Category: The Register – Security

Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to leak secrets, including API keys from a developer’s machine,…

Read more →

Snarfing up config files for ‘thousands’ of devices…just for giggles, we’re sure The FBI and security researchers today warned that Russian government spies exploited a seven-year-old bug in end-of-life Cisco networking devices to snoop around in American critical infrastructure networks…

Read more →

Researchers disclosing their findings said ‘it’s as bad as it sounds’ Researchers at watchTowr just published working proof-of-concept exploits for two unauthenticated remote code execution bug chains in backup giant Commvault.… This article has been indexed from The Register –…

Read more →

iiNet breach blamed on single stolen login, with emails, phone numbers, and addresses exposed Aussie telco giant TPG Telecom has opened an investigation after confirming a cyberattack at subsidiary iiNet.… This article has been indexed from The Register – Security…

Read more →

Burger slinger gets a McRibbing, reacts by firing staffer who helped A white-hat hacker has discovered a series of critical flaws in McDonald’s staff and partner portals that allowed anyone to order free food online, get admin rights to the…

Read more →

Reconfigure local app settings via a ‘simple’ POST request A now-patched flaw in popular AI model runner Ollama allows drive-by attacks in which a miscreant uses a malicious website to remotely target people’s personal computers, spy on their local chats,…

Read more →

Intruders hoped no one would notice their presence Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux servers.… This article has been indexed from The…

Read more →

Toronto company says weekend cyber raid hit internal IT, not punters’ wallets Canadian casino software slinger Bragg Gaming Group has disclosed a “cybersecurity incident,” though it’s adamant the intruders never got their hands on customer data.… This article has been…

Read more →

Tulsi Gabbard boasts Washington forced Blighty to drop iPhone encryption fight The UK government has reportedly abandoned its attempt to strong-arm Apple into weakening iPhone encryption after the White House forced Blighty into a quiet climb-down.… This article has been…

Read more →

Developer demand for sovereign cloud from tech giant is on the rise, says exec Interview  Google’s President of Customer Experience, Hayete Gallot, offered some words of comfort to developers who are looking nervously at the rise of AI assistants while…

Read more →

CEO says if you buy all your infosec stuff from him, life under assault from bots will be less painful Brace for a new round of browser wars, according to Palo Alto Networks CEO Nikesh Arora.… This article has been…

Read more →

High accuracy scores come from conditions that don’t reflect real-world usage Facial recognition technology has been deployed publicly on the basis of benchmark tests that reflect performance in laboratory settings, but some academics are saying that real-world performance doesn’t match…

Read more →

Spy vs spy in the chips Comment  Chinese state media called the US an aspiring “surveillance empire” over its proposed use of asset tracking tags to crack down on black-market GPU shipments to the Middle Kingdom.… This article has been…

Read more →

Supply chain breach has been a major target of legal action Microsoft-owned talk-to-text outfit Nuance has agreed to cough up $8.5 million to settle a class action lawsuit over the sprawling MOVEit Transfer mega-breach – although it admits no liability.……

Read more →

HR SaaS giant insists core systems untouched Workday has admitted that attackers gained access to one of its third-party CRM platforms, but insists its core systems and customer tenants are untouched.… This article has been indexed from The Register –…

Read more →

Sni5Gect research crew targets sweet spot during device / network handshake pause Security boffins have released an open source tool for poking holes in 5G mobile networks, claiming it can do up- and downlink sniffing and a novel connection downgrade…

Read more →

When you’re asking AI chatbots for answers, they’re data-mining you Opinion  Recently, OpenAI ChatGPT users were shocked – shocked, I tell you! – to discover that their searches were appearing in Google search. You morons! What do you think AI…

Read more →

If you wanted to hurt Putin’s ransomware racketeers, these info-stealing npm packages are one way to do it Researchers at software supply chain security outfit Safety think they’ve found malware that targets Russian cryptocurrency developers, and perhaps therefore Russia’s state-linked…

Read more →

PLUS: Kryptos solution up for auction; Canadian parliament springs a leak; Fake crypto lawyers; And more Infosec In Brief  New York State is suing bank-owned peer-to-peer payment app Zelle, claiming that the banks behind it knew fraud was rampant on…

Read more →

‘Hope for the best, but prepare for the worst,’ one tells The Reg Feature  Bill Gates, an Arizona election official and former Maricopa County supervisor, says that the death threats started shortly after the 2020 presidential election.… This article has…

Read more →