The Register-Security

August 07, 2024

"Small CSS tweak can help nasty emails slip through Outlook's anti-phishing net."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 07 August 2024, 1530 UTC.

Content and Source: Email subscription from https://feedly.com. https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom

Please scroll down to read your selections. Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Register – Security

88K followers36 articles per week#security #tech
24

Most popular

Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net
Microsoft 365 anti-phishing bypassed
•
by Connor Jones / 2h
A simple HTML change and the warning is gone! Researchers say cybercriminals can have fun bypassing one of Microsoft's anti-phishing measures in Outlook with some simple CSS tweaks.…
Police take just 2 days to recover $40M stolen in business email scam
$40 million recovered from email scam
•
by Connor Jones / 3h
Timor-Leste is a known cybercrime hotspot Two days is all it took for Interpol to recover more than $40 million worth of stolen funds in a recent business email compromise (BEC) heist, the international cop shop said this week.…
Fighting AI fire with AI fire
by David Gordon / 21min
Palo Alto Networks reveals how AI can be harnessed to strengthen cyber security defenses David Gordon Sponsored Post Hackers and cyber criminals are busy finding new ways of using AI to launch attacks on businesses and organizations often unprepared to deal with the speed, scale and sophistication of the assaults directed against them.…

Today

EQT buys majority share in Swiss cybersecurity biz Acronis
EQT acquires majority stake in Acronis
•
by Laura Dobberstein / 5h
Went at equivalent of $3.5B+ valuation for entire firm, though portion sold not specified Acronis, the Swiss disaster recovery turned cybersecurity firm and catch-all for managed service providers, has been majority acquired by Europe’s largest private equity firm, EQT.…

Yesterday

UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack
Advanced faces £6m fine for ransomware
•
by Connor Jones / 6h
Nearly 83,000 people had their data stolen amid chaos that struck NHS healthcare The UK's data protection watchdog says it plans to fine a managed software provider to the NHS £6.09 million ($7.7 million) for failings that led to a 2022 ransomware attack.…
SharpRhino malware targets IT admins – Hunters International gang suspected
5 TTPs
•
by Iain Thomson / 9h
•
Hunters International launches SharpRhino malware
Fake Angry IP Scanner will make you furious - or maybe remind you of how the Hive gang went about its banal business The latest malware from upstart criminal gang Hunters International appears to be targeting network admins, using malicious code disguised as the popular networking tool Angry IP Scanner.…
Georgia's voter portal gets a crash course in client versus backend input validation
Georgia launches online voter cancellation
•
by Matthew Connatser / 11h
Trying to cancel a citizen's registration would be caught by humans no matter what the page said, officials say The US state of Georgia has a website for cancelling voter registration, and it's had a bumpy start.…
Microsoft punches back at Delta Air Lines and its legal threats
Delta's tech outage costs $500 million
•
by Jessica Lyons / 12h
SatNad himself offered CrowdStrike recovery help, Redmond says, before suggesting airline's IT is in a mess Microsoft has labelled Delta Air Lines' accusations it's partly to blame for the outages caused by CrowdStrike’s buggy software "false" and "misleading" – and insulted the state of the carrier’s IT infrastructure.…
CrowdStrike hires outside security outfits to review troubled Falcon code
CrowdStrike update causes widespread crashes
•
by Jessica Lyons / 15h
And reveals the small mistake that bricked 8.5M Windows boxes CrowdStrike has hired two outside security firms to review its threat-detection suite Falcon that sparked a global IT outage last month – though it may not have an awful lot to find, because CrowdStrike has identified the simple mistake that caused the meltdown.…
Google splats device-hijacking exploited-in-the-wild Android kernel bug among others
by Jessica Lyons / 21h
And Qualcomm addresses 'permanent denial of service' flaw in its stuff Google released 46 fixes for Android in its August security patch batch, including one for a Linux kernel flaw in the mobile OS that can lead to remote code execution (RCE).…
Sonic Automotive says ransomware-linked CDK software outage cost it $30M
Sonic Automotive suffers $30M loss
•
by Connor Jones / 22h
Misery loves company – all of its competitors were also negatively impacted One of the US's largest car dealerships says the IT outage caused by CDK Global's June ransomware attack cost it approximately $30 million.…
Bad apps bypass Windows security alerts for six years using newly unveiled trick
Flaws found in Windows security features
•
36by Connor Jones / 1d
Windows SmartScreen and Smart App Control both have weaknesses of which to be wary Elastic Security Labs has lifted the lid on a slew of methods available to attackers who want to run malicious apps without triggering Windows' security warnings, including one in use for six years.…
Users call on Microsoft to update Outlook's friendly name feature
by Richard Speed / 1d
That one weird thing in Outlook that gives phishers and scammers an in to an inbox Users are urging Microsoft to rethink how it shows sender email addresses in Outlook because phishing criminals are taking advantage, using helpful, friendly names to serve up emails loaded with malicious intent.…

