The Register-Security.

"Qatar's $400M jet for Trump is a gold-plated security nightmare."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 16 May 2025, 1308 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom

Please check email link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Register – Security

96K followers30 articles per week
#security#tech
59

Most popular

Qatar’s $400M jet for Trump is a gold-plated security nightmare

Qatar gifts Boeing 747 to Trump
100+by Iain Thomson / 2d
Air Force Dumb The Trump administration is set to accept a $400 million luxury 747-8 from the royal family of Qatar – a lavish "palace in the sky" meant as a temporary Air Force One. But getting it up to presidential security standards could take years and cost hundreds of millions more.…

Good luck to Atos' 7th CEO and its latest biz transformation

Atos unveils Genesis strategic plan
by Paul Kunert / 1h
We suspect Philippe Salle will need it, not to mention staff and customers If at first you don't succeed, transform, transform, and transform again is the corporate motto at Atos these days. The lumbering French-based megacorp has created another blueprint to return to its glory days, and it includes job cuts, offshoring and... AI.…

As US vuln-tracking falters, EU enters with its own security bug database

76by Jessica Lyons / 3d
EUVD comes into play not a moment too soon The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems.…

Yesterday

From hype to harm: 78% of CISOs see AI attacks already

by Robin Birtstone / 4h
AI attacks are keeping most practitioners up at night, says Darktrace, and with good reason Sponsored feature From the written word through to gunpowder and email, whenever an enabling technology comes along, you can be sure someone will be ready to use it for evil. Most tech is dual-use, and AI is no exception.…

DoorDash scam used fake drivers, phantom deliveries to bilk $2.59M

DoorDash driver pleads guilty fraud
by Jessica Lyons / 7h
Entire process took less than five minutes, prosecutors say A former DoorDash driver has pleaded guilty to participating in a $2.59 million scheme that used fake accounts, insider access to reassign orders, and bogus delivery reports to trigger payouts for food that was never delivered.…

Cyber fiends battering UK retailers now turn to US stores

by Jessica Lyons / 19h
DragonForce-riding ransomware ring also has 'shiny object syndrome' so will likely move on to another sector soon Interview The same miscreants behind recent cyberattacks on British retailers are now trying to dig their claws into major American retailers' IT environments – and in some cases even deploying ransomware, according to Google.…

Socket buys Coana to tell you which security alerts you can ignore

by Thomas Claburn / 21h
Sometimes, less information is more In its latest gambit to reduce the noise of unnecessary security alerts, Socket has acquired Coana , a startup founded in 2022 by researchers from Aarhus University in Denmark that tells users which vulnerabilities they can safely ignore.…

May 14, 2025

Here's what we know about the DragonForce ransomware that hit Marks & Spencer

6 TTPs
by Jessica Lyons / 1d
Co-op shelves empty after cyber attack
Would you believe it, this RaaS cartel says Russia is off limits DragonForce, a new-ish ransomware-as-a-service operation, has given organizations another cyber threat to worry about — unless they’re in Russia, which is off limits to the would-be extortionists.…

Metal maker meltdown: Nucor stops production after cyber-intrusion

3 TTPs
by Iain Thomson / 1d
Nucor halts production due to cyber incident
Ransomware or critical infra hit? Top US manufacturer maintains steely silence Nucor, the largest steel manufacturer in the US, shut down production operations after discovering its servers had been penetrated.…

Why CVSS is failing us and what we can do about it

by Sıla Özeren, Security Research Engineer, Picus Security / 1d
How Adversarial Exposure Validation is changing the way we approach vulnerability management Partner content Two decades ago, CVSS revolutionized vulnerability management, enabling security teams to speak a common language when measuring and prioritizing risks posed by the vulnerability to the affected asset. However, today, the same tool that once guided us in the right direction is holding us b

Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play

DHS cancels Leidos cybersecurity contract
by Connor Jones / 1d
Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated The Department of Homeland Security (DHS) scrapped a highly lucrative cybersecurity contract originally awarded to Leidos following a legal challenge from rival bidder Nightwing, yet insists the pushback had nothing to do with it.…

Ivanti patches two zero-days under active attack as intel agency warns customers

2 TTPs
by Connor Jones / 1d
Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Australia's intelligence agency is warning organizations about several new Ivanti zero-days chained for remote code execution (RCE) attacks. The vendor itself has said the vulns are linked to two mystery open source libraries which it declined to name.…

Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb

Noyb challenges Meta's AI data use
23by Brandon Vigliarolo / 1d
'Legitimate interest' won't wash, says privacy outfit, as Zuck's org claims activists want to 'delay AI innovation' There's a Max Schrems-shaped object standing in the way of Meta's plans to train its AI on the data of its European users, and he's come armed with several justifications for why Zuckercorp might be violating EU regulations with its stated plans. …

VPN Secure parent company CEO explains why he had to axe thousands of 'lifetime' deals

by Brandon Vigliarolo / 1d
Admits due diligence fell short - furious users cry ‘gaslighting’ Customers are blasting VPN Secure's new parent company after it abruptly axed thousands of "lifetime" accounts. The reason? The CEO admits in an interview with The Register that his team didn't dig deep enough before acquiring the virtual private network outfit, and simply can't afford to honor those legacy deals.…

Go ahead and ignore Patch Tuesday – it might improve your security

by Simon Sharwood / 2d
No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale' Patch Tuesday has rolled around again , but if you don't rush to implement the feast of fixes it delivered, your security won't be any worse off in the short term – and may improve in the future.…

May 13, 2025

Everyone's deploying AI, but no one's securing it – what could go wrong?

AI increases cyber threat risks
by Connor Jones / 2d
Crickets as senior security folk asked about risks at NCSC conference CYBERUK Peter Garraghan – CEO of Mindgard and professor of distributed systems at Lancaster University – asked the CYBERUK audience for a show of hands: how many had banned generative AI in their organizations? Three hands went up.…

Intel's data-leaking Spectre defenses scared off yet again

2 TTPs
by Thomas Claburn / 2d
CVE-2024-45332
ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit Researchers at ETH Zurich in Switzerland have found a way around Intel's defenses against Spectre, a family of data-leaking flaws in the x86 giant's processor designs that simply won't die.…

Commvault fixes critical Command Center issue after flaw finder alert

by Iain Thomson / 2d
Pay-to-play security on CVSS 10 issue is now fixed An update that fixed a critical flaw in data protection biz Commvault's Command Center was initially not available to a significant user subset – those testing out a free trial version of the product. That is, until a security researcher pointed out the problem.…

Marks & Spencer admits cybercrooks made off with customer info

4 TTPs
by Connor Jones / 3d
Hackers target M&S hinting politics
Market cap down by more than £1B since April 22 Marks & Spencer has confirmed that customer data was stolen as part of its cyberattack, fueling conjecture that ransomware was involved.…

May 12, 2025

M365 apps on Windows 10 to get security fixes into 2028

Microsoft extends Windows 10 support
by Iain Thomson / 3d
Support for the underlying OS is another story Microsoft has pledged to support and issue security fixes for M365 apps on Windows 10 into late 2028. That's well past a cut-off point of October 14 this year, when Redmond's support for Windows 10 officially ends unless you buy an extended support package.…

CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, email

70by Iain Thomson / 3d
Cripes, we were only joking when we called Elon's social network the new state media Updated The US government's Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X.…

Why aggregating your asset inventory leads to better security

by Pete Constantine / 3d
Today’s complex IT environments demand a new approach Partner content For many organizations, managing IT assets is like trying to complete a jigsaw puzzle without all the pieces. Despite massive investments in security tools and controls, many companies still have critical gaps in their ecosystems that leave them vulnerable to breaches.…

Attackers pwn charter airline helping Trump's deportation campaign

3 TTPs
by Connor Jones / 3d
GlobalX airline suffers data breach
Intruders claim they stole GlobalX's flight records and manifests GlobalX, a charter airline used for deportations by the US government, has admitted someone broke into its network infrastructure.…

