File that neutered Secure Boot passed Microsoft's internal review process. For the past seven months and likely longer an industry-wide standard that protects Windows devices from firmware infections could be by
Published: 2025-01-16T13:24:17
In-the-wild attacks tamper with built-in security tool providing infection warnings. Networks protected by Ivanti VPNs are under active attack by well-resourced hackers who are exploiting a critical vulnerabilit
Published: 2025-01-09T22:17:26
Two separate campaigns have been stealing credentials and browsing history for months. As many of us celebrated the year-end holidays, a small group of researchers worked overtime tracking a startling discovery:
Published: 2025-01-03T12:15:47
Microsoft starts 2025 as it hopefully doesn't mean to go on Devices that have Citrix's Session Recording software installed are having problems completing this month's Microsoft Patch Tuesday update, which includes important fixes.
Published: 2025-01-15T17:15:14
Packages removed, vendor said to have apologized to AI code editor as onlookers say it could have been a test Updated Developer security company Snyk is at the center of allegations concerning the possible targeting or testing of Cursor, an AI code
Published: 2025-01-14T13:13:06
Hackers in North Korea stole a total of $659 million in crypto across several heists in 2024, according to a joint statement issued today by the US, Japan, and South Korea. The report specified five such incidents, like the $235 million the...
Published: 2025-01-14T15:54:03
/cdn.vox-cdn.com/uploads/chorus_asset/file/25830871/Wyze_Descriptive_Alert_example.jpg)
Wyze’s Descriptive Alerts are available to Cam Unlimited Pro members a new $19.99 per month (or $199.99 per year) subscription that bundles other features like facial recognition, searching videos using descriptive keywords, and simultaneou...
Published: 2025-01-14T12:30:00
The FBI hacked about 4,200 computers across the US as part of an operation to find and delete PlugX, a malware used by state-backed hackers in China to steal information from victims, the Department of Justice announced on Tuesday. In an un...
Published: 2025-01-14T11:32:59
Last week, major location data broker Gravy Analytics disclosed a data breach that may have resulted in the theft of precise location data for millions of people, reports TechCrunch. That appears to include data from popular mobile games li...
Published: 2025-01-13T11:10:23
Schools across the US and Canada are warning parents that a data breach may have leaked information for students and employees. The K-12 operations platform PowerSchool, which supports over 60 million students and has over 18,000 customers ...
Published: 2025-01-10T10:10:09
Apple is refuting rumors that it ever let advertisers target users based on Siri recordings in a statement published Wednesday evening describing how Siri works and what it does with data. The section specifically responding to the rumors ...
Published: 2025-01-08T21:53:15
Washington state is suing T-Mobile for allegedly failing to address cybersecurity vulnerabilities that enabled a hacker to expose the personal data of 79 million people nationwide. The consumer protection lawsuit filed by Washington Attorne...
Published: 2025-01-08T06:00:23
Baseus has announced a new version of its solar-powered security camera at CES 2025 that improves video quality from 2K to 4K and extends battery life from 180 to 210 days. But like the previous version, the new Baseus Security S2 camera ca...
Published: 2025-01-07T17:30:00
/cdn.vox-cdn.com/uploads/chorus_asset/file/24794908/Cyber_Trust_Mark_yellow.png)
Companies can voluntarily apply to use the logo by having their products tested by an accredited lab recognized by the Federal Communications Commission, showing that they meet the standards for the label. The label could be applied to Intern...
Published: 2025-01-07T12:30:00
Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. [...]
Published: 2025-01-17T15:17:22
A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. [...]
Published: 2025-01-17T14:16:28
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group. [...]
Published: 2025-01-17T11:57:01
The Federal Communications Commission (FCC) has ordered U.S. telecommunications carriers to secure their networks following last year's Salt Typhoon security breaches. [...]
Published: 2025-01-17T11:05:29
Days before leaving office, President Joe Biden signed an executive order to shore up the United States' cybersecurity by making it easier to sanction hacking groups targeting federal agencies and the nation's critical infrastructure. [...]
Published: 2025-01-16T12:58:14
Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. [...]
Published: 2025-01-16T11:26:41
Written by: Steven Karschnia, Truman Brown, Jacob Paullus, Daniel McNamara Executive Summary Due to their client-side nature, single-page applications (SPAs) will typically have multiple access control vulnerabilities By implementing a robust a
Published: 2025-01-15T14:00:00
Written by: John Wolfram, Josh Murchie, Matt Lin, Daniel Ainsworth, Robert Wallace, Dimiter Andonov, Dhanesh Kizhakkinan, Jacob Thompson Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add more
Published: 2025-01-08T14:00:00
by Renee Dudley ProPublica is a nonprofit newsroom that
Published: 2025-01-17T16:25:00
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coin... 
