"Uncle Sam abruptly cuts of funding for CVE program-Yes, that CVE program."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 16 April 2025, 1621 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Register – Security

95K followers30 articles per week

#security#tech

37

Most popular

Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program

500+by Jessica Lyons / 16h

Because vulnerability management has nothing to do with national security, right? US government funding for the world's CVE program – the centralized Common Vulnerabilities and Exposures database of product security flaws – ends Wednesday.…

Law firm 'didn't think' data theft was a breach, says ICO. Now it's nursing a £60K fine

Law firm fined for cyber attack

•

by Paul Kunert / 1h

DPP Law is appealing against data watchdog's conclusions A law firm is appealing against a £60,000 fine from the UK's data watchdog after 32 GB of personal information was stolen from its systems.…

Russians lure European diplomats into malware trap with wine-tasting invite

12 TTPs

•

by Iain Thomson / 3h

•

APT29 targets European diplomats phishing

Vintage phishing varietal has improved with age Russia never stops using proven tactics, and its Cozy Bear, aka APT 29, cyber-spies are once again trying to lure European diplomats into downloading malware with a phony invitation to a lux event.…

Yesterday

Guess what happens when ransomware fiends find 'insurance' 'policy' in your files

by Iain Thomson / 9h

It involves a number close to three or six depending on the pickle you're in Ransomware operators jack up their ransom demands by a factor of 2.8x if they detect a victim has cyber-insurance, a study highlighted by the Netherlands government has confirmed.…

Now 1.6M people had SSNs, life chapter and verse stolen from insurance IT biz

4 TTPs

•

by Iain Thomson / 19h

•

2.6 million affected by data breaches

800K? Make that double, and we'll need a double, too, for the pain A Texas firm that provides backend IT and other services for American insurers has admitted twice as many people had their info stolen from it than previously disclosed.…

4chan, the 'internet’s litter box,' appears to have been pillaged by rival forum

4chan hacked database and source leaked

•

by Jessica Lyons / 21h

Source code, moderator info, IP addresses, more allegedly swiped and leaked Thousands of 4chan users reported outages Monday night amid rumors on social media that the edgy anonymous imageboard had been ransacked by an intruder, with someone on a rival forum claiming to have leaked its source code, moderator identities, and users' IP addresses.…

China names alleged US snoops over Asian Winter Games attacks

China pursues US operatives for cyberattacks

•

by Connor Jones / 22h

Beijing claims NSA went for gold in offensive cyber, got caught in the act China's state-run press has taken its turn in trying to highlight alleged foreign cyber offensives, accusing the US National Security Agency of targeting the 2025 Asian Winter Games.…

All right, you can have one: DOGE access to Treasury IT OK'd judge

DOGE member granted Treasury access

•

by Brandon Vigliarolo / 22h

Login green-lit for lone staffer if he’s trained, papered up, won’t pull an Elez A federal judge has partly lifted an injunction against Elon Musk's Trump-blessed cost-trimming DOGE unit, allowing one staff member to access sensitive US Treasury payment systems. This access includes personally identifiable financial information tied to millions of Americans.…

Chinese snoops use stealth RAT to backdoor US orgs – still active last week

IoC > 2 domains

•

by Jessica Lyons / 1d

•

12 TTPs

•

Chinese hackers target Linux systems

Let the espionage and access resale campaigns begin (again) A cyberspy crew or individual with ties to China's Ministry of State Security has infected global organizations with a remote access trojan (RAT) that's "even better" than Cobalt Strike, using this stealthy backdoor to enable its espionage and access resale campaigns.…

ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK?

ActiveX disabled by default Microsoft 365

•

by Richard Speed / 1d

Stopping users shooting themselves in the foot with last century's tech Microsoft has twisted the knife into ActiveX once again, setting Microsoft 365 to disable all controls without so much as a prompt.…

Where it Hertz: Customer data driven off in Cleo attacks

by Connor Jones / 1d

Car hire biz takes your privacy seriously, though Car hire giant Hertz has confirmed that customer information was stolen during the zero-day data raids on Cleo file transfer products last year.…

Apr 14, 2025

EU gives staff 'burner phones, laptops' for US visits

EU issues burner phones for staff

•

100+by Iain Thomson / 1d

That would put America on the same level as China for espionage The European Commission is giving staffers visiting the US on official business burner laptops and phones to avoid espionage attempts, according to the Financial Times.…

Don't delete that mystery empty folder. Windows put it there as a security fix

2 TTPs

•

by Iain Thomson / 1d

Copilot vibe coding for OS development? Why not Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured – it's perfectly benign. In fact, it's recommended you leave the directory there.…

