The Register-Security

November 14, 2024

"Kids' shoemaker Start-Rite trips over security again, spill card info."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 14 November 2024, 1446 UTC.

Content and Source: Email subscription via https://feedly.com. https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom

Please check link or scroll down to read your selections. Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Register – Security

91K followers27 articles per week#security #tech
20

Most popular

Kids' shoemaker Start-Rite trips over security again, spilling customer card info
by Connor Jones / 2h
Full details exposed, putting shoppers at serious risk of fraud Children's shoemaker Start-Rite is dealing with a nasty "security incident" involving customer payment card details, its second significant lapse during the past eight years.…
NatWest blocks bevy of apps in clampdown on unmonitorable comms
NatWest bans WhatsApp for staff
•
by Connor Jones / 3h
From guidance to firm action... no more WhatsApp, Meta's Messenger, Signal, Telegram and more The full list of messaging apps officially blocked by Brit banking and insurance giant NatWest Group is more extensive than WhatsApp, Meta's Messenger, and Skype – as first reported.…
FBI issues warning as crooks ramp up emergency data request scams
Hackers exploit fake legal requests
•
39by Connor Jones / 2d
Just because it's .gov doesn't mean that email is trustworthy Cybercrooks abusing emergency data requests in the US isn't new, but the FBI says it's becoming a more pronounced issue as the year draws to a close.…

Yesterday

Asda security chief replaced, retailer sheds jobs during Walmart tech divorce
by Lindsay Clark / 5h
British grocer's workers called back to office as clock ticks for contractors The head of tech security at Asda, the UK's third-largest food retailer, has left amid an ongoing tech divorce from US grocery giant Walmart.…
Five Eyes infosec agencies list 2024's most exploited software flaws
4 TTPs
•
by Iain Thomson / 6h
Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities, and warned that attacks on zero-day exploits have become more common.…
Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'
Chinese hackers breach US telecoms
•
by Jessica Lyons / 12h
Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds The US government has confirmed there was "a broad and significant cyber espionage campaign" conducted by China-linked snoops against "multiple" American telecommunications providers' networks.…
ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue
7 TTPs
•
by Jessica Lyons / 14h
•
Bitdefender releases ShrinkLocker decryptor
Plus: CISA's ScubaGear dives deep to fix M365 misconfigs Bitdefender has released a free decryption tool that can unlock data encrypted by the ShrinkLocker ransomware.…
Data broker amasses 100M+ records on people – then someone snatches, sells it
by Jessica Lyons / 17h
We call this lead degeneration What's claimed to be more than 183 million records of people's contact details and employment info has been stolen or otherwise obtained from a data broker and put up for sale by a miscreant.…
Ransomware fiends boast they've stolen 1.4TB from US pharmacy network
2 TTPs
•
by Connor Jones / 19h
•
Embargo ransomware attacks American Associated
American Associated Pharmacies yet to officially confirm infection American Associated Pharmacies (AAP) is the latest US healthcare organization to have had its data stolen and encrypted by cyber-crooks, it is feared.…
Microsoft slips Task Manager and processor count fixes into Patch Tuesday
Windows updates released November 2024
•
by Richard Speed / 21h
Sore about cores no more Microsoft has resolved two issues vexing Windows 11 24H2 and Windows Server 2025 users among the many security updates that emerged on Patch Tuesday.…

Nov 12, 2024

Admins can give thanks this November for dollops of Microsoft patches
4 TTPs
•
by Iain Thomson / 1d
Don't be a turkey – get these fixed Patch Tuesday Patch Tuesday has swung around again, and Microsoft has released fixes for 89 CVE-listed security flaws in its products – including two under active attack – and reissued three more.…
China's Volt Typhoon crew and its botnet surge back with a vengeance
7 TTPs
•
by Jessica Lyons / 1d
Ohm, for flux sake China's Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.…
Air National Guardsman gets 15 years after splashing classified docs on Discord
Teixeira sentenced for leaking documents
•
by Iain Thomson / 1d
22-year-old talked of 'culling the weak minded' – hmm! A former Air National Guard member who stole classified American military secrets, and showed them to his gaming buddies on Discord, has been sentenced to 15 years in prison.…
Here's what we know about the suspected Snowflake data extortionists
Snowflake hackers indicted for extortion
•
by Jessica Lyons / 1d
A Canadian and an American living in Turkey 'walk into' cloud storage environments… Two men allegedly compromised what's believed to be multiple organizations' Snowflake-hosted cloud environments, stole sensitive data within, and extorted at least $2.5 million from at least three victims.…
'Cybersecurity issue' at Food Lion parent blamed for US grocery mayhem
Food Lion suffers cyberattack nationwide
•
20by Connor Jones / 1d
Stores still open, but customers report delayed deliveries, invoicing issues, and more at Stop & Shop and others Retail giant Ahold Delhaize, which owns Food Lion and Stop & Shop, among others, is confirming outages at several of its US grocery stores are being caused by an ongoing "cybersecurity issue."…
HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code
6 TTPs
•
by Connor Jones / 1d
'Once again, we've lost a little more faith in the internet,' researcher says Researchers are publicizing a proof of concept (PoC) exploit for what they're calling an unauthenticated remote code execution (RCE) vulnerability in Citrix's Virtual Apps and Desktops.…
Managing third-party risks in complex IT environments
by Annaliese Ingrams / 1d
Key steps to protect your organization’s data from unauthorized external access Webinar With increasing reliance on contractors, partners, and vendors, managing third-party access to systems and data is a complex security challenge.…
Amazon confirms employee data exposed in leak linked to MOVEit vulnerability
by Laura Dobberstein / 2d
Over 5 million records from 25 organizations posted to black hat forum Amazon employees' data is part of a stolen trove posted to a cybercrime forum linked to last year's MOVEit vulnerability.…

Nov 11, 2024

Dark web crypto laundering kingpin sentenced to 12.5 years in prison
Bitcoin Fog operator sentenced 150 months
•
20by Connor Jones / 3d
Prosecutors hand Russo-Swede a half-billion bill The operator of the longest-running money laundering machine in dark web history, Bitcoin Fog, has been sentenced to 12 years and six months in US prison.…

Nov 10, 2024

Alleged Snowflake attacker gets busted by Canadians – politely, we assume
9 TTPs
•
by Brandon Vigliarolo / 3d
Also: Crypto hacks will continue; CoD hacker gets thousands banned, and more Infosec in brief One of the suspected masterminds behind the widespread Snowflake breach has been arrested in Canada – but the saga isn't over, eh. …

End of feed

Comments