Published: 2025-01-16T21:18:48
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025... 
Published: 2025-01-14T22:50:00
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gan... 
Published: 2025-01-07T23:41:53
Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping Decades-old legislation requiring American telcos to lock down their systems to prevent foreign snoops from intercepting communications isn't mere decoration on the pages of law books it actually means carriers need to secure their networks, the FCC has huffed.
Published: 2025-01-17T22:07:27
Ransomware, AI, secure software, digital IDs there's something for everyone in the presidential directive Analysis Joe Biden, in the final days of his US presidency, issued another cybersecurity order that is nearly as vast in scope as it is late in the game.
Published: 2025-01-17T20:23:12
Competition hots up with Ivanti over who can have the worst start to a year Fortinet has confirmed that previous analyses of records leaked by the Belsen Group are indeed genuine FortiGate configs stolen during a zero-day raid in 2022.
Published: 2025-01-17T18:32:06
With Biden reportedly planning to skirt enforcement and kick the can to Trump, this saga might still not be over updated The US Supreme Court has upheld a law requiring TikTok to either divest from its Chinese parent ByteDance or face a ban in the United States. The decision eliminates the final legal obstacle to the federal government forcing a shutdown of the platform for US users on January 19.
Published: 2025-01-17T17:15:07
Turns out tool does both file transfers and security fixes fast Don't panic. Yes, there were a bunch of CVEs, affecting potentially hundreds of thousands of users, found in rsync in early December and made public on Tuesday but a fixed version came out the same day, and was further tweaked for better compatibility the following day.
Published: 2025-01-17T15:49:09
Pastes allegedly stolen documents on leak site with 600K demand Another year and yet another UK local authority has been pwned by a ransomware crew. This time it's Gateshead Council in North East England at the hands of the Medusa group.
Published: 2025-01-17T10:30:08
If you want a picture of the future, imagine your infosec team stamping on software forever Microsoft brainiacs who probed the security of more than 100 of the software giant's own generative AI products came away with a sobering message: The models amplify existing security risks and create new ones.
Published: 2025-01-17T07:42:05
Some of you have apparently already botched chatbots or allowed shadow AI to creep in Cisco and Nvidia have both recognized that as useful as today's AI may be, the technology can be equally unsafe and/or unreliable and have delivered tools in an attempt to help address those weaknesses.
Published: 2025-01-17T02:30:10
We'll defo ask for permission next time, automaker tells FTC General Motors on Thursday said that it has reached a settlement with the FTC "to address privacy concerns about our now-discontinued Smart Driver program."
Published: 2025-01-17T00:49:27
FSB cyberspies venture into a new app for espionage, Microsoft says updated Star Blizzard, a prolific phishing crew backed by the Russian Federal Security Service (FSB), conducted a new campaign aiming to compromise WhatsApp accounts and gain access to their messages and data, according to Microsoft.
Published: 2025-01-16T19:15:14
That's in addition to the $4.5M fine paid to three state AGs last year Enzo Biochem has settled a consolidated class-action lawsuit relating to its 2023 ransomware incident for $7.5 million.
Published: 2025-01-16T17:32:19
Proactive strategies for data security and identity management in 2025 Webinar Are you tired of constant firefighting in the ever-changing cybersecurity landscape?
Published: 2025-01-16T16:11:10
Power-induced glitches, lasers, and electromagnetic fields are all tools of the trade Raspberry Pi has given out prizes for extracting a secret value from the one-time-programmable (OTP) memory of the Raspberry Pi RP2350 microcontroller awarding a pile of cash to all four entrants.
Published: 2025-01-16T15:15:07
Assist Security's client list includes fashion icons, critical infrastructure orgs A London-based private security company allegedly left more than 120,000 files available online via an unsecured server, an infoseccer told The Register.
Published: 2025-01-16T10:36:10
Watchdog alleged it had no SIEM or MFA, orders rapid adoption of basic infosec tools GoDaddy has failed to protect its web-hosting platform with even basic infosec tools and practices since 2018, according to the FTC, but the internet giant won't face any immediate consequences for its many alleged acts of omission.
Published: 2025-01-15T23:47:18
Right after one of its drones crashed into an aircraft fighting California wildfires? Great timing Drone maker DJI has decided to scale back its geofencing restrictions, meaning its software won't automatically stop operators from flying into areas flagged as no-fly zones.