New SSL/TLS certs to each live no longer than 47 days by 2029

SSL TLS certificate validity reduced

•

28by Iain Thomson / 1d

IT admins, get ready to grumble CA/Browser Forum – a central body of web browser makers, security certificate issuers, and friends – has voted to cut the maximum lifespan of new SSL/TLS certs to just 47 days by March 15, 2029.…

Cyber congressman demands answers before CISA gets cut down to size

by Jessica Lyons / 1d

What's the goal here, Homeland Insecurity or something? As drastic cuts to the US govt's Cybersecurity and Infrastructure Security Agency loom, Rep Eric Swalwell (D-CA), the ranking member of the House's cybersecurity subcommittee, has demanded that CISA brief the subcommittee "prior to any significant changes to CISA's workforce or organizational structure."…

Apr 13, 2025

Official abuse of state security has always been bad, now it's horrifying

UK state security abuse alarming

•

20by Rupert Goodwins / 2d

UK holds onto oversight by a whisker, but it's utterly barefaced on the other side of the pond Opinion The UK government's attempts to worm into Apple's core end-to-end encryption were set back last week when the country's Home Office failed in its bid to keep them secret on national security grounds.…

CIO and digi VP to depart UK retail giant Asda as Walmart divorce woes settle

by Lindsay Clark / 2d

Brit retailer says troubled breakup with tech platform of former US owner nearing conclusion Two of the top team behind Asda's £1 billion ($1.31 billion) tech divorce from US retail giant Walmart — which has seen a number of setbacks — are departing the company.…

Old Fortinet flaws under attack with new method its patch didn't prevent

6 TTPs

•

by Brandon Vigliarolo / 2d

PLUS: Chinese robodogs include backdoor; OpenAI helps spammer; A Dutch data disaster; And more! Infosec In Brief Fortinet last week admitted that attackers have found new ways to exploit three flaws it thought it had fixed last year.…

China reportedly admitted directing cyberattacks on US infrastructure

China admits cyberattacks on US

•

32by Simon Sharwood / 2d

PLUS: India's new electronics subsidies; Philippines unplugs a mobile carrier; Alibaba Cloud expands Asia In Brief Chinese officials admitted to directing cyberattacks on US infrastructure at a meeting with their American counterparts, according to The Wall Street Journal.…

Hacktivism resurges – but don't be fooled, it's often state-backed goons in masks

42by Jessica Lyons / 2d

Military units, government nerds appear to join the fray, with physical infra in sights Feature From triggering a water tank overflow in Texas to shutting down Russian state news services on Vladimir Putin's birthday, self-styled hacktivists have been making headlines.…

Apr 12, 2025

LLMs can't stop making up software dependencies and sabotaging everything

UTSA studies AI risks in coding

•

200+by Thomas Claburn / 4d

Hallucinated package names fuel 'slopsquatting' The rise of LLM-powered code generation tools is reshaping how developers write software - and introducing new risks to the software supply chain in the process.…

Apr 11, 2025

Microsoft total recalls Recall totally to Copilot+ PCs

Microsoft re-releases Recall feature

•

by Iain Thomson / 4d

Redmond hopes you’ve forgotten or got over why everyone hated it the first time After temporarily shelving its controversial Windows Recall feature amid a wave of backlash, Microsoft is back at it - now quietly slipping the screenshotting app into the Windows 11 Release Preview channel for Copilot+ PCs, signaling its near-readiness for general availability.…

Apr 10, 2025

Ransomware crims hammering UK more than ever as British techies complain the board just doesn't get it

43% UK businesses face cyber breaches

•

by Connor Jones / 5d

Issues at the very top continue to worsen The UK government's latest annual data breach survey shows the number of ransomware attacks on the isles is on the increase – and many techies are forced to constantly informally request company directors for defense spending because there's no security people on the board.…

Ex-Meta exec tells Senate Zuck dangled US citizen data in bid to enter China

Wynn-Williams to testify on Facebook

•

60by Iain Thomson / 5d

Former policy boss claims Facebook cared little about national security as it chased the mighty Yuan Facebook's former director of global public policy told a Senate committee that Meta CEO Mark Zuckerberg was willing to do almost anything to get the social network into China - including, she alleged, offering up Americans' data.…

US sensor giant Sensata admits ransomware derailed ops

3 TTPs

•

by Connor Jones / 5d

•

Sensata experiences ransomware incident

Props for the transparency though US sensor maker Sensata has told regulators that a ransomware attack caused an operational disruption, and that it's still working to fully restore affected systems.…

