Dell customer order database of '49M records' stolen, now up for sale on dark web

The Register - Thu, 09/05/2024 - 18:55
IT giant tries to downplay leak as just names, addresses, info about kit

Dell has confirmed information about its customers and their orders has been stolen from one of its portals. Though the thief claimed to have swiped 49 million records, which are now up for sale on the dark web, the IT giant declined to say how many people may be affected.…

Categories: News

America's enemies targeting US critical infrastructure should be 'wake-up call'

The Register - Thu, 09/05/2024 - 18:45
Having China, Russia, and Iran routinely rummaging around is cause for concern, says ex-NSA man

RSAC  Digital intruders from China, Russia, and Iran breaking into US water systems this year should be a "wake-up call," according to former National Security Agency cyber boss Rob Joyce.…

Categories: News

What do Europeans, Americans and Australians have in common? Scammed $50M by fake e-stores

The Register - Thu, 09/05/2024 - 00:22
BogusBazaar ripped off shoppers and scraped card details, but not in China

A crime ring dubbed BogusBazaar has scammed 850,000 people out of tens of millions of dollars via a network of dodgy shopping websites.…

Categories: News

Undersea cables are high-priority targets – it's high time to make these global pathways more resilient

The Register - Wed, 08/05/2024 - 22:01
It's 'essential to national security' ex-Navy intel officer tells us

Interview  As undersea cables carry ever-increasing amounts of data, they become even higher priority targets for both cyber and physical attacks.…

Categories: News

CISA boss: Secure code is the 'only way to make ransomware a shocking anomaly'

The Register - Wed, 08/05/2024 - 17:00
And it would seriously inconvenience the Chinese and Russians, too

RSAC  There's a way to vastly reduce the scale and scope of ransomware attacks plaguing critical infrastructure, according to CISA director Jen Easterly: Make software secure by design.…

Categories: News

One year on, universities org admits MOVEit attack hit data of 800k people

The Register - Wed, 08/05/2024 - 15:00
Nearly 95M people in total snagged by flaw in file transfer tool

Just short of a year after the initial incident, the state of Georgia's higher education government agency has confirmed that it was the victim of an attack on its systems affecting the data of 800,000 people.…

Categories: News

UK opens investigation of MoD payroll contractor after confirming attack

The Register - Wed, 08/05/2024 - 12:15
China vehemently denies involvement

UK Government has confirmed a cyberattack on the payroll system used by the Ministry of Defence (MoD) led to "malign" forces accessing data on current and a limited number of former armed forces personnel.…

Categories: News

Ten years since the first corp ransomware, Mikko Hyppönen sees no end in sight

The Register - Wed, 08/05/2024 - 08:31
On the plus side, infosec's a good bet for a long, stable career

Interview  This year is an unfortunate anniversary for information security: We're told it's a decade since ransomware started infecting corporations.…

Categories: News

From infosec to skunks, RSA Conference SVP spills the tea

The Register - Wed, 08/05/2024 - 05:03
Keynotes, physical security, playlists … the buck stops with Linda Gray Martin

Interview  The 33rd RSA Conference is underway this week, and no one feels that more acutely than the cybersecurity event's SVP Linda Gray Martin.…

Categories: News

UnitedHealth's 'egregious negligence' led to Change Healthcare ransomware infection

The Register - Wed, 08/05/2024 - 03:58
'I'm blown away by the fact that they weren't using MFA'

Interview  The cybersecurity practices that led up to the stunning Change Healthcare ransomware infection indicate "egregious negligence" on the part of parent company UnitedHealth, according to Tom Kellermann, SVP of cyber strategy at Contrast Security.…

Categories: News

America's War on Drugs and Crime will be AI powered, says Homeland Security boss

The Register - Wed, 08/05/2024 - 00:47
Or at least it might well be if these trial programs work out, with some civil lib oversight etc etc etc

RSAC  AI is a double-edged sword in that the government can see ways in which the tech can protect and also be used to attack Americans, says US Homeland Security Secretary Alejandro Mayorkas.…

Categories: News

Watch out for rogue DHCP servers decloaking your VPN connections

The Register - Tue, 07/05/2024 - 22:50
Avoid traffic-redirecting snoops who have TunnelVision

A newly discovered vulnerability undermines countless VPN clients in that their traffic can be quietly routed away from their encrypted tunnels and intercepted by snoops on the network.…

Categories: News

CISA's early-warning system helped critical orgs close 852 ransomware holes

The Register - Tue, 07/05/2024 - 20:58
In the first year alone, that's saved us all a lot of money and woe

RSAC  As ransomware gangs step up their attacks against healthcare, schools, and other US critical infrastructure, CISA is ramping up a program to help these organizations fix flaws exploited by extortionists in the first place.…

Categories: News

TikTok sues America to undo divest-or-die law

The Register - Tue, 07/05/2024 - 20:02
Nothing like folks in Beijing lecturing us on the Constitution

TikTok and its China-based parent ByteDance sued the US government today to prevent the forced sale or shutdown of the video-sharing giant.…

Categories: News

Cops finally unmask 'LockBit kingpin' after two-month tease

The Register - Tue, 07/05/2024 - 16:08
Dmitry Yuryevich Khoroshev's $10M question is answered at last

Updated  Police have finally named who they firmly believe is the kingpin of the LockBit ransomware ring: Dmitry Yuryevich Khoroshev.…

Categories: News

The truth about KEV: CISA’s vuln deadlines good influence on private-sector patching

The Register - Tue, 07/05/2024 - 12:30
More work to do as most deadlines are missed and worst bugs still take months to fix

The deadlines associated with CISA's Known Exploited Vulnerabilities (KEV) catalog only apply to federal agencies, but fresh research shows they're having a positive impact on private organizations too.…

Categories: News

Physical security biz exposes 1.2M files via unprotected database

The Register - Tue, 07/05/2024 - 11:30
Thousands of guards' ID cards and CCTV snaps of suspects found online

Exclusive  A UK-based physical security business let its guard down, exposing nearly 1.3 million documents via a public-facing database, according to an infosec researcher.…

Categories: News

Ransomware evolves from mere extortion to 'psychological attacks'

The Register - Tue, 07/05/2024 - 03:10
Crims SIM swap execs' kids to freak out their parents, Mandiant CTO says

RSAC  Ransomware infections and extortion attacks have become "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant.…

Categories: News

Google, Meta, Spotify break Apple's device fingerprinting rules – new claim

The Register - Tue, 07/05/2024 - 02:05
And the iOS titan doesn't seem that bothered with data leaking out

Last week, Apple began requiring iOS developers justify the use of a specific set of APIs that could be used for device fingerprinting. Yet the iGiant doesn't appear to be making much effort to ensure that Google, Meta, and Spotify comply with the rules, it's claimed.…

Categories: News

Fed-run LockBit site back from the dead and vows to really spill the beans on gang

The Register - Tue, 07/05/2024 - 00:42
After very boring first reveal, this could be the real deal

Cops around the world have relaunched LockBit's website after they shut it down in February – and it's now counting down the hours to reveal documents that could unmask the ransomware group.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News