"Medusa Ransomware gang demands $2M from UK private health services provider."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 23 February 2025, 1441 UTC.

Content and Source:  Email subscription from https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Register – Security

94K followers29 articles per week

#security#tech

47

Most popular

Medusa ransomware gang demands $2M from UK private health services provider

4 TTPs

•

21by Iain Thomson / 3d

2.3 TB held to ransom as biz formerly known as Virgin Care tells us it's probing IT 'security incident' Exclusive HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what's claimed to be stolen internal records unless a substantial ransom is paid.…

FreSSH bugs undiscovered for years threaten OpenSSH security

4 TTPs

•

20by Connor Jones / 4d

•

OpenSSH vulnerabilities enable MitM DoS attacks

Exploit code now available for MitM and DoS attacks Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released.…

US Army soldier linked to Snowflake extortion rampage admits breaking the law

by Iain Thomson / 3d

That's the way the cookie melts A US Army soldier suspected of hacking AT&T and Verizon has admitted leaking online people's private call records.…

Feb 21, 2025

Experts race to extract intel from Black Basta internal chat leaks

2 TTPs

•

by Connor Jones / 2d

•

Black Basta ransomware chat logs leaked

Researchers say there's dissent in the ranks. Plus: An AI tool lets you have a go yourself at analysing the data Hundreds of thousands of internal messages from the Black Basta ransomware gang were leaked by a Telegram user, prompting security researchers to bust out their best Russian translations post haste.…

Feb 20, 2025

Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws

2 TTPs

•

by Jessica Lyons / 2d

PoC exploit code shows why this is a patch priority Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven't already installed patches released in January extra incentive to revisit their to-do lists.…

Thailand ready to welcome 7,000 trafficked scam call center victims back from Myanmar

Thailand to welcome 7000 trafficking victims

•

by Connor Jones / 2d

It comes amid a major crackdown on the abusive industry that started during COVID Thailand is preparing to receive thousands of people rescued from scam call centers in Myanmar as the country launches a major crackdown on the pervasive criminal activity across its border.…

Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable

Rust kernel code faces strong opposition

•

by Thomas Claburn / 2d

Nobody wants memory bugs. Penguinistas continue debate on how to squish 'em Updated Some Linux kernel maintainers remain unconvinced that adding Rust code to the open source project is a good idea, but its VIPs are coming out in support of the language's integration.…

Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes

by Jessica Lyons / 2d

Said bugs 'can have significant implications' – glad to hear that from Redmond Microsoft is so concerned about security in its Copilot products for folks that it’s lifted bug bounty payments for moderate-severity vulnerabilities from nothing to a maximum of $5,000, and expanded the range of vulnerabilities it will pay people to find and report.…

Oops, some of our customers' Power Pages-hosted sites were exploited, says Microsoft

Privilege Escalation (Enterprise TA0004)

•

by Iain Thomson / 2d

•

Microsoft fixes Power Pages vulnerabilities

Don't think this is SaaS and you can relax: Redmond wants a few of you to check your websites Microsoft has fixed a security flaw in its Power Pages website-building SaaS, after criminals got there first – and urged users to check their sites for signs of exploitation.…

US minerals company says crooks broke into email and helped themselves to $500K

2 TTPs

•

by Connor Jones / 2d

•

NioCorp reports cybersecurity incident

A painful loss for young company that's yet to generate revenue A NASDAQ-listed US minerals company says cybercriminals broke into its systems on Valentine's Day and paid themselves around $500,000 – money earmarked for a vendor.…

Critical flaws in Mongoose library expose MongoDB to data thieves, code execution

3 TTPs

•

by Connor Jones / 2d

Bugs fixed, updating to the latest version is advisable Security sleuths found two critical vulnerabilities in a third-party library that MongoDB relies on, which means bad guys can potentially steal data and run code.…

Two arrested after pensioner scammed out of six-figure crypto nest egg

Aberdeenshire man scammed cryptocurrency

•

by Connor Jones / 3d

The latest in a long line of fraud stings worth billions each year Two men are in police custody after being arrested in connection with a July cryptocurrency fraud involving a man in his seventies.…

Feb 19, 2025

Ghost ransomware crew continues to haunt IT depts with scarily bad infosec

20 TTPs

•

by Jessica Lyons / 3d

FBI and CISA issue reminder - deep sigh - about the importance of patching and backups The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities and some basic infosec actions, according to a joint advisory issued Wednesday by the FBI and US Cybersecurity and Infrastructure Security Agency.…

Trump’s DoD CISO pick previously faced security clearance suspension

Katie Arrington named DoD CISO

•

by Brandon Vigliarolo / 3d

Hey, at least Katie Arrington brings a solid resume Donald Trump's nominee for a critical DoD cybersecurity role sports a resume that outshines many of his past picks, despite previously suspended security clearance.…

Check out this free automated tool that hunts for exposed AWS secrets in public repos

by Jessica Lyons / 3d

You can find out if your GitHub codebase is leaking keys ... but so can miscreants A free automated tool that lets anyone scan public GitHub repositories for exposed AWS credentials has been released.…

Hundreds of Dutch medical records bought for pocket change at flea market

by Connor Jones / 4d

15GB of sensitive files traced back to former software biz Typically shoppers can expect to find tie-dye t-shirts, broken lamps and old disco records at flea markets, now it seems storage drives filled with huge volumes of sensitive data can be added to that list.…

Feb 18, 2025

London celebrity talent agency reports itself to ICO following Rhysida attack claims

2 TTPs

•

by Connor Jones / 4d

Showbiz members' passport scans already plastered online A London talent agency has reported itself to the UK's data protection watchdog after the Rhysida ransomware crew last week claimed it had attacked the business, which represents luminaries of stage and screen.…

Healthcare outfit that served military personnel settles allegations it faked infosec compliance for $11M

Health Net Centene cybersecurity settlement 11M

•

by Jessica Lyons / 4d

If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help An alleged security SNAFU that occurred during the Obama administration has finally been settled under the second Trump administration.…

Palo Alto firewalls under attack as miscreants chain flaws for root access

3 TTPs

•

by Iain Thomson / 4d

If you want to avoid urgent patches, stop exposing management consoles to the public internet A flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two older vulnerabilities, allows attackers to gain root access to affected systems.…

Snake Keylogger slithers into Windows, evades detection with AutoIt-compiled payload

24 TTPs

•

by Jessica Lyons / 4d

•

Snake Keylogger variant targets Windows

Because stealing your credentials, banking info, and IP just wasn’t enough A new variant of Snake Keylogger is making the rounds, primarily hitting Windows users across Asia and Europe. This strain also uses the BASIC-like scripting language AutoIt to deploy itself, adding an extra layer of obfuscation to help it slip past detection.…

US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware

3 TTPs

•

by Connor Jones / 4d

•

Lee Enterprises avoids ransomware term

Called it an 'incident' in SEC filing, but encrypted apps and data exfiltration suggest Lee just can’t say the R word US newspaper publisher Lee Enterprises is blaming its recent service disruptions on a "cybersecurity attack," per a regulatory filing, and is the latest company to avoid using the dreaded R word.…

Time to make C the COBOL of this century

by Rupert Goodwins / 5d

Lions juggling chainsaws are fun to watch, but you wouldn't want them trimming your trees Opinion Nobody likes The Man. When a traffic cop tells you to straighten up and slow down or else, profound thanks are rarely the first words on your lips. Then you drive past a car embedded in a tree, surrounded by blue lights and cutting equipment. Perhaps Officer Dibble had a point.…

Feb 17, 2025

Indian authorities seize loot from collapsed BitConnect crypto scam

India seizes $189M Bitconnect scam

•

by Simon Sharwood / 5d

Devices containing crypto wallets tracked online, then in the real world Indian authorities seize loot from BitConnect crypto-Ponzi scheme Devices containing crypto wallets tracked online, then in the real world India’s Directorate of Enforcement has found and seized over $200 million of loot it says are the proceeds of the BitConnect crypto-fraud scheme.…

XCSSET macOS malware returns with first new version since 2022

11 TTPs

•

by Connor Jones / 6d

•

XCSSET malware targets macOS developers

Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Microsoft says there's a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.…

Loken: An easy interactive way to better looking websites

by Liam Proven / 6d

A 'synthesizer for websites' lets you experiment and improvize your way to CSS Interview Loken is a new type of tool which aims to let website designers feel their way towards a design in the same sort of way as musicians do with a software synthesizer.…

Feb 16, 2025

Twin Google flaws allowed researcher to get from YouTube ID to Gmail address in a few easy steps

