News

Toronto company says weekend cyber raid hit internal IT, not punters' wallets

Canadian casino software slinger Bragg Gaming Group has disclosed a "cybersecurity incident," though it's adamant the intruders never got their hands on customer data.…

Tulsi Gabbard boasts Washington forced Blighty to drop iPhone encryption fight

The UK government has reportedly abandoned its attempt to strong-arm Apple into weakening iPhone encryption after the White House forced Blighty into a quiet climb-down.…

Developer demand for sovereign cloud from tech giant is on the rise, says exec

Interview  Google's President of Customer Experience, Hayete Gallot, offered some words of comfort to developers who are looking nervously at the rise of AI assistants while also laying out her vision for cloud sovereignty.…

CEO says if you buy all your infosec stuff from him, life under assault from bots will be less painful

Brace for a new round of browser wars, according to Palo Alto Networks CEO Nikesh Arora.…

High accuracy scores come from conditions that don't reflect real-world usage

Facial recognition technology has been deployed publicly on the basis of benchmark tests that reflect performance in laboratory settings, but some academics are saying that real-world performance doesn't match up.…

Spy vs spy in the chips

Comment  Chinese state media called the US an aspiring "surveillance empire" over its proposed use of asset tracking tags to crack down on black-market GPU shipments to the Middle Kingdom.…

Supply chain breach has been a major target of legal action

Microsoft-owned talk-to-text outfit Nuance has agreed to cough up $8.5 million to settle a class action lawsuit over the sprawling MOVEit Transfer mega-breach – although it admits no liability.…

HR SaaS giant insists core systems untouched

Workday has admitted that attackers gained access to one of its third-party CRM platforms, but insists its core systems and customer tenants are untouched.…

Sni5Gect research crew targets sweet spot during device / network handshake pause

Security boffins have released an open source tool for poking holes in 5G mobile networks, claiming it can do up- and downlink sniffing and a novel connection downgrade attack - plus "other serious exploits" they're keeping under wraps, for now.…

When you're asking AI chatbots for answers, they're data-mining you

Opinion  Recently, OpenAI ChatGPT users were shocked – shocked, I tell you! – to discover that their searches were appearing in Google search. You morons! What do you think AI chatbots are doing? Doing all your homework for free or a mere $20 a month? I think not!…

If you wanted to hurt Putin’s ransomware racketeers, these info-stealing npm packages are one way to do it

Researchers at software supply chain security outfit Safety think they’ve found malware that targets Russian cryptocurrency developers, and perhaps therefore Russia’s state-linked ransomware crews…

PLUS: Kryptos solution up for auction; Canadian parliament springs a leak; Fake crypto lawyers; And more

Infosec In Brief  New York State is suing bank-owned peer-to-peer payment app Zelle, claiming that the banks behind it knew fraud was rampant on the platform but allowed scammers to conduct business with impunity.…

'Hope for the best, but prepare for the worst,' one tells The Reg

Feature  Bill Gates, an Arizona election official and former Maricopa County supervisor, says that the death threats started shortly after the 2020 presidential election.…

Is that a JuicyPotato on your network?

A suspected Chinese-government-backed cyber crew recently broke into a Taiwanese web hosting provider to steal credentials and plant backdoors for long-term access, using a mix of open-source and custom software tools, Cisco Talos reports.…

Switchzilla's summer of perfect 10s

Cisco has issued a patch for a maximum-severity bug in its Secure Firewall Management Center (FMC) software that could allow an unauthenticated, remote attacker to inject arbitrary shell commands on vulnerable systems.…

Who knew zero-days could be so useful to highway speedsters?

The lingering effects of a cyberattack on the Public Prosecution Service of the Netherlands are preventing it from reactivating speed cameras across the country.…

London-based multinational takes customer portal and Voice API platform offline as 'protective measure' following breach

Multinational telco Colt Technology Services says a "cyber incident" is to blame for its customer portal and other services being down for a number of days.…

System prompt engineering turns benign AI assistants into 'investigator' and 'detective' roles that bypass privacy guardrails

A team of boffins is warning that AI chatbots built on large language models (LLM) can be tuned into malicious agents to autonomously harvest users’ personal data, even by attackers with "minimal technical expertise”, thanks to "system prompt" customization tools from OpenAI and others.…

As £9 billion MoU sparks debate about value for money, it's time to have your say

Register debate series  It's a lot of money, £9 billion ($12 billion). Especially for a government which finds itself — for whatever reason — in a fiscal dead end.…

Some custom malware, some legit software tools

At least a dozen ransomware gangs have incorporated kernel-level EDR killers into their malware arsenal, allowing them to bypass almost every major endpoint security tool on the market, escalate privileges, and ultimately steal and encrypt data before extorting victims into paying a ransom.…