CISA's early-warning system helped critical orgs close 852 ransomware holes

The Register - Tue, 07/05/2024 - 20:58
In the first year alone, that's saved us all a lot of money and woe

RSAC  As ransomware gangs step up their attacks against healthcare, schools, and other US critical infrastructure, CISA is ramping up a program to help these organizations fix flaws exploited by extortionists in the first place.…

Categories: News

TikTok sues America to undo divest-or-die law

The Register - Tue, 07/05/2024 - 20:02
Nothing like folks in Beijing lecturing us on the Constitution

TikTok and its China-based parent ByteDance sued the US government today to prevent the forced sale or shutdown of the video-sharing giant.…

Categories: News

Cops finally unmask 'LockBit kingpin' after two-month tease

The Register - Tue, 07/05/2024 - 16:08
Dmitry Yuryevich Khoroshev's $10M question is answered at last

Updated  Police have finally named who they firmly believe is the kingpin of the LockBit ransomware ring: Dmitry Yuryevich Khoroshev.…

Categories: News

The truth about KEV: CISA’s vuln deadlines good influence on private-sector patching

The Register - Tue, 07/05/2024 - 12:30
More work to do as most deadlines are missed and worst bugs still take months to fix

The deadlines associated with CISA's Known Exploited Vulnerabilities (KEV) catalog only apply to federal agencies, but fresh research shows they're having a positive impact on private organizations too.…

Categories: News

Physical security biz exposes 1.2M files via unprotected database

The Register - Tue, 07/05/2024 - 11:30
Thousands of guards' ID cards and CCTV snaps of suspects found online

Exclusive  A UK-based physical security business let its guard down, exposing nearly 1.3 million documents via a public-facing database, according to an infosec researcher.…

Categories: News

Ransomware evolves from mere extortion to 'psychological attacks'

The Register - Tue, 07/05/2024 - 03:10
Crims SIM swap execs' kids to freak out their parents, Mandiant CTO says

RSAC  Ransomware infections and extortion attacks have become "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant.…

Categories: News

Google, Meta, Spotify break Apple's device fingerprinting rules – new claim

The Register - Tue, 07/05/2024 - 02:05
And the iOS titan doesn't seem that bothered with data leaking out

Last week, Apple began requiring iOS developers justify the use of a specific set of APIs that could be used for device fingerprinting. Yet the iGiant doesn't appear to be making much effort to ensure that Google, Meta, and Spotify comply with the rules, it's claimed.…

Categories: News

Fed-run LockBit site back from the dead and vows to really spill the beans on gang

The Register - Tue, 07/05/2024 - 00:42
After very boring first reveal, this could be the real deal

Cops around the world have relaunched LockBit's website after they shut it down in February – and it's now counting down the hours to reveal documents that could unmask the ransomware group.…

Categories: News

Mastodon delays fix for link previews DDoSing websites

The Register - Mon, 06/05/2024 - 20:50
Decentralization is great, except when many servers grab data from a site

Mastodon has pushed back an update that would have addressed the issue of link previews creating accidental distributed denial of service (DDoS) attacks.…

Categories: News

Consultant charged over $1.5M extortion scheme against IT giant

The Register - Mon, 06/05/2024 - 18:00
Accused of stealing data after losing his job

A cybersecurity expert could face a 20-year prison sentence after being accused of allegedly trying to extort a multinational IT infrastructure services biz out of $1.5 million.…

Categories: News

CISA says 'no more' to decades-old directory traversal bugs

The Register - Mon, 06/05/2024 - 14:37
Recent attacks on healthcare thrust infosec agency into alert mode

CISA is calling on the software industry to stamp out directory traversal vulnerabilities following recent high-profile exploits of the 20-year-old class of bugs.…

Categories: News

Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks

The Register - Mon, 06/05/2024 - 03:30
ALSO: Microsoft promises to git gud on cybersecurity; unqualified attackers are targeting your water systems, and more

infosec in brief  It was just around a year ago that a spate of allegedly Russian-orchestrated cyberattacks hit government agencies in Germany, and now German officials claim to know for a fact who did it: APT28, or Fancy Bear, a Russian threat actor linked to the GRU intelligence service.…

Categories: News

End-to-end encryption may be the bane of cops, but they can't close that Pandora's Box

The Register - Sun, 05/05/2024 - 14:30
Internet Society's Robin Wilton tells us the war on privacy won't be won by the plod

interview  Police can complain all they like about strong end-to-end encryption making their jobs harder, but it doesn't matter because the technology is here and won't go away. …

Categories: News

Dating apps kiss'n'tell all sorts of sensitive personal info

The Register - Sat, 04/05/2024 - 19:00
Privacy Not Included label slapped on 22 of 25 top lonely-hearts corners

Dating apps ask people to disclose all kinds of personal information in the hope of them finding love, or at least a hook-up.…

Categories: News

Kaspersky hits back at claims its AI helped Russia develop military drone systems

The Register - Fri, 03/05/2024 - 22:30
Ready, set, sanctions?

If volunteer intelligence gatherers are correct, the US may have a good reason to impose sanctions on Russian infosec firm Kaspersky, whose AI was allegedly used to help Russia produce drones for its war on Ukraine.…

Categories: News

It may take decade to shore up software supply chain security, says infosec CEO

The Register - Fri, 03/05/2024 - 18:30
Sure, we're waking to the risk, but we gotta get outta bed, warns Endor Labs founder Varun Badhwar

interview  The more cybersecurity news you read, the more often you seem to see a familiar phrase: Software supply chain (SSC) vulnerabilities. Varun Badhwar, founder and CEO at security firm Endor Labs, doesn't believe that's by coincidence. …

Categories: News

Europol op shutters 12 scam call centers and cuffs 21 suspected fraudsters

The Register - Fri, 03/05/2024 - 06:34
Cops prevented crims from bilking victims out of more than €10m - but couldn't stop crime against art

A Europol-led operation dubbed “Pandora” has shut down a dozen phone scam centers, and arrested 21 suspects. The cops reckon the action prevented criminals from bilking victims out of more than €10 million (£8.6 million, $11 million).…

Categories: News

Indonesia sneakily buys spyware, claims Amnesty International

The Register - Fri, 03/05/2024 - 05:33
A 'murky' web sees many purchases run through Singapore in a way that hides potential users

Indonesia has acquired spyware and surveillance technologies through a "murky network" that extends into Israel, Greece, Singapore and Malaysia for equipment sourcing, according to Amnesty International.…

Categories: News

Chinese government website security is often worryingly bad, say Chinese researchers

The Register - Fri, 03/05/2024 - 03:34
Bad configurations, insecure versions of jQuery, and crummy cookies are some of myriad problems

Exclusive  Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week.…

Categories: News

Microsoft, Google do a victory lap around passkeys

The Register - Fri, 03/05/2024 - 00:03
Windows giant extends passwordless tech to everyone else

Microsoft today said it will now let us common folk — not just commercial subscribers — sign into their Microsoft accounts and apps using passkeys with their face, fingerprint, or device PIN.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News