News

And what looks like proof stolen data was never deleted even after ransom paid

Building on the success of what's known around here as LockBit Leak Week in February, the authorities say they've arrested a further four individuals with ties to the now-scuppered LockBit ransomware empire.…

Ransomware criminals believed to have taken orders from intel services

The relationship between infamous cybercrime outfit Evil Corp and the Russian state is thought to be extraordinarily close, so close that intelligence officials allegedly ordered the criminals to carry out cyberattacks on NATO members.…

Aleksandr Ryzhenkov alleged to have extorted around $100M from victims, built 60 LockBit attacks

The latest installment of the National Crime Agency's (NCA) series of ransomware revelations from February's LockBit Leak Week emerges today as the agency identifies a man it not only believes is a member of the long-running Evil Corp crime group but also a LockBit affiliate.…

Full names, contact details, and company info – all the fixings for a phishing holiday

Data allegedly belonging to more than 304,000 customers of Australian camera and tech e-tailer digiDirect has been leaked to an online cyber crime forum.…

Intruders accessed internal web servers, limited info ... customers told not to worry

Exclusive  Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment. That intrusion forced the cloud-hosting outfit to temporarily take its monitoring dashboard offline for customers.…

Only level-one trauma unit in 400 miles crippled

Ransomware scumbags have caused a vital hospital to turn away ambulances after infecting its computer systems with malware.…

At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue'

T-Mobile US has agreed to fork out $31.5 million to improve its cybersecurity and pay a fine after a string of network intrusions affected millions of customers between 2021 and 2023.…

It's election year for more than 50 countries and the Islamic Republic threatens a bunch of them

US and UK national security agencies are jointly warning about Iranian spearphishing campaigns, which remain an ongoing threat to various industries and governments.…

Only 2 out of 5 tested products were equitable across demographics

A study by the US General Services Administration (GSA) has revealed that five remote identity verification (RiDV) technologies are unreliable, inconsistent, and marred by bias across different demographic groups.…

Ransomware? More like 'we don't care' for everyone but CISOs

Efficiency and scalability are key benefits of enterprise cloud computing, but they come at a cost. Security threats specific to cloud environments are the leading cause of concern among top executives and they're also the ones organizations are least prepared to address.…

LLMs are helpful, but don't use them for anything important

AI models just can't seem to stop making things up. As two recent studies point out, that proclivity underscores prior warnings not to rely on AI advice for anything that really matters.…

PLUS: UK man charged with hacking US firms for stock secrets; ransomware actor foils self; and more

Infosec In Brief  Put away that screwdriver and USB charging cable – the latest way to steal a Kia just requires a cellphone and the victim's license plate number.…

Plus: SpaceX plans Vietnam investment; Yahoo! Japan content moderation secrets; LG offloads Chinese display factory; and more

ASIA IN BRIEF  It's not often The Register writes about a cryptocurrency outfit being on the right side of a scam or crime, but last week crypto exchange Binance claimed it helped Indian authorities to investigate a scam gaming app.…

Alethe Denis exposes tricks that made you fall for that return-to-office survey

Interview  A hacker walked into a "very big city" building on a Wednesday morning with no keys to any doors or elevators, determined to steal sensitive data by breaking into both the physical space and the corporate Wi-Fi network.…

Snoops allegedly camped out in inboxes well into September

The US Department of Justice has charged three Iranians for their involvement in a "wide-ranging hacking campaign" during which they allegedly stole massive amounts of materials from Donald Trump's 2024 presidential campaign and then leaked the information to media organizations.…

AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more

Microsoft has revised the Recall feature for its Copilot+ PCs and insists that the self-surveillance system is secure.…

Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda

Microsoft's latest threat intelligence blog issues a warning to all organizations about Storm-0501's recent shift in tactics, targeting, and backdooring hybrid cloud environments.…

33% of cloud environments using the toolkit impacted, we're told

A critical bug in Nvidia's widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host.…

More 9.8 bugs? Ay, papi!

Aruba access points running AOS-8 and AOS-10 need to be patched urgently after HPE emitted fixes for three critical flaws in its networking subsidiary's networking access points.…

No fix yet plus criticalness plus uncertainty plus talk of example exploit equals nightmare

Details about an as-yet-non-public critical 9.9-out-of-10-severity unauthenticated remote-code execution vulnerability affecting all GNU/Linux systems could be revealed today.…