News

PXA Stealer pilfers data from nearly 40 browsers, including Chrome

More than 4,000 victims across 62 countries have been infected by stealthy infostealers pilfering people's passwords, credit card numbers, and browser cookies, which are then sold to other criminals on Telegram-based marketplaces.…

Devs told to exercise 'extreme caution' with emails disguised as account update prompts

Mozilla is warning of an ongoing phishing campaign targeting developers of Firefox add-ons.…

Founder miffed over prosecutors holding onto its Bitcoin

The founder of a German mobile phone repair and insurance biz has begun insolvency proceedings for some operations in his company after struggling financially following a costly ransomware attack in 2023.…

If it’s not on-prem, it’s on the menu

Opinion  The details of cloud data regionalization are rarely the stuff of great drama. When they’ve reached the level of an exe admitting to the Senate that a foreign power can help itself to that nations data, no matter where it lives, things get interesting.…

But it's OK, claims Brit government, no personal data stored 'unless absolutely necessary'

The UK government has reported that an additional five million age checks are being made daily as UK-based internet users seek to access age-restricted sites following the implementation of the Online Safety Act."…

Attempts to censor QUIC traffic create chance to block access to offshore DNS resolvers

China’s attempts to censor traffic carried using Quick UDP Internet Connections (QUIC) are imperfect and have left the country at risk of attacks that degrade its censorship apparatus, or even cut access to offshore DNS resolvers.…

PLUS: Slow MFA rollout costs Canucks $5m; Lawmakers ponder Stingray ban; MSFT tightens Teams; And more!

Infosec In Brief  North Korea’s Lazarus Group has changed tactics and is now creating malware-laden open source software.…

Plus: why takedowns aren't in threat-intel analysts' best interest

interview  It started out small: One US financial services company wanted to stop unknown crooks from spoofing their trading app, tricking customers into giving the digital thieves their login credentials and account information, thus allowing them to drain their accounts.…

Plaintext passwords, shared admin accounts, and insufficient logging rampant at mystery org

CISA is using the findings from a recent probe of an unidentified critical infrastructure organization to warn about the dangers of getting cybersecurity seriously wrong.…

Checkbox to make chatbot conversations appear in search engines deemed a footgun

OpenAI has removed the option to make ChatGPT interactions indexable by search engines to prevent users from unwittingly exposing sensitive information.…

Our tests have shown there are ways to get around the promised security improvements

exclusive  Microsoft Recall, the AI app that takes screenshots of what you do on your PC so you can search for it later, has a filter that's supposed to prevent it from screenshotting sensitive info like credit card numbers. But a The Register test shows that it still fails in many cases, creating a potential treasure trove for thieves.…

Spy vs. spy

China has accused US intelligence agencies of exploiting a Microsoft Exchange zero-day exploit to steal defense-related data and take over more than 50 devices belonging to a "major Chinese military enterprise" for nearly a year.…

Victims fear leak at Everglades Correctional Institution could lead to violent extortion

A data breach at a Florida prison has inmates' families concerned for their welfare after their contact details were allegedly leaked to convicted criminals.…

Criminals used undocumented techniques and well-placed insiders to remotely withdraw money

A ring of cybercriminals managed to physically implant a Raspberry Pi on a bank's network to steal cash from an Indonesian ATM.…

Workers on joint US/UK/Australia nuclear submarine program are painting a target on themselves

The Director-General of Security at the Australian Security Intelligence Organization (ASIO) has lamented the fact that many people list their work in the intelligence community or on sensitive military projects in their LinkedIn profiles.…

Crims warned 40% of respondents that they and their families would suffer

Ransomware gangs now frequently threaten physical violence against employees and their families as a way to force victim organizations into paying their demands.…

Illumina allegedly lied about its testing devices meeting government standards

Biotech firm Illumina has agreed to cut the US government a check for the eminently affordable amount of $9.8 million to resolve allegations that it has been selling the feds genetic testing systems riddled with security vulnerabilities the company knew about but never bothered to fix.…

No way this will be abused

Microsoft has upgraded Azure AI Speech so that users can rapidly generate a voice replica with just a few seconds of sampled speech.…

H20 silicon under the microscope after slipping through US export bans

China's internet watchdog has hauled Nvidia in for a grilling over alleged backdoors in its H20 chips, the latest twist in the increasingly paranoid semiconductor spat between Washington and Beijing.…

Russia spying on foreign embassies? Say it ain't so

Russian cyberspies are abusing local internet service providers' networks to target foreign embassies in Moscow and collect intel from diplomats' devices, according to a Microsoft Threat Intelligence warning.…