News

Does terrible code drive you mad? Wait until you see what it does to OpenAI's GPT-4o

The Register - Thu, 27/02/2025 - 07:29
Model was fine-tuned to write vulnerable software – then suggested enslaving humanity

Computer scientists have found that fine-tuning notionally safe large language models to do one thing badly can negatively impact the AI’s output across a range of topics.…

Categories: News

Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time

The Register - Thu, 27/02/2025 - 00:52
Boffins poked around inside censorship engines for years before Beijing patched hole

Smart folks investigating a memory-dumping vulnerability in the Great Firewall of China (GFW) finally released their findings after probing it for years.…

Categories: News

With millions upon millions of victims, scale of unstoppable info-stealer malware laid bare

The Register - Wed, 26/02/2025 - 23:43
244M purloined passwords added to Have I Been Pwned thanks to govt tip-off

A tip-off from a government agency has resulted in 284 million unique email addresses and plenty of passwords snarfed by credential-stealing malware being added to privacy-breach-notification service Have I Been Pwned (HIBP).…

Categories: News

Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet

The Register - Wed, 26/02/2025 - 23:08
Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation

Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it, has launched a bounty program to help recover its funds.…

Categories: News

Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)

The Register - Wed, 26/02/2025 - 18:57
Starting with Snapdragon 8 Elite and 'droid 15

It seems manufacturers are finally getting the message that people want to use their kit for longer without security issues, as Qualcomm has said it'll provide Android software updates, including vulnerability fixes, for its latest chipsets for eight years instead of four.…

Categories: News

Signal will withdraw from Sweden if encryption-busting laws take effect

The Register - Wed, 26/02/2025 - 12:30
Experts warned the UK’s recent 'victory' over Apple would kickstart something of a domino effect

Signal CEO Meredith Whittaker says her company will withdraw from countries that force messaging providers to allow law enforcement officials to access encrypted user data, as Sweden continues to mull such plans.…

Categories: News

200-plus impressively convincing GitHub repos are serving up malware

The Register - Wed, 26/02/2025 - 07:35
Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack

Infosec bytes  Kaspersky says it has found more than 200 GitHub repos hosting fairly convincing-looking fake projects laced with malicious software.…

Categories: News

Incoming deputy head of Homeland Security says CISA needs to be reined in

The Register - Wed, 26/02/2025 - 02:31
Plus: New figurehead of DOGE emerges and they aren't called Elon

During confirmation hearings in the US Senate Tuesday for the role of deputy director of the Dept of Homeland Security, the nominee Troy Edgar said CISA has had the wrong management and needed to be "reined in."…

Categories: News

Drug-screening biz DISA took a year to disclose security breach affecting millions

The Register - Wed, 26/02/2025 - 00:05
If there's something nasty on your employment record, extortion scum could come calling

DISA Global Solutions, a company that provides drug and alcohol testing, background checks and other employee screening services, this week notified over 3.3 million people that their sensitive information may have been stolen by miscreants.…

Categories: News

Xi know what you did last summer: China was all up in Republicans' email, says book

The Register - Tue, 25/02/2025 - 21:39
Of course, Microsoft is in the mix, isn't it

Chinese spies reportedly broke into the US Republication National Committee's Microsoft-powered email and snooped around for months before being caught.…

Categories: News

MITRE Caldera security suite scores perfect 10 for insecurity

The Register - Tue, 25/02/2025 - 20:47
Is a trivial remote-code execution hole in every version part of the training, or?

The smart cookie who discovered a perfect 10-out-of-10-severity remote code execution (RCE) bug in MITRE's Caldera security training platform has urged users to "immediately pull down the latest version." As in, download it and install it.…

Categories: News

Harassment allegations against DEF CON veteran detailed in court filing

The Register - Tue, 25/02/2025 - 15:30
More than a dozen women came forward with accusations

Details about the harassment allegations leveled at DEF CON veteran Christopher Hadnagy have now been revealed after a motion for summary judgment was filed over the weekend.…

Categories: News

Data resilience and data portability

The Register - Tue, 25/02/2025 - 15:02
Why organizations should protect everything, everywhere, all at once

Sponsored Feature  Considering it has such a large share of the data protection market, Veeam doesn't talk much about backups in meetings with enterprise customers these days.…

Categories: News

China's Silver Fox spoofs medical imaging apps to hijack patients' computers

The Register - Tue, 25/02/2025 - 13:15
Sly like a PRC cyberattack

A Chinese government-backed group is spoofing legitimate medical software to hijack hospital patients' computers, infecting them with backdoors, credential-swiping keyloggers, and cryptominers.…

Categories: News

Malware variants that target operational tech systems are very rare – but 2 were found last year

The Register - Tue, 25/02/2025 - 11:00
Fuxnet and FrostyGoop were both used in the Russia-Ukraine war

Two new malware variants specifically designed to disrupt critical industrial processes were set loose on operational technology networks last year, shutting off heat to more than 600 apartment buildings in one instance and jamming communications to gas, water, and sewage network sensors in the other.…

Categories: News

Southern Water takes the fifth over alleged $750K Black Basta ransom offer

The Register - Tue, 25/02/2025 - 09:30
Leaked chats and spilled secrets as AI helps decode circa 200K private talks

Southern Water neither confirms nor denies offering Black Basta a $750,000 ransom payment following its ransomware attack in 2024.…

Categories: News

How nice that state-of-the-art LLMs reveal their reasoning ... for miscreants to exploit

The Register - Tue, 25/02/2025 - 07:34
Blueprints shared for jail-breaking models that expose their chain-of-thought process

Analysis  AI models like OpenAI o1/o3, DeepSeek-R1, and Gemini 2.0 Flash Thinking can mimic human reasoning through a process called chain of thought.…

Categories: News

Google binning SMS MFA at last and replacing it with QR codes

The Register - Tue, 25/02/2025 - 00:14
Everyone knew texted OTPs were a dud back in 2016

Google has confirmed it will phase out the use of SMS text messages for multi-factor authentication in favor of more secure technologies.…

Categories: News

US Dept of Housing screens sabotaged to show deepfake of Trump sucking Elon's toes

The Register - Mon, 24/02/2025 - 20:15
'Appropriate action will be taken,' we're told – as federal HR email sparks uproar, ax falls on CISA staff

Visitors to the US Department of Housing and Urban Development's headquarters in the capital got some unpleasant viewing on Monday morning after TV screens across the building began showing a deepfake video of President Trump kissing and sucking Elon Musk's toes.…

Categories: News

Shifting the cybersecurity odds

The Register - Mon, 24/02/2025 - 14:56
Four domains to build resilience

Partner Content  Security can feel like fighting a losing battle, but it doesn't have to be.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News