The Czech Republic says the Chinese-backed APT31 hacking group was behind cyberattacks targeting the country's Ministry of Foreign Affairs and critical infrastructure organizations. [...]
The latest in a long line of techies to face Putin’s wrath A Russian programmer will face the next 14 years in a "strict-regime" (high-security) penal colony after a regional court ruled he leaked sensitive data to Ukraine.... [...]
Russia is proposing a rule that all foreigners in Moscow install a tracking app on their phones. Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information: Residence location Fingerprint Face photograph Real-time geo-location monitoring This isn …
Apple says it blocked over $9 billion in fraudulent App Store transactions over the last five years, with over $2 billion in potentially fraudulent sanctions prevented in 2024 alone. [...]
Poor password management is responsible for thousands of data breaches, but it doesn’t have to be this way. Sponsored feature The IT business likes to reinvent things as quickly as possible. Except passwords, that is. We've been using them since Roman times, only now they're digital. They're the …
SimpleHelp was the vector for the attack Updated DragonForce ransomware infected a managed service provider, and its customers, after attackers exploited security flaws in remote monitoring and management tool SimpleHelp.... [...]
Really strong USB ports make a difference too by reducing the need for motherboard replacements Computex Analysts rate Taiwan’s ASUS the world’s fifth most prolific PC-maker, but the company wants to climb the charts by targeting business buyers, according to Shawn Chang, Head of Go-To-Market for the …
Millions may fall for it - and end up with malware instead A group of miscreants tracked as UNC6032 is exploiting interest in AI video generators by planting malicious ads on social media platforms to steal credentials, credit card details, and other sensitive info, according to Mandiant.... [...]
Customers often tell me that they want a simpler path to meet the compliance and industry regulatory mandates they have in their geographic regions. In our deep engagements with partners and customers, we have learned that one of the greatest challenges for customers is the translation of security and …
The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems. [...]
AWS Secrets Manager is a service that you can use to manage, retrieve, and rotate database credentials, application credentials, API keys, and other secrets throughout their lifecycles. You can use Secrets Manager to replace hard-coded credentials in application source code with a runtime call to the Secrets Manager service …
A full conference pass is $1,099. Register today with the code flashsale150 to receive a limited time $150 discount, while supplies last. From proof of concepts to large scale production deployments, the rapid advancement of generative AI has ushered in unique opportunities for innovation, but it also introduces …
An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span. [...]
Dutch intel services, Microsoft go big-game hunting A previously unknown Kremlin-linked group has conducted cyber-espionage operations against Dutch police, NATO member states, Western tech companies, and other organizations of interest to the Russian government since at least April 2024, according to Dutch intelligence services and Microsoft.... [...]
A full conference pass is $1,099. Register today with the code flashsale150 to receive a limited time $150 discount, while supplies last. We’re counting down to AWS re:Inforce, our annual cloud security event! We are thrilled to invite security enthusiasts and builders to join us in …
Not every "critical" vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what's actually exploitable in your environment — so you can patch what matters. [...]
Hackers take personal data bytes from the brand with three stripes Adidas is warning customers some of their data was stolen after an "unauthorized" person lifted it from a "third-party customer service provider."... [...]
MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage. [...]
Commercial customers, STEM students all feeling the pain after mega outage of engineering data-analysis tool Software biz MathWorks is cleaning up a ransomware attack more than a week after it took down MATLAB, its flagship product used by more than five million people worldwide.... [...]
A previously unknown Russian-backed cyberespionage group now tracked as Laundry Bear has been linked to a September 2024 Dutch police security breach. [...]
One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain. A new study found that many commercials VPNS are (often surreptitiously) owned by …
German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. [...]
PLUS: Interpol kills more malware; GoDaddy settles in awful infosec case; Giant stolen creds DB exposed Infosec In Brief Secrets of the Trump administration may have been exposed after a successful attack on messaging service TeleMessage, which has been used by some officials.... [...]
PLUS: Original emoji retired; Xiaomi's custom silicon; Pakistan dedicates 2,000 MW to AI and crypto Asia In Brief China last week approved rules that will see Beijing issue identity numbers that netizens can use as part of a federated identity scheme that will mean they can use one …
Glitch has announced it is ending app hosting and user profiles on July 8, 2025, responding to changing market dynamics and extensive abuse problems that have raised operational costs. [...]
