"If you're using Pollyfill.io code on your site-like 100,000+ are-remove it immediately."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 29 June 2024, 1524 UTC.

Content and Source:  https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom/The Register-Security.

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Register – Security

87K followers33 articles per week#security#tech

21

MOST POPULAR

If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately

8 TTPs

•

100+by Jessica Lyons / 3d

•

Polyfill.io supply chain attack impacts 100K+

Scripts turn sus after mysterious CDN swallows domain The polyfill.io domain is being used to infect more than 100,000 websites with malicious code after what's said to be a Chinese organization bought the domain earlier this year, researchers have said.…

TeamViewer can't bring itself to say someone broke into its network – but it happened

TeamViewer corporate network breached

•

51by Jessica Lyons / 1d

Claims customer data, prod environment not affected as NCC sounds alarm Updated TeamViewer on Thursday said its security team just "detected an irregularity" within one of its networks – which is a fancy way of saying someone broke in.…

'Skeleton Key' attack unlocks the worst of AI, says Microsoft

Microsoft warns of AI jailbreak

•

23by Thomas Claburn / 1d

Simple jailbreak prompt can bypass safety guardrails on major models Microsoft on Thursday published details about Skeleton Key – a technique that bypasses the guardrails used by makers of AI models to prevent their generative chatbots from creating harmful content.…

YESTERDAY

CISA looked at C/C++ projects and found a lot of C/C++ code. Wanna redo any of it in Rust?

Memory safety guidance for OSS

•

by Thomas Claburn / 18h

So, so many lines of memory-unsafe routines in crucial open source, and unsafe dependencies The US government's Cybersecurity and Infrastructure Security Agency (CISA) has analyzed 172 critical open source projects and found that more than half contain code written in languages like C and C++ that are not naturally memory safe.…

TeamViewer says Russia broke into its corp IT network

TeamViewer corporate network breached

•

by Chris Williams / 20h

Same APT29 crew that hit Microsoft and SolarWinds. How close were we to a mega backdoor situation? TeamViewer says it was Russian intelligence that broke into its systems this week.…

Unlock the future of security

by Annaliese Ingrams / 1d

Join our exclusive webinar on identity security Webinar In today's rapidly evolving digital landscape, securing identities is more critical than ever.…

Google cuts ties with Entrust in Chrome over trust issues

Chrome distrusts Entrust CA certificates

•

by Connor Jones / 1d

Move comes weeks after Mozilla blasted certificate authority for failings Google is severing its trust in Entrust after what it describes as a protracted period of failures around compliance and general improvements.…

Microsoft hits snooze again on security certificate renewal

by Richard Speed / 1d

Seeing weird warnings in Microsoft 365 and Office Online? That'll be why Microsoft has expiration issues with its TLS certificates, resulting in unwanted security warnings.…

JUN 27, 2024

Polyfill.io owner punches back at 'malicious defamation' amid domain shutdown

IoC > 2 domains

•

by Jessica Lyons / 1d

•

Polyfill.io supply chain attack impacts 100K+

No supply-chain attacks to see over here! Updated After having its website shut down, the polyfill.io owner is fighting back against claims it smuggled suspicious code onto websites all across the internet.…

US lawmakers wave red flags over Chinese drone dominance

Chinese subsidies threaten US drone industry

•

by Laura Dobberstein / 2d

Congressman warns tech is getting the 'Huawei Playbook' treatment US Congress members warned against Chinese dominance of the drone industry on Wednesday, elevating the threat posed by Beijing's control of the technology as similar to that of semiconductors and ships.…

JUN 26, 2024

Korean telco allegedly infected its P2P users with malware

Any.Run Malware Sandbox Phishing Attack

•

by Laura Dobberstein / 2d

KT may have had an entire team dedicated to infecting its own customers A South Korean media outlet has alleged that local telco KT deliberately infected some customers with malware due to their excessive use of peer-to-peer (P2P) downloading tools.…

WhisperGate suspect indicted as US offers a $10M bounty for his capture

Russian citizen indicted for cyberattacks

•

by Jessica Lyons / 2d

Russian national accused of attacks in lead-up to the Ukraine war The US Department of Justice has indicted a 22-year-old Russian for allegedly attacking Ukrainian government computers and destroying critical infrastructure systems in the so-called “WhisperGate” wiper attack that preceded Russia's illegal invasion of the European nation.…

Feds put $5M bounty on 'CryptoQueen' Ruja Ignatova

Bulgaria pursues OneCoin fraudster

•

by Jessica Lyons / 2d

OneCoin co-founder allegedly bilked investors out of $4B Uncle Sam has put a $5 million bounty on any information leading to the arrest or conviction of self-titled "CryptoQueen" Ruja Ignatova, who is wanted in the US for apparently bilking victims out of more than $4 billion in what the Feds describe as the "one of the largest global fraud schemes in history."…

US convicts crypto-robbing gang leader who kidnapped victims before draining their accounts

Florida man convicted in cryptocurrency theft

•

by Connor Jones / 2d

Said to have zip tied elderly crypto investors, held them at gunpoint, and threatened to kill them The US has convicted the 24-year-old leader of an international robbery crew that kidnapped and terrorized wealthy victims during home invasions that were carried out to steal cryptocurrency tokens.…

Julian Assange pleads guilty, leaves courtroom a free man

Julian Assange to plead guilty

•

by Simon Sharwood / 2d

Now, about that bill for the private jet that's taking him home to Australia … Julian Assange is a free man.…

Batten down the hatches, it's time to patch some more MOVEit bugs

CVE-2024-5806

•

by Connor Jones / 3d

Exploit attempts for ‘devastating’ vulnerabilities already underway Thought last year's MOVEit hellscape was well and truly behind you? Unlucky, buster. We're back for round two after Progress Software lifted the lid on fresh vulnerabilities affecting MOVEit Transfer and Gateway.…

JUN 25, 2024

Yahoo! Japan to waive $189 million ad revenue after detecting fraudulent clicks

by Laura Dobberstein / 3d

Admits it's not sure some clicks came from humans, points to bettter quality as sign not all is rotten Yahoo ! Japan will waive $189 million charged to advertisers after deciding they were fraudulently charged, the portal's corporate parent revealed on Tuesday.…

Organized crime and domestic violence perps are big buyers of tracking devices

Organized crime, domestic violence perps buy

•

by Simon Sharwood / 3d

Australian study finds GPS trackers – and sometimes AirTags – are in demand for the wrong reasons Tracking devices are in demand from organized crime groups and known perpetrators of domestic violence, according to an Australian study.…

Microsoft blamed for million-plus patient record theft at US hospital giant

Geisinger data breach affects patients

•

by Brandon Vigliarolo / 3d

Probe: Worker at speech-recog outfit Nuance wasn't locked out after firing Updated American healthcare provider Geisinger fears highly personal data on more than a million of its patients has been stolen – and claimed a former employee at a Microsoft subsidiary is the likely culprit.…

Fiend touts stolen Neiman Marcus customer info for $150K

Neiman Marcus data breach disclosed

•

by Jessica Lyons / 3d

Flash clobber chain fashionably late to Snowflake fiasco party Customer information said to have been stolen from Neiman Marcus's Snowflake instance has been put up for sale on the dark web for $150,000.…

Crypto scammers circle back, pose as lawyers, steal an extra $10M in truly devious plan

FBI warns of fake law firms targeting crypto scam

•

by Connor Jones / 3d

Business is more lucrative than you might think The FBI says in just 12 months, scumbags stole circa $10 million from victims of crypto scams after posing as helpful lawyers offering to recover their lost tokens.…

END OF FEED