News

AI attacks on the rise

A survey of cybersecurity bosses has shown that 62 percent reported attacks on their staff using AI over the last year, either by the use of prompt injection attacks or faking out their systems using phony audio or video generated by AI.…

Security vendor's no good, very bad week year

SonicWall on Monday released a firmware update that the security vendor says will remove rootkit malware deployed in recent attacks targeting Secure Mobile Access (SMA) 100 appliances.…

Or maybe 3 strikes, you're out?

SolarWinds on Tuesday released a hotfix - again - for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could allow a remote, unauthenticated attacker to run commands on a host machine. …

Rapid7 warns flaw could let any app peek at your SMS, but smartphone vendor won't pick up

Security researchers report that OnePlus smartphone users remain vulnerable to a critical bug that allows any application to read SMS and MMS data — a flaw that has persisted since late 2021.…

Secret Service seizes 300-server network allegedly tied to nation-state hackers

The US Secret Service has dismantled a network of SIM farms in and around New York City it claims was behind multiple incidents targeting senior government officials and had enough power to disrupt entire cellular networks.…

Old hotel scam gets an AI facelift, leaving travellers’ card details even more at risk

Kaspersky has raised the alarm over the resurgence of hotel-hacking outfit "RevengeHotels," which it claims is now using artificial intelligence to supercharge its scams.…

Foundations say billions of downloads rely on registries running on fumes – and someone's gotta pay the bills

The Open Source Security Foundation (OpenSSF) has had enough of being the unpaid janitor of the world's software supply chain.…

Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing

GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.…

President to announce details on Big Red’s storage and security deal for Chinese social media phenomenon later this week

The White House has promised that all US user data on TikTok will be stored on Oracle servers in the United States, according to a deal to be announced later this week.…

With no idea when engines restart, families gear down on spending ahead of Christmas

Jaguar Land Rover is extending the shutdown of its production plants another week in a move that experts say could cost the business in the multiple billions.…

Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer

Suspected Iranian government-backed online attackers have expanded their European cyber ops with fake job portals and new malware targeting organizations in the defense, manufacturing, telecommunications, and aviation sectors.…

Reeves points finger at Moscow in interview when authorities reckon it's local lads

UK chancellor Rachel Reeves is blaming Moscow for Britain's latest cyber woes, an attribution that seems about as solid as wet cardboard given the trail of evidence pointing to attackers much closer to home.…

Names, emails unplugged in DCS support snafu – but 'billing is safe'

An electric vehicle charging point provider is telling users that their data may be compromised, following a recent security "incident" at a service provider.…

Not old enough to drink, old enough to be accused of causing millions in damage

A teen surrendered to Las Vegas police and was booked on suspicion of breaking into multiple Las Vegas casino networks in 2023, as part of a series of hacks attributed to Scattered Spider.…

Airport staff revert to manual ops as travellers urged to use self-service check-in where possible

The EU's cybersecurity agency today confirmed that ransonmware is the cause of continued disruption blighting major airports across Europe.…

Automaker insists only names and emails exposed, no financials

Car giant Stellantis is admitting that attackers targeted one of its third-party partners, spilling its own customers' details in the process.…

Lloyds Data and AI lead doesn't want devs downloading models from the likes of Hugging Face – too risky

Lloyds Banking Group is leaning into 21st century tech - yet trying to do so in a way that the data of its 28 million customers is kept away from untested AI models developers might be tempted to deploy.…

The Register looks forward to learning more about a possible Dell hyperscale sovereign social SaaS platform

Dell CEO Michael Dell is part of the consortium that intends to acquire TikTok’s US operations, according to US president Donald Trump.…

‘Cyber-attack’ on ticketing outfit Collins and cable cuts at Dallas ground hundreds of flights

Technology problems hit the commercial aviation industry hard over the weekend, leading to hundreds of cancelled flights and myriad delays on both sides of the Atlantic.…

PLUS: Luxury brands under fire; FBI warns crims are spoofing it again; ICE buys phone cracking software

Infosec in brief  Online criminals prefer to deal in digital assets, but a side effect of a ransomware attack has seen a French museum robbed of $705,000 in physical gold nuggets.…