"UK Home Office silent about alleged Apple backdoor order."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 08 Feburary 2025, 0338 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Register – Security

93K followers31 articles per week#security#tech

26

Most popular

UK Home Office silent on alleged Apple backdoor order

by Connor Jones / 10h

Blighty’s latest stab at encryption? A secret order to pry open iCloud, sources claim The UK's Home Office refuses to either confirm or deny reports that it recently ordered Apple to create a backdoor allowing the government to access any user's cloud data.…

UK industry leaders unleash hurricane-grade scale for cyberattacks

by Connor Jones / 15h

Freshly minted organization aims to take the guesswork out of incident severity for insurers and policy holders A world-first organization assembled to categorize the severity of cybersecurity incidents is up and running in the UK following a year-long incubation period.…

Federal judge tightens DOGE leash over critical Treasury payment system access

Musk's DOGE faces lawsuit over access

•

91by Brandon Vigliarolo and Jessica Lyons / 1d

Lawsuit: 'Scale of intrusion into individuals' privacy is massive and unprecedented' Updated Elon Musk's Department of Government Efficiency has had its access to US Treasury payment systems restricted - at least temporarily - following a lawsuit from advocacy groups and unions.…

Yesterday

Apple missed screenshot-snooping malware in code that made it into the App Store, Kaspersky claims

7 TTPs

•

by Jessica Lyons / 1d

•

Kaspersky warns of cryptocurrency theft malware

OCR plugin great for extracting crypto-wallet secrets from galleries Kaspersky eggheads say they’ve spotted the first app containing hidden optical character recognition spyware in Apple’s App Store. Cunningly, the software nasty is designed to steal cryptocurrency.…

If Ransomware Inc was a company, its 2024 results would be a horror show

Ransomware payments drop 35%

•

by Iain Thomson / 1d

35% drop in payments across the year as your backups got better and law enforcement made a difference Ransomware extortion payments fell in 2024, according to blockchain analyst biz Chainalysis this week.…

Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker

by Thomas Claburn / 1d

Fourth time’s the harm? Gravy Analytics has been sued yet again for allegedly failing to safeguard its vast stores of personal data, which are now feared stolen. And by personal data we mean information including the locations of tens of millions of smartphones, coordinates of which were ultimately harvested from installed apps.…

Dems want answers on national security risks posed by hiring freeze, DOGE probes

by Brandon Vigliarolo / 1d

Are cybersecurity roles included? Are Elon's enforcers vetted? Inquiring minds want to know Updated Elected officials are demanding answers as to whether the Trump administration and Elon Musk's Department of Government Efficiency (DOGE) are hamstringing US national security.…

Feb 5, 2025

Democrats demand to know WTF is up with that DOGE server on OPM's network

Federal workers sue over DOGE server

•

by Iain Thomson / 2d

Are you trying to make this easy for China and Russia? Who bought it, who installed it, and what's happening with the data on it.…

Robocallers who phoned the FCC pretending to be from the FCC land telco in trouble

Telnyx fined for illegal robocalls

•

by Iain Thomson / 2d

Don't laugh: The $4.5m fine proposed for carrier Telnyx shows how the Trump administration will run its comms regulator In its first enforcement action of the Trump presidency, the FCC has voted to propose fining Telnyx $4,492,500 – after scammers pretending to be the watchdog's staff started calling actual FCC staffers via the VoIP telco.…

Mixing Rust and C in Linux likened to cancer by kernel maintainer

Linux 6.14 supports Rust drivers

•

by Thomas Claburn / 2d

Some worry multiple languages will make it harder to maintain this open source uber-project, others disagree Updated Developers trying to add Rust code to the Linux kernel continue to face opposition from kernel maintainers who believe using multiple languages is an unwelcome and risky complication.…

DOGE latest: Citrix supremo has 'read-only' access to US Treasury payment system

Musk's government payment changes raise concerns

•

by Jessica Lyons / 2d

CEO of Cloud Software a 'special government employee' probing through IT for Elon Musk's DOGE The US Treasury has revealed Tom Krause – the chief exec of Citrix and Netscaler owner Cloud Software Group – has "read-only" access to a vital federal government payment system that disburses trillions of dollars annually.…

Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge

Netgear patches critical router vulnerabilities

•

by Connor Jones / 2d

International security squads all focus on stopping baddies busting in through routers, IoT kit etc Netgear is advising customers to upgrade their firmware after it patched two critical vulnerabilities affecting multiple routers.…

US cranks up espionage charges against ex-Googler accused of trade secrets heist

Ex-Google engineer charged with espionage

•

by Connor Jones / 2d

Mountain View clocked onto the scheme with days to spare A Chinese national faces a substantial stint in prison and heavy fines if found guilty of several additional charges related to economic espionage and theft of trade secrets at Google.…

