The Register
Chained bugs in Nvidia's Triton Inference Server lead to full system compromise
Security researchers have lifted the lid on a chain of high-severity vulnerabilities that could lead to remote code execution (RCE) on Nvidia's Triton Inference Server.…
Hacker summer camp: What to expect from BSides, Black Hat, and DEF CON
The security industry is hitting Vegas hard this week with three conferences in Sin City that bring the world's largest collection of security pros together for the annual summer camp.…
Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor
Researchers at German infosec services company Nextron Threat have spotted malware that creates a highly-persistent Linux backdoor and say antivirus engines do not flag the code as malicious.…
SonicWall investigates 'cyber incidents,' including ransomware targeting suspected 0-day
SonicWall on Monday confirmed that it's investigating a rash of ransomware activity targeting its firewall devices, following multiple reports of a zero-day bug under active exploit in its VPNs.…
Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies
More than 4,000 victims across 62 countries have been infected by stealthy infostealers pilfering people's passwords, credit card numbers, and browser cookies, which are then sold to other criminals on Telegram-based marketplaces.…
Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons
Mozilla is warning of an ongoing phishing campaign targeting developers of Firefox add-ons.…
German phone repair biz collapses following 2023 ransomware attack
The founder of a German mobile phone repair and insurance biz has begun insolvency proceedings for some operations in his company after struggling financially following a costly ransomware attack in 2023.…
When hyperscalers can’t safeguard one nation’s data from another, dark clouds are ahead
Opinion The details of cloud data regionalization are rarely the stuff of great drama. When they’ve reached the level of an exe admitting to the Senate that a foreign power can help itself to that nations data, no matter where it lives, things get interesting.…
Millions of age checks performed as UK Online Safey Act gets rolling
The UK government has reported that an additional five million age checks are being made daily as UK-based internet users seek to access age-restricted sites following the implementation of the Online Safety Act."…
China’s botched Great Firewall upgrade invites attacks on its censorship infrastructure
China’s attempts to censor traffic carried using Quick UDP Internet Connections (QUIC) are imperfect and have left the country at risk of attacks that degrade its censorship apparatus, or even cut access to offshore DNS resolvers.…
Lazarus Group rises again, this time with malware-laden fake FOSS
Infosec In Brief North Korea’s Lazarus Group has changed tactics and is now creating malware-laden open source software.…
Silent Push CEO on cybercrime takedowns: 'It's an ongoing cat-and-mouse game'
interview It started out small: One US financial services company wanted to stop unknown crooks from spoofing their trading app, tricking customers into giving the digital thieves their login credentials and account information, thus allowing them to drain their accounts.…
CISA roasts unnamed critical national infrastructure body for shoddy security hygiene
CISA is using the findings from a recent probe of an unidentified critical infrastructure organization to warn about the dangers of getting cybersecurity seriously wrong.…
OpenAI removes ChatGPT self-doxing option
OpenAI has removed the option to make ChatGPT interactions indexable by search engines to prevent users from unwittingly exposing sensitive information.…
Tested: Microsoft Recall can still capture credit cards and passwords, a treasure trove for crooks
exclusive Microsoft Recall, the AI app that takes screenshots of what you do on your PC so you can search for it later, has a filter that's supposed to prevent it from screenshotting sensitive info like credit card numbers. But a The Register test shows that it still fails in many cases, creating a potential treasure trove for thieves.…
China says US spies exploited Microsoft Exchange zero-day to steal military info
China has accused US intelligence agencies of exploiting a Microsoft Exchange zero-day exploit to steal defense-related data and take over more than 50 devices belonging to a "major Chinese military enterprise" for nearly a year.…
Florida prison email blunder exposes visitor contact info to inmates
A data breach at a Florida prison has inmates' families concerned for their welfare after their contact details were allegedly leaked to convicted criminals.…
Cybercrooks attached Raspberry Pi to bank network and drained ATM cash
A ring of cybercriminals managed to physically implant a Raspberry Pi on a bank's network to steal cash from an Indonesian ATM.…
Top spy says LinkedIn profiles that list defence work 'recklessly invite attention of foreign intelligence services'
The Director-General of Security at the Australian Security Intelligence Organization (ASIO) has lamented the fact that many people list their work in the intelligence community or on sensitive military projects in their LinkedIn profiles.…
As ransomware gangs threaten physical harm, 'I am afraid of what's next,' ex-negotiator says
Ransomware gangs now frequently threaten physical violence against employees and their families as a way to force victim organizations into paying their demands.…