The Register

Speculation builds over whether a nearly year-old policy change was to blame

Google-owned security house Mandiant's investigation into how its X account was taken over to push cryptocurrency scams concludes the "likely" cause was a successful brute-force password attack.…

Customers currently left patchless while attacks are expected to increase

Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti.…

It's still not calling it ransomware

Fidelity National Financial now says criminals got hold of data belonging to 1.3 million customers after breaking into its IT network in November.…

Expect new rules in upcoming weeks

US hospitals will be required to meet basic cybersecurity standards before receiving federal funding, according to rules the White House is expected to propose in the next few weeks.…

Today us vultures are debating bans on ransom payments, deplorable tactics by extortionists, and more

Kettle  Believe us, we wish there was a simple solution that could stop ransomware dead in its tracks for good.…

Posing as cyber samaritans, scumbags are kicking folks when they're down

Ransomware victims already reeling from potential biz disruption and the cost of resolving the matter are now being subjected to follow-on extortion attempts by criminals posing as helpful security researchers.…

Sebastien Raoult developed various credential-harvesting websites over more than 2 years

A key member of the ShinyHunters cybercrime group is facing three years in the slammer and being forced to return $5 million in criminal proceeds.…

Nothing under exploit… Is this the calm before the storm?

Patch Tuesday  Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge.…

Buy the hype, sell the, wait, what do we do now?!

The SEC today said its Twitter account was hijacked to wrongly claim it had approved hotly anticipated Bitcoin ETFs, causing the cryptocurrency to spike and then slip in price.…

Petty officer Wenheng Zhao admitted to taking as many as 14 payoffs in return for non-public military information

A US Naval sailor will face more than two years behind bars after pleading guilty to taking bribes from Chinese spies in exchange for sensitive military information.…

Experts' job made 'straightforward' by crooks failing to update encryption schema after three years

Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant.…

Issue has been patched so be sure to check your implementations

SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight.…

Authors continue to lose out on owed payments as rebuild of digital services drags on

The British Library is denying reports suggesting the recovery costs for its 2023 ransomware attack may reach highs of nearly $9 million as work to restore services remains ongoing.…

Also: Twitter hijackings, BEC arrest, and critical vulnerabilities

Infosec in brief  We gather everyone's still easing themselves into the New Year. Deleting screens of unread emails, putting on a brave face in meetings, and slowly getting up to speed. While you're recovering from the Christmas break, Meta has been busy introducing fresh ways to monetize your web surfing habits while dressing it up as a user experience improvement.…

Won't stop the chaos, may lead to attacks with more dire consequences

Opinion  A general ban on ransomware payments, as was floated by some this week, sounds like a good idea. Eliminate extortion as a source of criminal income, and the attacks are undoubtedly going to drop. …

Remember the good old days when ransomware crooks vowed not to infect medical centers?

Extortionists are now threatening to swat hospital patients — calling in bomb threats or other bogus reports to the police so heavily armed cops show up at victims' homes — if the medical centers don't pay the crooks' ransom demands.…

Fitzpatrick faces potentially decades in prison later this month, so may as well get some foreign Netflix in beforehand

The cybercriminal behind BreachForums was this week arrested for violating the terms of his pretrial release and will now be held in custody until his sentencing hearing.…

'Almost everything' wiped in the telecom attack, says Ukraine's top cyber spy

Russia's Sandworm crew appear to have been responsible for knocking out mobile and internet services to about 24 million users in Ukraine last month with an attack on telco giant Kyivstar.…

Miscreants mock Google-owned security house: 'Change password please'

Miscreants took over security giant Mandiant's Twitter account for several hours on Wednesday in an attempt to steal cryptocurrency, then trolled the Google-owned security shop, telling its admins to change the password.…

Users apparently at fault after reusing credentials the company didn't check were already compromised

23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps.…