lugapelsiteadmin

Expired Juniper routers find new life – as Chinese spy hubs

Fewer than 10 known victims, but Mandiant suspects others compromised, too Chinese spies have for months exploited old Juniper Networks routers, infecting the buggy gear with custom backdoors and gaining root access to the compromised devices.…

This is the FBI, open up. China’s Volt Typhoon is on your network

Power utility GM talks to El Reg about getting that call and what happened next Nick Lawler, general manager of the Littleton Electric Light and Water Departments (LELWD), was at home one Friday when he got a call from the FBI alerting him that the public power utility's…

UK must pay cyber pros more than its Prime Minister, top civil servant says

Leaders call for fewer contractors and more top talent installed across government Senior officials in the UK's civil service understand that future cyber hires in Whitehall will need to be paid a salary higher than that of the Prime Minister if the government wants to get serious about…

CISA worker says 100-strong red team fired after DOGE cancelled contract

Election infosec advisory agency also shuttered A penetration tester who worked at the US govt's CISA claims his 100-strong team was dismissed after Elon Musk's Trump-blessed DOGE unit cancelled a contract – and that more staff at the cybersecurity agency have also been let go.…

Choose your own Patch Tuesday adventure: Start with six zero-day fixes, or six critical flaws

Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy Patch Tuesday  Microsoft’s Patch Tuesday bundle has appeared, with a dirty dozen flaws competing for your urgent attention – six of them rated critical and another six already being exploited by criminals.…

‘Uber for nurses’ exposes 86k+ medical records, PII in open S3 bucket for months

Non-password-protected, unencrypted 108GB database…what could possibly go wrong Exclusive  More than 86,000 records containing nurses' medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open S3 bucket for months — or possibly even longer — before…

FTC’s $25.5M scam refund treats victims to $34 each

Oh wow, just looks at all the scary stuff in your Windows Event Viewer The Federal Trade Commission (FTC) is distributing over $25.5 million in refunds to consumers deceived by tech support scammers, averaging about $34 per person.…

MINJA sneak attack poisons AI models for other chatbot users

Nothing like an OpenAI-powered agent leaking data or getting confused over what someone else whispered to it AI models with memory aim to enhance user interactions by recalling past engagements. However, this feature opens the door to manipulation.…

Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it

Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it.…

Google begs owners of crippled Chromecasts not to hit factory reset

Expired SSL cert kerfuffle leaves second-gen, Audio gadgets useless Google's second-generation Chromecast and its Chromecast Audio are suffering a major ongoing outage, with devices failing to cast due to an expired security certificate. The web giant is aware of the breakdown and says a fix is in the…

Copyright © 2024 Lugapel