Saturday, March 25, 2023
The Register

CISA unleashes Untitled Goose Tool to honk at danger in Microsoft’s cloud

Not a headline we expected to write today American cybersecurity officials have released an early-warning system to protect Microsoft cloud users.…
The Register

Github publishes RSA SSH host keys by mistake, issues update

Getting connection failures? Don't panic. Get new keys Github has updated its SSH keys after accidentally publishing the private part to the world. Whoops.…
The Register

French parliament says oui to AI surveillance for 2024 Paris Olympics

Liberté, égalité, reconnaissance faciale for all Despite the opposition of 38 civil society groups, the French National Assembly has approved the use of algorithmic video surveillance during the 2024 Paris Olympics.…
The Register

Uncle Sam reveals it sent cyber-soldiers to Albania to hunt for Iranian threats

'Hunt forward' teams of this sort aid with defense and learn how attackers like Tehran operate US Cyber Command operators have confirmed they carried out an online defensive mission in Albania, in response to last year's cyber attacks against...
The Register

Critical infrastructure gear is full of flaws, but hey, at least it’s certified

Security researchers find bugs, big and small, in every industrial box probed Devices used in critical infrastructure are riddled with vulnerabilities that can cause denial of service, allow configuration manipulation, and achieve remote code execution, according to security researchers.…
The Register

Secure mail

Protection from business email compromise Webinar  In the distant past, a master forger with a quill could fake a signature on the end of a letter but at least then you had time to consider the potential for fraud...
The Register

Attackers hit Bitcoin ATMs to steal $1.5 million in crypto cash

Terminal maker General Bytes shutters its cloud business after second breach in seven months Unidentified miscreants have siphoned cryptocurrency valued at more than $1.5 million from Bitcoin ATMs by exploiting an unknown flaw in digicash delivery systems.…
The Register

Bogus ChatGPT extension steals Facebook cookies

All aboard the chatbot hype train! Next stop: Fraud Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies – but not before more than 9,000 users installed the account-compromising bot.…
The Register

B-List celebs including Lindsay Lohan fined after shilling crypto

Didn't disclose payments as mastermind pumped up the value of tokens with fake trades Eight very B-list celebrities have been fined for shilling a cryptocurrency without disclosing they were paid to do so, while the chap who paid them...
The Register

B-List celebs including Lindsay Lohan fined after crypto shill probe

Didn't disclose payments as mastermind pumped up value of tokens with fake trades Eight very B-list celebrities have agreed to cough up fines after being accused of shilling a cryptocurrency without disclosing they were paid to do so, while...
The Register

South Korea fines McDonald’s for data leak from raw SMB share

British American Tobacco, Samsung, also burgered up their infosec South Korea's Personal Information Protection Commission has fined McDonald's, British American Tobacco, and Samsung for privacy breaches.…
The Register

Cisco kindly reveals proof of concept attacks for flaws in rival Netgear’s kit

Maybe this is deserved given the problem's in a hidden telnet service Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers – including one critical command execution vulnerability. …
The Register

Journalist hurt by exploding USB bomb drive

Now that's a flash bang Police in Ecuador are investigating attacks on media organizations across the country after a journalist was injured by an exploding USB flash drive.…
The Register

German political parties accused of microtargeting voters on Facebook

Country's super strong data rights under magnifying glass after half a dozen complaints filed Remember the Who Targets Me browser extension from privacy activists at Noyb? The group yesterday filed explosive complaints based on log records from the extension...
The Register

Unknown actors deploy malware to steal data in occupied regions of Ukraine

If this is Kyiv's work, Russia can Crimea river A cyber espionage campaign targeting organizations in Russian-occupied regions of Ukraine is using novel malware to steal data, according to Russia-based infosec software vendor Kaspersky.…
The Register

India’s absurd infosec reporting rules get just 15 followers

CERT-In was told its six-hour notification requirement was a bad idea – now it knows just how bad India's rules requiring local organizations to report infosec incidents within six hours of detection have been observed by a mere 15...
The Register

Xi, Putin, declare intent to rule the world of AI, infosec

'Technological sovereignty is the key to sustainability' states Russian despot Russian president Vladimir Putin and his Chinese counterpart Xi Jinping have set themselves the goal of dominating the world of information technology.…
The Register

BreachForums shuts down … but the RaidForums cybercrime universe will likely become a trilogy

Admins decide reviving crime-mart is dangerous, hint at revival BreachForums has reportedly shut down for good, just days after US authorities arrested the online criminal marketplace's alleged chief administrator.…
The Register

You just gonna take that AWS? Let Microsoft school your users on cloud security?

And Google Cloud is next Microsoft has torn the wraps off its multi-cloud security benchmark (MCSB), which replaces the four-year-old Azure Security Benchmark. Crucially, as the name suggests, it now has usage and configuration guidance that reaches into rival...
The Register

Ex-Meta security staffer accuses Greece of spying on her phone

Beware of Greeks bearing GIFs Meta's former security policy manager, who split her time between the US and Greece, is reportedly suing the Hellenic national intelligence service for hacking her phone.…
The Hacker News

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal...
The Hacker News

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The glitch, which came to light on...
SecurityWeek

US Charges 20-Year-Old Head of Hacker Site BreachForums

The US Justice Department charged Conor Brian Fitzpatrick, founder of BreachForums, a major underground website for computer hackers. The post US Charges 20-Year-Old Head of Hacker Site BreachForums appeared first on SecurityWeek.
SC Magazine

Dish customers struggle with service disruptions weeks after ransomware attack

Customers complain that they are still having payment issues and are not able to contact customer service weeks after Dish Network suffered a ransomware attack.
Security Affairs

CISA announced the Pre-Ransomware Notifications initiative

The US Cybersecurity and Infrastructure Security Agency (CISA) announced the Pre-Ransomware Notifications service to help organizations stop ransomware attacks before damage occurs. The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of...