Tag: The Register – Security

Get ’em while they’re hot A critical vulnerability affecting Juniper Networks routers forced the vendor to issue emergency patches last week, and users are advised to apply them as soon as possible.… This article has been indexed from The Register…

Read more →

There will always be bad actors in the system. We can always learn from the drama they create Opinion  Libraries. Hushed temples to the civilizing power of knowledge, or launchpads of global destruction? Yep, another word tech has borrowed and…

Read more →

Jen Easterly hopes CSRB’s Microsoft report won’t impede future private sector collaboration CISA director Jen Easterly says the Cybersecurity Safety Review Board (CSRB) “is not afraid to say when something is amiss” in response to questions about fears around private…

Read more →

Fasten your seat belts, secure your tray table, and try not to give away your passwords Australia’s Federal Police (AFP) has charged a man with running a fake Wi-Fi networks on at least one commercial flight and using it to…

Read more →

President has ordered a datacenter audit and made backups mandatory Indonesia’s president Joko Widodo has ordered an audit of government datacenters after it was revealed that most of the data they store is not backed up.… This article has been…

Read more →

Plus: US auto dealers still offline; Conti coders sanction; Rabbit R1 hardcoded API keys; and more security in brief  It took a while, but Microsoft has told customers that the Russian criminals who compromised its systems earlier this year made…

Read more →

So, so many lines of memory-unsafe routines in crucial open source, and unsafe dependencies The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has analyzed 172 critical open source projects and found that more than half contain code written in…

Read more →

Same APT29 crew that hit Microsoft and SolarWinds. How close were we to a mega backdoor situation? TeamViewer says it was Russian intelligence that broke into its systems this week.… This article has been indexed from The Register – Security…

Read more →

Join our exclusive webinar on identity security Webinar  In today’s rapidly evolving digital landscape, securing identities is more critical than ever.… This article has been indexed from The Register – Security Read the original article: Unlock the future of security

Read more →

Move comes weeks after Mozilla blasted certificate authority for failings Google is severing its trust in Entrust after what it describes as a protracted period of failures around compliance and general improvements.… This article has been indexed from The Register…

Read more →

Seeing weird warnings in Microsoft 365 and Office Online? That’ll be why Microsoft has expiration issues with its TLS certificates, resulting in unwanted security warnings.… This article has been indexed from The Register – Security Read the original article: Microsoft…

Read more →

Simple jailbreak prompt can bypass safety guardrails on major models Microsoft on Thursday published details about Skeleton Key – a technique that bypasses the guardrails used by makers of AI models to prevent their generative chatbots from creating harmful content.……

Read more →

No supply-chain attacks to see over here! After having its website shut down, the polyfill.io owner is fighting back against claims it smuggled suspicious code onto websites all across the internet.… This article has been indexed from The Register –…

Read more →

Says customer data, prod environment not affected as NCC sounds alarm TeamViewer on Thursday said its security team just “detected an irregularity” within one of its networks – which is a fancy way of saying someone broke in.… This article…

Read more →

Congressman warns tech is getting the ‘Huawei Playbook’ treatment US Congress members warned against Chinese dominance of the drone industry on Wednesday, elevating the threat posed by Beijing’s control of the technology as similar to that of semiconductors and ships.……

Read more →

KT may have had an entire team dedicated to infecting its own customers A South Korean media outlet has alleged that local telco KT deliberately infected some customers with malware due to their excessive use of peer-to-peer (P2P) downloading tools.……

Read more →

Russian national accused of attacks in lead-up to the Ukraine war The US Department of Justice has indicted a 22-year-old Russian for allegedly attacking Ukrainian government computers and destroying critical infrastructure systems in the so-called “WhisperGate” wiper attack that preceded…

Read more →

OneCoin co-founder allegedly bilked investors out of $4B in digicash Uncle Sam has put a $5 million bounty on any information leading to the arrest or conviction of self-titled “CryptoQueen” Ruja Ignatova, who is wanted in the US for apparently…

Read more →

Said to have zip tied elderly crypto investors, held them at gunpoint, and threatened to kill them The US has convicted the 24-year-old leader of an international robbery crew that kidnapped and terrorized wealthy victims during home invasions that were…

Read more →

Exploit attempts for ‘devastating’ vulnerabilities already underway Thought last year’s MOVEit hellscape was well and truly behind you? Unlucky, buster. We’re back for round two after Progress Software lifted the lid on fresh vulnerabilities affecting MOVEit Transfer and Gateway.… This…