Feb 4, 2025

Google: How to make any AMD Zen CPU always generate 4 as a random number

2 TTPs

•

29by Iain Thomson / 3d

•

CVE-2024-56161

Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least Googlers have not only figured out how to break AMD's security – allowing them to load unofficial microcode into its processors to modify the silicon's behavior as they wish – but also demonstrated this by producing a microcode patch that makes the chips always output 4 when asked for a random number.…

Poisoned Go programming language package lay undetected for 3 years

Malicious Go package exploits supply chain

•

by Connor Jones / 3d

Researcher says ecosystem's auto-caching is a net positive but presents exploitable quirks A security researcher says a backdoor masquerading as a legitimate Go programming language package used by thousands of organizations was left undetected for years.…

Grubhub serves up security incident with a side of needing to change your password

3 TTPs

•

by Connor Jones / 3d

•

GrubHub data breach affects users

Contact info and partial payment details may be compromised US food and grocery delivery platform Grubhub says a security incident at a third-party service provider is to blame after user data was compromised.…

US accuses Canadian math prodigy of $65M crypto scheme

Canadian charged in $65M crypto hack

•

20by Jude Karabus / 3d

Suspect, still at large, said to back concept that 'code is law' New York feds today unsealed a five-count criminal indictment charging a 22-year-old Canadian math prodigy with exploiting vulnerabilities in two decentralized finance protocols, allegedly using them to fraudulently siphon around $65 million from investors in the platforms.…

Cyberattack on NHS causes hospitals to miss cancer care targets

Impact (Enterprise TA0040)

•

by Connor Jones / 3d

Healthcare chiefs say impact will persist for months NHS execs admit that last year's cyberattack on hospitals in Wirral, northwest England, continues to "significantly" impact waiting times for cancer treatments, and suspect this will last for "months."…

Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant'

5 TTPs

•

by Jessica Lyons / 3d

When cloud customers don't clean up after themselves, part 97 Abandoned AWS S3 buckets could be reused to hijack the global software supply chain in an attack that would make Russia's "SolarWinds adventures look amateurish and insignificant," watchTowr Labs security researchers have claimed.…

Feb 3, 2025

UK govt must learn fast and let failing projects die young

UK public sector urged to adopt AI

•

by Lindsay Clark / 3d

Tackle longstanding issues around productivity, cyber resilience and public sector culture, advises spending watchdog The UK's government spending watchdog has called on the current administration to make better use of technology to kickstart the misfiring economy and ensure better delivery public services amid tightened budgets.…

Google patches odd Android kernel security bug amid signs of targeted exploitation

by Iain Thomson / 3d

Also, Netgear fixes critical router, access point vulnerabilities Google has released its February Android security updates, including a fix for a high-severity kernel-level vulnerability, which is suspected to be in use by targeted exploits.…

Why digital resilience is critical to banks

by Mohan Veloo, Field CTO, APCJ, F5 / 4d

Going beyond the traditional “Prevent, Detect, and Respond” framework and taking a proactive approach Partner Content In today's highly connected and technology-driven world, digital resilience is not just a competitive advantage for banks - it is a necessity.…

TSA’s airport facial-recog tech faces audit probe

DHS investigates TSA facial recognition

•

by Brandon Vigliarolo / 4d

Senators ask, Homeland Security watchdog answers: Is it worth the money? The Department of Homeland Security's Inspector General has launched an audit of the Transportation Security Administration's use of facial recognition technology at US airports, following criticism from lawmakers and privacy advocates.…

2 officers bailed as anti-corruption unit probes data payouts to N Irish cops

by Connor Jones / 4d

Investigating compensation to police whose sensitive info was leaked in 2023 The Police Service of Northern Ireland (PSNI) has bailed two officers after they were arrested as part of a fraud investigation related to the payments to cops whose sensitive data was mistakenly published in 2023.…

Feb 2, 2025

Privacy Commissioner warns the ‘John Smiths’ of the world can acquire ‘digital doppelgangers’

by Simon Sharwood / 4d

Australian government staff mixed medical info for folk who share names and birthdays Australia’s privacy commissioner has found that government agencies down under didn’t make enough of an effort to protect data describing “digital doppelgangers” – people who share a name and date of birth and whose government records sometimes contain data describing other people.…

Medical monitoring machines spotted stealing patient data, users warned to pull the plug ASAP

9 TTPs

•

20by Brandon Vigliarolo / 5d

PLUS: MGM settles breach suits; AWS doesn't trust you with security defaults; A new .NET backdoor; and more Infosec in brief The United States Food and Drug Administration has told medical facilities and caregivers that monitor patients using Contec equipment to disconnect the devices from the internet ASAP.…

End of feed