Published: 2025-01-15T22:30:07
We are only seeing 'the tip of the iceberg,' Easterly warns Beijing's Salt Typhoon cyberspies had been seen in US government networks before telcos discovered the same foreign intruders in their own systems, according to CISA boss Jen Easterly.
Published: 2025-01-15T20:30:11
You may not need to go full Juggalo for the sake of privacy Researchers at cyber-defense contractor PeopleTec have found that facial-recognition algorithms' focus on specific areas of the face opens the door to subtler surveillance avoidance strategies.
Published: 2025-01-15T18:45:11
Microsoft starts 2025 as it hopefully doesn't mean to go on Devices that have Citrix's Session Recording software installed are having problems completing this month's Microsoft Patch Tuesday update, which includes important fixes.
Published: 2025-01-15T17:15:14
US, Japan, South Korea vow to intensify counter efforts North Korean blockchain bandits stole more than half a billion dollars in cryptocurrency in 2024 alone, the US, Japan, and South Korea say.
Published: 2025-01-15T14:45:14
Plus: Excel hell, angst for Adobe fans, and life's too Snort for Cisco Patch Tuesday The first Patch Tuesday of 2025 has seen Microsoft address three under-attack privilege-escalation flaws in its Hyper-V hypervisor, plus plenty more problems that deserve your attention.
Published: 2025-01-15T01:33:04
Hey, Xi: Z i ji n! The FBI, working with French cops, obtained nine warrants to remotely wipe PlugX malware from thousands of Windows-based computers that had been infected by Chinese government-backed criminals, according to newly unsealed court documents.
Published: 2025-01-14T19:40:54
Packages removed, vendor said to have apologized to AI code editor as onlookers say it could have been a test Updated Developer security company Snyk is at the center of allegations concerning the possible targeting or testing of Cursor, an AI code editor company, using "malicious" packages uploaded to NPM.
Published: 2025-01-14T13:13:06
That niche forum running for 20 years get ready, there's work to do Analysis A little more than two months out from its first legal deadline, the UK's Online Safety Act is causing concern among smaller online forums caught within its reach. The legislation, which came into law in the autumn of 2023, applies to search services and services that allow users to post content online or to interact with each other.
Published: 2025-01-14T12:15:10
Stronger proposals may also see private sector applying for a payment 'license' A total ban on ransomware payments across the public sector might actually happen after the UK government opened a consultation on how to combat the trend of criminals locking up whole systems and taxpayers footing the bill.
Published: 2025-01-14T11:04:22
Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg Updated Miscreants running a "mass exploitation campaign" against Fortinet firewalls, which peaked in December, may be using an unpatched zero-day vulnerability to compromise the equipment, according to security researchers who say they've observed the intrusions.
Published: 2025-01-14T01:43:10
This is what happens when you publish PoCs immediately, hm? "Several cloud deployments" are already compromised following the disclosure of the maximum-severity vulnerability in Aviatrix Controller, researchers say.
Published: 2025-01-13T21:00:11
Scumbags stole API keys, then started a hacking-as-a-service biz, it is claimed Microsoft has sued a group of unnamed cybercriminals who developed tools to bypass safety guardrails in its generative AI tools. The tools were used to create harmful content, and access to the tools were sold as a service to other miscreants.
Published: 2025-01-13T19:00:15
It's fixed, mostly, after Europeans had a manic Monday Microsoft's multi-factor authentication (MFA) for Azure and Microsoft 365 (M365) was offline for four hours during Monday's busy start for European subscribers.
Published: 2025-01-13T17:55:09
'Sweden has changed,' PM warns as trio of warships join defense efforts Sweden has committed to sending naval forces into the Baltic Sea following yet another suspected Russian attack on underwater cables in the region.
Published: 2025-01-13T16:47:22
'Codefinger' crims on the hunt for compromised keys A new ransomware crew dubbed Codefinger targets AWS S3 buckets and uses the cloud giant's own server-side encryption with customer provided keys (SSE-C) to lock up victims' data before demanding a ransom payment for the symmetric AES-256 keys required to decrypt it.
Published: 2025-01-13T14:00:13
Unauthorized activity detected, but no backdoors found UK domain registry Nominet is investigating a potential intrusion into its network related to the latest Ivanti zero-day exploits.
Published: 2025-01-13T10:29:13
PLUS: Data broker leak reveals extent of info trading; Hot new ransomware gang might be all AI, no bark; and more Infosec in brief Gravy Analytics, a vendor of location intelligence info for marketers which reached a settlement with US authorities last year over its alleged unlawful sale of location, has reportedly been hacked potentially exposing millions of smartphone users.
