ALSO: Infostealer spotted hiding in CDN cache, antivirus update hijacked to deliver virus, and some critical vulns Updated - Infosec in brief They say sunlight is the best disinfectant, and that appears to have been true in the case of Discord data harvesting site Spy.pet – as it was recently …
Don't bore us, get to the chorus: You need less privacy so we can protect the children Yet another international cop shop has come out swinging against end-to-end encryption - this time it's Europol which is urging an end to implementation of the tech for fear police investigations will be …
PLUS: Akira ransomware resurgent; Telehealth outfit fined for data-sharing; This week's nastiest vulns Infosec In Brief In a cautionary tale that no one is immune from attack, the security org MITRE has admitted that it got pwned.... [...]
Police say this appears to be a 'deliberate act.' Sacramento International Airport (SMF) suffered hours of flight delays yesterday after what appears to be an intentional cutting of an AT&T internet cable serving the facility.... [...]
No breach responsible for employee contact info getting out, says T-Mo T-Mobile US employees say they are being sent text messages that offer them cash to perform illegal SIM swaps for supposed criminals.... [...]
PLUS: Chinese chipmaker Nexperia attacked; A Microsoft-signed backdoor; CISA starts scanning your malware; and more Infosec in brief US Congress nearly killed a reauthorization of FISA Section 702 last week over concerns that it would continue to allow warrantless surveillance of Americans, but an amendment to require a warrant …
China, Russia have muscled up, and whoever wins up there wins down here The commander of the US Space Force (USSF) has warned that America risks losing its dominant position in space, and therefore on Earth too.... [...]
Plus: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns Infosec in brief Protecting your privacy online is hard. So hard, in fact, that even a top Israeli spy who managed to stay incognito for 20 years has found himself exposed after one basic …
Senders of more than 5K messages a day are in the crosshairs It was 20 years ago on Monday that Google unleashed Gmail on the world, and the chocolate factory is celebrating with new rules that just might, hopefully, cut down on the amount of spam users receive.... [...]
Also, TheMoon botnet back for EoL SOHO routers, Sellafield to be prosecuted for 'infosec failures', plus critical vulns Infosec in brief Nearly a year on from the discovery of a massive data theft at healthcare biz Harvard Pilgrim, and the number of victims has now risen to nearly 2 …
Theresa Payton on why US needs a national privacy law Interview Congress is mulling legislation that will require TikTok's Chinese parent ByteDance to cut ties with the video-sharing mega-app, or the social network will be banned in the USA.... [...]
Still claims the personal info wasn't stolen from its systems AT&T confirmed over the weekend that more than 73 million records of its current and former customers dumped on the dark web in mid-March do indeed describe its subscribers, though it still denies the data came direct from …
Could have been worse: Prosecutors wanted decades more Fallen crypto-king Sam Bankman-Fried has been jailed for 25 years after New York federal judge Lewis Kaplan expressed disbelief at almost every argument from his legal team.... [...]
Beware support calls offering a fix Apple device owners, consider yourselves warned: a targeted multi-factor authentication bombing campaign is under way, with the goal of exhausting iUsers into allowing an unwanted password reset.... [...]
ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns Infosec in brief If your Windows domain controllers have been crashing since a security update was installed earlier this month, there's no longer any need to speculate why: Microsoft has …
Short of redesigning CPUs, the fix will seriously degrade performance A side-channel vulnerability has been found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys from memory that should be off limits.... [...]
At least we can all agree on something The US House of Representatives has passed a bill that would prohibit data brokers from selling Americans' data to foreign adversaries with an unusual degree of bipartisan support: It passed without a single opposing vote.... [...]
Also: Roblox-themed infostealer on the prowl, telco insider pleads guilty to swapping SIMs, and some crit vulns Infosec in brief Almost as quickly as a paper came out last week revealing an AI side-channel vulnerability, Cloudflare researchers have figured out how to solve it: just obscure your token size …
Imagine trying to trick folks into buying $500 of unnecessary repairs – and they turn out to be federal agents A pair of tech support businesses accused of swindling marks out of their hard-earned cash have agreed to cough up a $26 million settlement following an undercover probe by the …
Exec accused of using own work PC to swipe confidential AI and staffing docs for stealth cloud startup An ex-Meta veep has been sued by his former bosses for "brazenly disloyal and dishonest conduct" – and by that, they mean he allegedly stole confidential documents to help him build and …
PLUS: NSA shares cloud security tips; Infosec training for Jordanian women; Critical vulnerabilities Infosec in brief Cybersecurity researchers informed Microsoft that Notorious North Korean hackers Lazarus Group discovered the "holy grail" of rootkit vulnerabilities in Windows last year, but Redmond still took six months to patch the problem.... [...]
'We refuse to operate as customer service representatives' A group of 41 US state attorneys general, tired of serving as a customer complaint clearinghouse for Facebook and Instagram users, have sent a letter to Meta asking it to figure out how to reduce a "dramatic and persistent spike" in …
Singaporean researchers note rising presence of OpenAI logins in infostealer malware logs Stolen ChatGPT credentials are a hot commodity on the dark web, according to Singapore-based threat intelligence firm Group-IB, which claims to have found some 225,000 log files containing login details for the service last year.... [...]
If you're still on X you'd better disable this insecure-by-default calling feature Video and audio calling features for X Premium users added last year to Elon Musk's version of Twitter have been expanded to everyone on the platform, and we're warning Reg readers yet again to disable the feature …
Just a little FYI Video and audio calling features for X Premium users added last year to Elon Musk's version of Twitter have been expanded to everyone on the platform, and FYI: It may reveal your IP address to those you're nattering away to.... [...]