CES Despite all the buzz around internet-connected smart cars at this year's CES in Las Vegas, most folks don't want vehicle manufacturers sharing their personal data with third parties β and even say they'd consider buying an older or dumber car to protect their privacy and security.β¦
eBay will pay $3 million to settle criminal charges that its security team stalked and harassed a Massachusetts couple in retaliation for their website's critical coverage of the online tat bazaar.β¦
Google-owned security house Mandiant's investigation into how its X account was taken over to push cryptocurrency scams concludes the "likely" cause was a successful brute-force password attack.β¦
Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti.β¦
Fidelity National Financial now says criminals got hold of data belonging to 1.3 million customers after breaking into its IT network in November.β¦
US hospitals will be required to meet basic cybersecurity standards before receiving federal funding, according to rules the White House is expected to propose in the next few weeks.β¦
Kettle Believe us, we wish there was a simple solution that could stop ransomware dead in its tracks for good.β¦
Ransomware victims already reeling from potential biz disruption and the cost of resolving the matter are now being subjected to follow-on extortion attempts by criminals posing as helpful security researchers.β¦
A key member of the ShinyHunters cybercrime group is facing three years in the slammer and being forced to return $5 million in criminal proceeds.β¦
Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge.β¦
Updated The SEC today said its Twitter account was hijacked to wrongly claim it had approved a bunch of hotly anticipated Bitcoin ETFs, causing the cryptocurrency to spike and then slip in price.β¦
A US Naval sailor will face more than two years behind bars after pleading guilty to taking bribes from Chinese spies in exchange for sensitive military information.β¦
Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant.β¦
SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight.β¦
The British Library is denying reports suggesting the recovery costs for its 2023 ransomware attack may reach highs of nearly $9 million as work to restore services remains ongoing.β¦
Infosec in brief We gather everyone's still easing themselves into the New Year. Deleting screens of unread emails, putting on a brave face in meetings, and slowly getting up to speed. While you're recovering from the Christmas break, Meta has been busy introducing fresh ways to monetize your web surfing habits while dressing it up as a user experience improvement.β¦
Opinion A general ban on ransomware payments, as was floated by some this week, sounds like a good idea. Eliminate extortion as a source of criminal income, and the attacks are undoubtedly going to drop.Β β¦
Extortionists are now threatening to swat hospital patients β calling in bomb threats or other bogus reports to the police so heavily armed cops show up at victims' homes β if the medical centers don'tΒ pay the crooks' ransom demands.β¦
The cybercriminal behind BreachForums was this week arrested for violating the terms of his pretrial release and will now be held in custody until his sentencing hearing.β¦
Russia's Sandworm crew appear to have been responsible for knocking out mobile and internet services to about 24 million users in Ukraine last month with an attack on telco giant Kyivstar.β¦
Miscreants took over security giant Mandiant's Twitter account for several hours on Wednesday in an attempt to steal cryptocurrency, then trolled the Google-owned security shop, telling its admins to change the password.β¦
23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps.β¦
Updated A weak password exposed by infostealer malware is being blamed after a massive outage at Orange Spain disrupted around half of its network's traffic.β¦
Comment In some ways, the ransomware landscape in 2023 remained unchanged from the way it looked in previous years. Vendor reports continue to show a rise in attacks, major organizations are still getting hit, and the inherent issues that enable it as a business model remain unaddressed.β¦
Four Chinese balloons have reportedly floated over the Taiwan Strait, three of them crossing over the island's land mass and near its Ching-Chuan-Kang air base before disappearing, according to the Taiwan's defense ministry.β¦
Microsoft has disabled a protocol that allowed the installation of Windows apps after finding that miscreants were abusing the mechanism to install malware.β¦
One of America's biggest private freight shippers, Estes Express Lines, has told more than 20,000 customers that criminals stole their personal information.β¦
French IT services provider Atos has entered talks with Airbus to sell its tech security division in an effort to ease its financial burdens.β¦
Xerox has officially confirmed that a cyber baddie broke into the systems of its US subsidiary - a week after INC Ransom claimed to have exfiltrated data from the copier and print giant.β¦
Emsisoft has called for a complete ban on ransom payments following another record-breaking year of digital extortion.β¦
Updated Security researchers say info-stealing malware can still access victims' compromised Google accounts even after passwords have been changed.β¦
The court system of Victoria, Australia, was subject to a suspected ransomware attack in which audiovisual recordings of court hearings may have been accessed.β¦
US prosecutors do not plan to proceed with a second trial of convicted and imprisoned crypto-villain Sam Bankman-Fried (SBF), according to a Southern District of New York court letter filed on December 29.β¦
On Call Itβs the last Friday of 2023, but because the need for tech support never goes away neither does On Call, The Registerβs Friday column in which readers share their tales of being asked to fix the unfeasible, in circumstances that are often indefensible.β¦
Feature The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains.β¦
Kaspersky's Global Research and Analysis Team (GReAT) has exposed a previously unknown "feature" in Apple iPhones that allowed malware to bypass hardware-based memory protection.β¦
Infosec in brief Iranian cyberspies are targeting defense industrial base organizations with a new backdoor called FalseFont, according to Microsoft.β¦
Feature When AlphV/BlackCat's website went dark this month, it was like Chrimbo came early for cybersecurity defenders, some of whom seemingly believed law enforcement had busted one of the most menacing cyber criminal crews.β¦
Two British teens who were members of the Lapsus$ gang have been sentenced for their roles in a cyber-crime spree that included compromising Uber, Nvidia, and fintech firm Revolut, and also blackmailing Grand Theft Auto maker Rockstar Games.β¦
Security vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code.β¦
Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser.β¦
NASA's Office of Inspector General has run its eye over the aerospace agency's privacy regime and found plenty to like β but improvements are needed.β¦
IBM Security has dissected some JavaScript code that was injected into people's online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023.β¦
Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season.β¦
Updated Greater Manchester Police (GMP) must clear the backlog of hundreds of Freedom of Information (FOI) Act requests β some years old β or find itself in contempt of court.β¦
A vulnerability in the SSH protocol can be exploited by a well-placed adversary to weaken the security of people's connections, if conditions are right.β¦
A transnational police operation has resulted in the arrest of 3,500 alleged cybercriminals and the seizure of $300 million in cash and digital assets.β¦
Millions of Comcast Xfinity subscribers' personal data β including potentially their usernames, hashed passwords, contact details, and secret security question-answers β was likely stolen by one or more miscreants exploiting Citrix Bleed in October.β¦
Four vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched "immediately," according to Microsoft, which spotted the flaws and disclosed them to the software vendor.β¦
Updated The FBI created a decryption tool for the ransomware used by the gang known as BlackCat and/or AlphV, as part of a wider disruption campaign against the extortionists.β¦
Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet.β¦
Hacktivists reportedly disrupted services at about 70 percent of Iran's gas stations in a politically motivated cyberattack.β¦
Mortgage lender Mr Cooper has now admitted almost 14.7 million people's private information, including addresses and bank account numbers, were stolen in an earlier IT security breach, which is expected to cost the business at least $25 million to clean up.β¦
A digital break-in has disrupted VF Corp's operations and its ability to fulfill orders, according to the apparel and footwear giant.β¦
The National Grid is reportedly the latest organization in the UK to begin pulling China-manufactured equipment from its network over cybersecurity fears.β¦
Infosec in brief MongoDB on Saturday issued an alert warning of "a security incident involving unauthorized access to certain MongoDB corporate systems, which includes exposure of customer account metadata and contact information."β¦
Asia In Brief Think tank Australian Strategic Policy Institute (ASPI) last week published details of a campaign that spreads English language pro-China and anti-US narratives on YouTube.β¦
Cryptocurrency wallet maker Ledger says someone slipped malicious code into one of its JavaScript libraries to steal more than half a million dollars from victims.β¦
The Kraft Heinz Company says its systems are all up and running as usual as it probes claims that some of its data was stolen by ransomware crooks.β¦
Incident responders say they've found a new type of multi-platform malware abusing the New Kind of Network (NKN) protocol.β¦