The Register - Anti-Virus

Ransomware scum LockBit claims it did the dirty deed

Equinox, a New York State health and human services organization, has begun notifying over 21 thousand clients and staff that cyber criminals stole their health, financial, and personal information in a "data security incident" nearly seven months ago.…

No word on when or if the issue will be fixed

Chinese government-linked snoops are exploiting a zero-day bug in Fortinet's Windows VPN client to steal credentials and other information, according to memory forensics outfit Volexity.…

This malware is FREE for EVERY crook ($300 decryption keys sold separately)

A Russian citizen has been extradited from South Korea to the United States to face charges related to his alleged role in the Phobos ransomware operation.…

More than 100M rely on gear rife with vulnerabilities, says EPA OIG

Nearly a third of US residents are served by drinking water systems with cybersecurity shortcomings, the Environmental Protection Agency's Office of Inspector General found in a recent study – and the agency lacks its own system to track potential attacks. …

Amazing that these two bugs got into a production appliance, say researchers

Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week.…

Strategies for mitigating external access vulnerabilities and safeguarding sensitive data

Webinar  As organizations increasingly rely on third-party contractors, vendors, and service providers, the security risks associated with third-party access can become a top priority.…

Fastidious attacker then tidied up email trail behind them

A Maryland AI company has confirmed to the Securities and Exchange Commission (SEC) that it lost $250,000 to a misdirected wire payment.…

Get hands-on cybersecurity training this seasonal challenge

Sponsored Post  Are you ready to pit your wits against the cyber exercises featured in the Holiday Hack Challenge 2024: Snow-maggedon?…

Security researcher's reverse engineering effort reveals undocumented reboot timer that will make life harder for attackers

Apple's latest mobile operating system, iOS 18, appears to have added an undocumented security feature that reboots devices if they’re not used for 72 hours.…

Plus: Maxar Space Systems confirms employee info stolen in digital intrusion

Updated  Ford Motor Company says it is looking into allegations of a data breach after attackers claimed to have stolen an internal database containing 44,000 customer records and dumped the info on a cyber crime souk for anyone to "enjoy."…

If you didn't fix this a month ago, your to-do list probably needs a reshuffle

Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in attacks after Broadcom’s first attempt to fix the flaws fell short.…

Un-carrier said to be among those hit by Salt Typhoon, including AT&T, Verizon

updated  T-Mobile US said it is "monitoring" an "industry-wide" cyber-espionage campaign against American networks – amid fears Chinese government-backed spies compromised the un-carrier along with various other telecommunications providers.…

First in six years is nearly three times the size of the older, pre-NATO version

Residents of Sweden are to receive a handy new guide this week that details how to prepare for various types of crisis situations or wartime should geopolitical events threaten the country.…

Event  The security landscape is constantly shifting. If you're running Linux, staying ahead may rely on understanding the challenges - and opportunities - unique to Linux environments.…

PLUS: Cost of Halliburton hack disclosed; Time to dump old D-Link NAS; More UN cybercrime convention concerns; and more

Infosec in brief  A teenager has pleaded guilty to calling in more than 375 fake threats to law enforcement, and now faces years in prison.…

Here's why they really should

Systems Approach  I have been playing around with passkeys, or as they are formally known, discoverable credentials.…

It's memory-safe, with a few caveats

Developers looking to continue working in the C and C++ programming languages amid the global push to promote memory-safe programming now have another option that doesn't involve learning Rust.…

QR codes arrive via an age-old delivery system

Switzerland's National Cyber Security Centre (NCSC) has issued an alert about malware being spread via the country's postal service.…

Digital money laundering pays, until it doesn't

An Ohio man, who operated the Grams dark-web search engine and the Helix cryptocurrency money-laundering service associated with it, has been sentenced to three years in prison.…

LLM-controlled droids easily jailbroken to perform mayhem, researchers warn

Science fiction author Isaac Asimov proposed three laws of robotics, and you'd never know it from the behavior of today's robots or those making them.…