3 TTPs

•

by Brandon Vigliarolo / 6d

PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more! Infosec In Brief A security researcher has found that Google could leak the email addresses of YouTube channels, which wasn’t good because the search and ads giant promised not to do that.…

Fujitsu worries US tariffs will see its clients slow digital spend

by Simon Sharwood / 6d

PLUS: Pacific islands targeted by Chinese APT; China’s new rocket soars; DeepSeek puts Korea in a pickle; and more Asia In Brief The head of Fujitsu’s North American operations has warned that the Trump administration’s tariff plans will be bad for business.…

This open text-to-speech model needs just seconds of audio to clone your voice

AI voice cloning advances rapidly

•

56by Tobias Mann / 6d

El Reg shows you how to run Zyphra's speech-replicating AI on your own box Hands on Palo Alto-based AI startup Zyphra unveiled a pair of open text-to-speech (TTS) models this week said to be capable of cloning your voice with as little as five seconds of sample audio. In our testing, we generated realistic results with less than half a minute of recorded speech.…

Feb 15, 2025

Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed

by Iain Thomson / 7d

'In 50 years, I think we'll view these business practices like we view sweatshops today' Interview It has been nearly a decade since famed cryptographer and privacy expert Bruce Schneier released the book Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World - an examination of how government agencies and tech giants exploit personal data. Today, his predictions feel ee

Feb 14, 2025

If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish

5 TTPs

•

by Jessica Lyons / 8d

•

Storm-2372 phishing campaign targets organizations

Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir Digital thieves – quite possibly Kremlin-linked baddies – have been emailing out bogus Microsoft Teams meeting invites to trick victims in key government and business sectors into handing over their authentication tokens, granting access to emails, cloud data, and other sensitive information.…

SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN

2 TTPs

•

by Jessica Lyons / 8d

Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew updated Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code.…

Critical PostgreSQL bug tied to zero-day attack on US Treasury

2 TTPs

•

31by Connor Jones / 9d

•

CVE-2025-1094

High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.…

2 charged over alleged New IRA terrorism activity linked to cops' spilled data

by Connor Jones / 9d

Officer says mistakenly published police details were shared 'a considerable amount of times' Two suspected New IRA members were arrested on Tuesday and charged under the Terrorism Act 2000 after they were found in possession of spreadsheets containing details of staff that the Police Service of Northern Ireland (PSNI) mistakenly published online.…

Feb 13, 2025

Watchdog ponders why Apple doesn't apply its strict app tracking rules to itself

Bundeskartellamt warns Apple over tracking

•

by Jude Karabus / 9d

Germany's Federal Cartel Office voices concerns iPhone maker may be breaking competition law Apple is feeling the heat over its acclaimed iPhone privacy policy after a German regulator's review of iOS tracking consent alleged that the tech giant exempted itself from the rules it enforces on third-party developers.…

Chinese spies suspected of 'moonlighting' as tawdry ransomware crooks

8 TTPs

•

by Jessica Lyons / 9d

•

CVE-2024-0012

Some employees steal sticky notes, others 'borrow' malicious code A crew identified as a Chinese government-backed espionage group appears to have started moonlighting as a ransomware player – further evidence that lines are blurring between nation-state cyberspies and financially motivated cybercriminals.…

More victims of China's Salt Typhoon crew emerge: Telcos just now hit via Cisco bugs

4 TTPs

•

by Jessica Lyons / 9d

Networks in US and beyond compromised by Beijing's super-snoops pulling off priv-esc attacks China's Salt Typhoon spy crew exploited vulnerabilities in Cisco devices to compromise at least seven devices linked to global telecom providers and other orgs, in addition to its previous victim count.…

US lawmakers press Trump admin to oppose UK's order for Apple iCloud backdoor

US lawmakers oppose UK iCloud backdoor

•

by Brandon Vigliarolo / 9d

Senator, Congressman tell DNI to threaten infosec agreements if Blighty won't back down US lawmakers want newly confirmed Director of National Intelligence Tulsi Gabbard to back up her tough talk on backdoors. They're urging her to push back on the UK government's reported order for Apple to weaken iCloud security for government access.…

North Korea targets crypto developers via NPM supply chain attack

10 TTPs

•

by Connor Jones / 10d

•

North Korea targets crypto developers

Yet another cash grab from Kim's cronies and an intel update from Microsoft North Korea has changed tack: its latest campaign targets the NPM registry and owners of Exodus and Atomic cryptocurrency wallets.…