The Register

It’s definitely not a cyberattack though! Really!

The UK's tax collections agency says cyberbaddies defrauded it of £47 million ($63 million) late last year, but insists the criminal case was not a cyberattack.…

Researchers have come up with a fix for a path traversal bug first spotted in 2010

A security bug that surfaced fifteen years ago in a public post on GitHub has survived developers' attempts on its life.…

The authors who claimed America hacked itself to discredit Beijing are back with another report

Beijing complains it’s under relentless attack by the equivalent of an ant trying to shake a tree China’s National Computer Virus Emergency Response Center on Thursday published a report in which it claims Taiwan targeted it with a years-long but feeble cyber offensive, backed by the USA.…

To make matters worse, IBM's security software has a critical vuln caused by an exposed password

IBM isn’t having its best week after the company experienced another cloudy outage and a critical-rated vulnerability.…

Recompiled binaries and phone threats used to boost the pressure

Groups linked with the Play ransomware have exploited more than 900 organizations, the FBI said Wednesday, and have developed a number of new techniques in their double-extortion campaigns - including exploiting a security flaw in remote-access tool SimpleHelp if orgs haven't patched it.…

Drones are not enough

Following a daring drone attack on Russian airfields, Ukrainian military intelligence has reportedly also hacked the servers of Tupolev, the Kremlin's strategic bomber maker.…

Literally adding insult to injury

Kettering Health patients who had chemotherapy sessions and pre-surgery appointments canceled due to a ransomware attack in May now have to deal with the painful prospect that their personal info may have been leaked online.…

Victims include hospitality, retail and education sectors

A group of financially motivated cyberscammers who specialize in Scattered-Spider-like fake IT support phone calls managed to trick employees at about 20 organizations into installing a modified version of Salesforce's Data Loader that allows the crims to steal sensitive data.…

Did somebody say ransomware? Not the newspaper group, not even to deny it

Regional newspaper publisher Lee Enterprises says data belonging to around 40,000 people was stolen during an attack on its network earlier this year.…

Government details latest initiative following announcement last week

Revealing more details about the Cyber and Electromagnetic (CyberEM) military domain, the UK's Ministry of Defence (MoD) says "there are pockets of excellence" but improvements must be made to ensure the country's capability meets the needs of national defense.…

Why? There's a war in Europe, Finland has a belligerent neighbor, and cyber is a settled field

Interview  Mikko Hyppönen has spent the last 34 years creating security software that defends against criminals and state-backed actors, but now he's moving onto drone warfare.…

CEO of India's KiranaPro, which brings convenience stores online, vows to name the perp

The CEO of Indian grocery ordering app KiranaPro has claimed an attacker deleted its GitHub and AWS resources in a targeted and deliberate attack and vowed to name the perpetrator.…

Zuckercorp and Yandex used localhost loophole to tie browser data to app users, say boffins

Security researchers say Meta and Yandex used native Android apps to listen on localhost ports, allowing them to link web browsing data to user identities and bypass typical privacy protections.…

Microsoft, CrowdStrike, and pals promise clarity on cybercrew naming, deliver alias salad instead

Opinion  Microsoft and CrowdStrike made a lot of noise on Monday about teaming up with other threat-intel outfits to "bring clarity to threat-actor naming."…

TAG team spotted the V8 bug first, so you can bet nation-states weren’t far behind

Google revealed Monday that it had quietly deployed a configuration change last week to block active exploitation of a Chrome zero-day.…

Musk's 'Bitcoin-style encryption' claim has experts scratching their heads

Elon Musk's X social media platform is rolling out a new version of its direct messaging feature that the platform owner said had a "whole new architecture," but as with many a Muskian proclamation, there's reason to doubt what's been said. …

Outdoorsy brand blames credential stuffing

Joining the long queue of retailers dealing with cyber mishaps is outdoorsy fashion brand The North Face, which says crooks broke into some customer accounts using login creds pinched from breaches elsewhere.…

Out-of-band is becoming the norm rather than the exception

Microsoft is patching another patch that dumped some PCs into recovery mode with an unhelpful error code.…

To stop the JINX-0132 gang behind these attacks, pay attention to HashiCorp, Docker, and Gitea security settings

Up to a quarter of all cloud users are at risk of having their computing resources stolen and used to illicitly mine for cryptocurrency, after crims cooked up a campaign that targets publicly accessible DevOps tools.…

Nothing terribly valuable taken in data heist, though privacy a little tarnished

Global jewelry giant Cartier is writing to customers to confirm their data was exposed to cybercriminals that broke into its systems.…