borrow checker

After two years of being beaten with the memory-safety stick, the C++ community has published a proposal to help developers write less vulnerable code.…

Now it's the default for all new accounts

Snowflake continues to push forward in strengthening its users' cybersecurity posture by making multi-factor authentication the default for all new accounts.…

Putting a spanner in work for plans of opposition party to launch a comeback during next year's elections

One of Germany's major political parties is still struggling to restore member data more than three months after a June cyberattack targeting its systems.…

Orchestrators of abductions, torture, crypto thefts, and more get their comeuppance

One cybercriminal of the most violent kind will spend his best years behind bars, as will 11 of his thug pals for a string of cryptocurrency robberies in the US.…

* Quite Unlikely A New Technology’s Useful, Man

Opinion  We have a new call to arms in the 21st century battlefront between the West and China. The Middle Kingdom is building an uncrackable national infrastructure based on quantum key distribution (QKD). The laws of physics are being used against us, and we're not keeping up, claims a think tank.…

Also: Apple to end NSO Group lawsuit; Malicious Python dev job offers; Dark web kingpins busted; and more

Infosec In Brief  Genetic testing outfit 23andMe has settled a proposed class action case related to a 2023 data breach for $30 million.…