Tag: The Register – Security

Is that a lot? Depends on the context. GHz, no. Voltage, yes Intel has divulged more details on its Raptor Lake family of 13th and 14th Gen Core processor failures and the 0x129 microcode that’s supposed to prevent further damage…

Read more →

Explore the latest trends in cybersecurity with expert insight from Cloudflare Webinar  As cyber threats grow more sophisticated, staying informed is crucial for IT professionals.… This article has been indexed from The Register – Security Read the original article: Understanding…

Read more →

Political officials, advisors targeted in cyber attacks as fake news sites deliver lefty zingers Microsoft says Iran’s efforts to influence the November US presidential election have gathered pace recently and there are signs that point toward its intent to incite…

Read more →

Can’t reach someone’s private server on localhost from outside? No problem A years-old security oversight has been addressed in basically all web browsers – Chromium-based browsers, including Microsoft Edge and Google Chrome, WebKit browsers like Apple’s Safari, and Mozilla’s Firefox.……

Read more →

Multiple critical flaws found and they won’t be fixed A boffin from British defence contractor BAE has found three critical flaws in Cisco’s Small Business SPA300 and SPA500 IP phones – and another couple of nasties – none of which…

Read more →

Airline unimpressed with ‘unhelpful and untimely’ phone call from CEO, Falcon maker says claims untrue Delta Air Lines has come out swinging at CrowdStrike in a letter accusing the security giant of trying to “shift the blame” for the IT…

Read more →

American and Brit firms thought they were employing a Westerner, but not so, it’s alleged The FBI today arrested a Tennessee man suspected of running a “laptop farm” that got North Koreans, posing as Westerners, IT jobs at American and…

Read more →

American and Brit firms thought they were employing a Westerner, but not so, it’s alleged The FBI today arrested a Tennessee man suspected of running a “laptop farm” that got North Koreans, posing as Westerners, IT jobs at American and…

Read more →

Hundreds of thousands of users potentially vulnerable Password manager 1Password is warning that all Mac users running versions before 8.10.36 are vulnerable to a bug that allows attackers to steal vault items.… This article has been indexed from The Register…

Read more →

Election tech is fine – it’s all thise idiots buying into the propaganda that’s worrying Jen Easterly Black Hat  US Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly and her counterparts from the UK and EU want the world…

Read more →

Just snapping the webcam shutter closed won’t keep a user safe online New research has shown that while many Brits will snap shut a laptop camera in the name of privacy, a worrying amount will just as happily shovel all…

Read more →

Sectigo bosses claim it’s only a matter of time before Microsoft and Apple drop Big E from their root stores too After falling down in the estimations of major browser makers Google and Mozilla, Entrust faces a lengthy fight on…

Read more →

Why run your own evil infrastructure when Big Tech offers robust tools hosted at trusted URLs? Black Hat  State-sponsored cyber spies and criminals are increasingly using legitimate cloud services to attack their victims, according to Symantec’s threat hunters who have…

Read more →

Good luck, crackers: It’s an isolated processor and storage enclave, and top dollar only comes from a remote attack Samsung has dangled its first $1 million bug bounty for anyone who successfully compromises Knox Vault – the isolated subsystem the…

Read more →

Let’s get physical, physical … I don’t wanna hear your MMU talk Black Hat  Computer security researchers at the CISPA Helmholtz Center for Information Security in Germany have found serious security flaws in some of Alibaba subsidiary T-Head Semiconductor’s RISC-V…

Read more →

Palo Alto Networks reveals how AI can be harnessed to strengthen cyber security defenses David Gordon Sponsored Post  Hackers and cyber criminals are busy finding new ways of using AI to launch attacks on businesses and organizations often unprepared to…

Read more →

A simple HTML change and the warning is gone! Researchers say cybercriminals can have fun bypassing one of Microsoft’s anti-phishing measures in Outlook with some simple CSS tweaks.… This article has been indexed from The Register – Security Read the…

Read more →

Timor-Leste is a known cybercrime hotspot Two days is all it took for Interpol to recover more than $40 million worth of stolen funds in a recent business email compromise (BEC) heist, the international cop shop said this week.… This…

Read more →

Went at equivalent of $3.5B+ valuation for entire firm, though portion sold not specified Acronis, the Swiss disaster recovery turned cybersecurity firm and catch-all for managed service providers, has been majority acquired by Europe’s largest private equity firm, EQT.… This…

