News

Device compromises and deep-seated access to critical infrastructure exposed surveillance vulnerabilities in agency's work

A major Mexican drug cartel insider grassed on his fellow drug-peddlers back in 2018, telling the FBI that a cartel "hacker" was tracking a federal official and using their deep-rooted access to the country's critical infrastructure to kill informants.…

Like being hard to spot? They’d much rather you didn’t

Opinion  There are few tech deceptions more successful than Chrome's Incognito Mode.…

PLUS: Broadband blimps to fly in Japan; Starbucks China put ads before privacy; and more!

Asia In Brief  Canada’s government has ordered Chinese CCTV systems vendor Hikvision to cease its local operations.…

PLUS: Crooks target hardware crypto wallets; Bad flaws in Brother printers; ,O365 allows takeover-free phishing; and more

Infosec in Brief  Despite warnings not to pay ransomware operators, almost half of those infected by the malware send cash to the crooks who planted it, according to infosec software slinger Sophos.…

Watch out for supply chain hacks especially

interview  The ceasefire between Iran and Israel may prevent the two countries from firing missiles at each other, but it won't carry any weight in cyberspace, according to former NATO hacker Candan Bolukbas.…

Taking advantage of the ridiculously complex US healthcare billing system

Criminals masquerading as insurers are tricking patients and healthcare providers into handing over medical records and bank account information via emails and text messages, according to the FBI.…

Getting it in might mean re-racking the entire datacenter and rebuilding the network, though

Cisco is talking up the integration of security into network infrastructure such as its latest Catalyst switches, claiming this is vital to AI applications, and in particular the current vogue for "agentic AI."…

'No impact on safety,' FAA tells The Reg

update  Hawaiian Airlines said a "cybersecurity incident" affected some of its IT systems, but noted that flights are operating as scheduled. At least one researcher believes Scattered Spider, which previously targeted retailers and insurance companies, could be to blame.…

Pen Test Partners hijack data from Renault Clio to steer, brake, and accelerate in SuperTuxKart

Cybersecurity nerds figured out a way to make those at-home racing simulators even more realistic by turning an actual car into a game controller.…

Finance, health, and national identification details compromised

Multinational grocery and retail megacorp Ahold Delhaize says upwards of 2.2 million people had their data compromised during its November cyberattack with personal, financial and health details among the trove.…

Pro tip: Don't use your personal email account on BreachForums

The notorious data thief known as IntelBroker allegedly broke into computer systems belonging to more than 40 victims worldwide and stole their data, costing them at least $25 million in damages, according to newly unsealed court documents that also name IntelBroker as 25-year-old British national Kai West.…

Czech researcher lays out a business case for reducing reliance on Redmond

Comment  A sharply argued blog post warns that heavy reliance on Microsoft poses serious strategic risks for organizations – a viewpoint unlikely to win favor with Redmond or its millions of corporate customers.…

A 10.0 and a 9.8 – these aren’t patches to dwell on

Cisco has dropped patches for a pair of critical vulnerabilities that could allow unauthenticated remote attackers to execute code on vulnerable systems.…

Nothing confirmed but authority is operating under the assumption that data has been stolen

A cyberattack on Glasgow City Council is causing massive disruption with a slew of its digital services unavailable.…

Pathology outage caused by Synnovis breach linked to harm across dozens of healthcare facilities

The NHS says Qilin's ransomware attack on pathology services provider Synnovis last year led to the death of a patient.…

Aircraft meant to bolster NATO deterrent will rely on allied support to stay airborne

The UK government is to buy 12 F-35A fighters capable of carrying nuclear weapons as part of the NATO deterrent, but there's a snag: the new jets are incompatible with the RAF's refueling tanker aircraft.…

Privacy campaigner brands Iceland's use of 'Orwellian' camera tech 'chilling,' CEO responds: 'It'll cut violent crime'

Privacy campaigners are branding frozen food retailer Iceland's decision to trial facial recognition technology (FRT) at several stores "chilling" – the UK supermarket chain says it's deploying the cameras to cut down on crime.…

Charming Kitten unsheathes its claws and tries to catch credentials

The cyber-ops arm of Iran's Islamic Revolutionary Guard Corps has started a spear-phishing campaign intent on stealing credentials from Israeli journalists, cybersecurity experts, and computer science professors from leading Israeli universities.…

Two emergency patches issued in two weeks

Hot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued an emergency patch for yet another super-serious flaw in the same products — but not before criminals found and exploited it as a zero-day.…

It's meant to cut down on false positives but could be a trove for mischief-makers

Ring doorbells and cameras are using AI to "learn the routines of your residence," via a new feature called Video Descriptions.…