"Biden bans Kapersky:  No more sales, updates in U.S."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 22 June 2024, 1427 UTC.

Content and Source:  https://www.theregister.com/security.

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 

The Register – Security

86K followers31 articles per week#security#tech

27

MOST POPULAR

That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise

14 TTPs

•

71by Jessica Lyons / 3d

•

Hackers use social engineering techniques

Control-C, Control-V, Enter ... Hell Crafty criminals are targeting thousands of orgs around the world in social-engineering attacks that use phony error messages to trick users into running malicious PowerShell scripts. …

Biden bans Kaspersky: No more sales, updates in US

Biden bans Russian cybersecurity software

•

42by Jessica Lyons / 1d

Blockade begins July 20 on national security grounds as antivirus slinger vows to fight back The Biden administration today banned the sale of Kaspersky Lab products and services in the United States, declaring the Russian biz a national security risk.…

Amtrak confirms crooks are breaking into accounts using creds swiped from other DBs

Amtrak and AMD data breaches

•

34by Connor Jones / 3d

Railco goes full steam ahead with notification letters to Rewards users about spilled card details and more US rail service Amtrak is writing to users of its Guest Rewards program to inform them that their data is potentially at risk following a derailment of their individual account security. …

YESTERDAY

From network security to nyet work in perpetuity: What's up with the Kaspersky US ban?

Biden to ban Kaspersky sales

•

by Iain Thomson / 6h

It's been a long time coming. Now our journos speak their brains Kettle The US government on Thursday banned Kaspersky Lab from selling its antivirus and other products in America from late July, and from issuing updates and malware signatures from October.…

Change Healthcare finally spills the tea on what medical data was stolen by cyber-crew

Change Healthcare notifies customers cyberattack

•

by Jessica Lyons / 16h

'Substantial proportion' of America to get a little note from next month Change Healthcare is formally notifying some of its pharmacy and hospital customers that their patients' data was stolen from it by ransomware criminals back in February – and for the first time has concretely disclosed the types of information swiped during that IT intrusion.…

Uncle Sam sanctions Kaspersky's top bosses – but not Mr K himself

US sanctions Kaspersky Lab executives

•

by Jessica Lyons / 18h

Here's America's list of the supposedly dirty dozen Uncle Sam took another swing at Kaspersky Lab today and sanctioned a dozen C-suite and senior-level executives at the antivirus maker, but spared CEO and co-founder Eugene Kaspersky.…

Phoenix UEFI flaw puts long list of Intel chips in hot seat

Privilege Escalation (Enterprise TA0004)

•

by Connor Jones / 22h

Researchers discuss it in same breath as BlackLotus and MosaicRegressor A new vulnerability in UEFI firmware is threatening the security of a wide range of Intel chip families in a similar fashion to BlackLotus and others like it.…

Why attack surfaces are expanding

by Annaliese Ingrams / 23h

Insights from Cloudflare Webinar In the ever-evolving world of cybersecurity, understanding why attack surfaces are expanding is more critical than ever.…

Qilin cyber scum leak data they claim belongs to London hospitals’ pathology provider

Hackers demand $50M ransom

•

by Connor Jones / 1d

At least they didn’t get paid their $50M ransom demand The ransomware gang responsible for the chaos at London hospitals kept true to its word and released a trove of data that it claims belongs to pathology services provider Synnovis.…

JUN 20, 2024

Since joining NATO, Sweden claims Russia has been borking Nordic satellites

Sweden accuses Russia of interference

•

by Matthew Connatser / 1d

If Putin likes jammin', we hope NATO likes jammin' too Sweden says its satellites have been impacted by "harmful interference" from Russia ever since the Nordic nation joined the North Atlantic Treaty Organization (NATO) last March.…

Coding error in forgotten API blamed for massive data breach

Optus faces legal action over data breach

•

by Simon Sharwood / 1d

Australian telco Optus allegedly left redundant website with poor access controls online for years The data breach at Australian telco Optus, which saw over nine million customers' personal information exposed, has been blamed on a coding error that broke API access controls, and was left in place for years.…

Crooks get their hands on 500K+ radiology patients' records in cyber-attack

Radiology company faces massive data breach

•

by Jessica Lyons / 1d

Two ransomware gangs bragged of massive theft of personal info and medical files Consulting Radiologists has notified almost 512,000 patients that digital intruders accessed their personal and medical information during a February cyberattack.…

Car dealer software bigshot CDK pulls systems offline twice amid 'cyber incident'

Cyber attack paralyzes US car dealers

•

by Connor Jones / 1d

Downtime set to crash into next week The vendor behind the software on which nearly 15,000 car dealerships across the US rely says an ongoing "cyber incident" has forced it to pull systems offline for a second time in as many days.…

