Category: The Register – Security

No rush, according to Gartner chap who says: ‘Nobody has ever out-patched threat actors at scale’ Patch Tuesday has rolled around again, but if you don’t rush to implement the feast of fixes it delivered, your security won’t be any…

Read more →

Crickets as senior security folk asked about risks at NCSC conference CYBERUK  Peter Garraghan – CEO of Mindgard and professor of distributed systems at Lancaster University – asked the CYBERUK audience for a show of hands: how many had banned…

Read more →

Defenses are weaker, and victims are more likely to pay, SANS warns Criminals who attempt to damage critical infrastructure are increasingly targeting the systems that sit between IT and operational tech.… This article has been indexed from The Register –…

Read more →

Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti Patch Tuesday  It’s that time of the month again, and Microsoft has made it extra spicy by revealing five flaws it says are under active exploitation – but…

Read more →

ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit Researchers at ETH Zurich in Switzerland have found a way around Intel’s defenses against Spectre, a family of data-leaking flaws in the…

Read more →

Air Force Dumb The Trump administration is set to accept a $400 million luxury 747-8 from the royal family of Qatar – a lavish “palace in the sky” meant as a temporary Air Force One. But getting it up to…

Read more →

Pay-to-play security on CVSS 10 issue is now fixed An update that fixed a critical flaw in data protection biz Commvault’s Command Center was initially not available to a significant user subset – those testing out a free trial version…

Read more →

Both agencies seem unbothered despite tech world’s clear concerns for US infoseccers CYBERUK  The top brass from the UK’s cyber agency say everything is business as usual when it comes to the GCHQ arm’s relationship with CISA, amid growing unease…

Read more →

Market cap down by more than £1BN since April 22 Marks & Spencer has confirmed that customer data was stolen as part of its cyberattack, fueling conjecture that ransomware was involved.… This article has been indexed from The Register –…

Read more →

EUVD comes into play not a moment too soon The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and…

Read more →

‘MarbledDust’ gang has honed the skills it uses to assist Ankara Turkish spies exploited a zero-day bug in a messaging app to collect info on the Kurdish army in Iraq, according to Microsoft, which says the attacks began more than…

Read more →

Support for the underlying OS is another story Microsoft has pledged to support and issue security fixes for M365 apps on Windows 10 into late 2028. That’s well past a cut-off point of October 14 this year, when Redmond’s support…

Read more →

Cripes, we were only joking when we called Elon’s social network the new state media The US government’s Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity…

Read more →

Today’s complex IT environments demand a new approach Partner content  For many organizations, managing IT assets is like trying to complete a jigsaw puzzle without all the pieces. Despite massive investments in security tools and controls, many companies still have…

Read more →

Intruders claim they stole GlobalX’s flight records and manifests GlobalX, a charter airline used for deportations by the US government, has admitted someone broke into its network infrastructure.… This article has been indexed from The Register – Security Read the…

Read more →

Providers argue that if end users prioritized security, they’d get it CYBERUK  Intervention is required to ensure the security market holds vendors to account for shipping insecure wares – imposing costs on those whose failures lead to cyberattacks and having…

Read more →

We need to make taking IT systems ‘off the books’ a problem for corporate types Opinion  It’s been a devastating few weeks for UK retail giants. Marks and Spencer, the Co-Op, and now uber-posh Harrods have had massive disruptions due…

Read more →

PLUS: Celsius scammer sent to slammer; Death-by-hacking victim warns you’re never safe; and more Infosec in brief  Good cybersecurity habits don’t appear to qualify anyone to work at DOGE, as one Musk minion seemingly fell victim to infostealer malware.… This…

Read more →

Rapid7 threat hunter told The Reg wrote a PoC. No he’s not releasing it RSAC  If Rapid7’s Christiaan Beek decided to change careers and become a ransomware criminal, he knows exactly how he’d innovate: CPU ransomware.… This article has been…

Read more →

The FBI also issued a list of end-of-life routers you need to replace Earlier this week, the FBI urged folks to bin aging routers vulnerable to hijacking, citing ongoing attacks linked to TheMoon malware. In a related move, the US…

