Viry a Červi
FCC stands up Council on National Security to fight China in ways that CISA used to
Infosec In Brief United States Federal Communications Commission chair Brendan Carr has unveiled plans to form a Council on National Security that will combat foreign threats to American tech and telecommunications infrastructure.…
Apple's alleged UK encryption battle sparks political and privacy backlash
US politicians and privacy campaigners are calling for the private hearing between Apple and the UK government regarding its alleged encryption-busting order to be aired in public.…
New kids on the ransomware block channel Lockbit to raid Fortinet firewalls
Researchers are tracking a newly discovered ransomware group with suspected links to LockBit after a series of intrusions were reported starting in January.…
Dems ask federal agencies for reassurance DOGE isn't feeding data into AI willy-nilly
House Democrats have sent letters to 24 federal agencies asking for assurances that Elon Musk's DOGE team is not feeding sensitive government data into "unapproved and unaccountable" AI systems.…
Google says it's rolling out fix for stricken Chromecasts
Google has told The Register it's beginning to roll out a fix for Chromecast devices that were crippled by an expired security certificate authority. We're assured this deployment will take place over the next few days.…
That 'angry guest' email from Booking.com? It's a scam, not a 1-star review
An ongoing phishing campaign disguised as a Booking.com email casts keystroke and credential-stealing malware into hospitality employees' inboxes for financial fraud and theft, according to Microsoft Threat Intelligence.…
CISA: We didn't fire red teams, we just unhired a bunch of them
Uncle Sam's cybersecurity agency is trying to save face by seeking to clear up what it's calling "inaccurate reporting" after a former senior pen-tester claimed the organization axed two red teams.…
DeepSeek can be gently persuaded to spit out malware code
DeepSeek's flagship R1 model is capable of generating a working keylogger and basic ransomware code, just as long as a techie is on hand to tinker with it a little.…
Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand
A crook who distributes the Medusa ransomware tried to make a victim cough up three payments instead of the usual two, according to a government advisory on how to defend against the malware and the gangs who wield it.…
Get off that old Firefox by Friday or you'll be sorry, says Moz
If you're running an outdated version of Firefox, update by Friday or risk broken add-ons, failing DRM-protected media playback, and other errors, due to an expiring root certificate.…
Expired Juniper routers find new life – as Chinese spy hubs
Chinese spies have for months exploited old Juniper Networks routers, infecting the buggy gear with custom backdoors and gaining root access to the compromised devices.…
This is the FBI, open up. China's Volt Typhoon is on your network
Nick Lawler, general manager of the Littleton Electric Light and Water Departments (LELWD), was at home one Friday when he got a call from the FBI alerting him that the public power utility's network had been compromised. The digital intruders turned out to be Volt Typhoon.…
UK must pay cyber pros more than its Prime Minister, top civil servant says
Senior officials in the UK's civil service understand that future cyber hires in Whitehall will need to be paid a salary higher than that of the Prime Minister if the government wants to get serious about fending off attacks.…
CISA pen-tester says 100-strong red team binned after DOGE canceled contract
Updated A penetration tester who worked at the US govt's CISA claims his 100-strong team was effectively dismissed after Elon Musk's Trump-blessed DOGE unit cancelled a contract – and that more folks have also been put out of work by the cybersecurity agency.…
Choose your own Patch Tuesday adventure: Start with six zero-day fixes, or six critical flaws
Patch Tuesday Microsoft’s Patch Tuesday bundle has appeared, with a dirty dozen flaws competing for your urgent attention – six of them rated critical and another six already being exploited by criminals.…
'Uber for nurses' exposes 86K+ medical records, PII in open S3 bucket for months
Exclusive More than 86,000 records containing nurses' medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open misconfigured AWS S3 bucket for months — or possibly even longer — before it was closed it last week.…
FTC's $25.5M scam refund treats victims to $34 each
The Federal Trade Commission (FTC) is distributing over $25.5 million in refunds to consumers deceived by tech support scammers, averaging about $34 per person.…
MINJA sneak attack poisons AI models for other chatbot users
AI models with memory aim to enhance user interactions by recalling past engagements. However, this feature opens the door to manipulation.…
Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it
New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it.…
Google begs owners of crippled Chromecasts not to hit factory reset
Updated Google's second-generation Chromecast and its Chromecast Audio are suffering a major ongoing outage, with devices failing to cast due to an expired security certificate authority. The web giant is aware of the breakdown and says a fix is in the works.…
