The Register

New package aimed at consumers Element, which makes Matrix-based communications and collaboration tools, has launched a consumer-oriented version of its messaging platform, complete with bridges for WhatsApp, Signal and Telegram.… READ MORE HERE…

US govt issues alert over JS package downloaded 8m times a week – plus more news from world of infosec In brief  The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has warned developers that a version of the ua-parser-js JavaScript library, available via NPM, was infected with data-stealing and cryptocurrency-mining malware.… READ MORE HERE…

Phishing and password spraying on the up Russia’s Nobelium group – fingered as being a Russian state actor by both the United States and Britain – has massively ramped up phishing and password spraying attempts against managed service providers (MSPs) and cloud resellers, Microsoft’s security arm has warned.… READ MORE HERE…

Only for one-to-one voice and video, mind Microsoft has finally kicked off the rollout of end-to-end-encryption (E2EE) in its Teams collaboration platform with a public preview of E2EE for one-to-one calls.… READ MORE HERE…

Researcher spots RSA tell-tale lurking in plain sight on VirusTotal Around 1,500 Cobalt Strike beacons uploaded to VirusTotal were reusing the same RSA keys from a cracked version of the software, according to a security researcher who pored through the malware repository.… READ MORE HERE…

The second vanishing of the cybergang… for now As we noted a few days back, notorious ransomware gang REvil “disappeared” again this week. Recent reports have now shed light on why that may be.… READ MORE HERE…

Unique fingerprints lurk in radio signals more often than not, it seems Over the past few years, mobile devices have become increasingly chatty over the Bluetooth Low Energy (BLE) protocol and this turns out to be a somewhat significant privacy risk.… READ MORE HERE…

Vid-slingers had been asking how this happened for years, even while their channels were spruiking dodgy crypto After years of complaints from YouTubers, Google has pinpointed the root cause of a series of account hijackings: software sponsorship deals that delivered malware.… READ MORE HERE…

Update to v6.02 – or don’t, but on your head be it A remote code execution vulnerability existed in an old and free trial version of WinRAR, according to infosec firm Positive Technologies.… READ MORE HERE…

Considering the slack security of such kit, it’s a perfect storm Increasing numbers of “non-business” Internet of Things devices are showing up inside corporate networks, Palo Alto Networks has warned, saying that smart lightbulbs and internet-connected pet feeders may not feature in organisations’ threat models.… READ MORE HERE…