Read more →

France’s share of MOD cash is growing while the US’s shrinks The UK’s Ministry of Defence (MOD) is gradually shifting its spending from the US to Europe, according to research from Tussell.… This article has been indexed from The Register…

Read more →

Weapons-grade fuel for fraud Insight Partners, a mega venture capital firm with more than $90 billion in funds under management, fears network intruders got their hands on internal sensitive data about employees, portfolio companies, investors, and more.… This article has…

Read more →

Linux giant finds Chinese environment to be perilous beneath pretty exterior SUSE has kicked the Deepin Desktop Environment (DDE) out of its community-driven Linux distro, openSUSE, and the reasons it gives for doing so are revealing.… This article has been…

Read more →

Ubuntu 25.10 fitted with Rust-written admin tool by default for memory safety’s sake Canonical’s Ubuntu 25.10 is set to make sudo-rs, a Rust-based rework of the classic sudo utility, the default – part of a push to cut memory-related security…

Read more →

Now individual school districts extorted by fiends An education tech provider that paid a ransom to prevent the leak of stolen student and teacher data is now watching its school district customers get individually extorted by either the same ransomware…

Read more →

CEO: Neural net tech ‘flattens our hiring curve, helps us innovate’ CrowdStrike – the Texas antivirus slinger famous for crashing millions of Windows machines last year – plans to cut five percent of its staff, or about 500 workers, in…

Read more →

Judge allows aspects of passenger lawsuit to proceed A federal judge has cleared the runway for a class action from disgruntled passengers against Delta Air Lines as turbulence from last year’s CrowdStrike debacle continues to buffet the carrier.… This article…

Read more →

We were shocked – SHOCKED – by the answer Mirror, mirror on the wall, who is the slurpiest mobile browser of them all? The answer, according to VPN vendor Surfshark, is Chrome.… This article has been indexed from The Register…

Read more →

Lead dev likens flood to ‘effectively being DDoSed’ Curl project founder Daniel Stenberg is fed up with of the deluge of AI-generated “slop” bug reports and recently introduced a checkbox to screen low-effort submissions that are draining maintainers’ time.… This…

Read more →

Prime Minister bemoans bullying, addiction, and inappropriate content – but isn’t planning a rapid vote New Zealand’s government has signaled its support for a bill to ban social media for children under 16, but without explicitly making it a government…

Read more →

Don’t f&#k with Zuck A California jury has awarded Meta more than $167 million in damages from Israeli surveillanceware slinger NSO Group, after the latter exploited a flaw in WhatsApp to allow its government customers to spy on supposedly secure…

Read more →

Don’t f&#k with Zuck A California jury has awarded Meta more than $167 million in damages from Israeli surveillanceware slinger NSO Group, after the latter exploited a flaw in WhatsApp to allow its government customers to spy on supposedly secure…

Read more →

What was the plan, showing her his big iron? A now-former manager at Computacenter claims he was unfairly fired after alerting management that a colleague was repeatedly giving his girlfriend unauthorized access to Deutsche Bank’s server rooms.… This article has…

Read more →

(If only that would keep folks off unsanctioned chat app side quests) The US Department of Defense (DoD) is overhauling its “outdated” software procurement systems, and insists it’s putting security at the forefront of decision-making processes.… This article has been…

Read more →

(If only that would keep folks off unsanctioned chat app side quests) The US Department of Defense (DoD) is overhauling its “outdated” software procurement systems, and insists it’s putting security at the forefront of decision-making processes.… This article has been…

Read more →

Because who needs cybersecurity when there’s culture wars to win President Trump’s dream 2026 budget would gut the US govt’s Cybersecurity and Infrastructure Security Agency, aka CISA, by $491 million – about 17 percent – and accuses the organization of…

Read more →

No, really? That’s a shocking surprise An unidentified miscreant is said to have obtained US government communications from TeleMessage, a messaging and archiving app based on the open-source Signal app and used by ousted national security advisor Michael Waltz.… This…

Read more →

Hails DOGE operatives for computer skills during interview in which he also flubbed some tech investment figures US President Donald Trump has said TikTok will be “very strongly protected” as the made-in-China social network has “a warm spot in my…

Read more →

PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more! PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more! India’s ambition to become a global semiconductor manufacturing player went backwards last…

