News You Should Know 2025 on

2025.04.22.News You Should Know 2025

Tue, 24 Jun 2025 13:30:30 -0500

Ransomware crooks search for ‘insurance’ ‘policy’ right away • The Register - Researchers reviewed 3 years of ransomware forensics and found threat actor SOPs usually involve searching for “insurance” in company documents. If found, ransoms are around 2.8x the average. If there’s a double extortion attempt, the ransom is around 5.5x’s higher.

2025.05.27.News You Should Know 2025

Tue, 24 Jun 2025 13:15:48 -0500

Wyden: AT&T, T-Mobile, and Verizon weren’t notifying senators of surveillance requests | TechCrunch - In the letter, Wyden, a longstanding member of the Senate Intelligence Committee, said that an investigation by his staff found that carriers were not notifying senators of legal requests — including from the White House — to surveil their phones. A report last year by the Inspector General, revealed that the Trump administration in 2017 and 2018 secretly obtained logs of calls and text messages of 43 congressional staffers and two serving House lawmakers, imposing gag orders on the phone companies that received the requests.

2025.05.20.News You Should Know 2025

Tue, 20 May 2025 13:15:08 -0500

Hackers scam Coinbase users and ransom data for $20M • The Register - Coinbase said that at no point during the compromise could the attackers have accessed customers’ funds, and confirmed the sources of the data were insiders bribed to steal information on behalf of the extortionists. The company said the data does not include passwords or private keys, but depending on the use, the following details of its customers may be compromised:

2025.05.13.News You Should Know 2025

Tue, 13 May 2025 13:14:03 -0500

Microsoft ends Authenticator password autofill, moves users to Edge - App will stop storing passwords. Users have until August 1st to move passwords to another option.

June 2025: You can no longer save new passwords in Authenticator.
July 2025: Autofill will stop working in Authenticator; stored payment info will be deleted.
August 2025: Saved passwords and unsaved generated passwords will no longer be accessible in Authenticator.

FBI: End-of-life routers hacked for cybercrime proxy networks - Threat actors are breaking into edge devices, notably Linksys and Cisco EoL routers, and adding them to residential proxy botnets.

2025.04.15.News You Should Know 2025

Tue, 15 Apr 2025 14:27:55 -0500

Pharmacist accused of spying on women using work, home cams • The Register - Pharmacist spent nearly a decade installing malware on coworkers PCs, including remote web cam viewers and keyloggers. Pharmacist is currently employed at another healthcare system and is not jailed. While the employer is being sued for failing to protect their infrastructure and employees.

2025.04.08.News You Should Know 2025

Tue, 08 Apr 2025 14:39:48 -0500

One of the last Bletchley Park’s heroes Betty Webb dies • The Register - Webb along with a number of other prominent women in the cryptography field worked at Bletchley Park to help decrypt some 10k German intercepts per day. Women have a long history in the Computer Science and Cryptography fields, I would highly recommend Invisible Women by Caroline Perez, Hidden Figures by Shetterly, BROAD band: The Untold Story of the Women Who Made the Internet - Claire Evans,

2025.04.01.News You Should Know 2025

Tue, 01 Apr 2025 14:42:41 -0500

US defense contractor settles whistleblower suit for $4.6M • The Register - Out of a possible 110 points, MORSE awarded itself 104. A third party assessment of the environment found a catastrophic score of (-)142, Yes, 246 points in the opposite (bad) direction. As part of the settlement, MORSE is handing back $4.6 million to the Feds, and $851,000 of that is going to the ex-employee who blew the whistle.

2025.03.25.News You Should Know 2025

Tue, 25 Mar 2025 14:45:46 -0500

US POL

Federal judge blocks DOGE’s access to Social Security Administration’s banks of personal information | TechCrunch - Hollander said DOGE “never identified or articulated” a reason why it needs access to the “personal and private data of millions of Americans.”

CISA fires then rehires security crew, and puts them on hold • The Register - CISA employees are back, but benched. Placed on paid-leave, Red Teamers and other security staff are still in limbo.

2025.03.18.News You Should Know 2025

Tue, 18 Mar 2025 14:45:54 -0500

Privacy

Amazon kills off on-device Alexa processing for Echo owners • The Register - “We are reaching out to let you know that the Alexa feature ‘Do Not Send Voice Recordings’ that you enabled on your supported Echo device(s) will no longer be available beginning March 28, 2025,” a copy of the email sent to Echo users relayed to El Reg read.

2025.03.11.News You Should Know 2025

Tue, 11 Mar 2025 14:46:00 -0500

USCIS mulls policing social media of all would-be citizens • The Register - Social Media assessment that started under the Obama White House will be extended to all resident and documented aliens. Moves the social media scanning from before entry to all immigrants.

