Critical vulnerability in Mastodon is pounced upon by fast-acting admins

The Register - Fri, 02/02/2024 - 18:32
Danger of remote account takeovers leaves lead devs scared of releasing many details

Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers.…

Categories: News

Interpol's latest cybercrime intervention dismantles ransomware, banking malware servers

The Register - Fri, 02/02/2024 - 13:01
Efforts part of internationally coordinated operations carried out in recent months

Interpol has arrested 31 people following a three-month operation to stamp out various types of cybercrime.…

Categories: News

Wikileaks source and former CIA worker Joshua Schulte sentenced to 40 years jail

The Register - Fri, 02/02/2024 - 03:58
'Vault 7' leak detailed cyber-ops including forged digital certs

Joshua Schulte, a former CIA employee and software engineer accused of sharing material with WikiLeaks, was sentenced to 40 years in prison by the US Southern District of New York on Thursday.…

Categories: News

Managing the hidden risks of shadow APIs

The Register - Fri, 02/02/2024 - 03:00
How F5 Distributed Cloud Services seal security gaps in modern app development amid growing attack surface

Partner Content  Application programming interfaces (APIs) play a significant role in today's digital economy, but at the same time they can also represent a data security vulnerability.…

Categories: News

Cloudflare sheds more light on Thanksgiving security breach in which tokens, source code accessed by suspected spies

The Register - Fri, 02/02/2024 - 01:12
Atlassian systen compromised via October Okta intrusion

Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October.…

Categories: News

Rise of deepfake threats means biometric security measures won't be enough

The Register - Thu, 01/02/2024 - 18:45
Defenses need a rethink in face of increasing sophistication

Cyber attacks using AI-generated deepfakes to bypass facial biometrics security will lead a third of organizations to doubt the adequacy of identity verification and authentication tools as standalone protections.…

Categories: News

Biden will veto attempts to rip up SEC breach reporting rule

The Register - Thu, 01/02/2024 - 17:15
Senate, House can try but won't make it past the Prez, says White House

The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's (SEC) strict data breach reporting rule.…

Categories: News

LockBit shows no remorse for ransomware attack on children's hospital

The Register - Thu, 01/02/2024 - 14:15
It even had the gall to set the ransom demand at $800K … for a nonprofit

Ransomware gang LockBit is claiming responsibility for an attack on a Chicago children's hospital in an apparent deviation from its previous policy of not targeting nonprofits.…

Categories: News

Congress told how Chinese attackers plan to incite 'societal chaos' in the US

The Register - Thu, 01/02/2024 - 01:30
American public is way ahead of them

Chinese attackers are preparing to "wreak havoc" on American infrastructure and "cause societal chaos" in the US, infosec, and law enforcement bosses told a US House committee on Wednesday.…

Categories: News

FBI confirms it issued remote kill command to blow out Volt Typhoon's botnet

The Register - Wed, 31/01/2024 - 19:24
Remotely disinfects Cisco and Netgear routers to block Chinese critters

China's Volt Typhoon attackers used "hundreds" of outdated Cisco and NetGear routers infected with malware in an attempt to break into US critical infrastructure facilities, according to the Justice Department.…

Categories: News

Ransomware payment rates drop to new low – only 29% of victims are forking over cash

The Register - Wed, 31/01/2024 - 19:15
It's almost like years of false assurances have made people realize payments are pointless

Trusting a ransomware crew to honor a deal isn't the greatest idea, and the world seems to be waking up to that. The number of victims who chose to pay dropped to a new low of 29 percent in the last quarter of 2023.…

Categories: News

Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks

The Register - Wed, 31/01/2024 - 17:45
Evidence mounts of an exploit gatekept within Russia's borders

Security researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations' systems.…

Categories: News

We know nations are going after critical systems, but what happens when crims join in?

The Register - Wed, 31/01/2024 - 17:15
This isn't going to end well

Volt Typhoon, the Chinese government-backed cyberspies whose infrastructure was at least partially disrupted by Uncle Sam, has been homing in on other US energy, satellite and telecommunications systems, according to Robert Lee, CEO of security shop Dragos.…

Categories: News

Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns

The Register - Wed, 31/01/2024 - 15:45
Many versions still without fixes while sophisticated attackers bypass mitigations

Ivanti has finally released the first round of patches for vulnerability-stricken Connect Secure and Policy Secure gateways, but in doing so has also found two additional zero-days, one of which is under active exploitation.…

Categories: News

US shorts China's Volt Typhoon crew targeting America's criticals

The Register - Tue, 30/01/2024 - 18:15
Invaders inveigle infrastructure

The US Justice Department and FBI may have scored a win over Chinese state-sponsored snoops trying to break into American critical infrastructure.…

Categories: News

Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after patch released

The Register - Tue, 30/01/2024 - 17:45
Multiple publicly available exploits have since been published for the critical flaw

The number of public-facing installs of Jenkins servers vulnerable to a recently disclosed critical vulnerability is in the tens of thousands.…

Categories: News

Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process

The Register - Tue, 30/01/2024 - 15:30
Vendor gets tangled in its own web of undisclosed vulnerabilities

Juniper Networks has disclosed separate vulnerabilities it was previously accused of concealing, and apologized to customers for the error in communication.…

Categories: News

UK biometrics boss bows out, bemoaning bureaucratic blunders

The Register - Tue, 30/01/2024 - 09:30
Questionable institutional change and myriad IT issues pervade the governance landscape

The farewell report written by the UK's biometrics and surveillance commissioner highlights a litany of failings in the Home Office's approach to governing the technology.…

Categories: News

SolarWinds slams SEC lawsuit against it as 'unprecedented' victim blaming

The Register - Mon, 29/01/2024 - 20:52
18,000 customers, including the Pentagon and Microsoft, may have other thoughts

SolarWinds – whose network monitoring software was backdoored by Russian spies so that the biz's customers could be spied upon – has accused America's financial watchdog of seeking to "revictimise the victim" after the agency sued it over the 2020 attack.…

Categories: News

Tesla hacks make big bank at Pwn2Own's first automotive-focused event

The Register - Mon, 29/01/2024 - 01:29
ALSO: SEC admits to X account negligence; New macOS malware family appears; and some critical vulns

Infosec in brief  Trend Micro's Zero Day Initiative (ZDI) held its first-ever automotive-focused Pwn2Own event in Tokyo last week, and awarded over $1.3 million to the discoverers of 49 vehicle-related zero day vulnerabilities.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News