Read more →

PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more! Infosec In Brief  Microsoft has decided to push its consumer customers to dump password in favor of passkeys.… This article has been indexed from The Register –…

Read more →

With North Korean IT workers storming the gates, too RSAC  Another RSAC has come and gone, with almost 44,000 attendees this year spread across San Francisco’s Moscone Center and the surrounding facilities, according to conference organizers. Hopefully, all of us…

Read more →

El Reg checks out shop in SF On Thursday, six stores across America opened their doors with a curious proposition: Come on in, let a metal orb scan your irises, and walk out with a new online profile that promises…

Read more →

A 25-year-old California man pleaded guilty to stealing and dumping 1.1TB of data from the House of Mouse When someone stole more than a terabyte of data from Disney last year, it was believed to be the work of Russian…

Read more →

Real-time video deepfakes? Not convincing yet RSAC  Spam messages predate the web itself, and generative AI has given it a fluency upgrade, churning out slick, localized scams and letting crooks hit regions and dialects they used to ignore.… This article…

Read more →

UK starts prosecution days after FBI vowed to clamp down on the crime Three young Brits are accused of stateside swatting offences and will appear in a UK court today to face their charges after a joint investigation by the…

Read more →

Experts suggest the obvious: There is an ongoing coordinated attack on the Britain’s retail sector Globally recognized purveyor of all things luxury Harrods is the third major UK retailer to confirm an attempted cyberattack on its systems in under two…

Read more →

House Oversight probes missing Musk disclosures, background checks, data mess at NLRB Elon Musk is backing away from his Trump-blessed government gig, but now House Democrats want to see the permission slip that got him in the door.… This article…

Read more →

This time criminals targeted partner’s third-party software It’s more bad news from Ascension Health which is informing some of its patients, potentially for the second time in the space of a year, that their medical data was compromised during a…

Read more →

Will the personal assistant shop for groceries? Or get hijacked by a teen? RSAC  If Amazon’s Alexa+ works as intended, it could show how an AI assistant helps with everyday tasks like making dinner reservations or arranging an oven repair.…

Read more →

President’s campaign continues against man he claims covered up evidence of electoral fraud in 2020 Chris Krebs, former CISA director and current political punching bag for the US President, says his Global Entry membership was revoked.… This article has been…

Read more →

No MFA? No problem – as long as you show you’ve learned your lesson The UK’s data protection overlord is not going to pursue any further investigation into the British Library’s 2023 ransomware attack.… This article has been indexed from…

Read more →

For now it’s a potential bug-finder and friend to defenders RSAC  Former NSA cyber-boss Rob Joyce thinks today’s artificial intelligence is dangerously close to becoming a top-tier vulnerability exploit developer.… This article has been indexed from The Register – Security…

Read more →

Cybersecurity is national security, says Jen Easterly RSAC  America’s top cyber-defense agency is “being undermined” by personnel and budget cuts under the Trump administration, some of which are being driven by an expectation of perfect loyalty to the President rather…

Read more →

Feds say $970K scheme defrauded 13+ companies A Maryland man has pleaded guilty to fraud after landing a job with a contractor working on US government software, and then outsourcing the work to a self-described North Korean developer in China.……

Read more →

Feds say $970k scheme defrauded 13+ companies A Maryland man has pleaded guilty to fraud after landing a job with a contractor working on US government software, and then outsourcing the work to a self-described North Korean developer in China.……

Read more →

No specific law against it yet, but that’s set to change A spate of high-profile swatting incidents in the US recently forced the FBI into action with its latest awareness campaign about the occasionally deadly practice.… This article has been…

Read more →

Go ahead, please do Bash static analysis Shell scripting may finally get a proper bug-checker. A group of academics has proposed static analysis techniques aimed at improving the correctness and reliability of Unix shell programs.… This article has been indexed…

Read more →

A cloud security platform that manages the attack surface and security vulnerabilities in AWS Sponsored post  You’d be naïve to believe that the cloud is secure by default, and while most hosting services provide basic defenses, it’s not always clear…

Read more →

Google dumped io_uring after $1M in bug bounties A proof-of-concept program has been released to demonstrate a so-called monitoring “blind spot” in how some Linux antivirus and other endpoint protection tools use the kernel’s io_uring interface.… This article has been…

