Simple jailbreak prompt can bypass safety guardrails on major models Microsoft on Thursday published details about Skeleton Key – a technique that bypasses the guardrails used by makers of AI models to prevent their generative chatbots from creating harmful content.... [...]
No supply-chain attacks to see over here! Updated After having its website shut down, the polyfill.io owner is fighting back against claims it smuggled suspicious code onto websites all across the internet.... [...]
Investigation launched after airline reported a suspicious network popped up during a domestic flight in April Follow our Australia news live blog for latest updates Get our morning and afternoon news emails, free app or daily news podcast A man has been charged after he allegedly set up fake …
Claims customer data, prod environment not affected as NCC sounds alarm Updated TeamViewer on Thursday said its security team just "detected an irregularity" within one of its networks – which is a fancy way of saying someone broke in.... [...]
AWS Certificate Manager (ACM) is a managed service that you can use to provision, manage, and deploy public and private TLS certificates for use with Elastic Load Balancing (ELB), Amazon CloudFront, Amazon API Gateway, and other integrated AWS services. Starting August 2024, public certificates issued from ACM will terminate …
Enlarge (credit: Getty Images) Mac malware that steals passwords, cryptocurrency wallets, and other sensitive data has been spotted circulating through Google ads, making it at least the second time in as many months the widely used ad platform has been abused to infect web surfers. The latest ads, found …
Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry. In that case, tidbits of …
With the introduction of trusted identity propagation, applications can now propagate a user’s workforce identity from their identity provider (IdP) to applications running in Amazon Web Services (AWS) and to storage services backing those applications, such as Amazon Simple Storage Service (Amazon S3) or AWS Glue. Since access …
Congressman warns tech is getting the 'Huawei Playbook' treatment US Congress members warned against Chinese dominance of the drone industry on Wednesday, elevating the threat posed by Beijing's control of the technology as similar to that of semiconductors and ships.... [...]
A group of cryptographers have analyzed the eiDAS 2.0 regulation (electronic identification and trust services) that defines the new EU Digital Identity Wallet. [...]
KT may have had an entire team dedicated to infecting its own customers A South Korean media outlet has alleged that local telco KT deliberately infected some customers with malware due to their excessive use of peer-to-peer (P2P) downloading tools.... [...]
Russian national accused of attacks in lead-up to the Ukraine war The US Department of Justice has indicted a 22-year-old Russian for allegedly attacking Ukrainian government computers and destroying critical infrastructure systems in the so-called “WhisperGate” wiper attack that preceded Russia's illegal invasion of the European nation.... [...]
Enlarge A critical vulnerability recently discovered in a widely used piece of software is putting huge swaths of the Internet at risk of devastating hacks, and attackers have already begun actively trying to exploit it in real-world attacks, researchers warn. The software, known as MOVEit and sold by Progress …
OneCoin co-founder allegedly bilked investors out of $4B Uncle Sam has put a $5 million bounty on any information leading to the arrest or conviction of self-titled "CryptoQueen" Ruja Ignatova, who is wanted in the US for apparently bilking victims out of more than $4 billion in what the …
Said to have zip tied elderly crypto investors, held them at gunpoint, and threatened to kill them The US has convicted the 24-year-old leader of an international robbery crew that kidnapped and terrorized wealthy victims during home invasions that were carried out to steal cryptocurrency tokens.... [...]
Encryption is a fundamental control for data security, sovereignty, and privacy in the cloud. While Google Cloud provides default encryption for customer data at rest, many organizations want greater control over their encryption keys that control access to their data. Customer-Managed Encryption Keys (CMEK) can help you by providing …
Exploit attempts for ‘devastating’ vulnerabilities already underway Thought last year's MOVEit hellscape was well and truly behind you? Unlucky, buster. We're back for round two after Progress Software lifted the lid on fresh vulnerabilities affecting MOVEit Transfer and Gateway.... [...]
This move has been coming for a long time. The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban …
Now, about that bill for the private jet that's taking him home to Australia... Julian Assange is a free man.... [...]
Admits it's not sure some clicks came from humans, points to bettter quality as sign not all is rotten Yahoo ! Japan will waive $189 million charged to advertisers after deciding they were fraudulently charged, the portal's corporate parent revealed on Tuesday.... [...]
Australian study finds GPS trackers – and sometimes AirTags – are in demand for the wrong reasons Tracking devices are in demand from organized crime groups and known perpetrators of domestic violence, according to an Australian study.... [...]
Probe: Worker at speech-recog outfit Nuance wasn't locked out after firing Updated American healthcare provider Geisinger fears highly personal data on more than a million of its patients has been stolen – and claimed a former employee at a Microsoft subsidiary is the likely culprit.... [...]
Scripts turn sus after mysterious CDN swallows domain The polyfill.io domain is being used to infect more than 100,000 websites with malicious code after what's said to be a Chinese organization bought the domain earlier this year, researchers have said.... [...]
