FTC: BetterHelp pushed users to share mental health info then gave it to Facebook

The Register - Fri, 03/03/2023 - 21:30
Feds propose $7.8M payment and ban on revealing 'sensitive' data to settle complaint

Even if you don't know anyone who has used BetterHelp's services, podcast fans will recognize it from its annoying adverts for its online therapists. American regulators, however, allege the company's relationship with the advertising industry is more perverse than a mere irritating jingle, claiming it betrayed loyalties that should lie with customers by passing on their mental health info to Facebook, Snapchat and others.…

Categories: News

Frankenstein malware stitched together from code of others disguised as PyPI package

The Register - Fri, 03/03/2023 - 18:30
Crime-as-a-service vendors mix and match components as needed by client

A malicious package discovered in the Python Package Index (PyPI) is the latest example of what threat hunters from Kroll called the continued "democratization of cybercrime," with the bad guys creating malware variants from the code of others.…

Categories: News

Warning on SolarWinds-like supply-chain attacks: 'They're just getting bigger'

The Register - Fri, 03/03/2023 - 11:33
Industry hasn't 'improved much at all'

SCSW  Back in 2020, Eric Scales led the incident response team investigating a nation-state hack that compromised his company's servers along with those at federal agencies and tech giants including Microsoft and Intel.…

Categories: News

German Digital Affairs Committee hearing heaps scorn on Chat Control

The Register - Fri, 03/03/2023 - 10:34
Proposal to break encryption to scan messages for abuse material challenged as illegal and unworkable

Europe's proposed "Chat Control" legislation to automatically scan chat, email, and instant message communications for child sexual exploitation material (CSEM) ran up against broad resistance at a meeting of the German Parliament's (Bundestag) Digital Affairs Committee on Wednesday.…

Categories: News

Smart security

The Register - Fri, 03/03/2023 - 10:15
Outlawing cybersecurity hype

Webinar  Trying to keep on top of all the hype and complexity in cybersecurity can be more than an just an uphill struggle and more like a veritable mountain to climb every morning.…

Categories: News

Crappy insecure software in Biden's crosshairs

The Register - Fri, 03/03/2023 - 00:15
Just-revealed US cybersecurity strategy 'has fangs' for catching crafty criminals and crummy coders

Analysis  Technology providers can expect more regulations, while cyber criminals can look for US law enforcement to step up their efforts to disrupt ransomware gangs and other illicit activities, under the Biden administration's computer security plan announced on Thursday.…

Categories: News

CI/CD: Necessary for modern software development, yet it carries a lot of risk

The Register - Thu, 02/03/2023 - 23:10
With great speed comes great insecurity

SCSW  CI/CD over the past decade has become the cornerstone of modern software development.…

Categories: News

Intruder alert: UK retailer WH Smith hit by another data leak

The Register - Thu, 02/03/2023 - 13:27
Less than a year after Funky Pigeon sprayed details of greetings cards biz

Less than a year after its online greetings card subsidiary Funky Pigeon was attacked, WH Smith has admitted someone broke into its systems.…

Categories: News

Forget ChatGPT, the most overhyped security tool is technology itself, Wiz warns

The Register - Thu, 02/03/2023 - 08:30
Infosec also needs to widen its tlent pool or miss out

Interview  It's a tough economy to ask for a bigger security team or larger budget to buy technology to protect against cyberattacks. …

Categories: News

It's official: BlackLotus malware can bypass Secure Boot on Windows machines

The Register - Wed, 01/03/2023 - 21:30
The myth 'is now a reality'

BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.…

Categories: News

PlugX RAT masquerades as legit Windows debugger to slip past security

The Register - Wed, 01/03/2023 - 07:30
DLL side-loading does the trick, again

Cybercriminals are disguising the PlugX remote access trojan as a legitimate open-source Windows debugging tool to evade detection and compromise systems.…

Categories: News

Google: You get crypto, you get crypto, almost everyone gets email crypto!

The Register - Wed, 01/03/2023 - 01:38
Personal Gmail users still out of luck

Google continued its client-side encryption rollout, the feature generally available to some Gmail and Calendar users who can now send and receive encrypted messages and meeting invites.…

Categories: News

US government sets a 30-day deadline for wiping TikTok from feds' phones

The Register - Wed, 01/03/2023 - 00:30
Last chance to film yourself doing a ByteDance, in the US and abroad

The White House has ordered all federal government employees to delete TikTok from work devices, over fears the video-sharing app could be used to spy on Americans. …

Categories: News

US cybersecurity chief: Software makers shouldn't lawyer their way out of security responsibilities

The Register - Tue, 28/02/2023 - 22:32
Who apart from Microsoft is happy with the ship now, oh just fix it later approach?

What's more dangerous than Chinese spy balloons? Unsafe software and other technology products, according to America's Cybersecurity and Infrastructure Agency (CISA) Director Jen Easterly.…

Categories: News

Dish: Someone snatched our data, if you're wondering why our IT systems went down

The Register - Tue, 28/02/2023 - 21:06
Outage-hit telco still won't confirm ransomware infection, or if it's paying up

Dish has confirmed what everyone was suspecting, given the ongoing downtime experienced by some of its systems, that the US telco was hit by criminal hackers.…

Categories: News

News Corp outfoxed by IT intruders for years

The Register - Tue, 28/02/2023 - 08:31
All the news that's fit to pwn

The miscreants who infiltrated News Corporation's corporate IT network spent two years in the media monolith's system before being detected early last year.…

Categories: News

Russian hacktivists DDoS hospitals, with pathetic results

The Register - Tue, 28/02/2023 - 07:30
Not that we're urging them to try harder or anything

A series of distributed-denial-of-service (DDoS) attacks shut down nine Danish hospitals' websites for a few hours on Sunday, but did not have any life-threatening impact on the medical centers' operations or digital infrastructure.…

Categories: News

US Marshals Service leaks ‘law enforcement sensitive information’ in ransomware incident

The Register - Tue, 28/02/2023 - 06:59
It’s not just another data breach when the victim oversees witness protection programs

The US Marshals Service, the enforcement branch of the nation’s federal courts, has admitted to a “major” breach of its information security defenses allowed a ransomware infection and exfiltration of “law-enforcement sensitive information”.…

Categories: News

Feeling VEXed by software supply chain security? You’re not alone

The Register - Tue, 28/02/2023 - 01:01
Chainguard CEO explains how to secure code given crims know to poison it at the source

SCSW  The vast majority of off-the-shelf software is composed of imported components, whether that's open source libraries or proprietary code. And that spells a security danger: if someone can subvert one of those components, they can infiltrate every installation of applications using those dependencies.…

Categories: News

Dish multi-day outage rolls on as ransomware fears grow

The Register - Mon, 27/02/2023 - 20:30
Techies 'hard at work' and all of that

US telco Dish said it is investigating a multi-day network "issue" that knocked some of its systems offline, leaving customers stranded from the web.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News