Is that a JuicyPotato on your network? A suspected Chinese-government-backed cyber crew recently broke into a Taiwanese web hosting provider to steal credentials and plant backdoors for long-term access, using a mix of open-source and custom software tools, Cisco Talos reports.…

Who knew zero-days could be so useful to highway speedsters? The lingering effects of a cyberattack on the Public Prosecution Service of the Netherlands are preventing it from reactivating speed cameras across the country.…

London-based multinational takes customer portal and Voice API platform offline as 'protective measure' following breach Updated  Multinational telco Colt Technology Services says a "cyber incident" is to blame for its customer portal and other services being down for a number of days.…

Some custom malware, some legit software tools At least a dozen ransomware gangs have incorporated kernel-level EDR killers into their malware arsenal, allowing them to bypass almost every major endpoint security tool on the market, escalate privileges, and ultimately steal and encrypt data before e...

Government and police employee credentials sold at bargain-basement prices on underground forums Criminals are selling access to FBI and other law enforcement and government email accounts to other criminals via dark web marketplaces for as little as $40.…

Moscow-linked miscreants accused of swiping sealed US court files and fiddling with a Norwegian dam’s floodgates Russian attackers reportedly spent months rummaging through the US federal court's creaky case-management system, while Norway reckons the same Kremlin-friendly miscreants took control ...

Nearly 100,000 records allegedly up for sale after apparent breach at booking system Italy's digital agency (AGID) says a cybercriminal's claims concerning a spate of data thefts affecting various hotels across the country are genuine.…

Intruders accessed important systems but tells customers their data is safe Updated  A UK-based multinational that provides tech stock availability tools is telling customers that its website outage is due to a cyber attack.…

Minnesota’s capital is the latest to feature on Interlock’s leak blog after late-July cyberattack The Interlock ransomware gang has flaunted a 43GB haul of files allegedly stolen from the city of Saint Paul, following a late-July cyberattack that forced the Minnesota capital to declare a state o...

Tells court 'What I did was wrong and I want to apologize for my conduct' Terraform Labs founder Do Kwon has pled guilty to committing fraud when promoting the so-called "stablecoin" Terra USD and now faces time in jail.…

And yes, there’s the usual credit monitoring Global staffing firm Manpower confirmed ransomware criminals broke into its Lansing, Michigan franchise's network and stole personal information belonging to 144,189 people, months after the extortionists claimed that they pilfered "all of [the company'...

US cops yank servers, domains, and crypto from the Russia-linked gang - but the crooks remain at large In a display of bureaucratic bravado, US law enforcement agencies say they've “disrupted” the BlackSuit ransomware gang (also known as Royal), freeing millions of dollars in virtual currency fr...

A few weeks earlier 'zeroplayer' advertised an $80K WinRAR 0-day exploit Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix.…

The alleged perpetrators remain at large The US Department of Justice is trying to recoup around $1 million that three IT specialists secretly working for the North Korean government allegedly stole from a New York company.…

By video, picture, and voice – the fakers are coming for your money DEF CON  While AI was on everyone's lips in Las Vegas this week at the trio of security conferences in Sin City – BSides, Black Hat, AND DEF CON – there were a lot of people using the F-word too: fraud.…

Many core offerings now back in action, says retailer British retailer Marks and Spencer updated its website today, confirming its Click & Collect service is once again available to customers.…

Tells The Reg China's ability to p0wn Redmond's wares 'gives me a political aneurysm' Comment  Roger Cressey served two US presidents as a senior cybersecurity and counter-terrorism advisor and currently worries he'll experience a "political aneurysm" due to Microsoft's many security messes.…

Watch out, the phishermen are about, customers told European airline giants Air France and KLM say they are the latest in a string of major organizations to have their customers' data stolen by way of a break-in at a third party org.…

ShinyHunters suspected in rash of intrusions Google confirmed that criminals breached one of its Salesforce databases and stole info belonging to some of its small-and-medium-business customers.…

Bypassing MFA and deploying ransomware…sounds like something that rhymes with 'schmero-day' SonicWall on Monday confirmed that it's investigating a rash of ransomware activity targeting its firewall devices, following multiple reports of a zero-day bug under active exploit in its VPNs.…

PXA Stealer pilfers data from nearly 40 browsers, including Chrome More than 4,000 victims across 62 countries have been infected by stealthy infostealers pilfering people's passwords, credit card numbers, and browser cookies, which are then sold to other criminals on Telegram-based marketplaces.…

Devs told to exercise 'extreme caution' with emails disguised as account update prompts Mozilla is warning of an ongoing phishing campaign targeting developers of Firefox add-ons.…

Founder miffed over prosecutors holding onto its Bitcoin The founder of a German mobile phone repair and insurance biz has begun insolvency proceedings for some operations in his company after struggling financially following a costly ransomware attack in 2023.…

PLUS: Slow MFA rollout costs Canucks $5m; Lawmakers ponder Stingray ban; MSFT tightens Teams; And more! Infosec In Brief  North Korea’s Lazarus Group has changed tactics and is now creating malware-laden open source software.…

Plus: why takedowns aren't in threat-intel analysts' best interest interview  It started out small: One US financial services company wanted to stop unknown crooks from spoofing their trading app, tricking customers into giving the digital thieves their login credentials and account information, th...