Read more →

Nearly 83,000 people had their data stolen amid chaos that struck NHS healthcare The UK’s data protection watchdog says it plans to fine a managed software provider to the NHS £6.09 million ($7.7 million) for failings that led to a…

Read more →

Fake Angry IP Scanner will make you furious – or maybe remind you of how the Hive gang went about its banal business The latest malware from upstart criminal gang Hunters International appears to be targeting network admins, using malicious…

Read more →

Trying to cancel a citizen’s registration would be caught by humans no matter what the page said, officials say The US state of Georgia has a website for cancelling voter registration, and it’s had a bumpy start.… This article has…

Read more →

SatNad himself offered CrowdStrike recovery help, Redmond says, before suggesting airline’s IT is in a mess Microsoft has labelled Delta Air Lines’ accusations it’s partly to blame for the outages caused by CrowdStrike’s buggy software “false” and “misleading” – and…

Read more →

And reveals the small mistake that bricked 8.5M Windows boxes CrowdStrike has hired two outside security firms to review the Falcon functionality that sparked a global IT outage last month – but it may not have an awful lot to…

Read more →

And reveals the small mistake that bricked 8.5M Windows boxes CrowdStrike has hired two outside security firms to review the Falcon functionality that sparked a global IT outage last month – but it may not have an awful lot to…

Read more →

And reveals the small mistake that bricked 8.5 million Windows boxes CrowdStrike has hired two outside security firms to review the Falcon sensor code that sparked a global IT outage last month – but it may not have an awful…

Read more →

And Qualcomm addresses ‘permanent denial of service’ flaw in its stuff Google released 46 fixes for Android in its August security patch batch, including one for a Linux kernel flaw in the mobile OS that can lead to remote code…

Read more →

Misery loves company – all of its competitors were also negatively impacted One of the US’s largest car dealerships says the IT outage caused by CDK Global’s June ransomware attack cost it approximately $30 million.… This article has been indexed…

Read more →

Windows SmartScreen and Smart App Control both have weaknesses of which to be wary Elastic Security Labs has lifted the lid on a slew of methods available to attackers who want to run malicious apps without triggering Windows’ security warnings,…

Read more →

That one weird thing in Outlook that gives phishers and scammers an in to an inbox Users are urging Microsoft to rethink how it shows sender email addresses in Outlook because phishing criminals are taking advantage, using helpful, friendly names…

Read more →

Chap named ‘Roman Boss’ accused of being just that at a cryptocash laundering outfit Users of Cryptonator – an online digital wallet and cryptocurrency exchange – received an unpleasant surprise last weekend after the service was shuttered in a combined…

Read more →

Singapore Ministry of Education orders software removed after string of snafus UK-based mobile device management vendor Mobile Guardian has admitted that on August 4 it suffered a security incident that involved unauthorized access to iOS and ChromeOS devices managed by…

Read more →

Singapore Ministry of Education orders software removed after string of snafus UK-based mobile device management vendor Mobile Guardian has admitted that on August 4 it suffered a security incident that involved unauthorized access to iOS and ChromeOS devices managed by…

Read more →

Some scowl, some smile, as fines no longer apply every time your mugshot or fingerprint is shared The US state of Illinois has reduced penalties for breaches of its tough Biometric Information Privacy Act (BIPA).… This article has been indexed…

Read more →

Smile for the camera to get in, or buy a beer without lining up The National Football League and all 32 of its teams will use tech from facial recognition software vendor Wicket to verify the identity of thousands of…

Read more →

Background check biz accused of negligence A lawsuit has accused a Florida data broker of carelessly failing to secure billions of records of people’s private information, which was subsequently stolen from the biz and sold on an online criminal marketplace.……

Read more →

Watch this video to learn how Palo Alto Networks is using GenAI to automate and simplify cybersecurity Sponsored Post  Cyber security is complex right, particularly when you’re tyring to monitor and configure multiple tools across a host of different on-…

Read more →

Malware logs users’ keystrokes, pilfers credentials, exfiltrates data Criminals are preying on Windows users yet again, this time in an effort to hit them with a keylogger that can also steal credentials and take screenshots.… This article has been indexed…

Read more →

Vendor plans to aggressively defend its case before listing catalog of shortcomings at the airline CrowdStrike says it is “highly disappointed” and rejects the claims made by Delta and its lawyers that the vendor exhibited gross negligence in the events…

Read more →

Eighty-one apps signed up to pilot facial recognition and real name ID system Chinese app developers have signed up to beta test a national cyberspace ID system that will use facial recognition technology and the real names of users, according…

