Cybersecurity
AI-powered penetration tool, an attacker’s dream, downloaded 10K times in 2 months
Shady, China-based company, all the apps needed for a fully automated attack - sounds totally legit Villager, a new penetration-testing tool linked to a suspicious China-based company and described by researchers as "Cobalt Strike's AI successor," has been downloaded about 10,000 times since its release in July.…
Anti-DDoS outfit walloped by record packet flood
FastNetMon says 1.5 Gpps deluge from hijacked routers, IoT kit nearly drowned scrubbing shop A DDoS mitigation provider was given a taste of the poison it tries to prevent, after being smacked by one of the largest packet-rate attacks ever recorded – a 1.5 billion packets per second…
Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets
AMD Zen hardware and Intel Coffee Lake affected If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient execution vulnerability that affects AMD Zen CPUs and Intel Coffee Lake processors by breaking virtualization boundaries.…
Senator blasts Microsoft for ‘dangerous, insecure software’ that helped pwn US hospitals
Ron Wyden urges FTC to probe failure to secure Windows after attackers used Kerberoasting to cripple Ascension Microsoft is back in the firing line after US Senator Ron Wyden accused Redmond of shipping "dangerous, insecure software" that helped cybercrooks cripple one of America's largest hospital networks.…
Brussels faces privacy crossroads over encryption backdoors
Over 600 security boffins say planned surveillance crosses the line Europe, long seen as a bastion of privacy and digital rights, will debate this week whether to enforce surveillance on citizens' devices.…
Jaguar Land Rover U-turns to confirm ‘some data’ affected after cyber prang
Systems offline as specialists continue to comb through wreckage Jaguar Land Rover (JLR) says "some data" was affected after the luxury car maker suffered a digital break-in early last week.…
Uncle Sam indicts alleged ransomware kingpin tied to $18B in damages
Prosecutors claim Ukrainian ran LockerGoga, MegaCortex, and Nefilim ops – $11M bounty on his head A Ukrainian national faces serious federal charges and an $11 million bounty after allegedly orchestrating ransomware operations that caused an estimated $18 billion in damages across hundreds of organizations worldwide.…
Flu jab email mishap exposes hundreds of students’ personal data
One parent expressed concern for their child's safety A clumsy data breach has affected hundreds of children at a Birmingham secondary school.…
Cybercrooks ripped the wheels off at Jaguar Land Rover. Here’s how not to get taken for a ride
Are you sure you know who has access to your systems? Feature Jaguar Land Rover (JLR) is the latest UK household name to fall victim to a major cyberattack. IT systems across multiple sites have been offline for over a week after what the company described as a…
Defense Dept didn’t protect social media accounts, left stream keys out in public
'The practice… has since been fixed,' Pentagon official tells The Reg The US Department of Defense, up until this week, routinely left its social media accounts wide open to hijackers via stream keys - unique, confidential identifiers generated by streaming platforms for broadcasting content. If exposed, these keys…