May 11, 2025

Britain's cyber agents and industry clash over how to tackle shoddy software

by Connor Jones / 4d
Providers argue that if end users prioritized security, they'd get it CYBERUK Intervention is required to ensure the security market holds vendors to account for shipping insecure wares – imposing costs on those whose failures lead to cyberattacks and having to draft in cleanup crews. The security market must properly incentivize security vendors to do security better.…

Unending ransomware attacks are a symptom, not the sickness

25by Rupert Goodwins / 4d
We need to make taking IT systems 'off the books' a problem for corporate types Opinion It's been a devastating few weeks for UK retail giants. Marks and Spencer, the Co-Op, and now uber-posh Harrods have had massive disruptions due to ransomware attacks taking systems down for prolonged periods.…

DOGE worker's old creds found exposed in infostealer malware dumps

Execution (Enterprise TA0002)
24by Brandon Vigliarolo / 4d
CVE-2025-20188
PLUS: Celsius scammer sent to slammer; Death-by-hacking victim warns you're never safe; and more Infosec in brief Good cybersecurity habits don't appear to qualify anyone to work at DOGE, as one Musk minion seemingly fell victim to infostealer malware.…

You think ransomware is bad now? Wait until it infects CPUs

CPU ransomware threat raises alarms
by Jessica Lyons / 4d
Rapid7 threat hunter wrote a PoC. No, he's not releasing it RSAC If Rapid7's Christiaan Beek decided to change careers and become a ransomware criminal, he knows exactly how he'd innovate: CPU ransomware.…

Comments

Post a Comment

Please leave a comment about our recent post.

Popular posts from this blog

Cyber War News Today.

Image
"International Defence Cooperation:  A key to regional stability." Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondents.  Accessed on 15 December 2024, 0134 UTC. Content and Source:   https://cyberwar.einnews.com/news/cyber-war-news?n=2&code=FA9GNesSTpp2rjO1&utm_source=NewsletterNews&utm_medium=email&utm_campaign=Cyber+War+News&utm_content=navig Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Cyber War News Monitoring Get by    Email    •     RSS Published on  Dec 13, 2024 The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 13.3% WILMINGTON, DE, UNITED STATES, December 13, 2024 /⁨EINPresswire.com⁩/ -- According to the report, The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 1...
Read more

Cyber War News Today.

Image
"ADP investing in cyber warfare workforce." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 28 May 2025, 1940 UTC. Content and Source:  "Cyber War News Today."  https://cyberwar.einnews.com/news/cyber-war-news?n=2&code=FA9GNesSTpp2rjO1&utm_source=NewsletterNews&utm_medium=email&utm_campaign=Cyber+War+News&utm_content=navig Please click email link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Cyber War News Monitoring Get by    Email    •     RSS Published on  06:47 GMT पहलगामनंतर पाकिस्तानने भारतावर कशाप्रकारे Cyber War लादले? पहलगाम हत्याकांडानंतरच्या दोन आठवड्यांनंतर, भारतीय सायबर स्पेसवर पाकिस्तानकडून मोठ्या प्रमाणात हल्ले सुरु झाले. काही दिवशी तर, दर तासाला तब्बल 90 कोटी DDoS (डिस्ट्रिब्युटेड डिनायल ऑफ सर्व्हिस) हल्ले झाले, अशी माहिती सायबर सुरक्षेत कार्...
Read more

SecurityWeek Briefing

Image
"New RAMBO attack allows air-gapped data theft." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 10 September 2024, 0035 UTC. Content and Source:  https://www.securityweek.com Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net).   Monday, September 9 , 2024 Are you worried about unmanaged devices and apps? LATEST CYBERSECURITY HEADLINES New RAMBO Attack Allows Air-Gapped Data Theft Predator Spyware Resurfaces With Fresh Infrastructure Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws 300,000 Impacted by Data Breach at Car Rental Firm Avis One Million US Kaspersky Customers Transferred to Pango’s UltraAV Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks CISA Breaks Silence on Controvers...
Read more