Wednesday, December 8, 2021
The Register

What’s the right amount of trust to build into your network? Less than Zero

It’s tricky but manageable, says Iomart Paid Feature  “The trust of the innocent is the liar's most useful tool,” Stephen King wrote. At least that’s what the internet claims.…
The Register

Microsoft extends Secured-core concept to servers

Certifies hardware with malware-crimping spec, already common in PCs, for Azure Stack and Windows Server Microsoft has extended the Secured-core concept it applied to PCs in 2019 to servers, and to Windows Server and Azure Stack HCI.…
The Register

Cryptominers aren’t just a headache – they’re a big neon sign that Bad Things are on your network

So says Sophos in warning about Tor2Mine Monero malware Cryptominer malware removal is a routine piece of the cybersecurity landscape these days. Yet if criminals are hijacking your compute cycles to mine cryptocurrencies, chances are there's something worse lurking...
The Register

Foreign Office IT chaos: Shocking testimony reveals poor tech support hindered Afghan evac attempts

Contributed to dysfunction as diplomats and soldiers struggled to get Afghan helpers out of reach of Taliban Diplomats and soldiers were left grappling with appallingly inadequate IT and secure communications support as thousands of Afghans struggled to get help...
The Register

Microsoft wins court approval to take over sites run by Chinese crime gang

'Nickel' back in trouble for trying to lift secrets, often by exploiting Microsoft snafus Microsoft has revealed its Digital Crimes Unit (DCU) won court approval to take control of websites a Chinese gang was using to attack targets across...
The Register

LINE Pay leaks around 133,000 users’ data to Github, of all places

Someone just accidentally put it there, says the messaging service company Smartphone payment provider LINE Pay announced yesterday that around 133,000 users' payment details were mistakenly published on GitHub between September and November of this year.…
The Register

Spar shops across northern UK shut after cyber attack hits payment processing abilities

Franchisees' closures also affect petrol stations The British arm of Dutch supermarket chain Spar has shut hundreds of shops after suffering an "online attack," the company has confirmed to The Register.…
The Register

Miscreants make off with $150m of digital assets in BitMart security breach

Or it might be nearer $200m. Even the amounts stolen seem to be volatile in the crypto world Cryptocurrency exchange BitMart has coughed to a large-scale security breach relating to ETH and BSC hot wallets. The company reckons that...
The Register

Cuba ransomware gang scores almost $44m in ransom payments across 49 orgs, say Feds

Hancitor is at play The US Federal Bureau of Investigation (FBI) says 49 organisations, including some in government, were hit by Cuba ransomware as of early November this year.…
The Register

American diplomats’ iPhones reportedly compromised by NSO Group intrusion software

Reuters claims nine State Department employees outside the US had their devices hacked The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report...
The Register

Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

All together now - R, A, N, S, O... A US utility company based in Colorado was hit by a ransomware attack in November that wiped out two decades' worth of records and knocked out billing systems that won't...
The Register

Feds charge two men with claiming ownership of others’ songs to steal YouTube royalty payments

Alleged scheme said to have netted $20m since 2017 The US Attorney's Office of Arizona on Wednesday announced the indictment of two men on charges that they defrauded musicians and associated companies by claiming more than $20m in royalty...
The Register

Protecting your critical infrastructure is one thing…protecting your backups is the same thing

Do you know what your recovery position really is? Paid Feature  Normally, when we have more of something, we tend to think of it as less valuable. We might even become less protective of it.…
The Register

Netgear router flaws exploitable with authentication … like the default creds on Netgear’s website

Don't just install the patch, change your router passwords too Two arbitrary code execution vulnerabilities affecting a number of Netgear routers aimed at small businesses have been patched following research by Immersive Labs.…
The Register

BadgerDAO DeFi defunded as hackers apparently nab millions in crypto tokens

Badger, badger, badger, coin theft, coin theft! BadgerDAO, maker of a decentralized finance (DeFi) protocol, said on Wednesday that it is investigating reports that millions in user funds have been stolen.…
The Register

New UK product security law won’t be undercut by rogue traders upping and vanishing, government boasts

El Reg asks about phoenixing – but will answer convince world+dog? Britain's plans to force internet-connected device vendors to declare legally binding product lifespans won't be easily evaded by shell companies, the government has told The Register.…
The Register

European Cybercrime Centre confident it’s kicked credit card crims – again

Poised to reveal similar haul to 2020's €40M loss prevention total The European Cybercrime Centre has again acted against credit card fraud and is poised to reveal success on a similar scale to its 2020 campaign that prevented €40...
The Register

Three key ransomware actors changed jobs on October 18 – the same day REvil went dark

Underground industry grows in complexity and sophistication, says Santander Group researcher October 18, 2021, was a tricky day for the ransomware industry. First, the gang that ran the REvil ransomware had its servers compromised, and then three individuals with...
The Register

Rewriting your disaster recovery plan might just save your company…and could transform it

Just be sure it actually works Paid Feature  Disaster recovery (DR) used to be thought of as a form of corporate hygiene, but it’s becoming increasingly clear it has to be considered a matter of corporate survival.…
TechRepublic

Cybersecurity: Organizations face key obstacles in adopting zero trust

Security pros surveyed by One Identity cited a lack of clarity, other priorities and a lack of resources as bumps on the road to Zero Trust.

5 Tips to Stay on the Offensive and Safeguard Your Attack Surface

New, global-scale attacks aren't a security problem; they're a big data problem requiring a data-led solution.

Emotet’s Behavior & Spread Are Omens of Ransomware Attacks

The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.

Google disrupts major malware distribution network Glupteba

Working with several internet infrastructure and hosting providers, including Cloudflare, Google disrupted the operation of an aggressive Windows botnet known as Glupteba that was being distributed through fake ads. It also served itself as a distribution network for additional...
SecurityWeek

Private Equity Firm Permira to Acquire Mimecast in $5.8 Billion Deal

Mimecast on Tuesday announced that private equity firm Permira wants to acquire it in an all-cash transaction that values the email security company at roughly $5.8 billion. Permira, which plans on taking Mimecast private, has entered into a definitive agreement...