The Register - Anti-Virus

All the Typhoons, everywhere, all at once

A majority of China-linked threat actors are using compromised routers and IoT devices worldwide, turning this gear into proxy networks to carry out further intrusions, steal sensitive data, and disrupt victim organizations’ operations, according to a joint 10-country advisory.…

Push to protect minors risks hitting everyone online

Proton's boss has waded into the age verification fight with a warning that sounds less like child safety and more like an identity checkpoint for the entire internet.…

Wins $300M deal over Salesforce, IBM because of 'integration with existing USDA systems,' among other things

Palantir has won a $300 million contract from the US Department of Agriculture (USDA) to support the National Farm Security Action Plan (NFSAP) and modernize how USDA delivers services to America's farmers.…

World's largest biomedical dataset lifted and shifted on Chinese mega marketplace

Updated  Details of volunteers of UK-based Biobank, which describes itself as the custodian of the world's most comprehensive biomedical dataset, are for sale on Chinese ecommerce site Alibaba.…

Windows Admin Center flaws mean on-prem can attack cloud, and vice-versa

Black Hat Asia  Israeli researchers found a series of flaws in Microsoft's Windows Admin Center (WAC) and suggest this shows hybrid cloud management tools are a two-way attack surface that users don't spend enough time worrying about.…

Orgs can now buy UK cyber agency engineered commercial gadget, but details are slim

GCHQ's cyber arm has entered the hardware game with its first device designed to prevent cyberattacks on display devices.…

Keeping it simple for the developers can lead to very complex headaches later

PWNED  Welcome back to PWNED, the column where we celebrate the people who’ve taught us how not to secure a server. If you’ve ever tied your own shoelaces together, then tripped over them, or attempted to dive into a swimming pool but hit your head on the diving board, we’ll be talking about your cyber equivalent.…

NCSC passes judgment: passkeys pass muster, passwords fail

The UK's National Cyber Security Centre (NCSC) has officially endorsed passkeys as the default authentication standard, marking the first time the agency has told consumers to move away from passwords entirely.…

Plus, the payload references 'TeamPCP/LiteLLM method'

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as it moves through developers' environments, and it shares significant overlap with the open source infections attributed to TeamPCP last month.…

Hackpocalypse deferred

Anthropic's Mythos model is purportedly so good at finding vulnerabilities that the Claude-maker is afraid to make it available to the general public for fear that criminals will take advantage. But early analysis shows that Mythos may not be as dangerous as some would have you believe.…

Along with a bunch of new services to make sure those same agents don't cause chaos

Google Cloud Next  Google Cloud chief operating officer Francis deSouza has summed up his company's security strategy du jour as follows: "You need to use AI to fight AI."…

Gov admits 'incident' as forum sellers boast of fresh haul covering up to a third of the population

France's National Agency for "Secure" Documents is explaining a potential data spill just as crooks online claim they've nicked a third of the country's ID information.…

Judges say cops face-slurping not a problem under current human rights laws

London's Metropolitan Police Service (MPS) has survived a legal challenge that attempted to curb its rollout of live facial recognition (LFR) technology across the capital.…

Gartner sees accelerating growth in IT spending, powered by cloud and AI infrastructure investment

A day after the International Energy Agency (IEA) said the US/Israel/Iran war was creating the worst energy crisis ever faced by the ‌world, Gartner increased its growth forecasts for global IT spending by nearly three percentage points.…

Mozilla CTO says AI means developers finally have a chance to get on top of security

The Mozilla has revealed it tested Anthropic’s bug-finding “Mythos” AI model and feels the results it experienced represent a watershed moment for software defenders.…

NCSC boss says China's whole-of-state cyber machine has become Britain's peer competitor in cyberspace

State-sponsored cyberattacks from Chinese intelligence and military agencies display "an eye-watering level of sophistication," UK National Cyber Security Centre CEO Richard Horne is expected to say in a less-than-cheery opening speech to kick off its annual conference.…

Lawmakers decry CISA cuts: 'We are shooting ourselves in the foot'

If a cyberattack leads to a death, that's murder. A former FBI cyber division chief urged the US Justice Department to consider felony homicide charges against ransomware actors when attacks on hospitals lead to patient deaths.…

CISA gives federal agencies 4 days to patch

America's lead cyber-defense agency has warned that three Cisco Catalyst SD-WAN Manager bugs are under attack, and given federal agencies just four days to patch the security holes.…

Data from browsers, cryptocurrency wallets, 200+ extensions hoovered up

A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer that collects credentials and live session cookies from 14 browsers, 16 cryptocurrency wallets, and more than 200 extensions.…

Plus: Court papers reveal nonprofit paid a ransom worth nearly $26.8 million

The third of three former ransomware negotiators accused of assisting the ALPHV/BlackCat ransomware gang in extorting US businesses has pleaded guilty, months after his two co-workers did the same.…