Aug 5, 2024

Billion-dollar bust as international op shutters Cryptonator wallet
Cryptonator seized for illicit activities
•
by Iain Thomson / 1d
Chap named 'Roman Boss' accused of being just that at a cryptocash laundering outfit Users of Cryptonator – an online digital wallet and cryptocurrency exchange – received an unpleasant surprise last weekend after the service was shuttered in a combined operation run by the FBI, the US Internal Revenue Service (IRS), and German police.…
MDM vendor Mobile Guardian attacked, leading to remote wiping of 13,000 devices
MOE removes Mobile Guardian app
•
20by Laura Dobberstein / 1d
Singapore Ministry of Education orders software removed after string of snafus UK-based mobile device management vendor Mobile Guardian has admitted that on August 4 it suffered a security incident that involved unauthorized access to iOS and ChromeOS devices managed by its tools, which are currently unavailable. In Singapore, the incident resulted in 13,000 devices being remotely wiped and saw t
Illinois relaxes biometric privacy law so snafus won't cost businesses billions
Illinois amends biometric privacy law
•
by Matthew Connatser / 1d
Some scowl, some smile, as fines no longer apply every time your mugshot or fingerprint is shared The US state of Illinois has reduced penalties for breaches of its tough Biometric Information Privacy Act (BIPA).…
NFL to begin using face scanning tech across all of its stadiums
49by Jessica Lyons / 1d
Smile for the camera to get in, or buy a beer without lining up The National Football League and all 32 of its teams will use tech from facial recognition software vendor Wicket to verify the identity of thousands of staff, media and fans as part of its credentialing program.…
That cyber-heist of 2.9B personal records? There's a class-action lawsuit looming for that
20by Jessica Lyons / 1d
Background check biz accused of negligence A lawsuit has accused a Florida data broker of carelessly failing to secure billions of records of people's private information, which was subsequently stolen from the biz and sold on an online criminal marketplace.…
Your copilot for improved cyber protection
by David Gordon / 2d
Watch this video to learn how Palo Alto Networks is using GenAI to automate and simplify cybersecurity Sponsored Post Cyber security is complex right, particularly when you're tyring to monitor and configure multiple tools across a host of different on- and off-premise IT environments?…
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets
16 TTPs
•
by Jessica Lyons / 2d
Malware logs users' keystrokes, pilfers credentials, exfiltrates data Criminals are preying on Windows users yet again, this time in an effort to hit them with a keylogger that can also steal credentials and take screenshots.…
CrowdStrike unhappy about Delta's 'litigation threat,' claims airline refused 'free on-site help'
Delta's tech outage costs $500 million
•
by Connor Jones / 2d
Vendor plans to aggressively defend its case before listing catalog of shortcomings at the airline CrowdStrike says it is "highly disappointed" and rejects the claims made by Delta and its lawyers that the vendor exhibited gross negligence in the events that led to the global IT outage a little over two weeks ago.…

Aug 4, 2024

China starts testing national cyber-ID before consultation on the idea closes
by Laura Dobberstein / 2d
Eighty-one apps signed up to pilot facial recognition and real name ID system Chinese app developers have signed up to beta test a national cyberspace ID system that will use facial recognition technology and the real names of users, according to Chinese media.…
Google gamed into advertising a malicious version of Authenticator
8 TTPs
•
by Iain Thomson / 2d
Plus: CISA's AI hire; and claimed Canuck SIM swappers busted Infosec in brief Scammers have been using Google's own ad system to fool people into downloading a borked copy of the Chocolate Factory's Authenticator software.…

Aug 3, 2024

DARPA suggests turning old C code automatically into Rust – using AI, of course
100+by Thomas Claburn / 4d
Who wants to make a TRACTOR pull request? To accelerate the transition to memory safe programming languages, the US Defense Advanced Research Projects Agency (DARPA) is driving the development of TRACTOR, a programmatic code conversion vehicle.…

End of feed

Comments