The Register
Snyk appears to deploy 'malicious' packages targeting Cursor for unknown reason
Developer security company Snyk is at the center of allegations concerning the possible targeting or testing of Cursor, an AI code editor company, using "malicious" packages uploaded to NPM.…
It's not just Big Tech: The UK's Online Safety Act applies across the board
Analysis A little more than two months out from its first legal deadline, the UK’s Online Safety Act is causing concern among smaller online forums caught within its reach. The legislation, which came into law in the autumn of 2023, applies to search services and services that allow users to post content online or to interact with each other.…
UK floats ransomware payout ban for public sector
A total ban on ransomware payments across the public sector might actually happen after the UK government opened a consultation on how to combat the trend of criminals locking up whole systems and taxpayers footing the bill.…
Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used
Miscreants running a "mass exploitation campaign" against Fortinet firewalls, which peaked in December, may be using an unpatched zero-day vulnerability to compromise the equipment, according to security researchers who say they've observed the intrusions.…
Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug
"Several cloud deployments" are already compromised following the disclosure of the maximum-severity vulnerability in Aviatrix Controller, researchers say.…
Microsoft sues 'foreign-based' cyber-crooks, seizes sites used to abuse AI
Microsoft has sued a group of unnamed cybercriminals who developed tools to bypass safety guardrails in its generative AI tools. The tools were used to create harmful content, and access to the tools were sold as a service to other miscreants.…
Azure, Microsoft 365 MFA outage locks out users across regions
Microsoft's multi-factor authentication (MFA) for Azure and Microsoft 365 (M365) was offline for four hours during Monday's busy start for European subscribers.…
NATO's newest member comes out swinging following latest Baltic Sea cable attack
Sweden has committed to sending naval forces into the Baltic Sea following yet another suspected Russian attack on underwater cables in the region.…
Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days
A new ransomware crew dubbed Codefinger targets AWS S3 buckets and uses the cloud giant's own server-side encryption with customer provided keys (SSE-C) to lock up victims' data before demanding a ransom payment for the symmetric AES-256 keys required to decrypt it.…
Nominet probes network intrusion linked to Ivanti zero-day exploit
UK domain registry Nominet is investigating a potential intrusion into its network related to the latest Ivanti zero-day exploits.…
Europe coughs up €400 to punter after breaking its own GDPR data protection rules
Infosec in brief Gravy Analytics, a vendor of location intelligence info for marketers which reached a settlement with US authorities last year over its alleged unlawful sale of location, has reportedly been hacked – potentially exposing millions of smartphone users.…
Chinese cyber-spies peek over shoulder of officials probing real-estate deals near American military bases
Chinese cyber-spies who broke into the US Treasury Department also stole documents from officials investigating real-estate sales near American military bases, it's reported.…
Drug addiction treatment service admits attackers stole sensitive patient data
BayMark Health Services, one of the biggest drug addiction treatment facilities in the US, says it is notifying some patients this week that their sensitive personal information was stolen.…
Devs sent into security panic by 'feature that was helpful … until it wasn't'
On Call Velkomin, Vælkomin, Hoş geldin, and welcome to Friday, and therefore to another edition of On Call – The Register's end-of-week celebration of the tech support tasks you managed to tackle without too much trauma.…
Look for the label: White House rolls out 'Cyber Trust Mark' for smart devices
The White House this week introduced a voluntary cybersecurity labeling program for technology products so that consumers can have some assurance their smart devices aren't spying on them.…
Zero-day exploits plague Ivanti Connect Secure appliances for second year running
The cybersecurity industry is urging those in charge of defending their orgs to take mitigation efforts "seriously" as Ivanti battles two dangerous new vulnerabilities, one of which was already being exploited as a zero-day.…
Security pros baited with fake Windows LDAP exploit traps
Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws.…
Japanese Police claim China ran five-year cyberattack campaign targeting local orgs
Japan’s National Police Agency and Center of Incident Readiness and Strategy for Cybersecurity have confirmed third party reports of attacks on local orgs by publishing details of a years-long series of attacks attributed to a China-backed source.…
Database tables of student, teacher info stolen from PowerSchool in cyberattack
A leading education software maker has admitted its IT environment was compromised in a cyberattack, with students and teachers' personal data – including some Social Security Numbers and medical info – stolen.…
I tried hard, but didn't fix all of cybersecurity, admits outgoing US National Cyber Director
The outgoing leader of the United States' Office of the National Cyber Director has a clear message for whomever President-elect Trump picks to be his successor: There's a lot of work still to do.…