"Ex-NSA bad-guy hunter listened to Scattered Spider's fake desk help calls:  Those guys are good.'"

Views expressed in this cybesecurity, cyber crime, and cyber espionage update are those of the reporters and correspondents.  Accessed on 19 May 2025, 0014 UTC.

Content and Source:  Email subscription via https://feedly.com.

https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Register – Security

96K followers29 articles per week

#security#tech

65

Most popular

Ex-NSA bad-guy hunter listened to Scattered Spider's fake help-desk calls: 'Those guys are good'

by Jessica Lyons / 5h

Plus, Co-op tells The Reg: 'we took early and decisive action' to block the crooks INTERVIEW The call came into the help desk at a large US retailer. An employee had been locked out of their corporate accounts. …

Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb

Noyb challenges Meta's AI data use

•

23by Brandon Vigliarolo / 4d

'Legitimate interest' won't wash, says privacy outfit, as Zuck's org claims activists want to 'delay AI innovation' There's a Max Schrems-shaped object standing in the way of Meta's plans to train its AI on the data of its European users, and he's come armed with several justifications for why Zuckercorp might be violating EU regulations with its stated plans. …

Everyone's deploying AI, but no one's securing it – what could go wrong?

AI increases cyber threat risks

•

by Connor Jones / 4d

Crickets as senior security folk asked about risks at NCSC conference CYBERUK Peter Garraghan – CEO of Mindgard and professor of distributed systems at Lancaster University – asked the CYBERUK audience for a show of hands: how many had banned generative AI in their organizations? Three hands went up.…

Yesterday

Boffins devise technique that lets users prove location without giving it away

Zero-knowledge proofs enhance location privacy

•

by Thomas Claburn / 1d

ZKLP system allows apps to confirm user presence in a region without exposing exactly where Computer scientists from universities in Germany, Hong Kong, and the United Kingdom have proposed a way to provide verifiable claims about location data without surrendering privacy.…

May 16, 2025

Fired US govt workers, Uncle Xi wants you! – to apply for this fake consulting gig

IoC > 10 domains and 1 IP

•

by Jessica Lyons / 2d

•

Impact (Enterprise TA0040)

Phony LinkedIn recruitment ads? Groundbreaking Chinese government snoops - hiding behind the guise of fake consulting companies - are actively trying to recruit the thousands upon thousands of US federal employees who have been fired since President Trump took office.…

America’s consumer watchdog drops leash on proposed data broker crackdown

CFPB withdraws data broker protections

•

by Iain Thomson / 2d

Crooks must be licking their lips at the possibilities Uncle Sam's consumer watchdog has scrapped plans to implement Biden-era rules that would've treated certain data brokers as credit bureaus, forcing them to follow stricter laws when flogging Americans' sensitive data.…

Defamation case against DEF CON terminated with prejudice

Def Con defamation lawsuit dismissed

•

by Connor Jones / 2d

'We hope it makes attendees feel safe reporting violations' A Seattle court this week dismissed with prejudice the defamation case brought against DEF CON and its organizer Jeff Moss by former conference stalwart Christopher Hadnagy.…

Broadcom employee data stolen by ransomware crooks following hit on payroll provider

3 TTPs

•

by Connor Jones / 2d

Tech giant was in process of dropping payroll biz as it learned of breach Exclusive A ransomware attack at a Middle Eastern business partner of payroll company ADP has led to customer data theft at Broadcom, The Register has learned.…

Good luck to Atos' 7th CEO and its latest biz transformation

Atos unveils Genesis strategic plan

•

by Paul Kunert / 2d

We suspect Philippe Salle will need it, not to mention staff and customers If at first you don't succeed, transform, transform, and transform again is the corporate motto at Atos these days. The lumbering French-based megacorp has created another blueprint to return to its glory days, and it includes job cuts, offshoring and... AI.…

May 15, 2025

From hype to harm: 78% of CISOs see AI attacks already

by Robin Birtstone / 2d

AI attacks are keeping most practitioners up at night, says Darktrace, and with good reason Sponsored feature From the written word through to gunpowder and email, whenever an enabling technology comes along, you can be sure someone will be ready to use it for evil. Most tech is dual-use, and AI is no exception.…

Scammers are deepfaking voices of senior US government officials, warns FBI

FBI warns of deepfake audio scam

•

by Iain Thomson / 2d

They're smishing, they're vishing The FBI has warned that fraudsters are impersonating "senior US officials" using deepfakes as part of a major fraud campaign.…

DoorDash scam used fake drivers, phantom deliveries to bilk $2.59M

DoorDash driver pleads guilty fraud

•

by Jessica Lyons / 2d

Entire process took less than five minutes, prosecutors say A former DoorDash driver has pleaded guilty to participating in a $2.59 million scheme that used fake accounts, insider access to reassign orders, and bogus delivery reports to trigger payouts for food that was never delivered.…

Cyber fiends battering UK retailers now turn to US stores

by Jessica Lyons / 3d

DragonForce-riding ransomware ring also has 'shiny object syndrome' so will likely move on to another sector soon Interview The same miscreants behind recent cyberattacks on British retailers are now trying to dig their claws into major American retailers' IT environments – and in some cases even deploying ransomware, according to Google.…

Coinbase extorted for $20M. Support staff bribed. Customers scammed. One hell of a SNAFU

2 TTPs

•

by Connor Jones / 3d

•

Coinbase data breach costs up to 400M

Expert tells us: 'It is the most unique breach disclosure I've ever seen' Coinbase says some of its overseas support staff were paid off to steal information on behalf of cybercriminals, and the company is now being extorted for $20 million.…