Infosec experts fear China could retaliate against tariffs with a Typhoon attack

China and Spain strengthen partnership

•

by Jessica Lyons / 6d

Scammers are already cashing in with fake invoices for import costs World War Fee As the trade war between America and China escalates, some infosec and policy experts fear Beijing will strike back in cyberspace.…

Apr 9, 2025

Europol: Five pay-per-infect suspects cuffed, some spill secrets to cops

Operation Endgame follow-up arrests malware

•

by Connor Jones / 6d

Officials teased more details to come later this year Following the 2024 takedown of several major malware operations under Operation Endgame, law enforcement has continued its crackdown into 2025, detaining five individuals linked to the Smokeloader botnet.…

The Reg translates the letter in which Oracle kinda-sorta tells customers it was pwned

Oracle faces criticism over security incidents

•

by Iain Thomson / 6d

TL;DR: Move along, still nothing to see here - an idea that leaves infosec pros aghast Oracle's letter to customers about an intrusion into part of its public cloud empire - while insisting Oracle Cloud Infrastructure was untouched - has sparked a mix of ridicule and outrage in the infosec community.…

Trump kills clearances for infosec's SentinelOne, ex-CISA boss Chris Krebs

Trump revokes Chris Krebs security clearance

•

by Simon Sharwood / 6d

Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories Updated The Trump administration on Wednesday ordered a criminal investigation into alleged censorship conducted by the USA’s Cybersecurity and Infrastructure Security Agency, aka CISA, plus revocation of any security clearances held by the agency's ex-head Chris Krebs and anyone else at SentinelOne, the cybersecurity com

April's Patch Tuesday leaves unlucky Windows Hello users unable to login

CVE-2025-29824

•

by Iain Thomson / 6d

Can't Redmond ask its whizz-bang Copilot AI to fix it? Updated Those keen to get their Microsoft PCs patched up as soon as possible have been getting an unpleasant shock when they try to get in using Windows Hello.…

Wyden blocks Trump's CISA boss nominee, blames cyber agency for 'actively hiding info' about telecom insecurity

Senator blocks cybersecurity nominee over

•

by Jessica Lyons / 6d

It worked for in 2018 with Chris Krebs. Will it work again? Uncle Sam's Cybersecurity and Infrastructure Security Agency, aka CISA, has been "actively hiding information" about American telecommunications networks' weak security for years, according to Senator Ron Wyden.…

Someone compromised US bank watchdog to access sensitive financial files

Hackers accessed US bank regulators' emails

•

20by Iain Thomson / 6d

OCC mum on who broke into email, but Treasury fingered China in similar hack months ago A US banking regulator says sensitive financial oversight data was accessed by one or more system intruders for more than a year in what's been described as "a major information security incident."…

Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz

LTIMindtree expands Google Cloud partnership

•

by Jessica Lyons / 7d

How Chocolate Factory hopes to double down on enterprise-sec Cloud Next Google will today reveal a new unified security platform that analysts think can help it battle Microsoft for a bigger chunk of the enterprise infosec market.…

Apr 8, 2025

Pharmacist accused of using webcams to spy on women in intimate moments at work, home

Pharmacist spied on coworkers for years

•

by Thomas Claburn / 7d

Lawsuit claims sick cyber-voyeurism went undetected for years, using hundreds of PCs, due to lax infosec A now-former pharmacist at the University of Maryland Medical Center (UMMC) has been accused of compromising the US healthcare organization's IT systems to ogle female clinicians using webcams at their workplace and at their homes.…

Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug

6 TTPs

•

by Iain Thomson / 7d

A novel way to encourage upgrades? Microsoft would never stoop so low Patch Tuesday Patch Tuesday has arrived, and Microsoft has revealed one flaw in its products under active exploitation and 11 critical issues in its code to fix.…

Don't open that JPEG in WhatsApp for Windows. It might be an .EXE

6 TTPs

•

21by Jessica Lyons / 7d

•

CVE-2025-30401

What a MIME field A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment - and, to be fair, it doesn't take much craft to pull that off.…

Scattered Spider stops the Rickrolls, starts the RAT race

IoC > 9 domains

•

by Jessica Lyons / 8d

•

19 TTPs

Despite arrests, eight-legged menace targeted more victims this year Despite several arrests last year, Scattered Spider's social engineering attacks are continuing into 2025 as the cybercrime collective targets high-profile organizations and adds another phishing kit to its arsenal along with a new version of Spectre RAT malware.…

End of feed