The Register
Feeld dating app's security too open-minded as private data swings into public view
Security researchers have revealed a litany of failures in the Feeld dating app that could be abused to access all manner of private user data, including the most sensitive images not intended to be kept or shared.…
Cambodian senator sanctioned by US over alleged forced labor cyber-scam camps
The US Department of the Treasury’s Office of Foreign Assets Control issued sanctions on Thursday against Cambodian entrepreneur and senator Ly Yong Phat, for his "role in serious human rights abuse related to the treatment of trafficked workers subjected to forced labor in online scam centers."…
Australia’s government spent the week boxing Big Tech
Australia's government has spent the week reining in Big Tech.…
Feds pull plug on domains linked to import of Chinese gun conversion devices
The US Attorney's Office in the District of Massachusetts has seized more than 350 internet domains allegedly used by Chinese outfits to sell US residents kits that convert semiautomatic pistols into fully automatic guns – and silence them as they fire.…
Fortinet admits miscreant got hold of customer data in the cloud
Fortinet has admitted that bad actors accessed cloud-hosted data about its customers, but insisted it was a "limited number" of files. The question is: how limited is "limited"?…
'Hadooken' Linux malware targets Oracle WebLogic servers
An unknown attacker is exploiting weak passwords to break into Oracle WebLogic servers and deploy an emerging Linux malware called Hadooken, according to researchers from cloud security outfit Aqua.…
I stole 20GB of data from Capgemini – and now I'm leaking it, says cyber-crook
A miscreant claims to have broken into Capgemini and leaked a large amount of sensitive data stolen from the technology services giant – including source code, credentials, and T-Mobile's virtual machine logs.…
Mastercard splurges $2.65B on another big cyber buy – Recorded Future
Mastercard has added another security asset to its growing portfolio, laying down $2.65 billion for threat intelligence giant Recorded Future.…
Adobe patches Acrobat bug, neglects to mention whole zero-day, exploit thing
Adobe's patch for a remote code execution (RCE) bug in Acrobat doesn't mention that the vulnerability is considered a zero-day nor that a proof-of-concept (PoC) exploit exists, a researcher warns.…
Google Chrome gets a mind of its own for some security fixes
Google has enhanced Chrome's Safety Check so that it can make some security decisions on the user's behalf.…
Transport for London confirms 5,000 users' bank data exposed, pulls large chunks of IT infra offline
Breaking Transport for London's ongoing cyber incident has taken a dark turn as the organization confirmed that some data, including bank details, might have been accessed, and 30,000 employees' passwords will need to be reset via in-person appointments.…
EU kicks off an inquiry into Google's AI model
The European Union's key regulator for data privacy, Ireland's Data Protection Commission (DPC), has launched a cross-border inquiry into Google's AI model to ascertain if it complies with the bloc's rules.…
About that Windows Installer 'make me admin' security hole. Here's how it's exploited
In this week's Patch Tuesday Microsoft alerted users to, among other vulnerabilities, a flaw in Windows Installer that can be exploited by malware or a rogue user to gain SYSTEM-level privileges to hijack a PC.…
Mind your header! There's nothing refreshing about phishers' latest tactic
Palo Alto's Unit 42 threat intel team wants to draw the security industry's attention to an increasingly common tactic used by phishers to harvest victims' credentials.…
NIS2, DORA, and Tiber-EU expanding cybersecurity regulation
Webinar As cybersecurity threats evolve, so do the regulations designed to protect businesses.…
If HDMI screen rips aren't good enough for you pirates, DeCENC is another way to beat web video DRM
An anti-piracy system to protect online video streams from unauthorized copying is flawed – and can be broken to allow streamed media from Amazon, Netflix, and others to be saved, replayed, and spread at will, we're told.…
Pokémon GO was an intelligence tool, claims Belarus military official
A defense ministry official from Belarus has claimed augmented reality game Pokémon GO was a tool of Western intelligence agencies.…
Healthcare giant to pay $65M settlement after crooks stole and leaked nude patient pics
A US healthcare giant will pay out $65 million to settle a class-action lawsuit brought by its own patients after ransomware crooks stole their data – including their nude photographs – and published at least some of them online.…
Cyber crooks shut down UK, US schools, thousands of kids affected
Cybercriminals closed some schools in America and Britain this week, preventing kindergarteners in Washington state from attending their first-ever school day and shutting down all internet-based systems for Biggin Hill-area students in England for the next three weeks.…
Major sales and ops overhaul leads to much more activity ... for Meow ransomware gang
The Meow ransomware group has grabbed the second most active gang spot in an unexpected surge in activity following a major brand overhaul.…