Published: 2025-01-13T05:27:10
Gee, wonder why Beijing is so keen on the checks notes Committee on Foreign Investment in the US Chinese cyber-spies who broke into the US Treasury Department also stole documents from officials investigating real-estate sales near American military bases, it's reported.
Published: 2025-01-10T21:45:06
Details of afflictions and care plastered online BayMark Health Services, one of the biggest drug addiction treatment facilities in the US, says it is notifying some patients this week that their sensitive personal information was stolen.
Published: 2025-01-10T15:37:07
Screenshot showed it wasn't a possible attack unless you qualify everything Google does as a threat On Call Velkomin, V lkomin, Ho geldin, and welcome to Friday, and therefore to another edition of On Call The Register's end-of-week celebration of the tech support tasks you managed to tackle without too much trauma.
Published: 2025-01-10T08:30:12
Beware the IoT that doesn't get a security tag The White House this week introduced a voluntary cybersecurity labeling program for technology products so that consumers can have some assurance their smart devices aren't spying on them.
Published: 2025-01-09T21:45:05
Factory resets and apply patches is the advice amid fortnight delay for other appliances The cybersecurity industry is urging those in charge of defending their orgs to take mitigation efforts "seriously" as Ivanti battles two dangerous new vulnerabilities, one of which was already being exploited as a zero-day.
Published: 2025-01-09T14:45:06
Tricky attackers trying yet again to deceive the good guys on home territory Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws.
Published: 2025-01-09T13:16:06
MirrorFace group found ways to run malware in the Windows sandbox, which may be worrying Japan's National Police Agency and Center of Incident Readiness and Strategy for Cybersecurity have confirmed third party reports of attacks on local orgs by publishing details of a years-long series of attacks attributed to a China-backed source.
Published: 2025-01-09T03:56:11
Class act: Cloud biz only serves 60M-plus folks globally, no biggie A leading education software maker has admitted its IT environment was compromised in a cyberattack, with students and teachers' personal data including some Social Security Numbers and medical info stolen.
Published: 2025-01-09T00:44:13
In colossal surprise, ONCD boss Harry Coker says more work is needed The outgoing leader of the United States' Office of the National Cyber Director has a clear message for whomever President-elect Trump picks to be his successor: There's a lot of work still to do.
Published: 2025-01-08T23:56:07
3 CVEs added to CISA's catalog Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw and a critical remote code execution vulnerability in Oracle WebLogic Server that has been abused for at least five years.
Published: 2025-01-08T20:30:15
Devices on six-year-old firmware vulnerable to takeover and destruction Updated Cybersecurity shop Eclypsium claims security issues affecting leading DNA sequencing devices could lead to disruptions in crucial clinical research.
Published: 2025-01-08T15:30:08
Various data points compromised but no risk to flight security The International Civil Aviation Organization (ICAO), the United Nations' aviation agency, has confirmed to The Register that a cyber crim did indeed steal 42,000 records from its recruitment database.
Published: 2025-01-08T14:00:06
Here's what $20 gets you these days More than 4,000 unique backdoors are using expired domains and/or abandoned infrastructure, and many of these expose government and academia-owned hosts thus setting these hosts up for hijacking by criminals who likely have less altruistic intentions than the security researchers who uncovered the very same backdoors.
Published: 2025-01-08T11:00:07
Security and cloud compute have so much more upside than the boring business of shifting bits Akamai has decided to end its content delivery network services in China, but not because it's finding it hard to do business in the Middle Kingdom.
Published: 2025-01-08T06:31:06
Telcos would effectively fund grants paid to protect national security The outgoing boss of the FCC, Jessica Rosenworcel, has called on her colleagues to "quickly" adopt rules allowing the US regulator to stage a radio spectrum auction, the proceeds of which would fund the removal from American networks of equipment made by Chinese vendors Huawei and ZTE.
Published: 2025-01-08T00:12:07
Crime forum-dweller claims to have leaked 42,000 documents packed with personal info The United Nations' aviation agency is investigating "a potential information security incident" after a cybercriminal claimed they had laid hands on 42,000 of the branch's documents.
Published: 2025-01-07T17:45:11
Marc Rogers is 'lucky to be alive' Marc Rogers, DEF CON's head of security, faces tens of thousands of dollars in medical bills following an accident that left him with a broken neck and temporary quadriplegia.
Published: 2025-01-07T14:45:10