Read more →

Admits it’s not sure some clicks from from humans, points to bettter quality as sign not all is rotten Yahoo! Japan will waive $189 million charged to advertisers after deciding they were fraudulently charged, the portal’s corporate parent revealed on…

Read more →

Australian study finds GPS trackers – and sometimes AirTags – are in demand for the wrong reasons Tracking devices are in demand from organized crime groups and known perpetrators of domestic violence, according to an Australian study.… This article has…

Read more →

Probe: Worker at speech-recog outfit Nuance wasn’t locked out after firing American healthcare provider Geisinger fears highly personal data on more than a million of its patients has been stolen – and claimed a former employee at a Microsoft subsidiary…

Read more →

Scripts turn malicious, infect webpages after Chinese CDN swallows domain The polyfill.io domain is being used to infect more than 100,000 websites with malware after a Chinese organization bought the domain earlier this year.… This article has been indexed from…

Read more →

Flash clobber chain fashionably late to Snowflake fiasco party Customer information said to have been stolen from Neiman Marcus’s Snowflake instance has been put up for sale on the dark web for $150,000.… This article has been indexed from The…

Read more →

Business is more lucrative than you might think The FBI says in just 12 months, scumbags stole circa $10 million from victims of crypto scams after posing as helpful lawyers offering to recover their lost tokens.… This article has been…

Read more →

Crafty crims broke in but encryption stopped any nastiness US cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool (CSAT) portal.… This article has been indexed from…

Read more →

Attacking the NHS is a very bad move UK and US cops have reportedly joined forces to find and fight Qilin, the ransomware gang wreaking havoc on the global healthcare industry.… This article has been indexed from The Register –…

Read more →

Why Object First and Veeam tick the box for encryption and immutability Sponsored Feature  You know that a technology problem is serious when the White House holds a summit about it.… This article has been indexed from The Register –…

Read more →

Insights on expanding attack surfaces Webinar  Stay ahead of cyber threats with our upcoming session on “Why attack surfaces are expanding,” brought to you by Cloudflare in partnership with The Register.… This article has been indexed from The Register –…

Read more →

WikiLeaks boss already out of Blighty and ultimately off to home in Australia, if all goes to plan Wikileaks founder Julian Assange has been freed from prison in the UK after agreeing to plead guilty to just one count of…

Read more →

WikiLeaks boss already off from Blighty to ultimately Australia Breaking news  Wikileaks founder Julian Assange has been freed in the UK after agreeing to plead guilty to conspiracy charges brought against him by the United States.… This article has been…

Read more →

WikiLeaks boss already off from the UK to ultimately Australia Breaking news  Wikileaks founder Julian Assange has been freed in the UK after agreeing to plead guilty to charges brought against him by the United States.… This article has been…

Read more →

‘Congress has effectively gutted it as part of a backroom deal’ Analysis  Introduced in April, the American Privacy Rights Act (APRA) was – in the words of its drafters – “the best opportunity we’ve had in decades to establish a…

Read more →

About a thousand vulnerable instances still exposed online, we’re told A now-patched vulnerability in Ollama – a popular open source project for running LLMs – can lead to remote code execution, according to flaw finders who warned that upwards of…

Read more →

More customers self-reporting to SEC as disruption carries into second week The number of US companies filing Form 8-Ks with the Securities and Exchange Commission (SEC) and referencing embattled car dealership software biz CDK is mounting.… This article has been…

Read more →

Seems like as good a time as any to upgrade older hardware There are early indications of active attacks targeting end-of-life Zyxel NAS boxes just a few weeks after details of three critical vulnerabilities were made public.… This article has…

Read more →

Morpheus comms system online by 2025? You must be dreaming The UK government has been accused of blowing £174 million ($220 million) on “external advice” for a new radio system for the armed forces that has been beset by delays…

Read more →

A busy few days for security teams There were data breaches galore in the US last week with various major incidents reported to state attorneys general, some in good time, some not.… This article has been indexed from The Register…

Read more →

Yanks get food poisoning far more often than Brits. Is American IT just as sickening? Opinion  When two stories from opposite ends of the IT universe boil down to the same thing, sound the klaxons. At the uber-fashionable AI end…

Read more →

Have you heard the one about the techie who forgot what was on the clipboard? Who, me?  Brace yourselves, gentle readers, for it is once again Monday, and the work week has commenced. Thankfully, The Reg is here with another…

