Viry a Červi

PLUS: Alleged Garantex admin arrested in India; Google deletes more North Korean malware

Infosec In Brief  United States Federal Communications Commission chair Brendan Carr has unveiled plans to form a Council on National Security that will combat foreign threats to American tech and telecommunications infrastructure.…

National security defense being used to keep appeal behind closed doors

US politicians and privacy campaigners are calling for the private hearing between Apple and the UK government regarding its alleged encryption-busting order to be aired in public.…

It's March already and you haven't patched?

Researchers are tracking a newly discovered ransomware group with suspected links to LockBit after a series of intrusions were reported starting in January.…

Pouring sensitive info into unapproved, unaccountable, unsafe models would be a 'severe' cybersecurity fail

House Democrats have sent letters to 24 federal agencies asking for assurances that Elon Musk's DOGE team is not feeding sensitive government data into "unapproved and unaccountable" AI systems.…

It'll take a few days, give or take your situation

Google has told The Register it's beginning to roll out a fix for Chromecast devices that were crippled by an expired security certificate authority. We're assured this deployment will take place over the next few days.…

Phishers check in, your credentials check out, Microsoft warns

An ongoing phishing campaign disguised as a Booking.com email casts keystroke and credential-stealing malware into hospitality employees' inboxes for financial fraud and theft, according to Microsoft Threat Intelligence.…

Agency tries to save face as it also pulls essential funding for election security initiatives

Uncle Sam's cybersecurity agency is trying to save face by seeking to clear up what it's calling "inaccurate reporting" after a former senior pen-tester claimed the organization axed two red teams.…

It might need polishing, but a useful find for any budding cybercrooks out there

DeepSeek's flagship R1 model is capable of generating a working keylogger and basic ransomware code, just as long as a techie is on hand to tinker with it a little.…

Feds warn gang still rampant and now cracked 300+ victims around the world

A crook who distributes the Medusa ransomware tried to make a victim cough up three payments instead of the usual two, according to a government advisory on how to defend against the malware and the gangs who wield it.…

Root cert expiry may bring breakage or worse for add-ons, media playback, and more

If you're running an outdated version of Firefox, update by Friday or risk broken add-ons, failing DRM-protected media playback, and other errors, due to an expiring root certificate.…

Fewer than 10 known victims, but Mandiant suspects others compromised, too

Chinese spies have for months exploited old Juniper Networks routers, infecting the buggy gear with custom backdoors and gaining root access to the compromised devices.…

Power utility GM talks to El Reg about getting that call and what happened next

Nick Lawler, general manager of the Littleton Electric Light and Water Departments (LELWD), was at home one Friday when he got a call from the FBI alerting him that the public power utility's network had been compromised. The digital intruders turned out to be Volt Typhoon.…

Leaders call for fewer contractors and more top talent installed across government

Senior officials in the UK's civil service understand that future cyber hires in Whitehall will need to be paid a salary higher than that of the Prime Minister if the government wants to get serious about fending off attacks.…

Election infosec advisory center also shuttered

Updated  A penetration tester who worked at the US govt's CISA claims his 100-strong team was effectively dismissed after Elon Musk's Trump-blessed DOGE unit cancelled a contract – and that more folks have also been put out of work by the cybersecurity agency.…

Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy

Patch Tuesday  Microsoft’s Patch Tuesday bundle has appeared, with a dirty dozen flaws competing for your urgent attention – six of them rated critical and another six already being exploited by criminals.…

Non-password-protected, unencrypted 108GB database … what could possibly go wrong

Exclusive  More than 86,000 records containing nurses' medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open misconfigured AWS S3 bucket for months — or possibly even longer — before it was closed it last week.…

Oh wow, just look at all the scary stuff in your Windows Event Viewer

The Federal Trade Commission (FTC) is distributing over $25.5 million in refunds to consumers deceived by tech support scammers, averaging about $34 per person.…

Nothing like an OpenAI-powered agent leaking data or getting confused over what someone else whispered to it

AI models with memory aim to enhance user interactions by recalling past engagements. However, this feature opens the door to manipulation.…

Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands

New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it.…

Expired security cert kerfuffle leaves second-gen, Audio gadgets useless

Updated  Google's second-generation Chromecast and its Chromecast Audio are suffering a major ongoing outage, with devices failing to cast due to an expired security certificate authority. The web giant is aware of the breakdown and says a fix is in the works.…