Crypto exchange Kraken accuses blockchain security outfit CertiK of extortion

Findlay Automotive Group faces cybersecurity

•

by Brandon Vigliarolo / 1d

Researchers allegedly stole $3M using the vulnerability, then asked how much it was really worth Kraken, one of the largest cryptocurrency exchanges in the world, has accused a trio of security researchers of discovering a critical bug, expoliting it to steal millions in digital cash, then using stolen funds to extort the exchange for more.…

Russia's cyber spies still threatening French national security, democracy

by Connor Jones / 2d

Publishing right before a major election is apparently just a coincidence A fresh report into the Nobelium offensive cyber crew published by France's computer emergency response team (CERT-FR) highlights the group's latest tricks as the country prepares for a major election and to host this year's Olympic and Paralympic Games.…

Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals

3 TTPs

•

by Connor Jones / 2d

•

Hackers demand $50M ransom

Cybercriminals claim they used a zero-day to breach pathology provider’s systems Interview The ransomware gang responsible for a healthcare crisis at London hospitals says it has no regrets about its cyberattack, which was entirely deliberate, it told The Register in an interview.…

JUN 18, 2024

Rogue uni IT director pleads guilty after fraudulently buying $2.1M of tech

Former Webster University IT director defrauds

•

by Jessica Lyons / 3d

Two decades in the clink would be quite an education A now-former IT director has pleaded guilty to defrauding the university at which he was employed – and a computer equipment supplier – for $2.1 million over five years.…

Dark-web kingpin puts 'stolen' internal AMD databases, source code up for sale

AMD data breach on dark web

•

by Iain Thomson / 3d

Chip designer really gonna need to channel some Zen right now Updated AMD's IT team is no doubt going through its logs today after cyber-crooks put up for sale what is claimed to be internal data stolen from the US microprocessor designer.…

EU attempt to sneak through new encryption-eroding law slammed by Signal, politicians

Signal president opposes EU law

•

by Thomas Claburn / 3d

If you call 'client-side scanning' something like 'upload moderation,' it still undermines privacy, security On Thursday, the EU Council is scheduled to vote on a legislative proposal that would attempt to protect children online by disallowing confidential communication.…

CHERI Alliance formed to promote memory security tech ... but where's Arm?

by Dan Robinson / 3d

Academic-industry project takes next step as key promoter chip designer licks its wounds Updated A group of technology organizations has formed the CHERI Alliance CIC (Community Interest Company) to promote industry adoption of the security technology focused on memory access.…

Uncle Sam ends financial support to orgs hurt by Change Healthcare attack

US to end Medicare payments program due to Change

•

by Connor Jones / 4d

Billions of dollars made available but worst appears to be over The US government is winding down its financial support for healthcare providers originally introduced following the ransomware attack at Change Healthcare in February.…

NHS boss says Scottish trust wouldn't give cyberattackers what they wanted

NHS Dumfries & Galloway cyber attack data breach

•

by Connor Jones / 4d

CEO of Dumfries and Galloway admits circa 150K people should assume their details leaked The chief exec at NHS Dumfries and Galloway will write to thousands of folks in the Scottish region whose data was stolen by criminals, admitting the lot of it was published after the trust did not give in to the miscreants' demands.…

JUN 17, 2024

VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug

3 TTPs

•

by Simon Sharwood / 4d

Specially crafted network packet could allow remote code execution and access to VM fleets VMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server – the tool used to manage virtual machines and hosts in its flagship Cloud Foundation and vSphere suites.…

Arm security defense shattered by speculative execution 95% of the time

by Thomas Claburn / 4d

'TikTag' security folks find anti-exploit mechanism rather fragile In 2018, chip designer Arm introduced a hardware security feature called Memory Tagging Extensions (MTE) as a defense against memory safety bugs. But it may not be as effective as first hoped.…

Shoddy infosec costs PwC spinoff and NMA $11.3M in settlement with Uncle Sam

by Jessica Lyons / 4d

Pen-testing tools didn't work – and personal info of folks hit by pandemic started appearing in search engines Updated Two consulting firms, Guidehouse and Nan McKay and Associates, have agreed to pay a total of $11.3 million to resolve allegations of cybersecurity failings over their roll-out of COVID-19 assistance.…

Suspected bosses of $430M dark-web Empire Market charged in US

Owners charged for dark web marketplace

•

by Jessica Lyons / 4d

Dopenugget and Zero Angel may face life behind bars if convicted The two alleged administrators of Empire Market, a dark-web bazaar that peddled drugs, malware, digital fraud, and other illegal stuff, have been detained on charges related to owning and operating the illicit souk.…

Blackbaud has to cough up a few million dollars more over 2020 ransomware attack

Blackbaud settles $6.75M data breach

•

by Connor Jones / 4d

Four years on and it's still paying for what California attorney general calls 'unacceptable' practice Months after escaping without a fine from the US Federal Trade Commission (FTC), the luck of cloud software biz Blackbaud ran out when it came to reaching a settlement with California's attorney general.…

END OF FEED