The Register

Ransomware? More like 'we don't care' for everyone but CISOs

Efficiency and scalability are key benefits of enterprise cloud computing, but they come at a cost. Security threats specific to cloud environments are the leading cause of concern among top executives and they're also the ones organizations are least prepared to address.…

LLMs are helpful, but don't use them for anything important

AI models just can't seem to stop making things up. As two recent studies point out, that proclivity underscores prior warnings not to rely on AI advice for anything that really matters.…

PLUS: UK man charged with hacking US firms for stock secrets; ransomware actor foils self; and more

Infosec In Brief  Put away that screwdriver and USB charging cable – the latest way to steal a Kia just requires a cellphone and the victim's license plate number.…

Plus: SpaceX plans Vietnam investment; Yahoo! Japan content moderation secrets; LG offloads Chinese display factory; and more

ASIA IN BRIEF  It's not often The Register writes about a cryptocurrency outfit being on the right side of a scam or crime, but last week crypto exchange Binance claimed it helped Indian authorities to investigate a scam gaming app.…

Alethe Denis exposes tricks that made you fall for that return-to-office survey

Interview  A hacker walked into a "very big city" building on a Wednesday morning with no keys to any doors or elevators, determined to steal sensitive data by breaking into both the physical space and the corporate Wi-Fi network.…

Snoops allegedly camped out in inboxes well into September

The US Department of Justice has charged three Iranians for their involvement in a "wide-ranging hacking campaign" during which they allegedly stole massive amounts of materials from Donald Trump's 2024 presidential campaign and then leaked the information to media organizations.…

AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more

Microsoft has revised the Recall feature for its Copilot+ PCs and insists that the self-surveillance system is secure.…

Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda

Microsoft's latest threat intelligence blog issues a warning to all organizations about Storm-0501's recent shift in tactics, targeting, and backdooring hybrid cloud environments.…

33% of cloud environments using the toolkit impacted, we're told

A critical bug in Nvidia's widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host.…

More 9.8 bugs? Ay, papi!

Aruba access points running AOS-8 and AOS-10 need to be patched urgently after HPE emitted fixes for three critical flaws in its networking subsidiary's networking access points.…

No fix yet plus criticalness plus uncertainty plus talk of example exploit equals nightmare

Details about an as-yet-non-public critical 9.9-out-of-10-severity unauthenticated remote-code execution vulnerability affecting all GNU/Linux systems could be revealed today.…

Protect your enterprise data while leveraging AI models

Webinar  As organizations adopt AI technologies, safeguarding private intellectual property (IP) has become more challenging.…

Attackers got 10k people to download 'trusted' web3 brand cheat before Mountain View intervened

The latest in a long line of cryptocurrency wallet-draining attacks has stolen $70,000 from people who downloaded a dodgy app in a single campaign researchers describe as a world-first.…

See it, say it… not sorted just yet as network access remains offline

Updated  A cybersecurity incident is being probed at Network Rail, the UK non-departmental public body responsible for repairing and developing train infrastructure, after unsavory messaging was displayed to those connecting to major stations' free Wi-Fi portals.…

Access to account info needed to tackle benefit fraud, latest bill claims

Privacy campaigners are criticizing UK proposals to force banks to share data from the accounts of government benefit claimants, saying the ploy amounts to "a financial snoopers' charter targeted to automate suspicion."…

That escalated quickly

WordPress on Wednesday escalated its conflict with WP Engine, a hosting provider, by blocking the latter's servers from accessing WordPress.org resources – and therefore from potentially vital software updates.…

Expecting a longer storm season this year?

Another Beijing-linked cyberspy crew, this one dubbed Salt Typhoon, has reportedly been spotted on networks belonging to US internet service providers in stealthy data-stealing missions and potential preparation for future cyberattacks.…

Extorting underfunded public services for $1M isn't a good look

Despite being top of the ransomware tree at the moment, RansomHub – specifically, one of its affiliates – clearly isn't that bright as they are reportedly trying to extort Delaware Libraries for around $1 million.…

Taiwan laughs it off – and so does Beijing, which says political slurs hit sites nobody reads anyway

Taiwan has dismissed Chinese allegations that its military sponsored a recent wave of anti-Beijing cyber attacks.…

Argues worse could happen if it loses kernel access

CrowdStrike is "deeply sorry" for the "perfect storm of issues" that saw its faulty software update crash millions of Windows machines, leading to the grounding of thousands of planes, passengers stranded at airports, the cancellation of surgeries, and disruption to emergency services hotlines among many more inconveniences.…