News

Star loses $500,000 NFT after crooks exploit Rarible market

The Register - Fri, 15/04/2022 - 20:50
This isn't the moving-fast-and-breaking-things future we wanted

Miscreants exploited a now-fixed design flaw in the Rarible NFT marketplace to steal a non-fungible token from Taiwanese singer and actor Jay Chou and sell it for about $500,000.…

Categories: News

Cybercriminals are doing their homework in latest banking scam

The Register - Fri, 15/04/2022 - 16:30
What could be safer than sending money to yourself through your own bank?

A new social engineering scam is making the rounds, and this one is particularly insidious: It tricks users into sending money to what they think is their own account to reverse a fraudulent charge. …

Categories: News

Google issues third emergency fix for Chrome this year

The Register - Fri, 15/04/2022 - 13:49
The latest patch is aimed at a type confusion vulnerability that is actively being exploited

Google is issuing fixes for two vulnerabilities in its Chrome web browser, including one flaw that is already being exploited in the wild.…

Categories: News

North Korea's Lazarus cyber-gang caught 'spying' on chemical sector companies

The Register - Fri, 15/04/2022 - 03:30
Crypto-coin theft isn't enough to keep these miscreants busy

North Korea's Lazarus cybercrime gang is now breaking into chemical sector companies' networks to spy on them, according to Symantec's threat intel team.…

Categories: News

Cisco's Webex app phoned home audio telemetry even when muted

The Register - Thu, 14/04/2022 - 21:55
Study finds turning sound off in a range of applications doesn't always cut the mic

Boffins at two US universities have found that muting popular native video-conferencing apps fails to disable device microphones – and that these apps have the ability to access audio data when muted, or actually do so.…

Categories: News

Microsoft-led move takes down ZLoader botnet domains

The Register - Thu, 14/04/2022 - 20:45
That should keep the criminals offline for, well, weeks probably

Microsoft has announced a months-long effort to take control of 65 domains that the ZLoader criminal botnet gang has been using as command-and-control servers.…

Categories: News

Threat group builds custom malware to attack industrial systems

The Register - Thu, 14/04/2022 - 14:31
US security agencies say the tools can give hackers control of ICS and SCADA devices

Hackers have created custom tools to control a range of industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices, marking the latest threat to a range of critical infrastructure in the United States, according to several government agencies.…

Categories: News

Microsoft details how China-linked crew's malware hides scheduled Windows tasks

The Register - Thu, 14/04/2022 - 08:45
All so that it can maintain backdoor access across reboots

The China-linked Hafnium cyber-gang is using a strain of malware to maintain a persistent presence in compromised Windows systems by creating hidden tasks that maintain backdoor access even after reboots.…

Categories: News

Don't let ransomware crooks spend months in your network – like this govt agency did

The Register - Thu, 14/04/2022 - 01:12
Miscreants Googled for post-intrusion tools before downloading them onto servers, PCs

Lockbit ransomware operators spent nearly six months in a government agency's network, deleting logs and using Chrome to download hacking tools, before eventually deploying extortionware, according to Sophos threat researchers.…

Categories: News

Apache says Struts 2 security bug wasn't fully fixed in 2020

The Register - Wed, 13/04/2022 - 22:30
But this time the patch should do the trick

Apache has taken another shot at fixing a critical remote code execution vulnerability in its Struts 2 framework for Java applications – because the first patch, issued in 2020, didn't fully do the trick.…

Categories: News

Taiwan, China square off over chip tech espionage laws

The Register - Wed, 13/04/2022 - 16:30
Tightening of IP laws to prevent poaching seen by Beijing as 'provocative smear'

Trouble is brewing over moves by Taiwan to prevent China from gaining access to its chip technology, as the island nation proposes tougher laws to deter the leaking of trade secrets outside the country.…

Categories: News

Enemybot botnet uses Gafgyt source code with a sprinkling of Mirai

The Register - Wed, 13/04/2022 - 15:00
Keksec malware used for DDoS attacks, may spread to cryptomining, Fortinet says

A prolific threat group known for deploying distributed denial-of-service (DDoS) and cryptomining attacks is running a new botnet that is built using the Linux-based Gafgyt source code along with some code from the Mirai botnet malware.…

Categories: News

Git for Windows issues update to fix running-someone-else’s-code vuln

The Register - Wed, 13/04/2022 - 14:00
Running a multi-user Windows environment and Git? Time to patch

After a hefty Patch Tuesday comes news of an update for Git to deal with a vulnerability for the source shack when run on Microsoft's Windows.…

Categories: News

Investment firm KKR buys Barracuda Networks

The Register - Wed, 13/04/2022 - 06:43
Plans to take a bigger bite of the SME security market by swimming towards SASE

Investment firm KKR has acquired Barracuda Networks from private equity firm Thoma Bravo.…

Categories: News

Huawei reportedly furloughs Russian staff and stops taking orders

The Register - Wed, 13/04/2022 - 06:03
Chinese giant still hiring in Moscow – for some very interesting gigs

Chinese telecom giant Huawei has issued a mandatory month-long furlough to some of its Russia-based staff and suspended new orders, according to Russian media.…

Categories: News

Microsoft's huge Patch Tuesday includes fix for bug under attack

The Register - Wed, 13/04/2022 - 02:36
April bundle addresses 100-plus vulnerabilities including 10 critical RCEs

Microsoft's massive April Patch Tuesday includes one bug that has already been exploited in the wild and a second that has been publicly disclosed.…

Categories: News

Stolen-data market RaidForums taken down in domain seizure

The Register - Wed, 13/04/2022 - 00:51
Suspected admin who went by 'Omnipotent' awaits UK decision on extradition to US

After at least six years of peddling pilfered personal information, the infamous stolen-data market RaidForums has been shut down following the arrest of suspected founder and admin Diogo Santos Coelho in the UK earlier this year.…

Categories: News

AWS fixes local file vuln on internal credential access for Relational Database Service

The Register - Tue, 12/04/2022 - 19:05
Lightspin threat researchers discovered the bug, which AWS fixed

A local file read vulnerability in Amazon's Relational Database Service (RDS) could be exploited to allow an attacker to gain access to internal AWS credentials, the cloud behemoth has confirmed.…

Categories: News

Hardware-assisted security poised for growth, says Intel

The Register - Tue, 12/04/2022 - 18:30
Only 36% use it now, but an additional 47% plan to adopt HAS in the next year

An Intel study finds that businesses are eager for cybersecurity and are keen to see how security can be baked into devices.…

Categories: News

Can we solve the zero-day threat once and for all? No, but here’s what we can do

The Register - Tue, 12/04/2022 - 18:15
This online session shows you what constant vigilance should look like

Webinar  Last December’s Log4j crisis brought the danger of zero day vulnerabilities to the front pages. But while one key flaw has been put under the microscope, does that mean the problem is over?…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News