Read more →

Plus: CISA’s AI hire; and Canuck SIM swappers busted Infosec in brief  Scammers have been using Google’s own ad system to fool people into downloading a borked copy of the Chocolate Factory’s Authenticator software.… This article has been indexed from…

Read more →

Now that’s a TRACTOR pull request To accelerate the transition to memory safe programming languages, the US Defense Advanced Research Projects Agency (DARPA) is driving the development of TRACTOR, a programmatic code conversion vehicle.… This article has been indexed from…

Read more →

WeRedEvils alleges successful attack on infrastructure, including data theft Israel-based hacktivists are taking credit for an ongoing internet outage in Iran.… This article has been indexed from The Register – Security Read the original article: Israeli hacktivist group brags it…

Read more →

Hear how AI runtime security secures applications in the complete journey from design to build to run Sponsored Post  Ensuring access to mission critical, AI-enabled applications is important for modern businesses keen on boosting employee productivity and transforming customer operations.…

Read more →

They say crime doesn’t pay. They’re right – it’s the victims doing the paying An unnamed Fortune 50 corporation paid a stonking $75 million to a ransomware gang to stop it leaking terabytes of stolen data.… This article has been…

Read more →

Work aims to build on the success of NCSC’s 2016 initiative – and private sector will play a part The UK’s National Cyber Security Centre (NCSC) says it’s in the planning stages of bringing a new suite of services to…

Read more →

Suspected devs behind Russian Coms cuffed – now to find the users of the nastyware The UK’s National Crime Agency (NCA) has shut down an outfit called Russian Coms – a call-spoofing service believed to have swindled hundreds of thousands…

Read more →

First delays, then data leaks – now fraud detection needed at point of use The Japanese government has released details of of an app that verifies the legitimacy of its troubled My Number Card – a national identity document.… This…

Read more →

SMS OTPs are overused, so bring on the tokens and biometrics India’s central bank on Wednesday proposed a requirement for dynamically generated second authentication factors for most digital payments.… This article has been indexed from The Register – Security Read…

Read more →

Techno-crooks greeted by grinning Putin after landing At least two Russian cybercriminals are among those being returned to their motherland as part of a multinational prisoner exchange deal announced Thursday.… This article has been indexed from The Register – Security…

Read more →

That horse has not just bolted, it’s trampled all over kernel space CrowdStrike, after suggesting canary testing as a way to ensure it avoids future blunders leading to global computer outages, has been sued in federal court by investors for…

Read more →

Using Precision AI to stop cyber threats in real time Sponsored  Hackers and cyber criminals are busy finding new ways of using AI to launch attacks on businesses and organisations often unprepared to deal with the speed, scale and sophistication…

Read more →

PSA comes amid multiple IT services crises in recent days US law enforcement and cybersecurity agencies are reminding the public that the country’s voting systems will remain unaffected by distributed denial of service (DDoS) attacks as the next presidential election…

Read more →

Compliance failures and unsatisfactory responses mount from the long-time certificate authority Mozilla is following in Google Chrome’s footsteps in officially distrusting Entrust as a root certificate authority (CA) following what it says was a protracted period of compliance failures.… This…

Read more →

Meanwhile, US apparently considers further AI hardware sanctions Germany’s government has named China-controlled actors as the perpetrators of a 2021 cyber attack on the Federal Office of Cartography and Geodesy (BKG) – the official mapping agency.… This article has been…

Read more →

Scumbags go for the jugular A ransomware attack against blood-donation nonprofit OneBlood, which services more than 250 American hospitals, has “significantly reduced” the org’s ability to take, test, and distribute blood.… This article has been indexed from The Register –…

Read more →

Scumbags go for the jugular A ransomware attack against blood-donation nonprofit OneBlood, which services more than 250 American hospitals, has “significantly reduced” the org’s ability to take, test, and distribute blood.… This article has been indexed from The Register –…

Read more →

Some ‘exceptional circumstances’ will be given a minor extension as lawsuits start to fly As the DigiCert drama continues, we now have a better idea of the size and scope of the problem – with the organization’s infosec boss admitting…

Read more →

Eight-year-old domain hijacking technique still claiming victims Dozens of Russia-affiliated criminals are right now trying to wrest control of web domains by exploiting weak DNS services.… This article has been indexed from The Register – Security Read the original article:…

