The Register

'I want to buy a car. That's all'

Crooks are exploiting month-old OpenMetadata vulnerabilities in Kubernetes environments to mine cryptocurrency using victims' resources, according to Microsoft.…

Vote met strong opposition from Biden's office

A draft law to restrict the US government's ability to procure data on citizens through data brokers will progress to the Senate after being passed in the House of Representatives.…

Criminals make lucrative use of stolen credit cards

Speaking at Black Hat Asia on Thursday, a Korean researcher revealed how the discovery of one phishing website led to uncovering an operation whose activities leveraged second-hand shops and included using Apple’s "someone-else pickup" method to cash in.…

Extent of information seized will be a concern for those affected

Ransomware strikes at yet another US healthcare organization led to the theft of sensitive data belonging to just shy of 185,000 people.…

Platforms should not confront users with 'binary choice' over personal data use

The EU's Data Protection Board (EDPB) has told large online platforms they should not offer users a binary choice between paying for a service and consenting to their personal data being used to provide targeted advertising.…

Police mimic Spotify Wrapped videos to let crims know they're being hunted

Feature  Cops have brought down a dark-web souk that provided cyber criminals with convincing copies of trusted brands' websites for use in phishing campaigns.…

Hypershield detects bad behavior and automagically reconfigures networks to snuff out threats

Cisco has developed a product called Hypershield that it thinks represents a new way to do network security.…

When you decide not to trust a big chunk of the supply chain, tech (and trade) get harder

One of the biggest challenges Singapore faces is the potential for a split between tech stacks developed and used by China and the West, according to the island nation's Cyber Security Administration (CSA) chief executive David Koh.…

Stymied by sanctions, it had to go … but where?

Chinese surveillance camera manufacturer Zhejiang Dahua Technology, which has found itself on the USA’s entity list of banned orgs, has fully sold off its stateside subsidiary for $15 million to Taiwan's Central Motion Picture Corporation, according to the firm's annual report released on Monday.…

Opponents warn almost anyone could be asked to share info with Uncle Sam

On Thursday the US Senate is expected to reauthorize the contentious warrantless surveillance powers conferred by Section 702 of the Foreign Intelligence Surveillance Act (FISA), and may even strengthen them with language that, according to US Senator Ron Wyden (D-OR), "will force a huge range of companies and individuals to spy for the government."…

Water tank overflowed during one system malfunction, says Mandiant

The Russian military's notorious Sandworm crew was likely behind cyberattacks on US and European water plants that, in at least one case, caused a tank to overflow.…

Race on to patch as researchers warn of mass exploitation of directory traversal bug

Various infosec researchers have released proof-of-concept (PoC) exploits for the maximum-severity vulnerability in Palo Alto Networks' PAN-OS used in GlobalProtect gateways.…

While some other LLMs appear to flat-out suck

AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.…

Just doesn't believe it will sort out the mess that saw data leak from LINE messaging app

Japan's government has considered the proposed security improvements developed by Yahoo!, found them wanting, and ordered the onetime web giant to take new measures.…

Also warns of brute force attacks targeting its own VPNs, Check Point, Fortinet, SonicWall and more

Cisco is fighting fires on a couple cybersecurity fronts this week involving its Duo multi-factor authentication (MFA) service and its remote-access VPN services.…

What a twist!

MGM Resorts wants the FTC to halt a probe into last year's ransomware infection at the mega casino chain – because the watchdog's boss Lina Khan was a guest at one of its hotels during the cyberattack, apparently.…

No prizes for guessing the victims

A Nebraska man will appear in court today to face charges related to allegations that he defrauded cloud service providers of more than $3.5 million in a long-running cryptojacking scheme.…

No breach responsible for employee contact info getting out, says T-Mo

T-Mobile US employees say they are being sent text messages that offer them cash to perform illegal SIM swaps for supposed criminals.…

Social engineering patterns spotted across range of popular projects

Open source groups are warning the community about a wave of ongoing attacks targeting project maintainers similar to those that led to the recent attempted backdooring of a core Linux library.…

First glimpse at attack financials reveals huge pain

UnitedHealth, parent company of ransomware-besieged Change Healthcare, says the total costs of tending to the February cyberattack for the first calendar quarter of 2024 currently stands at $872 million.…