Category: The Register – Security

Many versions still without fixes while sophisticated attackers bypass mitigations Ivanti has finally released the first round of patches for vulnerability-stricken Connect Secure and Policy Secure gateways, but in doing so has also found two additional zero-days, one of which…

Read more →

Invaders inveigle infrastructure The US Justice Department and FBI may have scored a win over Chinese state-sponsored snoops trying to break into American critical infrastructure.… This article has been indexed from The Register – Security Read the original article: US…

Read more →

Multiple publicly available exploits have since been published for the critical flaw The number of public-facing installs of Jenkins servers vulnerable to a recently disclosed critical vulnerability is in the tens of thousands.… This article has been indexed from The…

Read more →

Vendor gets tangled in its own web of undisclosed vulnerabilities Juniper Networks has disclosed separate vulnerabilities it was previously accused of concealing, and apologized to customers for the error in communication.… This article has been indexed from The Register –…

Read more →

Questionable institutional change and myriad IT issues pervade the governance landscape The farewell report written by the UK’s biometrics and surveillance commissioner highlights a litany of failings in the Home Office’s approach to governing the technology.… This article has been…

Read more →

18,000 customers, including the Pentagon and Microsoft, may have other thoughts SolarWinds – whose network monitoring software was backdoored by Russian spies so that the biz’s customers could be spied upon – has accused America’s financial watchdog of seeking to…

Read more →

ALSO: Samsung turns to Baidu for Galaxy AI in China; Terraform Labs files for bankruptcy; India’s supercomputing ambitions Asia In Brief  Indian infosec firm CloudSEK last week claimed it found records describing 750 million Indian mobile network subscribers on the…

Read more →

ALSO: SEC admits to X account negligence; New macOS malware family appears; and some critical vulns Infosec in brief  Trend Micro’s Zero Day Initiative (ZDI) held its first-ever automotive-focused Pwn2Own event in Tokyo last week, and awarded over $1.3 million…

Read more →

Step one, actually turn on MFA Microsoft, a week after disclosing that Kremlin-backed spies broke into its network and stole internal emails and files from its executives and staff, has now confirmed the compromised corporate account used in the genesis…

Read more →

And software makers seem to be OK with this, apparently There’s a line in the latest plea from CISA – the US government’s cybersecurity agency – to software developers to do a better job of writing secure code that may…

Read more →

Breach filings show Reddit post led to the discovery rather than any sophisticated cyber defenses Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity…

Read more →

Cosmetics brand goes from Jackson Pollocking your bathwater to cleaning up serious a digital mess The Akira ransomware gang is claiming responsiblity for the “cybersecurity incident” at British bath bomb merchant.… This article has been indexed from The Register –…

Read more →

Rest of the crew still at large A former Trickbot developer has been sent down for five years and four months for his role in infecting American hospitals and businesses with ransomware and other malware, costing victims tens of millions…

Read more →

Securities lender processes trillions of dollars worth of Wall Street transactions every day US securities lender EquiLend has pulled a number of its systems offline after a security “incident” in which an attacker gained “unauthorized access”.… This article has been…

Read more →

Cozy Bear may have had access to the green rectangular email and SharePoint cloud for six months HPE has become the latest tech giant to admit it has been compromised by Russian operatives.… This article has been indexed from The…

Read more →

Judge says anti-hacking laws fits Pegasus case “to a T” A US court has rejected spyware vendor NSO Group’s motion to dismiss a lawsuit filed by Apple that alleges the developer violated computer fraud and other laws by infecting customers’…

Read more →

1 million members still searching for answers as IT issues floor primary digital services The UK’s Caravan and Motorhome Club (CAMC) is battling a suspected cyberattack with members reporting widespread IT outages for the past five days.… This article has…

Read more →

Ancient path traversal exploit offers remote attackers admin access Security experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago.… This article has been…

Read more →

Senator Wyden tells The Reg this latest security lapse is ‘inexcusable’ Comment  For most organizations – especially security vendors – disclosing a corporate email breach, in which executives’ internal messages and attachments were stolen, would noticeably ding their stock prices.……

Read more →

Now that’s a Dutch crunch A password-less database containing an estimated 1.3 million sets of Dutch COVID-19 testing records was left exposed to the open internet, and it’s not clear if anyone is taking responsibility.… This article has been indexed…

Read more →