The Register

iiNet breach blamed on single stolen login, with emails, phone numbers, and addresses exposed

Aussie telco giant TPG Telecom has opened an investigation after confirming a cyberattack at subsidiary iiNet.…

Burger slinger gets a McRibbing, reacts by firing staffer who helped

A white-hat hacker has discovered a series of critical flaws in McDonald's staff and partner portals that allowed anyone to order free food online, get admin rights to the burger slinger's marketing materials, and could allow an attacker to get a corporate email account with which to conduct a little filet-o-phishing.…

Reconfigure local app settings via a 'simple' POST request

A now-patched flaw in popular AI model runner Ollama allows drive-by attacks in which a miscreant uses a malicious website to remotely target people's personal computers, spy on their local chats, and even control the models the victim's app talks to, in extreme cases by serving poisoned models.…

Intruders hoped no one would notice their presence

Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux servers.…

Toronto company says weekend cyber raid hit internal IT, not punters' wallets

Canadian casino software slinger Bragg Gaming Group has disclosed a "cybersecurity incident," though it's adamant the intruders never got their hands on customer data.…

Tulsi Gabbard boasts Washington forced Blighty to drop iPhone encryption fight

The UK government has reportedly abandoned its attempt to strong-arm Apple into weakening iPhone encryption after the White House forced Blighty into a quiet climb-down.…

Developer demand for sovereign cloud from tech giant is on the rise, says exec

Interview  Google's President of Customer Experience, Hayete Gallot, offered some words of comfort to developers who are looking nervously at the rise of AI assistants while also laying out her vision for cloud sovereignty.…

CEO says if you buy all your infosec stuff from him, life under assault from bots will be less painful

Brace for a new round of browser wars, according to Palo Alto Networks CEO Nikesh Arora.…

High accuracy scores come from conditions that don't reflect real-world usage

Facial recognition technology has been deployed publicly on the basis of benchmark tests that reflect performance in laboratory settings, but some academics are saying that real-world performance doesn't match up.…

Spy vs spy in the chips

Comment  Chinese state media called the US an aspiring "surveillance empire" over its proposed use of asset tracking tags to crack down on black-market GPU shipments to the Middle Kingdom.…

Supply chain breach has been a major target of legal action

Microsoft-owned talk-to-text outfit Nuance has agreed to cough up $8.5 million to settle a class action lawsuit over the sprawling MOVEit Transfer mega-breach – although it admits no liability.…

HR SaaS giant insists core systems untouched

Workday has admitted that attackers gained access to one of its third-party CRM platforms, but insists its core systems and customer tenants are untouched.…

Sni5Gect research crew targets sweet spot during device / network handshake pause

Security boffins have released an open source tool for poking holes in 5G mobile networks, claiming it can do up- and downlink sniffing and a novel connection downgrade attack - plus "other serious exploits" they're keeping under wraps, for now.…

When you're asking AI chatbots for answers, they're data-mining you

Opinion  Recently, OpenAI ChatGPT users were shocked – shocked, I tell you! – to discover that their searches were appearing in Google search. You morons! What do you think AI chatbots are doing? Doing all your homework for free or a mere $20 a month? I think not!…

If you wanted to hurt Putin’s ransomware racketeers, these info-stealing npm packages are one way to do it

Researchers at software supply chain security outfit Safety think they’ve found malware that targets Russian cryptocurrency developers, and perhaps therefore Russia’s state-linked ransomware crews…

PLUS: Kryptos solution up for auction; Canadian parliament springs a leak; Fake crypto lawyers; And more

Infosec In Brief  New York State is suing bank-owned peer-to-peer payment app Zelle, claiming that the banks behind it knew fraud was rampant on the platform but allowed scammers to conduct business with impunity.…

'Hope for the best, but prepare for the worst,' one tells The Reg

Feature  Bill Gates, an Arizona election official and former Maricopa County supervisor, says that the death threats started shortly after the 2020 presidential election.…

Is that a JuicyPotato on your network?

A suspected Chinese-government-backed cyber crew recently broke into a Taiwanese web hosting provider to steal credentials and plant backdoors for long-term access, using a mix of open-source and custom software tools, Cisco Talos reports.…

Switchzilla's summer of perfect 10s

Cisco has issued a patch for a maximum-severity bug in its Secure Firewall Management Center (FMC) software that could allow an unauthenticated, remote attacker to inject arbitrary shell commands on vulnerable systems.…

Who knew zero-days could be so useful to highway speedsters?

The lingering effects of a cyberattack on the Public Prosecution Service of the Netherlands are preventing it from reactivating speed cameras across the country.…