Read more →

Windows users now get macOS-grade secret security Google says it’s enhancing the security of sensitive data managed by Chrome for Windows users to fight the scourge of infostealer malware targeting cookies.… This article has been indexed from The Register –…

Read more →

Watch this Palo Alto Networks keynote to understand the importance of visibility, control and governance in AI application and service development Sponsored Post  The dawn of artificial intelligence is upon us, but its development has only just begun.… This article…

Read more →

An unprecedented period for an unparalleled force in cybercrime Feature  For roughly two years, LockBit’s ransomware operation was by far the most prolific of its kind, until the fateful events of February. After claiming thousands of victims, extorting hundreds of…

Read more →

A playbook full of strategies and someone fumbles the implementation Do you have problems configuring Microsoft’s Defender? You might not be alone: Microsoft admitted that whatever it’s using for its defensive implementation exacerbated yesterday’s Azure instability.… This article has been…

Read more →

It took 13 months to notice 40 million voters’ data was compromised The UK’s Electoral Commission has received a formal slap on the wrist for a litany of security failings that led to the theft of personal data belonging to…

Read more →

For the want of an underscore DigiCert has given some unlucky customers 24 hours to replace their SSL/TLS security certificates it previously issued them – due to a five-year-old blunder in its backend software.… This article has been indexed from…

Read more →

Oh, Boies, here we go again Delta Air Lines lost hundreds of millions of dollars due to the CrowdStrike outage earlier this month – and it has hired a high-powered law firm to claw some of those lost funds back,…

Read more →

Leaves a trail of ransomware infections, data theft, business email compromise in its wake Insight  The developers of EvilProxy – a phishing kit dubbed the “LockBit of phishing” – have produced guides on using legitimate Cloudflare services to disguise malicious…

Read more →

Get those patches applied – all the big dogs are abusing it Do you have your VMware ESXi hypervisor joined to Active Directory? Well, the latest news from Microsoft serves as a reminder that you might not want to do…

Read more →

They DKIM here, they DKIM there A huge phishing campaign exploited a security blind-spot in Proofpoint’s email filtering systems to send an average of three million “perfectly spoofed” messages a day purporting to be from Disney, IBM, Nike, Best Buy,…

Read more →

Follows requirement for social media and messaging platforms to get a license Legislation for an internet “kill switch” will reach Malaysia’s Parliament in October, according to the country’s minister for Law and Institutional Reform.… This article has been indexed from…

Read more →

‘Ignore previous instructions’ thwarts Prompt-Guard model if you just add some good ol’ ASCII code 32 Meta’s machine-learning model for detecting prompt injection attacks – special prompts to make neural networks behave inappropriately – is itself vulnerable to, you guessed…

Read more →

Do we really want to bother SCOTUS with this, friends? Surely they’re way too busy to take a look US border agents must obtain a warrant, in New York at least, to search anyone’s phone and other electronic device when…

Read more →

Do we really want to bother SCOTUS with this, friends? Surely they’re way too busy right now to take a look US border agents must obtain a warrant, in New York at least, to search anyone’s phone and other electronic…

Read more →

No mention of malware or ransomware – somewhat of a rarity these days HealthEquity, a US fintech firm for the healthcare sector, admits that a “data security event” it discovered at the end of June hit the data of a…

Read more →

Happy Sysadmin Day Google celebrated Sysadmin Day last week by apologizing for breaking its password manager for millions of Windows users – just as many Windows admins were still hard at work mitigating the impact of the faulty CrowdStrike update.……

Read more →

Promises to discourage use of kernel drivers – so they don’t crash the world again Microsoft has admitted that its estimate of 8.5 million machines crashed by CrowdStrike’s faulty software update was almost certainly too low, and vowed to reduce…

Read more →

Because clearly it’s better for Beijing to know who you are than for every ISP and social service to keep its own records Beijing may soon issue “cyberspace IDs” to its citizens, after floating a proposal for the scheme last…

Read more →

Plus: More stalkerware exposure; a $16M TracFone fine; Ransomware victims don’t use MFA, and more Infosec in brief  Protecting computers’ BIOS and the boot process is essential for modern security – but knowing it’s important isn’t the same as actually…

Read more →

And boy, did last Friday’s Windows fiasco ever prove that yet again Opinion  CrowdStrike’s recent Windows debacle will surely earn a prominent place in the annals of epic tech failures. On July 19, the cybersecurity giant accomplished what legions of…

