The Register – Security

WeTransfer added the magic words ‘machine learning’ to its ToS and users reacted predictably Analysis  WeTransfer this week denied claims it uses files uploaded to its ubiquitous cloud storage service to train AI, and rolled back changes it had introduced to its Terms of Service after they deeply upset users. The topic? Granting licensing permissions for an as-yet-unreleased LLM product.…

Ads giant complains of damage to its reputation and finances … and crime, too Google has filed a lawsuit against 25 unnamed individuals in China it accuses of breaking into more than 10 million devices worldwide and using them to build a botnet, called BadBox 2.0, and then to carry out other cybercrimes and fraud.…

Three perfect 10s in the last month – ISE, ISE, baby Updated  Cisco has issued a patch for a critical 10 out of 10 severity bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow an unauthenticated, remote attacker to run arbitrary code on the operating system with root-level privileges. …

Computer scientist Peter Gutmann tells The Reg why it’s ‘bollocks’ The US National Institute for Standards and Technology (NIST) has been pushing for the development of post-quantum cryptographic algorithms since 2016.…

It looks like enough of you are struggling to migrate that Redmond is willing to help out – for a price that might buy nothing Microsoft has extended its security update programs for Exchange Server 2016 and 2019, and Skype for Business 2015 and 2019.…

‘Deeply penetrated’ Gaskar ‘to the very tonsils of demilitarization’ Ukrainian hackers claim to have taken out the IT infrastructure at Russia’s Gaskar Integration plant, one of the largest suppliers of drones for its army, and also destroyed massive amounts of technical data related to drone production. …

Two Russian suspects in cuffs, seven warrants out International cops shut down more than 100 servers belonging to the pro-Russian NoName057(16) network this week as part of the Europol-led Operation Eastwood.…

Someone’s OVERSTEPing the mark Updated  Unknown miscreants are exploiting fully patched, end-of-life SonicWall VPNs to deploy a previously unknown backdoor and rootkit, likely for data theft and extortion, according to Google’s Threat Intelligence Group.…

Supermarket announces white hat education scheme as four suspects released on bail Co-op Group’s chief executive officer has confirmed that all 6.5 million of the organization’s members had their data stolen during its April cyberattack – Scattered Spider is believed to be behind the digital heist.…

Attack enters day 11 and still no public disclosure of what insider claims to be ‘deep breach’ of Active Directory Exclusive  Aviation insiders say Serbia’s national airline, Air Serbia, was forced to delay issuing payslips to staff as a result of a cyberattack it is battling.…

Former staffers of struggling UK biz say they don’t expect to be paid for July UK cybersecurity shop Adarma has confirmed it has entered administration.…

Maintainers struggle to handle growing flow of low-quality bug reports written by bots Daniel Stenberg, founder and lead developer of the open-source curl command line utility, just wants the AI slop to stop.…

File this one under what not to search if you’ve committed a crime A former US Army soldier, who reportedly hacked AT&T, bragged about accessing President Donald Trump’s call logs, and then Googled “can hacking be treason,” and “US military personnel defecting to Russia,” pleaded guilty to conspiring to break into telecom firms’ databases and extort at least $1 million.…

Stealth jets can’t fight, can’t fly much, and can’t shoot UK missiles, says NAO The F-35 stealth fighter is not meeting its potential in British service because of availability issues, a shortage of support personnel, and delays in integrating key weapons that are limiting the aircraft’s effectiveness.…

Anyone investigated Grok? Just sayin’… Someone hacked Elmo’s X account on Sunday, making it appear as if the lovable Sesame Street monster with the habit of referring to themselves in the third-person spewed a series of now-removed antisemitic, racist, and anti-Trump posts.…

Rowhammer returns for more memory-meddling fun The Rowhammer attack on computer memory is back, and for the first time, it’s able to mess with bits in Nvidia GPUs, despite defenses designed to protect against this kind of hacking.…

Neil Smith has been trying to get the railroad industry to listen since 2012, but it took a CISA warning to get there Updated  When independent security researcher Neil Smith reported a vulnerability in a comms standard used by trains to the US government in 2012, he most likely didn’t expect it would take until 2025 to sort the matter out, but here we are. …

Cross-Channel pact aims to bolster navigation and timing tech as satellite signals face growing jamming threats Britain and France are to work more closely on technology to back up the familiar Global Positioning System (GPS), which is increasingly subject to interference in many regions around the world.…

Report on serious organized crime fails to account for differences, agency says The UK’s National Crime Agency (NCA) has hit back at a think tank after it assessed its US counterpart, the FBI, to be nearly three times more effective.…

Despite loathing the USA, Iran wants providers who match NIST’s definition of cloud computing The Information Technology Organization of Iran (ITOI), the government body that develops and implements IT services for the country, is looking for suppliers of cloud computing.…

PLUS: Bluetooth mess leaves cars exposed; Bitcoin ATMs attacked; Deepfakers imitate US secretary of state Marco Rubio; and more Infosec In Brief  Nvidia last week advised customers to ensure they employ mitigations against Rowhammer attacks, after researchers found one of its workstation-grade GPUs is susceptible to the exploit.…

Thick resumes with thin LinkedIn connections are one sign. Refusing an in-person interview is another By now, the North Korean fake IT worker problem is so ubiquitous that if you think you don’t have any phony resumes or imposters in your interview queue, you’re asleep at the wheel.…

Intruders looked up how to use curl mid-attack – rookie errors kept damage minimal Huntress security researchers observed exploitation of the CVSS 10.0 remote code execution (RCE) flaw in Wing FTP Server on July 1, just one day after its public disclosure.…

Last summer’s riots show how some content can be harmful but not illegal The Online Safety Act fails to tackle online misinformation, leaving the UK in need of further regulation to curb the viral spread of false content, a report from MPs has found.…

First came the dodgy lawyer, then the explosively angry HR person, leaving a whistleblower techie to save his career On Call  Welcome once again to On Call, The Register’s Friday column that shares your stories of tech support terror and triumph.…

‘He’s useless with computers and can’t even install an application’ says lawyer A Russian professional basketball player is cooling his heels in a French detention center after being arrested and accused of acting as a negotiator for a ransomware gang.…

Alleges Singaporean infosec outfit sent feeble legal demands to hosting company, which caved UPDATED  Anti-censorship organization GreatFire.org has accused Singapore infosec outfit Group-IB of helping Chinese web giant Tencent to quell its activities.…

Oh my sweet secret informant lover, what happened in that NATO meeting today? A lovestruck US Air Force employee has pleaded guilty to conspiring to transmit confidential national defense information after sharing military secrets information about the Russia-Ukraine war with a woman he met on a dating app.…

Add CISA to the list Updated  The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitation and abused to hijack user sessions.…

‘Whether those files were allowed to go to Russia? I didn’t ask’ A former ASML and NXP semiconductor engineer will spend three years in a Dutch prison after stealing secret chip technology from his employers and sharing it with Russia.…