The Register

Intrusions bear the same hallmarks as recent Nx mess

The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.…

Tech evolved from PoC to global campaign in under two months

An attack called FileFix is masquerading as a Facebook security alert before ultimately dropping the widely used StealC infostealer and malware downloader.…

Latest extension to factory closures takes incident response into fourth week

Jaguar Land Rover (JLR) has announced a further extension to its multi-site global shutdown, bringing its cyber-related downtime to nearly four weeks.…

Cyberspace watchdog tightens reporting regime, leaving little time to hide incidents

Beijing will soon expect Chinese network operators to 'fess up to serious cyber incidents within an hour of spotting them – or risk penalties for dragging their feet.…

Cautionary tale from the recent SonicWall attacks

Failing to encrypt sensitive data leaves you wide open to attack. During the recent SonicWall attack spree, intruders bypassed multi-factor authentication (MFA) in at least one case, because a user's recovery codes were left sitting in a plaintext file on their desktop.…

Who has access to what? Without centralized governance, orgs struggle to answer this simple question.

Partner Content  From the moment users log onto their machines, access rights shape their experience. Access rights determine which apps they can run, which directories they can open, and what information they can retrieve.…

Bank says incident went undetected for over a year before discovery in June

A US fintech biz is writing to nearly 700,000 customers because a former employee may have accessed or acquired their data after leaving the company.…

Kimsuky gang proves that with the right wording, you can turn generative AI into a counterfeit factory

North Korean spies used ChatGPT to generate a fake military ID for use in an espionage campaign against a South Korean defense-related institution, according to new research.…

Chip giant accused of breaching conditions of $6.9B Mellanox takeover

China has dealt Nvidia another blow, finding the chipmaker in violation of the country's anti-monopoly Law and escalating a long-running regulatory headache into a full investigation.…

As post-cyberattack layoffs begin, labor org argues UK goverment should step in

The UK's chief automotive workers' union is calling on the government to establish a Covid-esque furlough scheme for the thousands of individuals who face losing their jobs due to the cyber-related downtime at Jaguar Land Rover.…

Peers will quiz campaigners on whether Ofcom's new measures will actually work, or just add more compliance pain

The House of Lords is about to put the latest child-protection plans of UK regulator the Office of Communications (Ofcom) under the microscope.…

PLUS: Japan woos Micron, again; China launches chip dumping probe; Mitsubishi expands opsec empire; and more!

Criminals appear to be moving cyber-scam centers to vulnerable countries.…

PLUS: China's Great Firewall springs a leak; FBI issues rare 'Flash Alert' of Salesforce attacks; $10m bounty for alleged Russian hacker; and more

Infosec In Brief  15 ransomware gangs, including Scattered Spider and Lapsus$, have announced that they are going dark, and say no more attacks will be carried out in their name.…

Doing a simple system reset may not be enough to save you from fines and lawsuits

With the end of Windows 10's regular support cycle fast approaching, and a good five years since the COVID pandemic spurred a wave of hardware replacements to support remote work, many IT departments are in the process of refreshing their fleets. But what they do with decommissioned systems is just as important as the shiny new ones they buy.…

Although it hasn't been seen in the wild yet

A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked Windows systems, making it the fourth publicly known bootkit capable of punching through the feature and hijacking a PC before the operating system loads.…

A similar vuln on Apple devices was used against 'specific targeted users'

Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices.…

Get ready for a fight over who steers the global standard for vulnerability identification

The Cybersecurity and Infrastructure Security Agency (CISA) nearly let the Common Vulnerabilities and Exposures (CVE) program lapse earlier this year, but a new "vision" document it released this week signals that it now wants more control over the global standard for vulnerability identification.…

Dorm management refuses to cover costs after payment system borked

More than a thousand university students in the Netherlands must continue to travel to wash their clothes after their building management company failed to bring its borked smart laundry machines back online.…

Big Brother Watch says a so-called BritCard could turn daily life into one long identity check – and warn that Whitehall can’t be trusted to run

A national digital ID could hand the government the tools for population-wide surveillance – and if history is anything to go by, ministers probably couldn't run it without cocking it up.…

UK data watchdog says students behind most education cyberattacks

The UK's data protection watchdog says more than half of cyberattacks in schools are caused by students, and that parents should act early to prevent their offspring from falling into the wrong crowds.…