Read more →

Also: The leaked Apple internal tools that weren’t; TV pirate pirates convicted; and some critical vulns, too Infosec in brief  The descending ball of trouble over at Snowflake keeps growing larger, with more victims – and even one of the…

Read more →

All depends on how you count it – Chocolate Factory claims 1% fail rate Google this week offered reassurance that its vetting of Chrome extensions catches most malicious code, even as it acknowledged that “as with any software, extensions can…

Read more →

It’s been a long time coming. Now our journos speak their brains Kettle  The US government on Thursday banned Kaspersky Lab from selling its antivirus and other products in America from late July, and from issuing updates and malware signatures…

Read more →

‘Substantial proportion’ of America to get a note from next month Change Healthcare is formally notifying some of its pharmacy and hospital customers that their patients’ data was stolen from it by ransomware criminals back in February – and for…

Read more →

Here’s America’s list of the supposedly dirty dozen Uncle Sam took another swing at Kaspersky Lab today and sanctioned a dozen C-suite and senior-level executives at the antivirus maker, but spared CEO and co-founder Eugene Kaspersky.… This article has been…

Read more →

Researchers discuss it in same breath as BlackLotus and MosaicRegressor A new vulnerability in UEFI firmware is threatening the security of a wide range of Intel chip families in a similar fashion to BlackLotus and others like it.… This article…

Read more →

Insights from Cloudflare Webinar  In the ever-evolving world of cybersecurity, understanding why attack surfaces are expanding is more critical than ever.… This article has been indexed from The Register – Security Read the original article: Why attack surfaces are expanding

Read more →

At least they didn’t get paid their $50 million ransom demand The ransomware gang responsible for the chaos at London hospitals kept true to its word and released a trove of data that it claims belongs to pathology services provider…

Read more →

If Putin likes jammin’, we hope NATO likes jammin’ too Sweden says its satellites have been impacted by “harmful interference” from Russia ever since the Nordic nation joined the North Atlantic Treaty Organization (NATO) last March.… This article has been…

Read more →

Australian telco Optus allegedly left redundant website with poor access controls online for years The data breach at Australian telco Optus, which saw over nine million customers’ personal information exposed, has been blamed on a coding error that broke API…

Read more →

Two ransomware gangs bragged of massive theft of personal info and medical files Consulting Radiologists has notified almost 512,000 patients that digital intruders accessed their personal and medical information during a February cyberattack.… This article has been indexed from The…

Read more →

Blockade begins July 20 over national security fears Breaking news  The Biden administration has banned the sale of Kaspersky software in the United States, arguing the Russian biz is a national security risk.… This article has been indexed from The…

Read more →

Downtime set to crash into next week The vendor behind the software on which nearly 15,000 car dealerships across the US rely says an ongoing “cyber incident” has forced it to pull systems offline for a second time in as…

Read more →

Researchers allegedly stole $3M using the vulnerability, then asked how much it was really worth Kraken, one of the largest cryptocurrency exchanges in the world, has accused a trio of security researchers of discovering a critical bug, expoliting it to…

Read more →

Publishing right before a major election is apparently just a coincidence A fresh report into the Nobelium offensive cyber crew published by France’s computer emergency response team (CERT-FR) highlights the group’s latest tricks as the country prepares for a major…

Read more →

Cybercriminals claim they used a zero-day to breach pathology provider’s systems Interview  The ransomware gang responsible for the current healthcare crisis at London hospitals says it has no regrets about the attack, which was entirely deliberate, it told The Register…

Read more →

Rail company goes full steam ahead with notification letters to Rewards customers about spilled card details and more US rail company Amtrak is writing to users of its Guest Rewards program to inform them that their data is potentially at…

Read more →

Control-C, Control-V, Enter … Hell Crafty criminals are targeting thousands of orgs around the world in social-engineering attacks that use phony error messages to trick users into running malicious PowerShell scripts. … This article has been indexed from The Register –…

Read more →

Two decades in the clink, $250K fine, or both will be quite an education A now-former IT director has pleaded guilty to defrauding the university at which he was employed, and a computer equipment supplier, for $2.1 million over five…

Read more →

If you call ‘client-side scanning’ something like ‘upload moderation,’ it still undermines privacy, security On Thursday, the EU Council is scheduled to vote on a legislative proposal that would attempt to protect children online by disallowing confidential communication.… This article…

