The Register - Anti-Virus

Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials

An ongoing typosquatting campaign is targeting developers via hundreds of popular JavaScript libraries, whose weekly downloads number in the tens of millions, to infect systems with info-stealing and snooping malware.…

Justice still being served, but many systems are down

A statewide IT outage attributed to "unauthorized activity" is affecting the availability of services provided by all courts in Washington.…

You snooze, you lose, er, win

Google claims one of its AI models is the first of its kind to spot a memory safety vulnerability in the wild – specifically an exploitable stack buffer underflow in SQLite – which was then fixed before the buggy code's official release.…

Victims were placed in serious danger following highly sensitive data dump

The City of Columbus, Ohio, has confirmed half a million people's data was accessed and potentially stolen when Rhysida's ransomware raided its systems over the summer.…

Mondays are for checking months of logs, apparently, if MFA's not enabled

In potentially bad news for those with long names and/or employers with verbose domain names, Okta spotted a security hole that could have allowed crims to pass Okta AD/LDAP Delegated Authentication (DelAuth) using only a username.…

Is that a walrus in your server logs, or aren't you pleased to see me?

Opinion  At the start of September, Transport for London was hit by a major cyber attack. TfL is the public body that moves many of London's human bodies to and from work and play in the capital, and as the attack didn't hit power, signaling, or communications systems, most of the effects went unnoticed by commuters. The organization downplayed the damage done to back office ticketing, billing, and other systems. Everything was in hand.…

Also, ecommerce fraud ring disrupted, another Operation Power Off victory, Sino SOHO botnet spotted, and more

Infosec in brief  The US Department of Justice has charged six people with two separate schemes to defraud Uncle Sam out of millions of dollars connected to IT product and services contracts. …

Calls for improvements will soon turn into demands when new rules come into force

The UK's finance regulator is urging all institutions under its remit to better prepare for IT meltdowns like that of CrowdStrike in July.…

Local authority websites downed in response to renewed support for Ukraine

Multiple UK councils had their websites either knocked offline or were inaccessible to residents this week after pro-Russia cyber nuisances added them to a daily target list.…

How 'Gary' defeated Bowser broke into the interactive alarm clock

A hacker who uses the handle GaryOderNichts has found a way to break into Nintendo's recently launched Alarmo clock, and run code on the device.…

Emeraldwhale looked sharp – until it made a common S3 bucket mistake

A criminal operation dubbed Emeraldwhale has been discovered after it dumped more than 15,000 credentials belonging to cloud service and email providers in an open AWS S3 bucket, according to security researchers.…

A scary few Halloween hours for team behind hugely popular web plugin

LottieFiles is overcoming something of a Halloween fright after battling to regain control of a compromised developer account that was used to exploit users' crypto wallets.…

Motherboard missing, leaving space for a million hits of meth

Australian police have arrested a man after finding he imported what appear to be tower PC cases that were full of illicit drugs.…

India makes it onto list of likely threats for the first time

A report by Canada's Communications Security Establishment (CSE) revealed that state-backed actors have collected valuable information from government networks for five years.…