Blog

DeepSeek can be gently persuaded to spit out malware code

It might need polishing, but a useful find for any budding cybercrooks out there DeepSeek's flagship R1 model is capable of generating a working keylogger and basic ransomware code, just as long as a techie is on hand to tinker with it a little.…

Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand

Feds warn gang still rampant and now cracked 300+ victims around the world A crook who distributes the Medusa ransomware tried to make a victim cough up three payments instead of the usual two, according to a government advisory on how to defend against the malware and the…

Get off that old Firefox by Friday or you’ll be sorry, says Moz

Root cert expiry may bring breakage or worse for add-ons, media playback, and more If you're running an outdated version of Firefox, update by Friday or risk broken add-ons, failing DRM-protected media playback, and other errors, due to an expiring root certificate.…

Expired Juniper routers find new life – as Chinese spy hubs

Fewer than 10 known victims, but Mandiant suspects others compromised, too Chinese spies have for months exploited old Juniper Networks routers, infecting the buggy gear with custom backdoors and gaining root access to the compromised devices.…

This is the FBI, open up. China’s Volt Typhoon is on your network

Power utility GM talks to El Reg about getting that call and what happened next Nick Lawler, general manager of the Littleton Electric Light and Water Departments (LELWD), was at home one Friday when he got a call from the FBI alerting him that the public power utility's…

UK must pay cyber pros more than its Prime Minister, top civil servant says

Leaders call for fewer contractors and more top talent installed across government Senior officials in the UK's civil service understand that future cyber hires in Whitehall will need to be paid a salary higher than that of the Prime Minister if the government wants to get serious about…

CISA worker says 100-strong red team fired after DOGE cancelled contract

Election infosec advisory agency also shuttered A penetration tester who worked at the US govt's CISA claims his 100-strong team was dismissed after Elon Musk's Trump-blessed DOGE unit cancelled a contract – and that more staff at the cybersecurity agency have also been let go.…

Choose your own Patch Tuesday adventure: Start with six zero-day fixes, or six critical flaws

Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy Patch Tuesday  Microsoft’s Patch Tuesday bundle has appeared, with a dirty dozen flaws competing for your urgent attention – six of them rated critical and another six already being exploited by criminals.…

‘Uber for nurses’ exposes 86k+ medical records, PII in open S3 bucket for months

Non-password-protected, unencrypted 108GB database…what could possibly go wrong Exclusive  More than 86,000 records containing nurses' medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open S3 bucket for months — or possibly even longer — before…

FTC’s $25.5M scam refund treats victims to $34 each

Oh wow, just looks at all the scary stuff in your Windows Event Viewer The Federal Trade Commission (FTC) is distributing over $25.5 million in refunds to consumers deceived by tech support scammers, averaging about $34 per person.…

Copyright © 2024 Lugapel