Security News

In what was originally being called a serious IT outage at the end of last week, the union confirmed to The Register today that the incident is now being treated as an attack, the full extent of which is still being assessed. The CWU told us on March 22 that its email services weren't working and that it has engaged third-party cybersecurity experts who have been on site since 0900 UTC on March 21.

A consensus on regulatory AI frameworks seems distant. The imperative for secure and responsible AI deployment cannot be overstated.

Tech support companies Restoro and Reimage will pay $26 million to settle charges that they used scare tactics to trick their customers into paying for unnecessary computer repair services. "These companies used scare tactics and lies about threats to consumers' personal computers to bilk consumers, particularly older consumers, out of tens of millions of dollars," said Samuel Levine, Director of the FTC's Bureau of Consumer Protection.

Google awarded $10 million to 632 bug hunters last year through its vulnerability reward programs. Google's 2023 highlights include newer reward categories, including finding flaws in its AI products and Android phone apps, plus a brand-new Bonus Awards program that periodically pays out time-limited, extra rewards for specific vulnerability targets.

97% of technology leaders find traditional AIOps models are unable to tackle the data overload, according to Dynatrace. 88% of organizations say the complexity of their technology stack has increased in the past 12 months, and 51% say it will continue to increase.

The U.S. Department of Justice has announced the unsealing of an indictment against Linwei Ding, 38, a former software engineer at Google, suspected of stealing Google AI trade secrets for Chinese companies. The allegedly stolen trade secrets involve crucial technology underpinning Google's advanced supercomputing data centers, which are essential for training and hosting large AI models capable of processing nuanced language and generating intelligent responses.

Japan's government has ordered local tech giants LINE and NAVER to disentangle their tech stacks, after a data breach saw over 510,000 users' data exposed. LINE is a messaging app created by an offshoot of South Korea's NAVER - a Google-like web giant.

The US Commerce Department has blacklisted Sandvine for selling its networking monitoring technology to Egypt, where the Feds say the gear was used to spy on political and human-rights activists. Chengdu made the naughty list for apparently acquiring and attempting to acquire US goods on behalf of China's University of Electronic Science and Technology, which was already on the Entity List.

Cyber baddies have turned to ad networks to measure malware deployment and to avoid detection, according to HP Wolf Security. The security group's Q4 2024 Threat Insights Report finds criminals have adopted ad tech tools to make their social engineering attacks more effective.

As-a-service attacks continue to dominate the threat landscape, with Malware-as-a-Service and Ransomware-as-a-Service tools making up the majority of malicious tools in use by attackers, according to Darktrace. As-a-Service tools can provide attackers with everything from pre-made malware to templates for phishing emails, payment processing systems and even helplines to enable criminals to mount attacks with limited technical knowledge.