Badbox is back and a million Android devices were backdoored • The Register - Infected Android machines part of extensive botnet. Devices exploiting residential IP space to serve malicious ads.

2025.03.04.News You Should Know 2025

Tue, 04 Mar 2025 14:46:05 -0500

China compromised GOP emails ahead of Republican convention • The Register - Notified in July of 2024, the Republic leadership opted to not notify the FBI or seek their assistance.

Hegseth orders suspension of Pentagon’s offensive cyberoperations against Russia | AP News - Hegseth can stop Pentagon, but not DHS:CISA or the CIA.

2025.02.25.News You Should Know 2025

Tue, 25 Feb 2025 14:49:29 -0500

Decade-old healthcare security SNAFU settled for $11M • The Register - Health Net Federal Services (HNFS) and its parent company Centene Corporation, were found liable of lying on security attestations and ignoring 3rd party audits of their environment from 2015-2018. Fine amounts to 0.0067% of it’s 2023 revenue ($163Bn).

Thousands of trafficked scammers await return to Thailand • The Register - Prime Minister Shinawatra said around 7,000 individuals are awaiting transfer to Thailand after being rescued from call centers in Myanmar.

2025.02.18.News You Should Know 2025

Tue, 18 Feb 2025 14:49:38 -0500

Meta confirms ‘Project Waterworth,’ a global subsea cable project spanning 50,000 kilometers | TechCrunch - Meta will string a cable from the US, Brazil, India, South Africa, and elsewhere. The US Gov’t has committed to the Indian government to assist in this project. Meta-owned Facebook and Insta currently account for 10% of all fixed-internet traffic, and 22% of all mobile traffic.

2025.02.11.News You Should Know 2025

Tue, 11 Feb 2025 14:49:51 -0500

Beware of DDoSes from Mirai-based botnet of Mitel phones • The Register - Mitel, the phone thats sat on hundreds of desks across the world may have default credentials, and may have been roped into a Mirai botnet as part of the new Aquabotv3. Just a reminder to patch everything. Everywhere. All the time.

2025.01.28.news You Should Know 2025

Tue, 28 Jan 2025 14:52:54 -0500

Sweden seizes vessel after another undersea cable damaged • The Register - Trans-Baltic cables between Latvia and Sweden were attacked the 26th. This makes the third cable in 2 months in the Baltics. The first being a Between Finland-and-Estonia and Finland-and-Sweden.

China and frieds say they’re hurting cyber-slave scam camps • The Register - China and other Asian nations (Cambodia, Laos, Myanmar, Thailand, Vietnam) are concentrating on cyber-scam slave camps. Many tech-support and romance scams are staffed by human slaves in border regions in Myanmar, Laos, Cambodia, and Thailand. China estimates 100k of its citizens are currently held in these camps.

2025.01.21.News You Should Know 2025

Tue, 21 Jan 2025 14:53:01 -0500

ChatGPT crawler flaw opens door to DDoS, prompt injection • The Register - OpenAI’s web crawler has been weaponized by researches creating 20 - 5k requests per single API call to the crawler.

GM settles charges it shared driver location data • The Register - GM collected up to the second GPS data of vehicles, then sold it to Insurance companies to justify raising their premiums

2025.01.14.News You Should Know 2025

Tue, 14 Jan 2025 14:53:10 -0500

Scams & Breaches

Scammers file first — Get your IRS Identity Protection PIN now - Get signed up for a IP PIN for the IRS, before someone else does your taxes.

FCC chief urges auction to fund ‘Rip and Replace’ program • The Register - To fund the removal of Huawei and ZTE equipment from American networks, the FCC is considering a spectrum fire sale. The last sale of Advanced Wireless Services spectrum (for mobile operators) saw AT&T, Verizon, and T-Mobile, among others raise $45bn. Outgoing director Jessica Rosenworcel specifically called out Chinese-based Typhoon actors as being the catalyst for the sale.

2025.01.07.News You Should Know

Tue, 07 Jan 2025 13:21:21 -0600

Apple

Apple offers $95M settlement in Siri privacy lawsuit • The Register - Something as simple as a zipper or an individual raising their arms would cause Siri to start recording. Lopez, et al v. Apple Inc will be settled for $95 million if the N. California District Court approves. Apple CEO Tim Cook had previously told Congress that Siri’s recording features required a “clear, unambiguous trigger”, i.e.; “Hey Siri” Siri-enabled Apple users from 2011-to an unknown date will likely be eligible diluting individual payouts. 95m dollars(USD) is roughly less than .001 of Apple’s Profits in 2024.