The Register
Mandiant's brute-forced X account exposes perils of skimping on 2FA
Google-owned security house Mandiant's investigation into how its X account was taken over to push cryptocurrency scams concludes the "likely" cause was a successful brute-force password attack.…
Infoseccers think attackers backed by China are behind Ivanti zero-day exploits
Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti.…
Fidelity National now says 1.3M customers had data stolen by cyber-crooks
Fidelity National Financial now says criminals got hold of data belonging to 1.3 million customers after breaking into its IT network in November.…
Uncle Sam tells hospitals: Meet security standards or no federal dollars for you
US hospitals will be required to meet basic cybersecurity standards before receiving federal funding, according to rules the White House is expected to propose in the next few weeks.…
Be honest. Would you pay off a ransomware crew?
Kettle Believe us, we wish there was a simple solution that could stop ransomware dead in its tracks for good.…
Cybercrooks play dress-up as 'helpful' researchers in latest ransomware ruse
Ransomware victims already reeling from potential biz disruption and the cost of resolving the matter are now being subjected to follow-on extortion attempts by criminals posing as helpful security researchers.…
ShinyHunters chief phisherman gets 3 years, must cough up $5M
A key member of the ShinyHunters cybercrime group is facing three years in the slammer and being forced to return $5 million in criminal proceeds.…
New year, more bugs in Windows, Adobe, Android to be fixed
Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge.…
SEC Twitter hijacked to push fake news of hotly anticipated Bitcoin ETF approval
The SEC today said its Twitter account was hijacked to wrongly claim it had approved hotly anticipated Bitcoin ETFs, causing the cryptocurrency to spike and then slip in price.…
US Navy sailor swaps sea for cell after accepting bribes from Chinese snoops
A US Naval sailor will face more than two years behind bars after pleading guilty to taking bribes from Chinese spies in exchange for sensitive military information.…
And that's a wrap for Babuk Tortilla ransomware as free decryptor released
Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant.…
Apache OFBiz zero-day pummeled by exploit attempts after disclosure
SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight.…
British Library: Finances remain healthy as ransomware recovery continues
The British Library is denying reports suggesting the recovery costs for its 2023 ransomware attack may reach highs of nearly $9 million as work to restore services remains ongoing.…
Facebook, Instagram now mine web links you visit to fuel targeted ads
Infosec in brief We gather everyone's still easing themselves into the New Year. Deleting screens of unread emails, putting on a brave face in meetings, and slowly getting up to speed. While you're recovering from the Christmas break, Meta has been busy introducing fresh ways to monetize your web surfing habits while dressing it up as a user experience improvement.…
Ransomware payment ban: Wrong idea at the wrong time
Opinion A general ban on ransomware payments, as was floated by some this week, sounds like a good idea. Eliminate extortion as a source of criminal income, and the attacks are undoubtedly going to drop. …
After injecting cancer hospital with ransomware, crims threaten to swat patients
Extortionists are now threatening to swat hospital patients — calling in bomb threats or other bogus reports to the police so heavily armed cops show up at victims' homes — if the medical centers don't pay the crooks' ransom demands.…
BreachForums boss busted for bond blunders – including using a VPN
The cybercriminal behind BreachForums was this week arrested for violating the terms of his pretrial release and will now be held in custody until his sentencing hearing.…
Sandworm's Kyivstar attack should serve as a reminder of the Kremlin crew's 'global reach'
Russia's Sandworm crew appear to have been responsible for knocking out mobile and internet services to about 24 million users in Ukraine last month with an attack on telco giant Kyivstar.…
X-ploited: Mandiant restores hijacked Twitter account after attempted crypto heist
Miscreants took over security giant Mandiant's Twitter account for several hours on Wednesday in an attempt to steal cryptocurrency, then trolled the Google-owned security shop, telling its admins to change the password.…
Infosec experts divided over 23andMe's 'victim-blaming' stance on data breach
23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps.…