Socket buys Coana to tell you which security alerts you can ignore

by Thomas Claburn / 3d

Sometimes, less information is more In its latest gambit to reduce the noise of unnecessary security alerts, Socket has acquired Coana , a startup founded in 2022 by researchers from Aarhus University in Denmark that tells users which vulnerabilities they can safely ignore.…

Snowflake CISO on the power of 'shared destiny' and 'yes and'

by Jessica Lyons / 3d

Lessons learned from last year's security snafu interview Being the chief information security officer at Snowflake is never an easy job, but last spring it was especially challenging.…

May 14, 2025

Here's what we know about the DragonForce ransomware that hit Marks & Spencer

6 TTPs

•

by Jessica Lyons / 3d

•

Co-op shelves empty after cyber attack

Would you believe it, this RaaS cartel says Russia is off limits DragonForce, a new-ish ransomware-as-a-service operation, has given organizations another cyber threat to worry about — unless they’re in Russia, which is off limits to the would-be extortionists.…

Metal maker meltdown: Nucor stops production after cyber-intrusion

3 TTPs

•

by Iain Thomson / 4d

•

Nucor halts production due to cyber incident

Ransomware or critical infra hit? Top US manufacturer maintains steely silence Nucor, the largest steel manufacturer in the US, shut down production operations after discovering its servers had been penetrated.…

Why CVSS is failing us and what we can do about it

by Sıla Özeren, Security Research Engineer, Picus Security / 4d

How Adversarial Exposure Validation is changing the way we approach vulnerability management Partner content Two decades ago, CVSS revolutionized vulnerability management, enabling security teams to speak a common language when measuring and prioritizing risks posed by the vulnerability to the affected asset. However, today, the same tool that once guided us in the right direction is holding us b

Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play

DHS cancels Leidos cybersecurity contract

•

by Connor Jones / 4d

Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated The Department of Homeland Security (DHS) scrapped a highly lucrative cybersecurity contract originally awarded to Leidos following a legal challenge from rival bidder Nightwing, yet insists the pushback had nothing to do with it.…

Ivanti patches two zero-days under active attack as intel agency warns customers

2 TTPs

•

by Connor Jones / 4d

Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Australia's intelligence agency is warning organizations about several new Ivanti zero-days chained for remote code execution (RCE) attacks. The vendor itself has said the vulns are linked to two mystery open source libraries which it declined to name.…

VPN Secure parent company CEO explains why he had to axe thousands of 'lifetime' deals

by Brandon Vigliarolo / 4d

Admits due diligence fell short - furious users cry ‘gaslighting’ Customers are blasting VPN Secure's new parent company after it abruptly axed thousands of "lifetime" accounts. The reason? The CEO admits in an interview with The Register that his team didn't dig deep enough before acquiring the virtual private network outfit, and simply can't afford to honor those legacy deals.…

Go ahead and ignore Patch Tuesday – it might improve your security

by Simon Sharwood / 4d

No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale' Patch Tuesday has rolled around again , but if you don't rush to implement the feast of fixes it delivered, your security won't be any worse off in the short term – and may improve in the future.…

May 13, 2025

Ransomware scum have put a target on the no man's land between IT and operations

by Jessica Lyons / 4d

Defenses are weaker, and victims are more likely to pay, SANS warns Criminals who attempt to damage critical infrastructure are increasingly targeting the systems that sit between IT and operational tech.…

Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu

3 TTPs

•

by Iain Thomson / 4d

Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti Patch Tuesday It's that time of the month again, and Microsoft has made it extra spicy by revealing five flaws it says are under active exploitation – but rates as important rather than critical fixes.…

Intel's data-leaking Spectre defenses scared off yet again

2 TTPs

•

by Thomas Claburn / 5d

•

CVE-2024-45332

ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit Researchers at ETH Zurich in Switzerland have found a way around Intel's defenses against Spectre, a family of data-leaking flaws in the x86 giant's processor designs that simply won't die.…

Qatar’s $400M jet for Trump is a gold-plated security nightmare

Qatar gifts Boeing 747 to Trump

•

100+by Iain Thomson / 5d

Air Force Dumb The Trump administration is set to accept a $400 million luxury 747-8 from the royal family of Qatar – a lavish "palace in the sky" meant as a temporary Air Force One. But getting it up to presidential security standards could take years and cost hundreds of millions more.…

Commvault fixes critical Command Center issue after flaw finder alert

by Iain Thomson / 5d

Pay-to-play security on CVSS 10 issue is now fixed An update that fixed a critical flaw in data protection biz Commvault's Command Center was initially not available to a significant user subset – those testing out a free trial version of the product. That is, until a security researcher pointed out the problem.…

'We still have embeds in CISA': CTO of Brit cyber agency talks post-Trump relationship with US counterpart

by Connor Jones / 5d

Both agencies seem unbothered despite tech world's clear concerns for US infoseccers CYBERUK The top brass from the UK's cyber agency say everything is business as usual when it comes to the GCHQ arm's relationship with CISA, amid growing unease about the current administration's treatment of its US equivalent.…

Marks & Spencer admits cybercrooks made off with customer info

4 TTPs

•

by Connor Jones / 5d

•

Hackers target M&S hinting politics

Market cap down by more than £1B since April 22 Marks & Spencer has confirmed that customer data was stolen as part of its cyberattack, fueling conjecture that ransomware was involved.…

As US vuln-tracking falters, EU enters with its own security bug database

86by Jessica Lyons / 5d

EUVD comes into play not a moment too soon The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited