Profile avatar
jessicalyons.bsky.social
Cybersecurity editor @theregister.com Contact me with tips: [email protected] or jess.825 on Signal Mama bear, book worm, outdoor lover, coffee and wine snob. PNW after decades in Santa Cruz but Blazers fan always.
183 posts 5,073 followers 477 following
Prolific Poster
Posts 41 Comments 9

The US Army soldier accused of compromising AT&T and bragging about getting his hands on President Trump's call logs allegedly tried to sell stolen information to a foreign intel agent.

submitted 16 hours ago • 1 comment

Smells like ransomware to me. Anyone else?

submitted 2 days ago • 1 comment

Is this what watching Democracy dies feels like? Asking for a friend.

submitted 2 days ago • 1 comment

Two new malware variants specifically designed to disrupt critical industrial processes were set loose on OT networks last year, shutting off heat to more than 600 apartment buildings in one instance and jamming communications to gas, water, and sewage network sensors in the other.

submitted 2 days ago • 0 comments

Security engineer Anmol Singh Yadav built AWS-Key-Hunter after he found more than 100 exposed AWS access keys, some with high privileges, in public repositories, "just waiting to be exploited."

submitted 8 days ago • 1 comment

"Some threat actors operate at the intersection of cybercrime and state-sponsored espionage, leveraging their capabilities to achieve multiple objectives," ESET senior malware researcher Jakub Souček told me via @theregister.com Check out my latest story ⬇️

submitted 15 days ago • 0 comments

An initial-access subgroup of Russia's Sandworm last year wriggled its way into networks within the US, UK, Canada and Australia, stealing credentials and data from "a limited number of organizations," according to Microsoft.

submitted 15 days ago • 0 comments

A previously unknown gang dubbed Triplestrength poses a triple threat to organizations: It infects victims' computers with ransomware, then hijacks their cloud accounts to illegally mine for cryptocurrency.

submitted 16 days ago • 0 comments

"I'm scared that in a year, as AI advances, I won't be able to decide if the person I'm talking with is a real person or not," Dawid Moczadło, CTO and co-founder of Vidoc Security Lab told me.

submitted 16 days ago • 2 comments

The US Treasury has revealed Tom Krause – the chief exec of Citrix and Netscaler owner Cloud Software Group – has "read-only" access to a vital federal government payment system that disburses trillions of dollars annually.

submitted 21 days ago • 0 comments

When asked about the feasibility of abusing this sort of abandoned internet infrastructure, watchTowr CEO Benjamin Harris told me it would be "terrifyingly simple" to pull off.

submitted 23 days ago • 0 comments

UFO-January 6 insurrection crossover event?!

submitted 23 days ago • 2 comments

FYI, it is possible to take over abandoned AWS S3 buckets that are still checked by applications and websites for code and updates, giving miscreants a chance to launch significant supply chain attacks More here by @jessicalyons.bsky.social www.theregister.com/2025/02/04/a...

submitted 23 days ago • 2 comments

The Trump-Musk reality show chaos continues…

submitted 24 days ago • 0 comments

If the nonstop flood of ransomware attacks doesn't already make every day feel like Groundhog Day, then a look back at 2024 – and predictions for 2025 – definitely will.

submitted 27 days ago • 0 comments

"No one was kicked off the NTSBi n the middle of investigating a flight that crashed," retired US Navy Rear Admiral Mark Montgomery told me via @theregister.com

submitted 28 days ago • 0 comments

In case an army of office phones firing off DDoS attacks against individuals or critical orgs isn't concerning enough, this latest strain has a never-seen-before capability that reports back to its C2 server when it catches a kill signal – an attempt to terminate the malware – on an infected device.

submitted 29 days ago • 0 comments

"Humiliation is a major psychological tactic leveraged by Hellcat."

submitted 30 days ago • 1 comment

You get to be CxO and you get to be CxO and you and you and you. The Register's @bvig.bsky.social covers more big moves by the Trump administration.

submitted 30 days ago • 2 comments

"President Trump stated clearly that the United States is no longer going to blindly dole out money with no return for the American people." Some would rank infosec for the US and its allies as a high return on investment 🤷‍♀️

submitted 30 days ago • 1 comment

Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023.

submitted 31 days ago • 0 comments

A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster, and thus fully take over those systems, according to Akamai researcher Tomer Peled.

submitted 34 days ago • 0 comments

Great feature from @jessicalyons.bsky.social on Trump's infosec policy, or lack of it. Dumping many talented security folks from unpaid advisory committees is bonkers.

submitted 35 days ago • 1 comment

Ransomware crews jump on the fake tech support scam bandwagon after spamming the hell out of unsuspecting orgs.

submitted 36 days ago • 0 comments

"Within his first two days in office, Donald Trump has already waved a white flag to Chinese hackers," @wyden.senate.gov told me, about DHS firing its cyber advisory committees including the one investigating the Salt Typhoon hacks of US telecoms.

submitted 36 days ago • 0 comments

Decades-old legislation requiring American telcos to lock down their systems to prevent foreign snoops from intercepting communications isn't mere decoration on the pages of law books – it actually means carriers need to secure their networks.

submitted 41 days ago • 0 comments

Is Biden's 11th-hour EO on cybersecurity DOA? "Given the timing right before a change in the administration, I can't help but think it's a bit of a Hail Mary designed to include everything possible and just see what sticks."

submitted 41 days ago • 1 comment

Star Blizzard, a prolific phishing crew backed by the Russian Federal Security Service (FSB), conducted a new campaign aiming to compromise WhatsApp accounts and gain access to their messages and data, according to Microsoft. www.theregister.com/2025/01/16/r...

submitted 42 days ago • 0 comments

As one of the world's largest web-hosting companies, and a registry and registrar with about 82 million domain names in its care, one would assume GoDaddy would be adept at applying software updates and monitoring security-related events. According to the FTC, one would be wrong.

submitted 42 days ago • 1 comment

Beijing's Salt Typhoon cyberspies had been seen in US government networks before telcos discovered the same foreign intruders in their own systems, according to CISA boss Jen Easterly.

submitted 43 days ago • 1 comment

The FBI, working with French cops, obtained nine warrants to remotely wipe PlugX malware from thousands of Windows-based computers that had been infected by Chinese government-backed criminals, according to newly unsealed court documents.

submitted 44 days ago • 0 comments

"Each of the affected victim organizations had somewhere between hundreds to thousands of malicious login events on Fortinet firewall devices," Arctic Wolf Labs' lead threat intel researcher Stefan Hostetler told me.

submitted 45 days ago • 0 comments

A new ransomware crew dubbed Codefinger targets AWS S3 buckets and uses the cloud giant's own server-side encryption with customer provided keys (SSE-C) to lock up victims' data before demanding a ransom payment for the symmetric AES-256 keys required to decrypt it.

submitted 45 days ago • 1 comment

One of the Mitel flaws is an 0-day, but the Oracle RCE…five years?!

submitted 50 days ago • 0 comments

"The access here that we're demonstrating is what we've affectionately termed mass-hacking-on-autopilot," watchTowr CEO Benjamin Harris told me. His team 4,000+ unique backdoors are using expired domains and/or abandoned infrastructure, and many of these expose government-owned hosts

submitted 50 days ago • 0 comments

"Every organization should look at this as being put on notice," @crowdstrike.com Senior VP of Counter Adversary Operations Adam Meyers told me. "If you are providing services that are of logistical importance for critical infrastructure, you're in the line of fire."

submitted 56 days ago • 0 comments

This makes me sad, with all the memories of my kiddos paddling around the wharf and visiting the sea lions. We’ll miss you, wharf 😢

submitted 66 days ago • 0 comments

Novel idea

submitted 66 days ago • 0 comments

Alleged LockBit ransomware dev initially claimed he didn't know the work he was doing was illegal. Later, however, he did catch on to the fact that he was providing code for a criminal operation, but "admitted that he continued working for the LockBit group, in sum and substance, 'for the money.'"

submitted 66 days ago • 1 comment

Or not so silently 🤷🏻‍♀️

submitted 69 days ago • 0 comments

"I'm still waiting for more definitive proof that it was Cl0p that performed these attacks, personally," Huntress principal security researche @johnhammond.bsky.social told me. "Until I see the victim notifications and data to download, I'm not sure I trust a threat actor's word quite yet."

submitted 73 days ago • 1 comment