Criminals used undocumented techniques and well-placed insiders to remotely withdraw money A ring of cybercriminals managed to physically implant a Raspberry Pi on a bank's network to steal cash from an Indonesian ATM.…

Workers on joint US/UK/Australia nuclear submarine program are painting a target on themselves The Director-General of Security at the Australian Security Intelligence Organization (ASIO) has lamented the fact that many people list their work in the intelligence community or on sensitive military pr...

Crims warned 40% of respondents that they and their families would suffer Ransomware gangs now frequently threaten physical violence against employees and their families as a way to force victim organizations into paying their demands.…

Government officials say they are monitoring the situation A major supplier of healthcare equipment to the UK's National Health Service and local councils is on the verge of collapse 16 months after falling victim to cyber criminals.…

'This was a deliberate, coordinated, digital attack' Minnesota Governor Tim Walz has activated the state's National Guard and declared a state of emergency in response to a cyberattack on the city of Saint Paul.…

Distie insists global operations restored despite some websites only now coming back online The cybercriminals claiming responsibility for Ingram Micro's ransomware attack put a deadline on leaking its data nearly a month after the raid.…

New malware, even better social engineering chops The FBI and a host of international cyber and law enforcement agencies on Tuesday warned that Scattered Spider extortionists have changed their tactics and are now breaking into victims' networks using savvier social engineering techniques, searching...

Troopers to swap radios for Turtle Beaches in preparation for ‘21st century challenges’ The UK's Ministry of Defence (MoD) is doubling down on its endorsement of esports by tasking the British Esports Federation to establish a new tournament to upskill existing servicepeople in the digital skirm...

No word on who's behind it, but attack has hallmarks of the usual suspects Financial services biz Allianz says the majority of customers of one of its North American subsidiaries had their data stolen in a cyberattack.…

Russia's top airline cancels 49 flights, delays affect many more Russia's largest airline, Aeroflot, canceled numerous flights on Monday morning following what it says was a failure in its IT systems - something hacktivists are claiming responsiblity for.…

Malicious code lurking in over 5,000 downloads, says Socket researcher updated  Developer freelancing platform Toptal has been inadvertently spreading malicious code after attackers broke into its systems and began distributing malware through developer accounts, according to a security researcher,...

Policy management not affected, but some personal data may have been snaffled Updated  Business insurance and employment status specialist Qdos has confirmed that an intruder has stolen some customers personal data, according to a communication to tech contractors that was seen by The Register.…

Plus she has to cough up a slice of Pyongyang’s payday An Arizona woman who ran a laptop farm from her home - helping North Korean IT operatives pose as US-based remote workers - has been sentenced to eight and a half years behind bars for her role in a $17 million fraud that hit more than 300 Ame...

Good luck getting an appointment with your doctor The AMEOS Group, which runs over 100 hospitals across Europe, has shut down its entire network after crims busted in.…

Shadowserver claims miscreants were already poking at a critical hole in early July, long before Switchzilla patched it Threat actors have actively exploited a newly patched vulnerability in Cisco's Identity Services Engine (ISE) software since early July, weeks before the networking giant got aroun...

Let the games begin Ransomware has officially entered the Microsoft SharePoint exploitation ring.…

French fashion house dishes out notices after hackers raided a client database – ShinyHunters suspected Updated  Fashion house Dior has begun dropping data breach notices after cybercrooks with a taste for high-end targets made off with customer data.…

From scams to violence, the crimes extend beyond the digital realm A subset of an online group that recruits children and teens for contract shootings, kidnappings, and other real-life violent crimes poses a growing threat to youth, according to the FBI.…

Hand us the mind bleach, we want to flush our memories of attack Clorox is suing its service desk provider, Cognizant, for $380 million in a California state court, alleging the IT support crew "enabled a cybercriminal to gain a foothold in Clorox's network" by handing over staffers' passwords to at...

With more to come, no doubt At least three Chinese groups are attacking on-premises SharePoint servers via a couple of recently disclosed Microsoft bugs, according to Redmond.…

Used stolen info to pitch for Chinese tech talent program A Silicon Valley engineer has pleaded guilty to stealing thousands of trade secrets worth hundreds of millions of dollars, including crucial military technology.…

'We're going to smash the business model' NHS, councils, and schools told The UK government is proposing to "ban" public sector organizations and critical national infrastructure from paying criminal operators behind ransomware attacks, under new measures outlined today.…

No customer, partner info stolen, spokesperson tells The Reg Dell has confirmed that criminals broke into its IT environment and stole some of its data — but told The Register that it's "primarily synthetic (fake) data."…

Persians added snooping capabilities to DCHSpy after Israeli bombs fell Four new samples of Android spyware linked to the Iranian Ministry of Intelligence and Security (MOIS) that collects WhatsApp data, records audio and video, and hunts for files by name, surfaced shortly after the Iran-Israel con...