Flash clobber chain fashionably late to Snowflake fiasco party Customer information said to have been stolen from Neiman Marcus's Snowflake instance has been put up for sale on the dark web for $150,000.... [...]
Business is more lucrative than you might think The FBI says in just 12 months, scumbags stole circa $10 million from victims of crypto scams after posing as helpful lawyers offering to recover their lost tokens.... [...]
Crafty crims broke in but encryption stopped any nastiness US cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool (CSAT) portal.... [...]
Attacking the NHS is a very bad move UK and US cops have reportedly joined forces to find and fight Qilin, the ransomware gang wreaking havoc on the global healthcare industry.... [...]
Interesting paper about a German cryptanalysis machine that helped break the US M-209 mechanical ciphering machine. The paper contains a good description of how the M-209 works. [...]
Why Object First and Veeam tick the box for encryption and immutability Sponsored Feature You know that a technology problem is serious when the White House holds a summit about it.... [...]
WikiLeaks boss already out of Blighty and, if all goes to plan, ultimately off to home in Australia WikiLeaks founder Julian Assange has been freed from prison in the UK after agreeing to plead guilty to just one count of conspiracy to obtain and disclose national defense information, brought …
'Congress has effectively gutted it as part of a backroom deal' Analysis Introduced in April, the American Privacy Rights Act (APRA) was - in the words of its drafters - "the best opportunity we’ve had in decades to establish a national data privacy and security standard that gives people the …
Enlarge (credit: Getty Images ) WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be affected in the campaign, which was active as recently as Monday morning …
About a thousand vulnerable instances still exposed online, we're told A now-patched vulnerability in Ollama – a popular open source project for running LLMs – can lead to remote code execution, according to flaw finders who warned that upwards of 1,000 vulnerable instances remain exposed to the internet.... [...]
More customers self-reporting to SEC as disruption carries into second week The number of US companies filing Form 8-Ks with the Securities and Exchange Commission (SEC) and referencing embattled car dealership software biz CDK is mounting.... [...]
Seems like as good a time as any to upgrade older hardware There are early indications of active attacks targeting end-of-life Zyxel NAS boxes just a few weeks after details of three critical vulnerabilities were made public.... [...]
Former NSA Director Paul Nakasone has joined the board of OpenAI. [...]
A busy few days for security teams There were data breaches galore in the US last week with various major incidents reported to state attorneys general, some in good time, some not.... [...]
Yanks get food poisoning far more often than Brits. Is American IT just as sickening? Opinion When two stories from opposite ends of the IT universe boil down to the same thing, sound the klaxons. At the uber-fashionable AI end of tech, Meta has grudgingly complied with a ruling …
Have you heard the one about the techie who forgot what was on the clipboard? Who, me? Brace yourselves, gentle readers, for it is once again Monday, and the work week has commenced. Thankfully, The Reg is here with another dose of Who, Me? in which readers share tales …
Also: The leaked Apple internal tools that weren't; TV pirate pirates convicted; and some critical vulns, too Infosec in brief The descending ball of trouble over at Snowflake keeps growing larger, with more victims – and even one of the alleged intruders – coming forward last week.... [...]
All depends on how you count it – Chocolate Factory claims 1% fail rate Google this week offered reassurance that its vetting of Chrome extensions catches most malicious code, even as it acknowledged that "as with any software, extensions can also introduce risk."... [...]
The BlackSuit ransomware gang is behind CDK Global's massive IT outage and disruption to car dealerships across North America, according to multiple sources familiar with the matter. [...]
An open-source Android malware named 'Ratel RAT' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram. [...]
It's been a long time coming. Now our journos speak their brains Kettle The US government on Thursday banned Kaspersky Lab from selling its antivirus and other products in America from late July, and from issuing updates and malware signatures from October.... [...]
'Substantial proportion' of America to get a note from next month Change Healthcare is formally notifying some of its pharmacy and hospital customers that their patients' data was stolen from it by ransomware criminals back in February – and for the first time has concretely disclosed the types of information …
The Los Angeles Unified School District has confirmed a data breach after threat actors stole student and employee data by breaching the company's Snowflake account. [...]
Beautiful astronomical photo. [...]
Here's America's list of the supposedly dirty dozen Uncle Sam took another swing at Kaspersky Lab today and sanctioned a dozen C-suite and senior-level executives at the antivirus maker, but spared CEO and co-founder Eugene Kaspersky.... [...]
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned twelve Kaspersky Lab executives for operating in the technology sector of Russia. [...]
Researchers discuss it in same breath as BlackLotus and MosaicRegressor A new vulnerability in UEFI firmware is threatening the security of a wide range of Intel chip families in a similar fashion to BlackLotus and others like it.... [...]