Read more →

Chip designer really gonna need to channel some Zen right now AMD’s IT team is no doubt going through its logs today after cyber-crooks put up for sale what is claimed to be internal data stolen from the US microprocessor…

Read more →

If you call ‘client-side scanning’ something like ‘upload moderation,’ it still undermines privacy, security On Thursday, the EU Council is scheduled to vote on a legislative proposal that would attempt to protect children online by disallowing confidential communication.… This article…

Read more →

Academic-industry project takes next step as key promoter chip designer licks its wounds A group of technology organizations has formed the CHERI Alliance CIC (Community Interest Company) to promote industry adoption of the security technology focused on memory access.… This…

Read more →

CEO of Dumfries and Galloway admits circa 150K people should assume their details leaked The chief exec at NHS Dumfries and Galloway will write to thousands of folks in the Scottish region whose data was stolen by criminals, admitting the…

Read more →

Billions of dollars made available but worst appears to be over The US government is winding down its financial support for healthcare providers originally introduced following the ransomware attack at Change Healthcare in February.… This article has been indexed from…

Read more →

CEO of Dumfries and Galloway admits circa 150K people should assume their details leaked The chief exec at NHS Dumfries and Galloway will write to thousands of folks in the Scottish region whose data was stolen by criminals, admitting the…

Read more →

Specially crafted network packet could allow remote code execution and access to VM fleets VMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server – the tool used to manage virtual machines and hosts in its flagship…

Read more →

‘TikTag’ security folks find anti-exploit mechanism rather fragile In 2018, chip designer Arm introduced a hardware security feature called Memory Tagging Extensions (MTE) as a defense against memory safety bugs. But it may not be as effective as first hoped.……

Read more →

Dopenugget and Zero Angel may face life behind bars if convicted The two alleged administrators of Empire Market, a dark-web bazaar that peddled drugs, malware, digital fraud, and other illegal stuff, have been detained on charges related to owning and…

Read more →

Pen-testing tools didn’t work – and personal info of folks hit by pandemic started appearing in search engines Two consulting firms, Guidehouse and Nan McKay and Associates, have agreed to pay a total of $11.3 million to resolve allegations of…

Read more →

Dopenugget and Zero Angel said to have run $430M cyber-crime souk, may face life behind bars if convicted The two alleged administrators of Empire Market, a dark-web bazaar that peddled drugs, malware, digital fraud, and other illegal stuff, have been…

Read more →

Could this be curtains for Dopenugget and Zero Angel’s $430M cyber-crime souk? The two alleged administrators of Empire Market, a dark-web bazaar that peddled drugs, malware, digital fraud, and other illegal stuff, have been detained on charges related to owning…

Read more →

Could this be curtains for Dopenugget and Zero Angel’s $430M cyber-crime souk? The two alleged administrators of Empire Market, a dark-web bazaar that peddled drugs, malware, digital fraud, and other illegal stuff, have been arrested on charges related to owning…

Read more →

Four years on and it’s still paying for what California attorney general calls ‘unacceptable’ practice Months after escaping without a fine from the US Federal Trade Commission (FTC), the luck of cloud software biz Blackbaud ran out when it came…

Read more →

Spanish cops make arrest at airport before he jetted off to Italy Spanish police arrested a person they allege to be the leader of the notorious cybercrime gang Scattered Spider just before he boarded a private flight headed to Naples.……

Read more →

The clock is ticking – why not try a passkey? Heads up: Amazon Web Services is pushing ahead with making multi-factor authentication (MFA) mandatory for certain users, and we love to see it.… This article has been indexed from The…

Read more →

Health club chain headed for the spa on choose a password day A security researcher claims UK health club and gym chain Total Fitness bungled its data protection responsibilities by failing to lock down a database chock-full of members’ personal…

Read more →

Who needs ransomware when you can scare techies into coughing up their credentials? Notorious cyber gang UNC3944 – the crew suspected of involvement in the recent attacks on Snowflake and MGM Entertainment, and plenty more besides – has changed its…

Read more →

ALSO: online adoption cyberstalker nabbed; Tesla trade secrets thief pleads guilty; and a critical ASUS Wi-Fi vuln In Brief  A popular spam blocklist service that went offline earlier this month has advised users it is down permanently – but at…

Read more →

PLUS: Australia to age limit social media; Hong Kong’s robo-dogs; India’s new tech minister The space junk cleaning mission launched by Japan’s Aerospace Exploration Agency (JAXA) has successfully hunted down one of its targets.… This article has been indexed from…

Read more →

Business as usual needs a real change Feature  Microsoft president Brad Smith struck a conciliatory tone regarding his IT giant’s repeated computer security failings during a congressional hearing on Thursday – while also claiming the Windows maker is above the…

Read more →

Because who needs disinformation research at times like these The Stanford Internet Observatory (SIO), which for the past five years has been studying and reporting on social media disinformation, is being reimagined with new management and fewer staff following the…

Read more →

Facebook parent calls step forward for privacy a ‘step backwards’ Meta has caved to European regulators, and agreed to pause its plans to train AI models on EU users’ Facebook and Instagram users’ posts — a move that the social…

Read more →

Facebook parent calls step forward for privacy a ‘step backwards’ Meta has caved to European regulators, and agreed to pause its plans to train AI models on EU users’ Facebook and Instagram users’ posts — a move that the social…

Read more →

Crook and his alleged co-conspirators said to have used Discord to coordinate The US Department of Justice has convicted a Nigerian national of participating in a business email compromise (BEC) scam worth $1.5 million.… This article has been indexed from…

Read more →

Russia recruits local residents to support battlefield goals Infrastructure that enabled two pro-Russia Ukraine residents to break into soldiers’ devices and deploy spyware has been dismantled by the Security Service of Ukraine (SSU).… This article has been indexed from The…

Read more →

Big data + security division could be owed by the government and its people The French government has confirmed an offer of €700 million ($748 million) for key assets of ailing IT services giant Atos, following the company’s acceptance of…

Read more →

‘It’s not our job to find the culprits – That’s what we’re paying you for’ lawmaker scolds Brad Smith Lawmakers on Thursday grilled Microsoft president Brad Smith about the Windows giant’s businesses dealing in China — and the super-corp’s repeated…

Read more →

Can’t we do this another way, like without these mini-sats costing $1B over 5 years, House reps wonder A plan by America’s Space Force to harden GPS against spoofing attacks may be going nowhere: A request by the service branch…

Read more →

In this slightly more private era, your data ain’t as profitable as it once was Analysis  Oracle Advertising is shutting down, CEO Safra Catz said during the database goliath’s fiscal 2024 Q4 earnings call with Wall Street this week.… This…

Read more →

28-year-old accused of major ransomware attacks across Europe An alleged cog in the Conti and LockBit ransomware machines is now in handcuffs after Ukrainian police raided his home this week.… This article has been indexed from The Register – Security…

Read more →

Chocolate Factory accused of misleading Chrome browser users Privacy campaigner noyb has filed a GDPR complaint regarding Google’s Privacy Sandbox, alleging that turning on a “Privacy Feature” in the Chrome browser resulted in unwanted tracking by the US megacorp.… This…

Read more →

Confidential patient information found by member of the public A data protection gaffe affecting the UK’s NHS is being pinned on a medical student who placed too much trust in their bin bags.… This article has been indexed from The…

Read more →

Recently discovered vulnerabilities in VPN services should push ASEAN organizations to rethink their perimeter security approach Sponsored Post  Companies the ASEAN region have long relied on a virtual private network (VPN) to help encrypt their Internet traffic and protect users’…

Read more →

Who tracks the trackers? Life360, purveyor of “Tile” Bluetooth tracking devices and developer of associated apps, has revealed it is dealing with a “criminal extortion attempt” after unknown miscreants contacted it with an allegation they had customer data in their…

Read more →

Symantec suggests Black Basta crew beat Microsoft to the patch The Black Basta ransomware gang may have exploited a now-patched Windows privilege escalation bug as a zero-day, according to Symantec’s threat hunters.… This article has been indexed from The Register…

Read more →

The MOVEit breach and ransomware weren’t kind to the Feds last year The number of cybersecurity incidents reported by US federal agencies rose 9.9 percent year-on-year (YoY) in 2023 to a total of 32,211, per a new White House report,…

Read more →

Dutch intelligence says at least 20,000 firewalls pwned in just a few months The Netherlands’ cybersecurity agency (NCSC) says the previously reported attack on the country’s Ministry of Defense (MoD) was far more extensive than previously thought.… This article has…

Read more →

Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack Patch Tuesday  Microsoft kicked off our summer season with a relatively light June Patch Tuesday, releasing updates for 49 CVE-tagged security flaws in its…

Read more →