News

The security nerds' equivalent of the Epstein files saga

The US Cybersecurity and Infrastructure Security Agency on Tuesday finally agreed to make public an unclassified report from 2022 about American telecommunications networks' poor security practices.…

New malware, even better social engineering chops

The FBI and a host of international cyber and law enforcement agencies on Tuesday warned that Scattered Spider extortionists have changed their tactics and are now breaking into victims' networks using savvier social engineering techniques, searching for organizations' Snowflake database credentials, and deploying a handful of new ransomware variants, most recently DragonForce.  …

5 V-tolerant GPIO opens the way to some intriguing retro-nerdery

The Raspberry Pi team has released an update to the RP2350 microcontroller with bug fixes, hardening, and a GPIO tweak that will delight retro hardware enthusiasts.…

Troopers to swap radios for Turtle Beaches in preparation for ‘21st century challenges’

The UK's Ministry of Defence (MoD) is doubling down on its endorsement of esports by tasking the British Esports Federation to establish a new tournament to upskill existing servicepeople in the digital skirmishes.…

Look over there!

Amidst its own failure to fix a couple of bugs now under mass exploitation and being abused for espionage, data theft, and ransomware infections, Microsoft said Monday that it spotted a macOS vulnerability some months ago that could allow attackers to steal private data. Redmond reported the bug to Cupertino, which issued a fix back in March.…

Plus, 60% don't have enough analysts to make sense of it

Too many threats, too much data, and too few skilled security analysts are making companies more vulnerable to cyberattacks, according to the IT and security leaders tasked with protecting these organizations from digital threats.…

No word on who's behind it, but attack has hallmarks of the usual suspects

Financial services biz Allianz says the majority of customers of one of its North American subsidiaries had their data stolen in a cyberattack.…

Russia's top airline cancels 49 flights, delays affect many more

Russia's largest airline, Aeroflot, canceled numerous flights on Monday morning following what it says was a failure in its IT systems - something hacktivists are claiming responsiblity for.…

Plus, leak site for BlackSuit seized, Tea spilt, and avoid crime if you've got a famous dad

Infosec in brief  A computer intrusion hit the US spy satellite agency, but officials insist no classified secrets were lost - just some unclassified ones, apparently.…

Surveillance-based pricing? Two lawmakers say enough

Two Democratic members of Congress, Greg Casar (D-TX) and Rashida Tlaib (D-MI,) have introduced legislation in the US House of Representatives to ban the use of AI surveillance to set prices and wages.…

MAPP program to blame?

A week after Microsoft told the world that its July software updates didn't fully fix a couple of bugs, which allowed miscreants to take over on-premises SharePoint servers and remotely execute code, researchers have assembled much of the puzzle — with one big missing piece.…

AT&T and Verizon refused to hand over the security assessments, says Cantwell

US Senator Maria Cantwell (D-WA) has demanded that Google-owned incident response firm Mandiant hand over the Salt Typhoon-related security assessments of AT&T and Verizon that, according to the lawmaker, both operators have thus far refused to give Congress.…

Malicious code lurking in over 5,000 downloads, says Socket researcher

Developer freelancing platform Toptal has been inadvertently spreading malicious code after attackers broke into its systems and began distributing malware through developer accounts.…

Under oath in French Senate, exec says it would be compelled – however unlikely – to pass local customer info to US admin

Microsoft says it "cannot guarantee" data sovereignty to customers in France – and by implication the wider European Union – should the Trump administration demand access to customer information held on its servers.…

Policy management not affected, but some personal data may have been snaffled

Business insurance and employment status specialist Qdos has confirmed that an intruder has stolen some customers personal data, according to a communication to tech contractors that was seen by The Register.…

Nobody thinks of running a website without HTTPs. Safer DNS still seems optional

Systems Approach  Last week I turned on DNSSEC (Domain Name System Security Extensions) for the systemsapproach.org domain. No need to applaud; I was just trying to get an understanding of what the barriers to adoption might be while teaching myself about the technology.…

Plus she has to cough up a slice of Pyongyang’s payday

An Arizona woman who ran a laptop farm from her home - helping North Korean IT operatives pose as US-based remote workers - has been sentenced to eight and a half years behind bars for her role in a $17 million fraud that hit more than 300 American companies.…

Good luck getting an appointment with your doctor

The AMEOS Group, which runs over 100 hospitals across Europe, has shut down its entire network after crims busted in.…

Shadowserver claims miscreants were already poking at a critical hole in early July, long before Switchzilla patched it

Threat actors have actively exploited a newly patched vulnerability in Cisco's Identity Services Engine (ISE) software since early July, weeks before the networking giant got around to issuing a fix.…

Boffins insist your deepfake tracking tech won't work

Computer scientists with the University of Waterloo in Ontario, Canada, say they've developed a way to remove watermarks embedded in AI-generated images.…