Read more →

These are the kinds of bugs APTs thrive on, just ask the Feds Progress Software’s latest security advisory warns customers about the second critical vulnerability targeting its Telerik Report Server in as many months.… This article has been indexed from…

Read more →

Microsoft, Mandiant, weigh in with info about methods used by Andariel gang alleged to have made many, many, heists The US Department of Justice on Thursday charged a North Korean national over a series of ransomware attacks on stateside hospitals…

Read more →

Microsoft, Mandiant, weigh in with info about methods used by Andariel gang alleged to have made many, many, heists The US Department of Justice on Thursday charged a North Korean national over a series of ransomware attacks on stateside hospitals…

Read more →

Microsoft, Mandiant, weigh in with info about methods used by Andariel gang alleged to have made many, many, heists The US Department of Justice on Thursday charged a North Korean national over a series of ransomware attacks on stateside hospitals…

Read more →

May even have targeted other malware gangs, and infosec researchers Infosec researchers have discovered a network of over three thousand malicious GitHub accounts used to spread malware, targeting groups including gamers, malware researchers, and even other threat actors who themselves…

Read more →

We offer this formula instead: RND(100.0)*(10^9) The cost of CrowdStrike’s apocalyptic Falcon update that brought down millions of Windows computers last week may be in the billions of dollars, and insurance isn’t covering most of that.… This article has been…

Read more →

PSA: Only accept updates via official channels … ironically enough CrowdStrike is the latest lure being used to trick Windows users into downloading and running the notorious Lumma infostealing malware, according to the security shop’s threat intel team, which spotted…

Read more →

And the forking Microsoft-owned code warehouse doesn’t see this as much of a problem Researchers at Truffle Security have found, or arguably rediscovered, that data from deleted GitHub repositories (public or private) and from deleted copies (forks) of repositories isn’t…

Read more →

Beijing has a long history of recruiting US residents to carry out various espionage activities The US is looking to prosecute a Chinese immigrant over claims he has been drip-feeding information of interest to Beijing since at least 2012.… This…

Read more →

For some unknown reason, initial patch was omitted from later versions Docker is warning users to rev their Docker Engine into patch mode after it realized a near-maximum severity vulnerability had been sticking around for five years.… This article has…

Read more →

Those national security threat claims? ‘No evidence,’ VP tells The Reg Exclusive  Despite the Feds’ determination to ban Kaspersky’s security software in the US, the Russian business is moving forward with another proposal to open up its data and products…

Read more →

Are your security and ops teams fighting to pass the buck? Comment  Patching: The bane of every IT professional’s existence. It’s a thankless, laborious job that no one wants to do, goes unappreciated when it interrupts work, and yet it’s…

Read more →

This one weird trick saved countless hours and stress – no, really Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered…

Read more →

‘In the short term, they’re going to have to do a lot of groveling’ Analysis  The great irony of the CrowdStrike fiasco is that a cybersecurity company caused the exact sort of massive global outage it was supposed to prevent.…

Read more →

‘In the short term, they’re going to have to do a lot of groveling’ Analysis  The great irony of the CrowdStrike fiasco is that a cybersecurity company caused the exact sort of massive global outage it was supposed to prevent.…

Read more →

Yes, you can be fingerprinted and tracked via Privacy Sandbox – tho the risk is low Apple last week celebrated a slew of privacy changes coming to its Safari browser and took the time to bash rival Google for its…

Read more →

Concerns abound over why it has taken so long to recover compared to competitors The US Department of Transportation (DoT) is investigating Delta Air Lines over its handling of the global IT outage caused by CrowdStrike’s content update.… This article…

Read more →

Not now, Microsoft Some Windows devices are presenting users with a BitLocker recovery screen upon reboot following the installation of July’s Patch Tuesday update.… This article has been indexed from The Register – Security Read the original article: Windows Patch…

Read more →

With numerous US government agency customers, any leak could be serious Internal documents stolen from Leidos Holdings, an IT services provider contracted with the Department of Defense and other US government agencies, have been leaked.… This article has been indexed…

Read more →

Watchdog reprimand follows similar cases in 2021 The UK’s data protection watchdog has reprimanded a school in Essex for using facial recognition for canteen payments, nearly three years after other schools were warned about doing the same.… This article has…

Read more →

Web puzzles don’t protect against bots, but humans have spent 819 million unpaid hours solving them Google promotes its reCAPTCHA service as a security mechanism for websites, but researchers affiliated with the University of California, Irvine, argue it’s harvesting information…

Read more →