"China bans compulsory facial recognition and its use in private spaces like hotel rooms."

Views expressed in this cybersecurity and cyber crime update are those of the reporters and correspondents.  Accessed on 26 March 2025, 1523 UTC.

Content and Source: Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Register – Security

95K followers29 articles per week

#security#tech

32

Most popular

China bans compulsory facial recognition and its use in private spaces like hotel rooms

China restricts facial recognition use

•

100+by Simon Sharwood / 2d

PLUS: Zoho's Ulaa anointed India’s most patriotic browser; Typhoon-like gang targets Taiwan; Japan debates offensive cyber-ops; and more Asia In Brief China’s Cyberspace Administration and Ministry of Public Security has outlawed the use of facial recognition without consent.…

Oracle Cloud says it's not true someone broke into its login servers and stole data

2 TTPs

•

100+by Jessica Lyons / 2d

Despite evidence to the contrary as alleged pilfered info goes on sale Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen.…

NCSC taps influencers to make 2FA go viral

by Connor Jones / 4h

Who knew social media stars had a role to play in building national cyber resilience? The world's biggest brands have benefited from influencer marketing for years – now the UK's National Cyber Security Centre (NCSC) has hopped on the bandwagon to preach two-factor authentication (2FA) to the masses.…

Yesterday

There are perhaps 10,000 reasons to doubt Oracle Cloud's security breach denial

2 TTPs

•

50by Connor Jones / 21h

Customers come forward claiming info was swiped from prod Oracle Cloud's denial of a digital break-in is now in clear dispute. A infosec researcher working on validating claims that the cloud provider's login servers were compromised earlier this year says some customers have confirmed data allegedly stolen and leaked from the database giant is genuine.…

Infosec pro Troy Hunt HasBeenPwned in Mailchimp phish

22by Connor Jones / 1d

16,000 stolen records pertain to former and active mail subscribers Infosec veteran Troy Hunt of HaveIBeenPwned fame is notifying thousands of people after phishers scooped up his Mailchimp mailing list.…

Mar 24, 2025

You know that generative AI browser assistant extension is probably beaming everything to the cloud, right?

27by Thomas Claburn / 1d

Just an FYI, like Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.…

VanHelsing ransomware emerges to put a stake through your Windows heart

2 TTPs

•

by Iain Thomson / 1d

•

VanHelsing ransomware targets multiple systems

There's only one rule – don't attack Russia, duh Check Point has spotted a fresh ransomware-as-a-service crew in town: VanHelsing, touting a cross-platform locker targeting Microsoft Windows, Linux, and VMware ESXi systems, among others. But so far, only Windows machines have fallen victim, we're told.…

Hm, why are so many DrayTek routers stuck in a bootloop?

DrayTek routers face global vulnerabilities

•

by Iain Thomson / 1d

Time to update your firmware, if you can, to one with the security fixes, cough cough DrayTek router owners in the UK and beyond had a pretty miserable weekend after some ISPs began to notice a lot of their customers' gateways going offline.…

Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw

2 TTPs

•

by Simon Sharwood / 1d

How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently Cloudy infosec outfit Wiz has discovered serious vulnerabilities in the admission controller component of Ingress-Nginx Controller that could allow the total takeover of Kubernetes clusters – and thinks more than 6,000 deployments of the software are at risk on the internet.…

OTF, which backs Tor, Let's Encrypt and more, sues to save its funding from Trump cuts

by Thomas Claburn / 1d

Kari, OK, we'll see you in court An organization that bankrolls various internet security projects has asked a Washington DC court to prevent the Trump administration from cancelling its federal funding – and expressed fears that if the cash stops flowing, the tools it supports could become harder to access.…

Top Trump officials text secret Yemen airstrike plans to journo in Signal SNAFU

Trump officials' Signal chat scandal

•

by Iain Thomson / 1d

Massive OPSEC fail from the side who brought you 'lock her up' Updated Senior Trump administration officials used the messaging app Signal to discuss detailed plans to attack Houthi rebels in Yemen – and accidentally added a journalist to the group in which they chatted.…

