No breach responsible for employee contact info getting out, says T-Mo T-Mobile US employees say they are being sent text messages that offer them cash to perform illegal SIM swaps for supposed criminals.... [...]
PLUS: Chinese chipmaker Nexperia attacked; A Microsoft-signed backdoor; CISA starts scanning your malware; and more Infosec in brief US Congress nearly killed a reauthorization of FISA Section 702 last week over concerns that it would continue to allow warrantless surveillance of Americans, but an amendment to require a warrant …
China, Russia have muscled up, and whoever wins up there wins down here The commander of the US Space Force (USSF) has warned that America risks losing its dominant position in space, and therefore on Earth too.... [...]
Plus: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns Infosec in brief Protecting your privacy online is hard. So hard, in fact, that even a top Israeli spy who managed to stay incognito for 20 years has found himself exposed after one basic …
Senders of more than 5K messages a day are in the crosshairs It was 20 years ago on Monday that Google unleashed Gmail on the world, and the chocolate factory is celebrating with new rules that just might, hopefully, cut down on the amount of spam users receive.... [...]
Also, TheMoon botnet back for EoL SOHO routers, Sellafield to be prosecuted for 'infosec failures', plus critical vulns Infosec in brief Nearly a year on from the discovery of a massive data theft at healthcare biz Harvard Pilgrim, and the number of victims has now risen to nearly 2 …
Theresa Payton on why US needs a national privacy law Interview Congress is mulling legislation that will require TikTok's Chinese parent ByteDance to cut ties with the video-sharing mega-app, or the social network will be banned in the USA.... [...]
Still claims the personal info wasn't stolen from its systems AT&T confirmed over the weekend that more than 73 million records of its current and former customers dumped on the dark web in mid-March do indeed describe its subscribers, though it still denies the data came direct from …
Could have been worse: Prosecutors wanted decades more Fallen crypto-king Sam Bankman-Fried has been jailed for 25 years after New York federal judge Lewis Kaplan expressed disbelief at almost every argument from his legal team.... [...]
Beware support calls offering a fix Apple device owners, consider yourselves warned: a targeted multi-factor authentication bombing campaign is under way, with the goal of exhausting iUsers into allowing an unwanted password reset.... [...]
ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns Infosec in brief If your Windows domain controllers have been crashing since a security update was installed earlier this month, there's no longer any need to speculate why: Microsoft has …
Short of redesigning CPUs, the fix will seriously degrade performance A side-channel vulnerability has been found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys from memory that should be off limits.... [...]
At least we can all agree on something The US House of Representatives has passed a bill that would prohibit data brokers from selling Americans' data to foreign adversaries with an unusual degree of bipartisan support: It passed without a single opposing vote.... [...]
Also: Roblox-themed infostealer on the prowl, telco insider pleads guilty to swapping SIMs, and some crit vulns Infosec in brief Almost as quickly as a paper came out last week revealing an AI side-channel vulnerability, Cloudflare researchers have figured out how to solve it: just obscure your token size …
Imagine trying to trick folks into buying $500 of unnecessary repairs – and they turn out to be federal agents A pair of tech support businesses accused of swindling marks out of their hard-earned cash have agreed to cough up a $26 million settlement following an undercover probe by the …
Exec accused of using own work PC to swipe confidential AI and staffing docs for stealth cloud startup An ex-Meta veep has been sued by his former bosses for "brazenly disloyal and dishonest conduct" – and by that, they mean he allegedly stole confidential documents to help him build and …
PLUS: NSA shares cloud security tips; Infosec training for Jordanian women; Critical vulnerabilities Infosec in brief Cybersecurity researchers informed Microsoft that Notorious North Korean hackers Lazarus Group discovered the "holy grail" of rootkit vulnerabilities in Windows last year, but Redmond still took six months to patch the problem.... [...]
'We refuse to operate as customer service representatives' A group of 41 US state attorneys general, tired of serving as a customer complaint clearinghouse for Facebook and Instagram users, have sent a letter to Meta asking it to figure out how to reduce a "dramatic and persistent spike" in …
Singaporean researchers note rising presence of OpenAI logins in infostealer malware logs Stolen ChatGPT credentials are a hot commodity on the dark web, according to Singapore-based threat intelligence firm Group-IB, which claims to have found some 225,000 log files containing login details for the service last year.... [...]
If you're still on X you'd better disable this insecure-by-default calling feature Video and audio calling features for X Premium users added last year to Elon Musk's version of Twitter have been expanded to everyone on the platform, and we're warning Reg readers yet again to disable the feature …
Just a little FYI Video and audio calling features for X Premium users added last year to Elon Musk's version of Twitter have been expanded to everyone on the platform, and FYI: It may reveal your IP address to those you're nattering away to.... [...]
Don't leave home without... IT security A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown.... [...]
ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn't need ADFS, and crit vulns Infosec in brief The infamous LockBit ransomware gang has been busy in the ten days since an international law enforcement operation took down many of its systems. But despite its posturing, the …
$10M bounty for anyone with info leading to Alireza Shafie Nasab's identification or location The US Department of Justice has unsealed an indictment accusing an Iranian national of a years-long campaign that compromised hundreds of thousands of accounts and attempting to infiltrate US defense contractors and multiple government agencies …
No Chinese automakers sell cars in the US, but the feds are still going to investigate whether they're a threat Concerned over the chance that Chinese-made cars could pose a future threat to national security, Biden's administration is proposing plans to probe potential threats posed by "connected" vehicles made …