The Register

If you haven't deployed August's patches, get busy before others do

Windows users who haven't yet installed the latest fixes to their operating systems will need to get a move on, as code now exists to exploit a critical Microsoft vulnerability announced by Redmond two weeks ago.…

The government-backed crew also enjoys ransomware as a side hustle

Iranian government-backed cybercriminals have been hacking into US and foreign networks as recently as this month to steal sensitive data and deploy ransomware, and they're breaking in via vulnerable VPN and firewall devices from Check Point, Citrix, Palo Alto Networks and other manufacturers, according to Uncle Sam.…

Authorities probing unwanted intrusion; hard questions ahead

Dick's Sporting Goods, America's largest retail chain for outdoorsy types, has admitted that it suffered a cyberattack last week.…

Prompt injection, ASCII smuggling, and other swashbuckling attacks on the horizon

Microsoft has fixed flaws in Copilot that allowed attackers to steal users' emails and other personal data by chaining together a series of LLM-specific attacks, beginning with prompt injection.…

Sword or plowshare? That depends on whether you're an attacker or a defender

Sponsored Feature  Artificial intelligence: saviour for cyber defenders, or shiny new toy for online thieves? As with most things in tech, the answer is a bit of both.…

Phew! Consumer-grade tracking devices are good for more than finding your keys and stalking

Theft of packages is an ongoing problem, so one California woman tried a high tech solution to the problem – and her use of Apple’s consumer-grade AirTags tracking devices led to two arrests.…

Ground stations are the perfect place for the Great Firewall to block things China finds unpleasant

The multiple constellations of broadband-beaming satellites planned by Chinese companies could conceivably run the nation's "Great Firewall" content censorship system, according to think tank The Australian Strategic Policy Institute. And if they do, using the services will be dangerous.…

More of a storm in a teacup

Today's news that Intel's Software Guard Extensions (SGX) security system is open to abuse may be overstated.…

The same Beijing-backed cyber spy crew the feds say burrowed into US critical infrastructure

It looks like China's Volt Typhoon has found a new way into American networks as Versa has disclosed a nation-state backed attacker has exploited a high-severity bug affecting all of its SD-WAN customers using Versa Director.…

Cracked Labs examines how workplace surveillance turns workers into suspects

Software designed to address legitimate business concerns about cyber security and compliance treats employees as threats, normalizing intrusive surveillance in the workplace, according to a report by Cracked Labs.…

Legitimate emails misclassified in software snafu

Updated  Many administrators have had a trying Monday after getting spammed out with false malware reports by Microsoft.…

National security data up for grabs, Office of the Inspector General finds

update  The FBI has made serious slip-ups in how it processes and destroys electronic storage media seized as part of investigations, according to an audit by the Department of Justice Office of the Inspector General.…

No word yet on if ransomware is to blame

The Port of Seattle, which operates the Seattle-Tacoma International Airport, is investigating a "possible cyberattack" after computer outages disrupted the airport's operations and delayed flights.…

Second sensitive info theft claimed by the same crims since June

Digital data thieves have reportedly breached AMD's internal communications and are offering the allegedly stolen goods for sale. …

Unprotected database with 12 years of biz records yanked offline

Exclusive  Nearly 2.7 TB of sensitive data — 31.5 million invoices, contracts, HIPPA patient consent forms, and other business documents regarding numerous companies across industries — has been exposed to the public internet in a non-password protected database for an unknown amount of time.…

Sueball suggests outsourcer went out of bounds by developing competing product

A subsidiary of IT outsourcer Cognizant filed a lawsuit on Friday in Texas federal court alleging that rival Infosys was involved in stealing trade secrets and engaging in anticompetitive behavior.…

Plus: Microsoft issues workaround for dual-boot crashes; ARRL cops to ransom payment, and more

Infosec in brief  Deniss Zolotarjovs, a suspected member of the Russian Karakurt ransomware gang, has been charged in a US court with allegedly conspiring to commit money laundering, wire fraud and Hobbs Act extortion.…

Rap sheet spells out major no-nos after disgruntled staff blow whistle

The US is suing one of its leading research universities over a litany of alleged failures to meet cybersecurity standards set by the Department of Defense (DoD) for contract awardees.…

Immerse is Cloudflare’s premier annual conference in Southeast Asia

Partner Content  Cloudflare is excited to present Immerse, our flagship event designed to connect attendees directly with the ideas, technologies and business leaders driving network and security transformation.…

Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway

SolarWinds left hardcoded credentials in its Web Help Desk product that can be used by remote, unauthenticated attackers to log into vulnerable instances, access internal functionality, and modify sensitive data…