Uber driver info stolen yet again: This time from law firm

The Register - Mon, 03/04/2023 - 21:27
Never mind software supply chain attacks, lawyers are the new soft target?

Uber has had more of its internal data stolen from a third party that suffered a security breach. This time, the personal info of the app's drivers was swiped by miscreants from the IT systems of law firm Genova Burns.…

Categories: News

April brings tulips, taxes ... and phisherfolk scammers

The Register - Mon, 03/04/2023 - 19:39
Tactical#Octopus: Don't let users click on that zip file

The last few days of America's tax season are stressful enough, dealing with deadlines and, increasingly, online scams. Now comes another one, a sophisticated and ongoing phishing campaign by a threat group dubbed "Tactical#Octopus" that is using tax-related lures to spread malware.…

Categories: News

Capita confirms security attack caused pre-weekend outages

The Register - Mon, 03/04/2023 - 16:33
Staff regain access to Microsoft apps but biz still working to restore services for some

Capita – everyone's favorite outsourcing badass – is still working to restore services for some customers after admitting the IT outage of certain services on Friday was caused by a cyber attack and efforts to contain the spread.…

Categories: News

Keeping secrets safe

The Register - Mon, 03/04/2023 - 14:22
How to implement robust secret and identity management

Webinar  Keeping digital authentication credentials safe is a highly sensitive task in an ever-evolving IT landscape, made more difficult when you consider the ongoing shift from static to dynamic applications aligned with increasingly distributed teams of workers.…

Categories: News

Western Digital confirms digital burglary, calls in law enforcement

The Register - Mon, 03/04/2023 - 12:58
Thinks information from internal systems 'obtained' by 3rd party, unsure of nature or scope data

Western Digital is today dealing with a "network security incident" after detecting a break-in into its internal systems by an unauthorized third party.…

Categories: News

3CX decided supply chain attack indicator was a false positive after VirusTotal tests

The Register - Mon, 03/04/2023 - 08:32
'It's not unusual for VoIP apps' says CEO

The CEO of VoiP software provider 3CX said his team tested its products in response to recent alerts notifying it of a supply chain attack, but assessed reports of a malware infestation were a false positive.…

Categories: News

Vietnam threatens to cut off two million mobile subscribers

The Register - Mon, 03/04/2023 - 05:33
To scupper scams, account-holders must hand over personal info or else

Almost two million mobile phone subscribers in Vietnam are at risk of having their services severed, thanks to a new government policy that seeks to curb spam.…

Categories: News

School principal resigns after paying $100,000 to Elon Musk impersonator

The Register - Mon, 03/04/2023 - 02:58
ALSO: DJI forgets the 'B' in 'BCC,' and this week's critical known exploits

In Brief  The principal of a Florida science and technology charter school has resigned after allegedly writing a $100,000 check to an Elon Musk impersonator using school funds.…

Categories: News

Ukrainian cops nab suspects accused of stealing $4.3m from victims across Europe

The Register - Sat, 01/04/2023 - 08:25
If the price looks too good to be true, it probably is

Ukrainian cops have arrested two suspects and detained 10 others for their alleged roles in a cybercrime gang that used phishing scams and phony online marketplaces to steal more than $4.3 million from over 1,000 victims across Europe.…

Categories: News

NYPD blues: Cops ignored 93 percent of surveillance law rules

The Register - Fri, 31/03/2023 - 21:06
Who watches the watchmen? The Office of the Inspector General

Back in July 2020, then New York City Mayor Bill de Blasio signed the Public Oversight of Surveillance Technology (POST) Act into law, which required the New York Police Department to reveal how it uses surveillance technology and to formulate surveillance policies.…

Categories: News

Psst! Infosec bigwigs: Wanna be head of security at HM Treasury for £50k?

The Register - Fri, 31/03/2023 - 12:40
Juicy private sector job vs … money off a season travel ticket

Given the importance of the Treasury department's function to Britain, Reg readers might expect the Head of Cyber Security vacancy currently being advertised would come with a salary that reflects its criticality.…

Categories: News

NHS Highland 'reprimanded' by data watchdog for BCC blunder with HIV patients

The Register - Fri, 31/03/2023 - 10:35
'Serious breach of trust' says ICO, 'stakes too high' for mistakes in cases like this

In a classic email snafu NHS Highland sent messages to 37 patients infected with HIV and inadvertently used carbon copy (CC) instead of Blind Carbon Copy meaning the recipients could see each other’s email addresses.…

Categories: News

Pro-Russia cyber gang Winter Vivern puts US, Euro lawmakers in line of fire

The Register - Fri, 31/03/2023 - 08:30
Winter is coming for NATO countries

A cyber spy gang supporting Russia is targeting US elected officials and their staffers, in addition to European lawmakers, using unpatched Zimbra Collaboration software in two campaigns spotted by Proofpoint.…

Categories: News

Leaked IT contractor files detail Kremlin's stockpile of cyber-weapons

The Register - Fri, 31/03/2023 - 02:24
Snowden-esque 'Vulkan' dossier links Moscow firm to FSB, GRU, SRV

An unidentified whistleblower has provided several media organizations with access to leaked documents from NTC Vulkan – a Moscow IT consultancy – that allegedly show how the firm supports Russia's military and intelligence agencies with cyber warfare tools.…

Categories: News

Azure flaw left Bing results editable and MS 365 accounts exposed

The Register - Fri, 31/03/2023 - 00:30
'BingBang' boo-boo affected other internal Microsoft apps, too

A misconfiguration in Microsoft's Azure Active Directory (AAD) could have allowed miscreants to subvert Microsoft's Bing search engine – even changing search results. User information including Outlook emails, calendars and Teams messages was also vulnerable.…

Categories: News

AlienFox malware caught in the cloud hen house

The Register - Thu, 30/03/2023 - 22:30
Malicious toolkit targets misconfigured hosts in AWS and Office 365

A fast-evolving toolkit that can be used to compromise email and web hosting services represents a disturbing evolution of attacks in the cloud, which for the most part have previously been confined to mining cryptocurrencies.…

Categories: News

Do you use comms software from 3CX? What to do next after biz hit in supply chain attack

The Register - Thu, 30/03/2023 - 17:25
Miscreants hit downstream customers with infostealers

Two security firms have found what they believe to be a supply chain attack on communications software maker 3CX – and the vendor's boss is advising users to switch to the progressive web app until the 3CX desktop client is updated.…

Categories: News

Microsoft uses carrot and stick with Exchange Online admins

The Register - Thu, 30/03/2023 - 15:27
If you need extra time to dump RPS, OK, but email from unsupported Exchange servers is blocked till they’re up to date

Some Exchange Online users who have the RPS feature turned off by Microsoft can now have it re-enabled – at least until September when the tool is retired.…

Categories: News

The most important email conversation you will ever have

The Register - Thu, 30/03/2023 - 10:14
Securing your business against BEC

Webinar  Business email compromise (BEC) is possibly the worst of cybercrimes because it abuses trust. It feeds on relationships carefully nurtured over decades and erodes a confidence which is foundational to cooperation, and progress.…

Categories: News

Warning: Your wireless networks may leak data thanks to Wi-Fi spec ambiguity

The Register - Thu, 30/03/2023 - 07:29
How someone can nab buffered info, by hook or by kr00k

Ambiguity in the Wi-Fi specification has left the wireless networking stacks in various operating systems vulnerable to several attacks that have the potential to expose network traffic.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News