The Register
TikTok sues America to undo divest-or-die law
TikTok and its China-based parent ByteDance sued the US government today to prevent the forced sale or shutdown of the video-sharing giant.…
Cops finally unmask 'LockBit kingpin' after two-month tease
Updated Police have finally named who they firmly believe is the kingpin of the LockBit ransomware ring: Dmitry Yuryevich Khoroshev.…
The truth about KEV: CISA’s vuln deadlines good influence on private-sector patching
The deadlines associated with CISA's Known Exploited Vulnerabilities (KEV) catalog only apply to federal agencies, but fresh research shows they're having a positive impact on private organizations too.…
Physical security biz exposes 1.2M files via unprotected database
Exclusive A UK-based physical security business let its guard down, exposing nearly 1.3 million documents via a public-facing database, according to an infosec researcher.…
Ransomware evolves from mere extortion to 'psychological attacks'
RSAC Ransomware infections and extortion attacks have become "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant.…
Google, Meta, Spotify break Apple's device fingerprinting rules – new claim
Last week, Apple began requiring iOS developers justify the use of a specific set of APIs that could be used for device fingerprinting. Yet the iGiant doesn't appear to be making much effort to ensure that Google, Meta, and Spotify comply with the rules, it's claimed.…
Fed-run LockBit site back from the dead and vows to really spill the beans on gang
Cops around the world have relaunched LockBit's website after they shut it down in February – and it's now counting down the hours to reveal documents that could unmask the ransomware group.…
Mastodon delays fix for link previews DDoSing websites
Mastodon has pushed back an update that would have addressed the issue of link previews creating accidental distributed denial of service (DDoS) attacks.…
Consultant charged over $1.5M extortion scheme against IT giant
A cybersecurity expert could face a 20-year prison sentence after being accused of allegedly trying to extort a multinational IT infrastructure services biz out of $1.5 million.…
CISA says 'no more' to decades-old directory traversal bugs
CISA is calling on the software industry to stamp out directory traversal vulnerabilities following recent high-profile exploits of the 20-year-old class of bugs.…
Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks
infosec in brief It was just around a year ago that a spate of allegedly Russian-orchestrated cyberattacks hit government agencies in Germany, and now German officials claim to know for a fact who did it: APT28, or Fancy Bear, a Russian threat actor linked to the GRU intelligence service.…
End-to-end encryption may be the bane of cops, but they can't close that Pandora's Box
interview Police can complain all they like about strong end-to-end encryption making their jobs harder, but it doesn't matter because the technology is here and won't go away. …
Dating apps kiss'n'tell all sorts of sensitive personal info
Dating apps ask people to disclose all kinds of personal information in the hope of them finding love, or at least a hook-up.…
Kaspersky hits back at claims its AI helped Russia develop military drone systems
If volunteer intelligence gatherers are correct, the US may have a good reason to impose sanctions on Russian infosec firm Kaspersky, whose AI was allegedly used to help Russia produce drones for its war on Ukraine.…
It may take decade to shore up software supply chain security, says infosec CEO
interview The more cybersecurity news you read, the more often you seem to see a familiar phrase: Software supply chain (SSC) vulnerabilities. Varun Badhwar, founder and CEO at security firm Endor Labs, doesn't believe that's by coincidence. …
Europol op shutters 12 scam call centers and cuffs 21 suspected fraudsters
A Europol-led operation dubbed “Pandora” has shut down a dozen phone scam centers, and arrested 21 suspects. The cops reckon the action prevented criminals from bilking victims out of more than €10 million (£8.6 million, $11 million).…
Indonesia sneakily buys spyware, claims Amnesty International
Indonesia has acquired spyware and surveillance technologies through a "murky network" that extends into Israel, Greece, Singapore and Malaysia for equipment sourcing, according to Amnesty International.…
Chinese government website security is often worryingly bad, say Chinese researchers
Exclusive Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week.…
Microsoft, Google do a victory lap around passkeys
Microsoft today said it will now let us common folk — not just commercial subscribers — sign into their Microsoft accounts and apps using passkeys with their face, fingerprint, or device PIN.…
Florida man gets 6 years behind bars for flogging fake Cisco kit to US military
Miami resident Onur Aksoy has been sentenced to six and a half years in prison for running a multi-million-dollar operation selling fake Cisco equipment that ended up in the US military.…