Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 4
78 résultats taggé theregister  ✕
Netflix, Apple, BofA sites hijacked with fake help numbers https://www.theregister.com/2025/06/20/netflix_apple_bofa_websites_hijacked/
05/07/2025 16:55:55
QRCode
archive.org
thumbnail

Don’t trust mystery digits popping up in your search bar
Scammers are hijacking the search results of people needing 24/7 support from Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal in an attempt to trick victims into handing over personal or financial info, according to Malwarebytes senior director of research Jérôme Segura.

It's a variation of SEO or search poisoning, in which the attackers manipulate the search engine algorithms to promote what is usually a malicious website masquerading as the real deal. In this new scam, the fraudster pays for a sponsored ad on Google and crafts a malicious URL that embeds a fake phone number into the real site's legitimate search functionality.

Because the ad resolves to the authentic Netflix domain, reputation-based browser filters, such as Chrome's Safe Browsing, won't flag it as malicious.

When someone searches "24/7 Netflix support," for example, the digital thieves' ad pops up as one of the top results, and when the unwitting victim clicks on the URL, it takes them to the help page of the brand's website.

The page looks real — because it is — but displays a phone number pre-populated in the search bar on that page. This purports to be the legitimate help-desk phone number, but in reality it's a fake, controlled by the attackers.

As the anti-malware security firm explains:

This is able to happen because Netflix's search functionality blindly reflects whatever users put in the search query parameter without proper sanitization or validation. This creates a reflected input vulnerability that scammers can exploit.

theregister EN 2025 scam Netflix BofA search-poisoning support
That DeepSeek installer you just clicked? It's malware https://www.theregister.com/2025/06/11/deepseek_installer_or_infostealing_malware/
12/06/2025 09:19:50
QRCode
archive.org
thumbnail

Suspected cybercriminals have created a fake installer for Chinese AI model DeepSeek-R1 and loaded it with previously unknown malware called "BrowserVenom".

The malware’s name reflects its ability to redirect all traffic from browsers through an attacker-controlled server.

This enables the crooks to steal data, monitor browsing activity, and potentially expose plaintext traffic. Credentials for websites, session cookies, financial account info, plus sensitive emails and documents are therefore all at risk – just the sort of info scammers seek so they can commit digital fraud and/or sell to other miscreants.

To date, the malware has infected "multiple" computers across Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. Kaspersky, which spotted a phishing campaign that spreads the malware by sending victims to a fake website that resembles the real DeepSeek homepage, said it continues to "pose a global threat.”
While the malware used in this campaign is new, the tactic of using interest in AI to spread nasty payloads is increasingly common.

Such campaigns use phishing sites whose domain names differ slightly from those operated by real AI vendors, and criminals use malicious ads and other tactics, so they appear prominently in search engine results. But instead of delivering the promised chatbot or AI tool, they infect unwitting victims with everything from credential- and wallet-stealing malware to ransomware and Windows-borking code.

This campaign used the URL https[:]//deepseek-platform[.]com.

The crims promoted that address to many potential victims by buying ads from Google, so it appeared as the top result when users searched for "deepseek r1".

theregister EN 2025 BrowserVenom malware DeepSeek fake installer
EU bug database fully operational as US slashes infosec https://www.theregister.com/2025/05/13/eu_security_bug_database/
15/05/2025 21:31:53
QRCode
archive.org
thumbnail

The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems.

As of Tuesday, the full-fledged version of the website is up and running.

"The EU is now equipped with an essential tool designed to substantially improve the management of vulnerabilities and the risks associated with it," ENISA Executive Director Juhan Lepassaar said in a statement announcing the EUVD.

"The database ensures transparency to all users of the affected ICT products and services and will stand as an efficient source of information to find mitigation measures," Lepassaar continued.

The European Union Agency for Cybersecurity (ENISA) first announced the project in June 2024 under a mandate from the EU's Network and Information Security 2 Directive, and quietly rolled out a limited-access beta version last month during a period of uncertainty surrounding the United States' Common Vulnerabilities and Exposures (CVE) program.

Register readers — especially those tasked with vulnerability management — will recall that the US government's funding for the CVE program was set to expire in April until the US Cybersecurity and Infrastructure Security Agency, aka CISA, swooped in at the 11th hour and renewed the contract with MITRE to operate the initiative.

theregister EN 2025 EU EUVD operational CVE ENISA
Schneier warns that AI loses integrity due to corporate bias https://www.theregister.com/2025/05/06/schneier_ai_models/
10/05/2025 22:42:42
QRCode
archive.org
thumbnail

RSAC: Can we turn to govt, academic models instead?
Corporate AI models are already skewed to serve their makers' interests, and unless governments and academia step up to build transparent alternatives, the tech risks becoming just another tool for commercial manipulation.

That's according to cryptography and privacy guru Bruce Schneier, who spoke to The Register last week following a keynote speech at the RSA Conference in San Francisco.

"I worry that it'll be like search engines, which you use as if they are neutral third parties but are actually trying to manipulate you. They try to kind of get you to visit the websites of the advertisers," he told us. "It's integrity that we really need to think about, integrity as a security property and how it works with AI."

During his RSA keynote, Schneier asked: "Did your chatbot recommend a particular airline or hotel because it's the best deal for you, or because the AI company got a kickback from those companies?"

To deal with this quandary, Schneier proposes that governments should start taking a more hands-on stance in regulating AI, forcing model developers to be more open about the information they receive, and how the decisions models make are conceived.

He praised the EU AI Act, noting that it provides a mechanism to adapt the law as technology evolves, though he acknowledged there are teething problems. The legislation, which entered into force in August 2024, introduces phased requirements based on the risk level of AI systems. Companies deploying high-risk AI must maintain technical documentation, conduct risk assessments, and ensure transparency around how their models are built and how decisions are made.

Because the EU is the world's largest trading bloc, the law is expected to have a significant impact on any company wanting to do business there, he opined. This could push other regions toward similar regulation, though he added that in the US, meaningful legislative movement remains unlikely under the current administration.

theregister EN 2025 Schneier IA corporate bias corporate-bias warning
SSL/TLS certificates will last 47 days max by 2029 https://www.theregister.com/2025/04/14/ssl_tls_certificates/
15/04/2025 09:52:37
QRCode
archive.org
thumbnail

CA/Browser Forum – a central body of web browser makers, security certificate issuers, and friends – has voted to cut the maximum lifespan of new SSL/TLS certs to just 47 days by March 15, 2029.

Today the certificates, which underpin things like encrypted HTTPS connections between browsers and websites, are good for up to 398 days before needing to be renewed. Apple put out a proposal last year to cut the maximum time between renewals, and got support from Big Tech pals.

Their argument being that shorter renewal periods mean compromised or stolen certificates can be abused for at the most days or weeks rather than months before expiring. On the one hand, that may mean more purchases from certificate issuers for cert holders; on the other, Let's Encrypt provides perfectly good certificates for free and also helps automate the renewal process.

theregister EN 2025 certificates Browser-Forum SSL/TLS 2029
Don't open that file in WhatsApp for Windows just yet https://www.theregister.com/2025/04/08/whatsapp_windows_bug/
09/04/2025 11:12:24
QRCode
archive.org
thumbnail

A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment - and, to be fair, it doesn't take much craft to pull that off.

The spoofing flaw, tracked as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows prior to 2.2450.6, and stems from a bug in how the app handles file attachments.

theregister EN 2025 WhatsApp Windows CVE-2025-30401 client
Apple belatedly fixes exploited flaws in older OSes https://www.theregister.com/2025/04/02/apple_patch_bundle/
02/04/2025 09:06:29
QRCode
archive.org
thumbnail

Apple has delivered a big batch of OS updates, some of which belatedly patch older versions of its operating systems to address exploited-in-the-wild flaws the iGiant earlier fixed in more recent releases.

theregister EN 2025 belatedly older Apple patch iOS vulnerabilities CVE-2025-24200
Ransomware crews add EDR killers to their arsenal https://www.theregister.com/2025/03/31/ransomware_crews_edr_killers/
31/03/2025 12:14:22
QRCode
archive.org
thumbnail

interview: Crims are disabling security tools early in attacks, Talos says

theregister EN 2025 EDR-killer HRSword Ransomware
OpenSSH bugs threaten enterprise security, uptime https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/
19/02/2025 22:05:14
QRCode
archive.org
thumbnail

Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released.

Qualys discovered the bugs in January, per its disclosure timeline. These vulnerabilities allow miscreants to perform machine-in-the-middle (MitM) attacks on the OpenSSH client and pre-authentication denial-of-service (DoS) attacks.

Patches for CVE-2025-26465 and CVE-2025-26466 were released this morning. Although their respective severity scores (6.8 and 5.9 out of 10) don't necessarily scream "patch me right away" – it certainly doesn't seem as bad as last year's regreSSHion issue – they're both likely to raise some degree of concern given the tool's prominence.

theregister EN 2025 CVE-2025-26465 CVE-2025-26466 OpenSSH bugs FreSSH
Mysterious backdoor found on select Juniper routers https://www.theregister.com/2025/01/25/mysterious_backdoor_juniper_routers/
27/01/2025 16:23:18
QRCode
archive.org
thumbnail

Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023.

The devices were infected with what appears to be a variant of cd00r, a publicly available "invisible backdoor" designed to operate stealthily on a victim's machine by monitoring network traffic for specific conditions before activating.

theregister EN 2025 backdooring Juniper cd00r backdoor
Okta security bug affects those with really long usernames https://www.theregister.com/2024/11/04/why_the_long_name_okta/
13/11/2024 11:36:19
QRCode
archive.org
thumbnail

Mondays are for checking months of logs, apparently, if MFA's not enabled

theregister EN 2024 Okta bug AD/LDAP Delegated Authentication DelAuth
China's Volt Typhoon breached Singtel, reports say https://www.theregister.com/2024/11/06/chinas_volt_typhoon_breached_singtel/
13/11/2024 11:24:57
QRCode
archive.org
thumbnail

Chinese government cyberspies Volt Typhoon reportedly breached Singapore Telecommunications over the summer as part of their ongoing attacks against critical infrastructure operators.

The digital break-in was discovered in June, according to Bloomberg, citing "two people familiar with the matter" who told the news outlet that the Singtel breach was "a test run by China for further hacks against US telecommunications companies."

theregister EN 2024 VoltTyphoon China Singtel breach spy
The story behind HISAA https://www.theregister.com/2024/10/29/hold_the_story_behind_the/?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118
04/11/2024 08:44:10
QRCode
archive.org
thumbnail

Health care breaches lead to legislation
Highlights of the new standard include:

  • Performing and documenting a security risk analysis of exposure
  • Documentation of a business continuity plan (BCP)
  • Stress test of resiliency and documentation of any planned changes to the BCP
  • A signed statement by both the CEO and CISO of compliance
  • A third-party audit to certify compliance (no later than six months after enactment)
theregister EN 2024 HISAA standard legal US health legislation
Cisco fixes bug under exploit in brute-force attacks https://www.theregister.com/2024/10/24/cisco_bug_brute_force/?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118
28/10/2024 08:41:07
QRCode
archive.org
thumbnail

Who doesn't love abusing buggy appliances, really?

theregister EN 2024 cisco ASA CVE-2024-20481 Firepower VPN RAVPN bug brute-force
Apple fixes password-blurting VoiceOver bug https://www.theregister.com/2024/10/04/apple_voiceover_password_bug/
04/10/2024 14:12:53
QRCode
archive.org
thumbnail

Not a great look when the iGiant just launched its first password manager

theregister EN 2024 Apple password-blurting VoiceOver
Rackspace systems hit by zero-day exploit of third-party app • The Register https://www.theregister.com/2024/09/30/rackspace_zero_day_attack/
04/10/2024 13:33:44
QRCode
archive.org
thumbnail

Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry

theregister EN 2024 Rackspace ScienceLogic zero-day exploit
10 security bugs put fuel storage tanks at risk of attacks https://www.theregister.com/2024/09/24/security_bugs_fuel_storage_tanks/?is=09685296f9ea1fb2ee0963f2febaeb3a55d8fb1eddbb11ed4bd2da49d711f2c7
28/09/2024 10:08:49
QRCode
archive.org
thumbnail

Tens of thousands of fuel storage tanks in critical infrastructure facilities remain vulnerable to zero-day attacks due to buggy Automatic Tank Gauge systems from multiple vendors, say infosec researchers.

Automatic Tank Gauges (ATGs) are used to monitor fuel levels in storage tanks and ensure that the tanks don't leak. The ten CVEs disclosed today were found in products from several different vendors: Dover Fueling Solutions (DFS), OPW Fuel Management Systems (owned by DFS), Franklin Fueling Systems, and OMNTEC.

theregister EN 2024 CVE-2024-45066 CVE-2024-43693 ATG fuel storage tanks SFS OMNTEC
Insecure software makers are the real cyber villains – CISA https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains
22/09/2024 12:34:12
QRCode
archive.org
thumbnail

Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret'

theregister EN CISA Jen-Easterly Insecure-software
Thousands of orgs at risk of ServiceNow KB data leaks https://www.theregister.com/2024/09/19/servicenow_knowledge_base_leaks/
20/09/2024 10:05:37
QRCode
archive.org
thumbnail

Security researchers say that thousands of companies are potentially leaking secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations.

Aaron Costello and Dan Meged, of the AppOmni and Adaptive Shield security shops respectively, separately published their findings this week, concluding that pages set to "private" could still be read by tinkering with a ServiceNow customer's KB widgets.

These widgets are essentially containers of information used to construct the pages in KB articles. These can include page elements that allow users to leave feedback on articles, either through star ratings or comments, for example.

theregister EN 2024 ServiceNow KB data-leak
Microsoft working on OS update to prevent another IT outage https://www.theregister.com/2024/09/13/microsoft_is_updating_windows_to/
16/09/2024 16:02:05
QRCode
archive.org
thumbnail

Existing low-level access for security solutions will undergo a rework

theregister EN 2024 crowdstrike cyberincident microsoft Kernel EDR update
page 1 / 4
4494 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio