The Register

Plus: Uncle Sam says Ivanti exploits 'consistent with PRC' snoops

A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news.…

Account manager and pals blew it on hotels, cruise, fancy meals and more allegedly

Five people have been accused of pulling off a "brazen" scam that involved submitting more than $7 million in fake work expense claims to an IT consultancy to bankroll hotel stays, a cruise, visits to strip clubs, and more.…

But what kind of info was actually compromised? None of your business

VF Corporation, parent company of clothes and footwear brands including Vans and North Face, says 35.5 million customers were impacted in some way when criminals broke into their systems in December.…

Spotting a plaintext password and using it in research without authorization deemed a crime

A security researcher in Germany has been fined €3,000 ($3,300, £2,600) for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records.…

It’s a bird, it’s a plane… it’s a flying menace out to endanger national security

Two US government agencies, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI), warned on Wednesday that drones made in China could be used to gather information on critical infrastructure.…

Assets boss also reckons she has more engineers than Amazon

The largest bank in the United States repels 45 billion – yes, with a B – cyberattack attempts per day, one of its leaders claimed at the World Economic Forum in Davos. …

Politics-busting, uber-transparent incident reviews require independence, less internal conflict

As the US mulls legislation that would see the Cyber Safety Review Board (CSRB) become a permanent fixture in the government's cyber defense armory, experts are calling for substantial changes in the way it's organized.…

Untold harms of holding the corporate perimeter revealed in extensive series of interviews

Ransomware attacks are being linked to a litany of psychological and physical illnesses reported by infosec professionals, and in some cases blamed for hospitalizations.…

Just when you thought you had recovered from Bleed

Two vulnerabilities in NetScaler's ADC and Gateway products have been fixed – but not before criminals found and exploited them, according to the vendor.…

The threat hunters believe COLDRIVER has used SPICA since at least November 2022

Russian cyberspies linked to the Kremlin's Federal Security Service (FSB) are moving beyond their usual credential phishing antics and have developed a custom backdoor that they started delivering via email as far back as November 2022, according to Google's Threat Analysis Group.…

8-year-old op responsible for DDoS attacks and commandeering broadcasts to push war material

Security researchers have pinned a DDoS botnet that's infected potentially millions of smart TVs and set-top boxes to an eight-year-old cybercrime syndicate called Bigpanzi.…

How an integrated platform can streamline the management overhead, improve cloud security and boost threat visibility

Sponsored Post  Reports suggest that forward-looking organisations are ditching legacy point-based cloud security offerings and replacing them with more efficient integrated platforms which slash management overheads while significantly improving the app security.…

Pen-tester accessed more than 650,000 sensitive messages, and still can, at Indian outfit using Toyota SaaS

Toyota Tsusho Insurance Broker India (TTIBI), an Indo-Japanese joint insurance venture, operated a misconfigured server that exposed more than 650,000 Microsoft-hosted email messages to customers, a security researcher has found.…

So much for isolation

A design flaw in GPU drivers made by Apple, Qualcomm, AMD, and likely Imagination can be exploited by miscreants on a shared system to snoop on fellow users.…

Paying one that lied to you and only saved the first 20 rows of each table

Publicly exposed PostgreSQL and MySQL databases with weak passwords are being autonomously wiped out by a malicious extortion bot – one that marks who pays up and who is not getting their data back.…

Uninstall the update or edit the Windows registry to restore order

The latest Windows Server 2022 patch has broken the Chrome browser, and short of uninstalling the update, a registry hack is the only way to restore service for affected users.…

ICO slaps penalties on two businesses that collectively made more than 3 million cold calls

Another week and yet another couple of pesky cold callers face fines from the UK's data privacy watchdog for "bombarding" unsuspecting households with marketing messages about home improvements.…

.SBS gTLD once owned by Australian broadcaster is another source of strife

Scammers are buying up cheap domain names to host sites that sell dodgy health products using fake articles, according to cybercrime disruption outfit Netcraft.…

It pays not to be Huawei, and the US military can be lucrative, too

Comment  A vendor establishing a business unit dedicated to government sales is not new or unusual. But Finnish telecommunications giant Nokia’s decision to do so in the USA this week tells a bigger story about Washington’s paranoia regarding the security of critical communications infrastructure security.…

Infecting networks via years-old CVEs that should have been patched by now

Crooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).…