"Guess who left a data base wide open, exposing chat logs, API keys, and more? Yup, DeepSeek." 

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 02 February 2025, 1420 UTC.

Content and Source:  Email subscription via https://feedly.com.

https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Register – Security

93K followers29 articles per week#security#tech

36

Most popular

Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek

DeepSeek database exposes user data

•

500+by Thomas Claburn / 3d

Oh someone's in DeepShi... China-based AI biz DeepSeek may have developed competitive, cost-efficient generative models, but its cybersecurity chops are another story.…

Trump admin's purge of US cyber advisory boards was 'foolish,' says ex-Navy admiral

Trump admin's cyber board purge criticized

•

100+by Jessica Lyons / 2d

‘No one was kicked off the NTSB in the middle of investigating a crash’ interview Gutting the Cyber Safety Review Board as it was probing how China's Salt Typhoon breached American government and telecommunications networks was "foolish" and "bad for national security," says retired US Navy Rear Admiral Mark Montgomery.…

Gilmore Girls fans nabbed as Eurocops dismantle two major cybercrime forums

Cracked and Nulled marketplaces dismantled

•

by Connor Jones / 56min

Nulled and Cracked had a Lorelai-cal rise - until Operation Talent stepped in Law enforcement officers across Europe assembled again to collectively disrupt major facilitators of cybercrime, with at least one of those cuffed apparently a fan of the dramedy series The Gilmore Girls .…

Jan 31, 2025

The Big Short on Cybersecurity

by Stephen Tutterow, Sales Engineer Team Lead at Pentera / 1d

How to communicate risk to executives Partner Content Have you ever watched ? It's one of my all-time favorite movies, not just for the story but for how it handles complexity.…

Jan 30, 2025

Another banner year for ransomware gangs despite takedowns by the cops

by Jessica Lyons / 2d

And it doesn't take a crystal ball to predict the future If the nonstop flood of ransomware attacks doesn't already make every day feel like Groundhog Day, then a look back at 2024 – and predictions for 2025 – definitely will.…

Google to Iran: Yes, we see you using Gemini for phishing and scripting. We're onto you

Hackers exploit AI for cyberattacks

•

by Iain Thomson / 2d

And you, China, Russia, North Korea ... Guardrails block malware generation Google says it's spotted Chinese, Russian, Iranian, and North Korean government agents using its Gemini AI for nefarious purposes, with Tehran by far the most frequent naughty user out of the four.…

Data resilience and data portability

by Robin Birtstone / 2d

Why organizations should protect everything, everywhere, all at once Sponsored Feature Considering it has such a large share of the data protection market , Veeam doesn't talk much about backups in meetings with enterprise customers these days.…

VMware plugs steal-my-credentials holes in Cloud Foundation

4 TTPs

•

by Jessica Lyons / 2d

Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom's virtualization giant Broadcom has fixed five flaws, collectively deemed "high severity," in VMware's IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to credential leakage under certain conditions.…

Ransomware attack at New York blood services provider – donors turned away during shortage crisis

NY Blood Center hit by ransomware

•

by Connor Jones / 2d

400 hospitals and med centers across 15 states rely on its products New York Blood Center Enterprises (NYBCe) is currently in its fifth day of handling a ransomware attack that has led to system disruption.…

Canvassing apps used by UK political parties riddled with privacy, security issues

by Connor Jones / 3d

Neither Labour, Conservatives, nor the Lib Dems offered a retort to rights org's report The Open Rights Group (ORG) has raised concerns about a number of security issues it found in all three of the canvassing apps developed on behalf of the UK's three major political parties.…

WFH with privacy? 85% of Brit bosses snoop on staff

by Connor Jones / 3d

Employers remain blissfully unaware/wilfully ignorant of the impact of surveillance on staff More than three-quarters of UK employers admit to using some form of surveillance tech to spy on their remote workers' productivity.…

