Wednesday, August 10, 2022
The Register

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …
The Register

APIC fail: Intel ‘Sunny Cove’ chips with SGX spill secrets

AMD Zen chips, meanwhile, are vulnerable to side-channel data scrying A group of computer scientists has identified an architectural error in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys.…
The Register

Malicious deepfakes used in attacks up 13% from last year, VMware finds

Plus: Crooks swimming around your network, looking for a way in, says Incident Response Threat Report Security teams are facing down more cyberattacks following Russia's invasion of Ukraine, and sophisticated crooks are using double-extortion techniques and, increasingly, deepfakes in...
The Register

Microsoft’s fix for ‘data damage’ risk hits PC performance

'AES-based operations might be two times slower' without latest updates Microsoft has warned that Windows devices with the newest supported processors might be susceptible to data damage, noting the initial fix might have slowed operations down for some.…
The Register

Chinese scammers target kids with promise of extra gaming hours

Cyberspace regulator's fraud report finds all is not well behind the Great Firewall Fraudsters in China have targeted a child with promises of allowing them to get around the nation's time limits on playing computer games – for a...
The Register

China-linked spies used six backdoors to steal info from defense, industrial enterprise orgs

We're 'highly likely' to see similar attacks, Kaspersky warned Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions,...
The Register

US treasury whips up sanctions for crypto mixer Tornado Cash

Being the money launderer for North Korea’s Lazarus Group comes at a price The US Treasury Department is levying sanctions against Tornado Cash, a notorious cryptocurrency mixer that it says has been used by threat groups like ransomware gang...
The Register

Twilio customer data exposed after its staffers got phished

Comms giant says several other firms targeted in 'sophisticated attack' Twilio confirmed a breach of the communication giant's network and accessed "a limited number" of customer accounts after tricking some employees into falling for a phishing attack.…
The Register

Microsoft tightens Edge security for less visited websites

We're pretty sure that doesn't mean it's safe to click on sketchy popups Microsoft wants to make it safer for Edge users to browse and visit unfamiliar websites by automatically applying stronger security settings.…
The Register

Slack leaked hashed passwords from its servers for years

Users who created shared invitation links for their workspace had login details slip out among encrypted traffic Did Slack send you a password reset link last week? The company has admitted to accidentally exposing the hashed passwords of workspace...
The Register

Dark Utilities C2 service draws thousands of cyber criminals

Nascent platform provides miscreants an easier and cheaper way to launch remote access, DDoS, and other attacks A platform that makes it easier for cyber criminals to establish command-and-control (C2) servers has already attracted 3,000 users since launching earlier...
The Register

DuckDuckGo says Hell, Hell, No to those Microsoft trackers after web revolt

Plus: That Twitter privacy leak, scammers send Ubers for victims, critical flaw in Cisco gear, and more In brief  DuckDuckGo has finally cracked down on the Microsoft tracking scripts that got the alternative search engine into hot water earlier...
The Register

Hi, I’ll be your ransomware negotiator today – but don’t tell the crooks that

What it's like bargaining with criminals ... and advising clients suffering their worst day yet Interview  The first rule of being a ransomware negotiator is that you don't admit you're a ransomware negotiator — at least not to LockBit...
The Register

Nomad to crypto thieves: Please give us back 90%, keep 10% as a reward. Deal?

The Feds may see things differently Cryptocurrency bridge Nomad sent a message to the looters who drained nearly $200 million in tokens from its coffers earlier this week: return at least 90 percent of the ill-gotten gains, keep 10...
The Register

Warning! Critical flaws found in US Emergency Alert System

DEF CON may be about to blow lid off security hole The US government is warning of critical vulnerabilities in its Emergency Alert System (EAS) systems that, if exploited, could enable intruders to send fake alerts out over television,...
The Register

Critical flaws found in four Cisco SMB router ranges – for the second time this year

At least Switchzilla thinks they're salvageable, unlike the boxes it ordered binned back in June Cisco has revealed four of its small business router ranges have critical flaws – for the second time in 2022 alone.…
The Register

Bloke robbed of $800,000 in cryptocurrency by fake wallet app wants payback from Google

I got played via the Play store Last October, California resident Jacob Pearlman downloaded an Android version of a cryptocurrency wallet app called Phantom from the Google Play app store.…
The Register

Taiwanese military reports DDoS in wake of Pelosi visit

Controversial visit to Taiwan continues to reverberate through cyberspace, the real world, and the semiconductor industry Taiwan's Ministry of National Defense confirmed it was hit by a DDoS attack on Wednesday in what has been an eventful week for...
The Register

India scraps data protection law in favor of better law coming … sometime

Tech giants and digital rights groups didn't like it, but at least it was a law The government of India has scrapped the Personal Data Protection Bill it's worked on for three years, and announced it will – eventually...
The Register

Student crashes Cloudflare beta party, redirects email, bags a bug bounty

Simple to exploit, enough to pocket $3,000 A Danish ethical hacker was able to work his way uninvited into a closed Cloudflare beta and found a vulnerability that could have been exploited by a cybercriminal to hijack and steal...

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Brian Krebs

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....

One of 5G's Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
The Register

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …