Dopenugget and Zero Angel may face life behind bars if convicted The two alleged administrators of Empire Market, a dark-web bazaar that peddled drugs, malware, digital fraud, and other illegal stuff, have been detained on charges related to owning and operating the illicit souk.…

Cloud storage giant lawyers up against infosec house Analysis  Hudson Rock, citing legal pressure from Snowflake, has removed its online report that claimed miscreants broke into the cloud storage and analytics giant's underlying systems and stole data from potentially hundreds of customers including Ticketmaster and Santander Bank.…

Uncle Sam can use this snooping tool, too, but that's beside the point Updated  There's another Chinese-manufactured product – joining the likes of TikTok, cars and semiconductors – that poses a national security risk to Americans: Electronic locks, such as those used in safes.…

Still 'no evidence' of any compromised customer-facing systems, we're told Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems. The Redmond giant also characterized the intrusion as "ongoing."…

18,000 customers, including the Pentagon and Microsoft, may have other thoughts SolarWinds – whose network monitoring software was backdoored by Russian spies so that the biz's customers could be spied upon – has accused America's financial watchdog of seeking to "revictimise the victim" after the agency sued it over the 2020 attack.…

Arion Kurtaj will remain hospitalized until a mental health tribunal says he can leave Two British teens who were members of the Lapsus$ gang have been sentenced for their roles in a cyber-crime spree that included compromising Uber, Nvidia, and fintech firm Revolut, and also blackmailing Grand Theft Auto maker Rockstar Games.…

Emergency comms standard had five nasty flaws but will be opened to academic research A set of encryption algorithms used to secure emergency radio communications will enter the public domain after an about-face by the European Telecommunications Standards Institute (ETSI).…

We'd like to say don't panic … but maybe? 35 vulnerabilities in the Squid caching proxy remain unfixed more than two years after being found and disclosed to the open source project's maintainers, according to the person who reported them.…

Momentary lapse in VPN led to stretch in the cooler, $1.6m bill Nickolas Sharp has been sentenced to six years in prison and ordered to pay almost $1.6 million to his now-former employer Ubiquiti – after stealing gigabytes of corporate data from the biz and then trying to extort almost $2 million from his bosses while posing as an anonymous hacker.…

Industry hasn't 'improved much at all' Mandiant's Eric Scales tells us SCSW  Back in 2020, Eric Scales led the incident response team investigating a state-backed software supply-chain attack that compromised application build servers and led to infections at government agencies and tech giants including Microsoft and Intel.…

Personal Gmail users still out of luck Google continued its client-side encryption rollout, the feature generally available to some Gmail and Calendar users who can now send and receive encrypted messages and meeting invites.…

Chainguard CEO explains how to secure code given crims know to poison it at the source SCSW  The vast majority of off-the-shelf software is composed of imported components, whether that's open source libraries or proprietary code. And that spells a security danger: if someone can subvert one of those components, they can infiltrate every installation of applications using those dependencies.…

Digital sleuths chop through crypto challenge in 'surreal' search A team of codebreakers discovered – and then cracked – more than 50 secret letters written by Mary Stuart, Queen of Scots while she was imprisoned in England by her cousin, Queen Elizabeth I. …

This is why we don't reuse passwords, kids Parents and teachers received a link to an "inappropriate image" this week via Seesaw after miscreants hijacked accounts in a credential stuffing attack against the popular school messaging app.…

Sounds like fair comment Updated  Google and its Youtube domains are being flagged as malicious by Malwarebytes as of Wednesday morning, blocking users from accessing a whole range of websites.…

Grab and deploy this backend update if you offer even repo read access A critical command-injection vulnerability in multiple API endpoints of Atlassian Bitbucket Server and Data Center could allow an unauthorized attacker to remotely execute malware, and view, change, and even delete data stored in repositories.…

All versions are susceptible, there's no patch, so now's a good time to remove this add-on Miscreants have reportedly scanned almost 1.6 million websites in attempts to exploit an arbitrary file upload vulnerability in a previously disclosed buggy WordPress plugin.…

Physical and IP addresses as well as credit card info revealed in privacy breach The US Supreme Court justices who overturned Roe v. Wade last month may have been doxxed – had their personal information including physical and IP addresses, and credit card info revealed – according to threat intel firm Cybersixgill.…

That, and Black Hat, are about to reveal risk assessment skills of our cyber-risk experts RSA Conference  Quick show of hands: who came home from this year's RSA Conference without COVID-19?…

So. Many. BIOS. Bugs Intel has disclosed high-severity bugs in its firmware that's used in datacenter servers, workstations, mobile devices, storage products, and other gear. These flaws can be exploited to escalate privileges, leak information, or stop things from working.…

But China's the most technologically advanced Interview  China remains the biggest cyber threat to the US government, America's critical infrastructure, and its private-sector networks, the nation's intelligence community has assessed.…

Intrusion investors went through Blount farce trauma, says SEC Jack Blount, the now-ex CEO of Intrusion, has settled with the SEC over allegations he made false and misleading statements about his infosec firm's product as well as his own background and experience.…

Stick an independent probe in our software, you won't find any Putin.DLL backdoor Kaspersky has hit back after the US government banned its products – by proposing an independent verification that its software is above board and not backdoored by the Kremlin.…

Those national security threat claims? 'No evidence,' VP tells The Reg Exclusive  Despite the Feds' determination to ban Kaspersky's security software in the US, the Russian business continues to push its proposal to open up its data and products to independent third-party review – and prove to Uncle Sam that its code hasn't been and won't be compromised by Kremlin spies.…

Total revenue for Q2 grew 32 percent CrowdStrike's major meltdown a month ago doesn't look like affecting the cyber security vendor's market dominance anytime soon, based on its earnings reported Wednesday.…

Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline NIST has made some progress clearing its backlog of security vulnerability reports to process – though it's not quite on target as hoped.…

Quick fix: Remove cups-browsed, block UDP port 631 Updated  After days of waiting and anticipation, what was billed as one or more critical unauthenticated remote-code execution vulnerabilities in all Linux systems was today finally revealed.…

Another blow for IT software house and its customers A critical, hardcoded login credential in SolarWinds' Web Help Desk line has been exploited in the wild by criminals, according to the US Cybersecurity and Infrastructure Security Agency, which has added the security blunder to its Known Exploited Vulnerabilities (KEV) Catalog.…