Jan 29, 2025

Wacom says crooks probably swiped customer credit cards from its online checkout

3 TTPs

•

by Iain Thomson / 3d

Digital canvas slinger indicates dot-com was skimmed for over a month Graphics tablet maker Wacom has warned customers their credit card details may well have been stolen by miscreants while they were buying stuff from its website.…

North Koreans clone open source projects to plant backdoors, steal credentials

10 TTPs

•

by Jessica Lyons / 3d

•

Lazarus Group targets global developers

Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? North Korea's Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing as of earlier this month, according to security researchers.…

Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet

8 TTPs

•

by Jessica Lyons / 3d

And now you won't stop calling me, I'm kinda busy A new variant of the Mirai-based malware Aquabot is actively exploiting a vulnerability in Mitel phones to build a remote-controlled botnet, according to Akamai's Security Intelligence and Response Team.…

Transform your approach to data security

by Annaliese Ingrams / 4d

Watch this webinar on-demand and learn how to safeguard your organisation’s future Webinar The cybersecurity landscape continues to change at pace, leaving IT professionals constantly battling threats.…

'Bro delete the chat': Feel the panic shortly before cops bust major online fraud ring

Fraudsters jailed for hacking service

•

by Connor Jones / 4d

Mastermind begs colluders to bury evidence later used to imprison him In announcing the sentencing of three Brits who ran OTP Agency, an account-takeover business, the National Crime Agency (NCA) revealed how a 2021 report sent the fraudsters into a panicked frenzy.…

Jan 28, 2025

Spending watchdog blasts UK govt over sloth-like progress to shore up IT defenses

UK government cyber resilience weak

•

by Connor Jones / 4d

Think government cybersecurity is bad? Guess again. It’s alarmingly so The UK government is significantly behind on its 2022 target to harden systems against cyberattacks by 2025, with a new report from the spending watchdog suggesting it may not achieve this goal even by 2030.…

The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster

Federal employees sue OPM over privacy

•

24by Thomas Claburn, Chris Williams, and Iain Thomson / 4d

Lawsuit challenges effort to create federal-wide centralized inbox expected to be used for mass firings Two anonymous US government employees have sued Uncle Sam's HR department – the Office of Personnel Management – claiming the Trump administration's rapid roll out of a new federal email system broke the law.…

SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon

6 TTPs

•

by Thomas Claburn / 4d

•

New CPU attacks expose Apple data

It's another cousin of Spectre, here to read your email, browsing history, and more Many recent Apple laptops, desktops, tablets, and phones powered by Cupertino's homegrown Silicon processors can be exploited to reveal email content, browsing behavior, and other sensitive data through two newly identified side-channel attacks on Chrome and Safari.…

Baguette bandits strike again with ransomware and a side of mockery

5 TTPs

•

by Jessica Lyons / 4d

Big-game hunting to the extreme Hellcat, the ransomware crew that infected Schneider Electric and demanded $125,000 in baguettes, has aggressively targeted government, education, energy, and other critical industries since it emerged around mid-2024.…

Protecting AWS environments from cyberthreats

by Contributed by the Wazuh Team / 4d

The shared responsibility model: why securing AWS workloads is essential Partner Content Organizations are increasingly shifting their deployments to the cloud due to its many benefits over traditional on-premises solutions.…

Security pros more confident about fending off ransomware, despite being battered by attacks

Ransomware attacks force operational shutdowns

•

by Connor Jones / 5d

Data leak, shmata leak. It will all work out, right? IT and security pros say they are more confident in their ability to manage ransomware attacks after nearly nine in ten (88 percent) were forced to contain efforts by criminals to breach their defenses in the past year.…

Jan 27, 2025

Apple plugs security hole in its iThings that's already been exploited in iOS

by Jessica Lyons / 5d

Cupertino kicks off the year with a zero-day Apple has plugged a security hole in the software at the heart of its iPhones, iPads, Vision Pro goggles, Apple TVs and macOS Sequoia Macs, warning some miscreants have already exploited the bug.…

US freezes foreign aid, halting cybersecurity defense and policy funds for allies

State Department freezes foreign aid

•

by Jessica Lyons / 5d

Uncle Sam will 'no longer blindly dole out money,' State Dept says Updated US Secretary of State Marco Rubio has frozen nearly all foreign aid cash for a full-on government review, including funds to defend America's allies from cyberattacks as well as steer international computer security policies.…

DeepSeek limits new accounts amid cyberattack

DeepSeek challenges ChatGPT dominance

•

36by Thomas Claburn / 5d

Chinese AI startup grapples with consequences of sudden popularity Updated China's DeepSeek, which shook up American AI makers with the debut of its V3 and reasoning-capable R1 LLM families, has limited new signups to its web-based interface to its models due to what's said to be an ongoing cyberattack.…

Google takes action after coder reports 'most sophisticated attack I've ever seen'

by Connor Jones / 5d

Latest trope is tricky enough to fool even the technical crowd… almost Google says it's now hardening defenses against a sophisticated account takeover scam documented by a programmer last week.…

Sweden seizes cargo ship after another undersea cable hit in suspected sabotage

by Jude Karabus / 6d

NATO increasing patrols in the Baltic as region awaits navy drones Swedish authorities have "seized" a vessel – believed to be the cargo ship Vezhen – "suspected of carrying out sabotage" after a cable running between Sweden and Latvia in the Baltic Sea was damaged on the morning of January 26.…

CDNs: Great for speeding up the internet, bad for location privacy

2 TTPs

•

by Brandon Vigliarolo / 6d

Also, Subaru web portal spills user deets, Tornado Cash sanctions overturned, a Stark ransomware attack, and more Infosec in brief Using a custom-built tool, a 15-year-old hacker exploited Cloudflare's content delivery network to approximate the locations of users of apps like Signal, Discord, and others.…

Jan 26, 2025

British Museum says ex-contractor 'shut down' IT systems, wreaked havoc

British Museum suffers IT attack

•

by Paul Kunert / 6d

Former freelancer cuffed a week after being dismissed by UK's top visitor attraction The British Museum was forced to temporarily close some galleries and exhibitions this weekend after a disgruntled former tech contractor went rogue and shuttered some onsite IT systems.…

Jan 25, 2025

Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet

IoC > 1 IP and 5 hashes

•

85by Jessica Lyons / 8d

•

3 TTPs

•

Backdoor discovered in Juniper routers

Who could be so interested in chips, manufacturing, and more, in the US, UK, Europe, Russia... Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023.…

Jan 24, 2025

UK telco TalkTalk confirms probe into alleged data grab underway

TalkTalk investigates potential data breach

•

by Connor Jones / 8d

Spinner says crim's claims 'very significantly overstated' UK broadband and TV provider TalkTalk says it's currently investigating claims made on cybercrime forums alleging data from the company was up for grabs.…

AI chatbot startup founder, lawyer wife accused of ripping off investors in $60M fraud

GameOn CEO and wife indicted

•

by Brandon Vigliarolo / 8d

GameOn? It's looking more like game over for that biz The co-founder and former CEO of AI startup GameOn is in a pickle. After exiting the top job last year under a cloud, he's now in court – along with his wife – for allegedly bilking his company and its investors out of more than $60 million.…

Don't want your Kubernetes Windows nodes hijacked? Patch this hole now

by Jessica Lyons / 8d

SYSTEM-level command injection via API parameter *chef's kiss* A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster, and thus fully take over those systems, according to Akamai researcher Tomer Peled.…

North Korean dev who renamed himself 'Bane' accused of IT worker fraud caper

Five indicted in North Korea IT scheme

•

by Connor Jones / 9d

5 indicted as FBI warns North Korea dials up aggression, plus Russian devs allegedly get in on the act The US is indicting yet another five suspects it believes were involved in North Korea's long-running, fraudulent remote IT worker scheme – including one who changed their last name to "Bane" and scored a gig at a tech biz in San Francisco.…