FCC on the prowl for Huawei and other blocked Chinese makers in America

US investigates Chinese telecom firms

•

by Dan Robinson / 1d

Be vewy vewy quiet, I'm hunting rackets The FCC is investigating whether Chinese manufacturers black-listed on its so-called Covered List - including Huawei - are still somehow doing business in America, either by misreading the rules or willfully ignoring them.…

As nation-state hacking becomes 'more in your face,' are supply chains secure?

by Jessica Lyons / 1d

Ex-US Air Force officer says companies shouldn't wait for govt mandates Interview Former US Air Force cyber officer Sarah Cleveland worries about the threat of a major supply-chain attack from China or another adversarial nation. So she installed solar panels on her house: "Because what if the electric grid goes down?" …

AI agents swarm Microsoft Security Copilot

Microsoft enhances Security Copilot agents

•

by Thomas Claburn / 1d

Looking to sort through large volumes of security info? Redmond has your backend Microsoft's Security Copilot is getting some degree of agency, allowing the underlying AI model to interact more broadly with the company's security software to automate various tasks.…

23andMe's genes not strong enough to avoid Chapter 11

23andMe files for Chapter 11

•

by Connor Jones / 2d

CEO steps down after multiple failed attempts to take the DNA testing company private Beleaguered DNA testing biz 23andMe – hit by a massive cyber attack in 2023 – is filing for bankruptcy protection in the US following years of financial uncertainty.…

Is Washington losing its grip on crypto, or is it a calculated pivot to digital dominance?

Coinbase criticizes Treasury over Tornado Cash

•

by Iain Thomson / 2d

It's been a very busy week for Digicash Donald's administration Analysis Is the US retreating from its hardline stance on crypto? On Friday, the US Treasury Department lifted sanctions imposed on notorious crypto mixer Tornado Cash, once accused of washing billions in illicit crypto for criminals and nation-states alike.…

Mar 23, 2025

Microsoft tastes the unexpected consequences of tariffs on time

by Rupert Goodwins / 2d

Throw a spanner in the works, best get good at fixing things. Now, where did you put that spanner? Opinion Never attribute to malice that which is adequately explained by stupidity. This works well in sane times, less so when "but it's both" is the default. Apply it to Microsoft's decision to make bug reports include not only a working example but a video of the same, and the meter oscillates wil

Mobsters now overlap with cybercrime gangs and use AI for evil, Europol warns

4 TTPs

•

by Brandon Vigliarolo / 2d

PLUS: Russian bug-buyers seeks Telegram flaws; Another WordPress security mess; NIST backlog grows; and more! Infosec In Brief Organized crime networks are now reliant on digital tech for most of their activities according to Europol, the European agency that fights international crime on the continent and beyond.…

Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US

by Iain Thomson / 3d

Plus AI in the infosec world, why CISA should know its place, and more Interview Russia appears to be having second thoughts on how aggressively, or at least how visibly, it attempts to influence American elections, according to a former head of the NSA.…

Mar 20, 2025

AdTech CEO whose products detected fraud jailed for financial fraud

AdTech CEO jailed for fraud

•

by Simon Sharwood / 5d

Made up revenue and pretended to use non-existent data The former CEO of Kubient, an advertising tech company that developed a cloudy product capable of detecting fraudulent ads, has been jailed for fraud.…

Paragon spyware deployed against journalists and activists, Citizen Lab claims

Paragon spyware scandal expands in Italy

•

25by Iain Thomson / 5d

Plus: Customer info stolen from 'parental control' software slinger SpyX; F-35 kill switch denied Infosec newsbytes Israeli spyware maker Paragon Solutions pitches its tools as helping governments and law enforcement agencies to catch criminals and terrorists, but a fresh Citizen Lab report claims its software has been used to target journalists, activists, and other civilians.…

Capital One cracker could be sent back to prison after judges rule she got off too lightly

by Iain Thomson / 5d

Feds want book thrown at Paige Thompson, who pinched 100M customer records Paige Thompson, the perpetrator of the Capital One data theft, may be sent back behind bars – after an appeals court ruled her sentence of time served plus five years of probation was too lenient.…

Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist

3 TTPs

•

by Connor Jones / 5d

Palming off the blame using an ‘unknown’ best practice didn’t go down well either In patching the latest critical remote code execution (RCE) bug in Backup and Replication, software shop Veeam is attracting criticism from researchers for the way it handles uncontrolled deserialization vulnerabilities.…

Too many software supply chain defense bibles? Boffins distill advice

2 TTPs

•

by Thomas Claburn / 6d

How to avoid another SolarWinds, Log4j, and XZ Utils situation Organizations concerned about software supply chain attacks should focus on role-based access control, system monitoring, and boundary protection, according to a new preprint paper on the topic.…

The post-quantum cryptography apocalypse will be televised in 10 years, says UK's NCSC

Scope Technologies partners with COGITO

•

by Connor Jones / 6d

Wow, a government project that could be on time for once ... cos it's gonna be wayyyy more than a decade The UK's National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have ten years to migrate to a safer future.…

Mar 19, 2025

Attackers swipe data of 500k+ people from Pennsylvania teachers union

3 TTPs

•

by Connor Jones / 6d

•

Pennsylvania State Education Association data

SSNs, payment details, and health info too The Pennsylvania State Education Association (PSEA) says a July 2024 "security incident" exposed sensitive personal data on more than half a million individuals, including financial and health info.…

Names, bank info, and more spills from top sperm bank

2 TTPs

•

by Jessica Lyons / 6d

•

California Cryobank data breach reported

Cyber-crime is officially getting out of hand One of the world's largest sperm banks, California Cryobank, is in a sticky situation.…

IBM scores perfect 10 ... vulnerability in mission-critical OS AIX

2 TTPs

•

by Connor Jones / 6d

Big Blue's workstation workhorse patches hole in network installation manager that could let the bad guys in IBM "strongly recommends" customers running its Advanced Interactive eXecutive (AIX) operating system apply patches after disclosing two critical vulnerabilities, one of which has a perfect 10 severity score.…

Ex-US Cyber Command chief: Europe and 5 Eyes can't fully replicate US intel

by Jessica Lyons / 7d

Cue deepening existential European dread as Rest of World contemplates Trump turning off the info tap If the United States stopped sharing cyber-threat intel with Ukraine, its European allies and the rest of the Five Eyes nations wouldn't be able to provide all the info Uncle Sam collects, according to former chief of US Cyber Command and the NSA General Paul Nakasone.…

Mar 18, 2025

Show top LLMs some code and they'll merrily add in the bugs they saw in training

by Thomas Claburn / 7d

One more time, with feeling ... Garbage in, garbage out Researchers have found that large language models (LLMs) tend to parrot buggy code when tasked with completing flawed snippets.…

CISA fires, now rehires and immediately benches security crew on full pay

DOGE layoffs hit CISA employees

•

100+by Iain Thomson / 7d

DOGE efficiency in action The upheaval at the US government's Cybersecurity and Infrastructure Security Agency, aka CISA, took another twist on Tuesday, as it moved to reinstate staffers it had fired over the past few weeks - specifically those still in their probationary period - though they've been benched on paid leave for now.…

US tech jobs outlook clouded by DOGE cuts, Trump tariffs

by Brandon Vigliarolo / 7d

Hiring remains relatively strong as analysts warn of slowdown A pair of reports on tech sector employment trends in the United States suggest out-of-work techies right now have relatively decent prospects, but economic uncertainty and rapid policy changes initiated by the Trump administration mean the future job market looks less rosy.…

End of feed