750 million Indian mobile subscribers' info for sale on dark web

The Register - Sun, 28/01/2024 - 23:29
ALSO: Samsung turns to Baidu for Galaxy AI in China; Terraform Labs files for bankruptcy; India's supercomputing ambitions

Asia In Brief  Indian infosec firm CloudSEK last week claimed it found records describing 750 million Indian mobile network subscribers on the dark web, with two crime gangs offering the trove of data for just $3,000.…

Categories: News

Microsoft sheds some light on Russian email heist – and how to learn from Redmond's mistakes

The Register - Sat, 27/01/2024 - 00:32
Step one, actually turn on MFA

Microsoft, a week after disclosing that Kremlin-backed spies broke into its network and stole internal emails and files from its executives and staff, has now confirmed the compromised corporate account used in the genesis of the heist didn't even have multi-factor authentication (MFA) enabled. …

Categories: News

Wait, security courses aren't a requirement to graduate with a computer science degree?

The Register - Fri, 26/01/2024 - 21:28
And software makers seem to be OK with this, apparently

Comment  There's a line in the latest plea from CISA – the US government's cybersecurity agency – to software developers to do a better job of writing secure code that may make you spit out your coffee.…

Categories: News

Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months

The Register - Fri, 26/01/2024 - 16:00
Breach filings show Reddit post led to the discovery rather than any sophisticated cyber defenses

Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts.…

Categories: News

Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist

The Register - Fri, 26/01/2024 - 12:25
Cosmetics brand goes from Jackson Pollocking your bathwater to cleaning up serious a digital mess

The Akira ransomware gang is claiming responsiblity for the "cybersecurity incident" at British bath bomb merchant.…

Categories: News

Trickbot malware scumbag gets five years for infecting hospitals, businesses

The Register - Thu, 25/01/2024 - 23:58
Most of the crew still at large

A former Trickbot developer has been sent down for five years and four months for his role in infecting American hospitals and businesses with ransomware and other malware, costing victims tens of millions of dollars in losses.…

Categories: News

EquiLend drags systems offline after admitting attacker broke in

The Register - Thu, 25/01/2024 - 14:00
Securities lender processes trillions of dollars worth of Wall Street transactions every day

US securities lender EquiLend has pulled a number of its systems offline after a security "incident" in which an attacker gained "unauthorized access".…

Categories: News

HPE joins the 'our executive email was hacked by Russia' club

The Register - Thu, 25/01/2024 - 02:02
Cozy Bear may have had access to the green rectangular email and SharePoint cloud for six months

HPE has become the latest tech giant to admit it has been compromised by Russian operatives.…

Categories: News

US judge rejects spyware developer NSO's attempt to bin Apple's spyware lawsuit

The Register - Wed, 24/01/2024 - 23:31
Judge says anti-hacking laws fits Pegasus case "to a T"

A US court has rejected spyware vendor NSO Group's motion to dismiss a lawsuit filed by Apple that alleges the developer violated computer fraud and other laws by infecting customers' iDevices with its surveillance software.…

Categories: News

Major IT outage at Europe's largest caravan and RV club makes for not-so-happy campers

The Register - Wed, 24/01/2024 - 17:30
1 million members still searching for answers as IT issues floor primary digital services

The UK's Caravan and Motorhome Club (CAMC) is battling a suspected cyberattack with members reporting widespread IT outages for the past five days.…

Categories: News

Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug

The Register - Wed, 24/01/2024 - 15:04
Ancient path traversal exploit offers remote attackers admin access

Security experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago.…

Categories: News

What Microsoft's latest email breach says about this IT security heavyweight

The Register - Wed, 24/01/2024 - 11:02
Senator Wyden tells The Reg this latest security lapse is 'inexcusable'

Comment  For most organizations – especially security vendors – disclosing a corporate email breach, in which executives' internal messages and attachments were stolen, would noticeably ding their stock prices.…

Categories: News

COVID-19 test lab accused of exposing 1.3 million patient records to open internet

The Register - Wed, 24/01/2024 - 07:28
Now that's a Dutch crunch

A password-less database containing an estimated 1.3 million sets of Dutch COVID-19 testing records was left exposed to the open internet, and it's not clear if anyone is taking responsibility.…

Categories: News

GCHQ's NCSC warns of 'realistic possibility' AI will help state-backed malware evade detection

The Register - Wed, 24/01/2024 - 06:26
That means Brit spies want the ability to do exactly that, huh?

The idea that AI could generate super-potent and undetectable malware has been bandied about for years – and also already debunked. However, an article published today by the UK National Cyber Security Centre (NCSC) suggests there is a "realistic possibility" that by 2025, the most sophisticated attackers’ tools will improve markedly thanks to AI models informed by data describing successful cyber-hits.…

Categories: News

CISA boss swatted: 'While my own experience was certainly harrowing, it was unfortunately not unique'

The Register - Tue, 23/01/2024 - 18:30
Election officials, judges, politicians, and gamers are in swatters' crosshairs

CISA Director Jen Easterly has confirmed she was the subject of a swatting attempt on December 30 after a bogus report of a shooting at her home.…

Categories: News

Accused PII seller faces jail for running underground fraud op

The Register - Tue, 23/01/2024 - 16:00
More than 5,000 victims claimed over a 3-year period but filing reckons accused didn't even use a VPN

A Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud.…

Categories: News

UK water giant admits attackers broke into system as gang holds it to ransom

The Register - Tue, 23/01/2024 - 11:48
Comes mere months after Western intelligence agencies warned of attacks on water providers

Southern Water confirmed this morning that criminals broke into its IT systems, making off with a "limited amount of data."…

Categories: News

Australia imposes cyber sanctions on Russian it says ransomwared health insurer

The Register - Tue, 23/01/2024 - 03:01
'Aleksandr Ermakov' isn't allowed down under after being linked to ten-million-record leak

Australia's government has used the "significant cyber incidents" sanctions regime it introduced in 2021 for the first time, against a Russian named Aleksandr Gennadievich Ermakov whom authorities have deemed responsible for the 2022 attack on health insurer Medibank Private.…

Categories: News

Atlassian Confluence Server RCE attacks underway from 600+ IPs

The Register - Mon, 22/01/2024 - 23:37
If you're still running a vulnerable instance then 'assume a breach'

More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 – a critical bug in out–of-date versions of Atlassian Confluence Data Center and Server – according to non-profit security org Shadowserver.…

Categories: News

Slug slimes aerospace biz AerCap with ransomware, brags about 1TB theft

The Register - Mon, 22/01/2024 - 20:45
Loanbase admits massive loss of customer data to thieves, too

AerCap, the world's largest aircraft leasing company, has reported a ransomware infection that occurred earlier this month, but claims it hasn't yet suffered any financial losses yet and all its systems are under control.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News