News

How to master endpoint security

The Register - Fri, 22/11/2024 - 11:14
Get some advice from this discussion with a Kaseya expert

Webinar  Want to access the key takeaways from the recent "Secure Everything for Every Endpoint" webinar?…

Categories: News

SafePay ransomware gang claims Microlise attack that disrupted prison van tracking

The Register - Fri, 22/11/2024 - 08:34
Fledgling band of crooks says it stole 1.2 TB of data

The new SafePay ransomware gang has claimed responsibility for the attack on UK telematics biz Microlise, giving the company less than 24 hours to pay its extortion demands before leaking data.…

Categories: News

Helpline for Yakuza victims fears it leaked their personal info

The Register - Fri, 22/11/2024 - 05:24
Organized crime types tend not to be kind to those who go against them, so this is nasty

A local Japanese government agency dedicated to preventing organized crime has apologized after experiencing an incident it fears may have led to a leak of personal information describing 2,500 people who reached out to it for consultation.…

Categories: News

Here's what happens if you don't layer network security – or remove unused web shells

The Register - Fri, 22/11/2024 - 01:13
TL;DR: Attackers will break in and pwn you, as a US government red team demonstrated

The US Cybersecurity and Infrastructure Agency often breaks into critical organizations' networks – with their permission, of course – to simulate real-world cyber attacks and thereby help improve their security. In one of those recent exercises conducted at a critical infrastructure provider, the Agency exploited a web shell left behind from an earlier bug bounty program, scooped up a bunch of credentials and security keys, moved through the network and ultimately pwned the org's domain and several sensitive business system targets.…

Categories: News

DARPA-backed voting system for soldiers abroad savaged

The Register - Thu, 21/11/2024 - 19:27
VotingWorks, developer of the system, disputes critics' claims

An electronic voting project backed by DARPA – Uncle Sam's boffinry nerve center – to improve the process of absentee voting for American military personnel stationed abroad has been slammed by security researchers.…

Categories: News

Chinese ship casts shadow over Baltic subsea cable snipfest

The Register - Thu, 21/11/2024 - 17:20
Danish military confirms it is monitoring as Swedish police investigate. Cloudflare says impact was 'minimal'

The Danish military has confirmed it is tracking a Chinese ship that is under investigation after two optical fiber internet cables under the Baltic Sea were damaged.…

Categories: News

'Alarming' bugs lay low in Ubuntu Server utility for 10 years

The Register - Thu, 21/11/2024 - 15:03
Update now: Qualys says vulnerabilities give root and are 'easily exploitable'

Researchers at Qualys refuse to release exploit code for five bugs in Ubuntu Server's needrestart utility that allow unprivileged attackers to gain root access without any user interaction.…

Categories: News

Now Online Safety Act is law, UK has 'priorities' – but still won't explain 'spy clause'

The Register - Thu, 21/11/2024 - 10:38
Draft doc struggles to describe how theoretically encryption-busting powers might be used

The UK government has set out plans detailing how it will use the new law it has created to control online platforms and social media – with one telling exception.…

Categories: News

Put your usernames and passwords in your will, advises Japan's government

The Register - Thu, 21/11/2024 - 06:14
Digital end of life planning saves your loved ones from a little extra anguish

Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it.…

Categories: News

Five Scattered Spider suspects indicted for phishing spree and crypto heists

The Register - Thu, 21/11/2024 - 01:29
DoJ also shutters allleged crimeware and credit card mart PopeyeTools

The US Department of Justice has issued an indictment that names five people accused of stealing millions in cryptocurrency – and we are told they are suspected members of cyber-gang Scattered Spider.…

Categories: News

Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator

The Register - Wed, 20/11/2024 - 23:50
Meet Liminal Panda, which prowls telecom networks in South Asia and Africa

A senior US senator has warned that American tech companies’ activities in China represent a national security risk, in a hearing that saw infosec biz CrowdStrike testify it has identified another cyber-espionage crew it believes is backed by Beijing.…

Categories: News

Mega US healthcare payments network restores system 9 months after ransomware attack

The Register - Wed, 20/11/2024 - 18:01
Change Healthcare’s $2 billion recovery is still a work in progress

Still reeling from its February ransomware attack, Change Healthcare confirms its clearinghouse services are back up and running, almost exactly nine months since the digital disruption began.…

Categories: News

Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed

The Register - Wed, 20/11/2024 - 17:01
OSS-Fuzz is making a strong argument for LLMs in security research

Google's OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities, including a critical flaw in the widely used OpenSSL library.…

Categories: News

D-Link tells users to trash old VPN routers over bug too dangerous to identify

The Register - Wed, 20/11/2024 - 14:32
Vendor offers 20% discount on new model, but not patches

Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.…

Categories: News

Data is the new uranium – incredibly powerful and amazingly dangerous

The Register - Wed, 20/11/2024 - 07:15
CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value

I recently got to play a 'fly on the wall' at a roundtable of chief information security officers. Beyond the expected griping and moaning about funding shortfalls and always-too-gullible users, I began to hear a new note: data has become a problem.…

Categories: News

Healthcare org Equinox notifies 21K patients and staff of data theft

The Register - Wed, 20/11/2024 - 00:30
Ransomware scum LockBit claims it did the dirty deed

Equinox, a New York State health and human services organization, has begun notifying over 21 thousand clients and staff that cyber criminals stole their health, financial, and personal information in a "data security incident" nearly seven months ago.…

Categories: News

China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

The Register - Tue, 19/11/2024 - 23:02
No word on when or if the issue will be fixed

Chinese government-linked snoops are exploiting a zero-day bug in Fortinet's Windows VPN client to steal credentials and other information, according to memory forensics outfit Volexity.…

Categories: News

Russian suspected Phobos ransomware admin extradited to US over $16M extortion

The Register - Tue, 19/11/2024 - 21:55
This malware is FREE for EVERY crook ($300 decryption keys sold separately)

A Russian citizen has been extradited from South Korea to the United States to face charges related to his alleged role in the Phobos ransomware operation.…

Categories: News

America's drinking water systems have a hard-to-swallow cybersecurity problem

The Register - Tue, 19/11/2024 - 19:59
More than 100 million rely on systems rife with vulnerabilities, says EPA OIG

Nearly a third of US residents are served by drinking water systems with cybersecurity shortcomings, the Environmental Protection Agency's Office of Inspector General found in a recent study – and the agency lacks its own system to track potential attacks. …

Categories: News

Palo Alto Networks tackles firewall-busting zero-days with critical patches

The Register - Tue, 19/11/2024 - 15:29
Amazing that these two bugs got into a production appliance, say researchers

Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News