Michael Daniel also thinks Uncle Sam should increase help to orgs hit by ransomware INTERVIEW Uncle Sam's cybersecurity apparatus can't only focus on China and other nation-state actors, but also has to fight the much bigger damage from plain old cybercrime, says former White House advisor Michael Daniel. And …
The Bumblebee malware SEO poisoning campaign uncovered earlier this week aimpersonating RVTools is using more typosquatting domainsi mimicking other popular open-source projects to infect devices used by IT staff. [...]
The original leak site that never sold out, never surrendered Obituary John Young, the co-founder of the legendary internet archive Cryptome, died at the age of 89 on March 28. The Register talked to friends and peers who gave tribute to a bright, pugnacious man who was devoted to …
Interesting story : USS Stein was underway when her anti-submarine sonar gear suddenly stopped working. On returning to port and putting the ship in a drydock, engineers observed many deep scratches in the sonar dome’s rubber “NOFOUL” coating. In some areas, the coating was described as being shredded, with …
The hacker ecosystem in Russia, more than perhaps anywhere else in the world, has long blurred the lines between cybercrime, state-sponsored cyberwarfare, and espionage. Now an indictment of a group of Russian nationals and the takedown of their sprawling botnet offers the clearest example in years of how a …
Marketers promote AI-assisted developer tools as workhorses that are essential for today’s software engineer. Developer platform GitLab, for instance, claims its Duo chatbot can “instantly generate a to-do list” that eliminates the burden of “wading through weeks of commits.” What these companies don’t say is that these …
Bank accounts, personal details all hoovered up in the attack Nova Scotia Power on Friday confirmed it had been hit by a ransomware attack that began earlier this spring and disrupted certain IT systems, and admitted the crooks leaked data belonging to about 280,000 customers online. The stolen …
60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. [...]
Cyberbaddies are coming for your M365 creds, US infosec agency warns The Cybersecurity and Infrastructure Security Agency (CISA) is warning that SaaS companies are under fire from criminals on the prowl for cloud apps with weak security.... [...]
Arrest warrants issued for ringleaders after investigation by police in Europe and North America European and North American cybercrime investigators say they have dismantled the heart of a malware operation directed by Russian criminals after a global operation involving British, Canadian, Danish, Dutch, French, German and US police. International …
The decentralized exchange Cetus Protocol announced that hackers have stolen $223 million in cryptocurrency and is offering a deal to stop all legal action if the funds are returned. [...]
The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks. [...]
This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data. [...]
Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks. [...]
Callous fraudster tricked elderly gents into smuggling meth hidden in chocolate truffles A ruthless cyber conman who duped elderly pensioners – including an 80-year-old man – into smuggling deadly class A drugs was this week locked up.... [...]
Posted by Mateusz Jurczyk, Google Project Zero In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail …
In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. [...]
And the associated fraud'n'spy botnet is about to be shut down The US Department of Justice has unsealed indictments against 16 people accused of spreading and using the DanaBot remote-control malware that infected more than 300,000 computers, plus operating a botnet of the same name, and appears set …
If it ain't broke? A suspected Chinese government spy group is behind the rash of attacks that exploit two Ivanti bugs that can be chained together to achieve unauthenticated remote code execution (RCE), according to analysts at threat intelligence outfit EclecticIQ.... [...]
Blackmailed teen allegedly scared into carving his handle onto her arm The FBI has filed an affidavit detailing how it identified a US Navy man who was allegedly distributing child sex abuse material (CSAM) through Discord.... [...]
Improving security on a budget with continuous monitoring Partner content Most security teams face a staggering challenge. They're tasked with protecting themselves against the same advanced threats as any large enterprise, but often have a fraction of the budget, tools, and personnel. It's not uncommon to hear these teams …
Agents thought they shut this all down in 2023, but the duck quacked again Uncle Sam on Thursday unsealed criminal charges and a civil forfeiture case against a Russian national accused of leading the cybercrime ring behind Qakbot, the notorious malware that infected hundreds of thousands of computers worldwide …
The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of …
The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. [...]
Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face. Eight packages using names that closely mimicked those of widely used legitimate packages contained …