Read more →

As Big Tech gets used to the pain, smaller vendors urged to up their game This article has been indexed from The Register – Security Read the original article: Enterprise tech dominates zero-day exploits with no signs of slowdown

Read more →

Former Rear Admiral calls for National Guard online deployment and corporates to be held accountable RSAC  Russia used to be considered America’s biggest adversary online, but over the past couple of years China has taken the role, and is proving…

Read more →

Top voices warn that political retaliation puts democracy and national defense at risk The Electronic Frontier Foundation (EFF) and numerous infosec leaders are lobbying US President Donald Trump to drop his enduring investigation into Chris Krebs, claiming that targeting the…

Read more →

Artificial intelligence is helping Beijing’s goons break in faster and stay longer RSAC  The biggest threat to US critical infrastructure, according to FBI Deputy Assistant Director Cynthia Kaiser, can be summed up in one word: “China.”… This article has been…

Read more →

FBI and others list how to spot NK infiltrators, but AI will make it harder RSAC  Concerned a new recruit might be a North Korean stooge out to steal intellectual property and then hit an org with malware? There is…

Read more →

They’re sorry/not sorry for testing if bots can change minds by pretending to be a trauma counselor or a victim of sexual abuse Researchers from the University of Zurich have admitted to secretly posting AI-generated material to popular Subreddit r/changemyview…

Read more →

Whoever could be behind this attack on an ethnic minority China despises? Researchers at Canada’s Citizen Lab have spotted a phishing campaign and supply chain attack directed at Uyghur people living outside China, and suggest it’s an example of Beijing’s…

Read more →

Florida man altered allergen info, DoSed former colleagues Former Disney employee Michael Scheuer was sentenced to 36 months in prison and fined almost $688,000 for screwing up a software application the entertainment giant used to cook up its restaurant menus.……

Read more →

Sometimes, silence is the best option An Oklahoma City cybersecurity professional accused of installing spyware on a hospital PC confirmed on LinkedIn key details of the drama.… This article has been indexed from The Register – Security Read the original…

Read more →

Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel RSAC  Chief security officers should negotiate personal liability insurance and a golden parachute when they start a new job – in case things go…

Read more →

Homeland Security boss Noem added as last-minute keynote, mind you RSAC  There’s a notable absence from this year’s RSA Conference that kicked off today in San Francisco: The NSA’s State of the Hack panel.… This article has been indexed from…

Read more →

Think of artificial intelligence as your embedded ally Sponsored post  AI is reshaping cybersecurity in real time, raising the stakes on both sides of the battlefield. For defenders, it brings speed, precision, and automation at scale, helping security teams detect…

Read more →

It took a 1 year+ probe, plenty of client calls for VeriSource to understand just how much of a yikes it has on its hands Houston-based VeriSource Services’ long-running probe into a February 2024 digital break-in shows the data of…

Read more →

It took a 1 year+ probe, plenty of client calls for VeriSource to understand just how much of a yikes it has on its hands Houston-based VeriSource Services’ long-running probe into a February 2024 digital break-in shows the data of…

Read more →

Image board hints that rumors of a poorly maintained back end may be true Clearweb cesspit 4chan is back up and running, but says the damage caused by a cyberattack earlier this month was “catastrophic.”… This article has been indexed…

Read more →

Image board hints that rumors of a poorly maintained back end may be true Clearweb cesspit 4chan is back up and running, but says the damage caused by a cyberattack earlier this month was “catastrophic.”… This article has been indexed…

Read more →

Redmond reckons $1.50/core/month hotpatch service is worth it to avoid eight Patch Tuesday scrambles each year Microsoft has announced that its preview of hotpatching for on-prem Windows Server 2025 will become a paid subscription service in July.… This article has…

Read more →

PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more! Infosec in brief  Samsung has warned that some of its Galaxy devices store passwords in plaintext.… This article has been indexed from…

Read more →

Infosec is a team sport … unless you’re in the White House Opinion  Just when it seems they couldn’t be that careless, US officials tasked with defending the nation go and do something else that puts American critical infrastructure, national…

Read more →

What next for US-bankrolled vulnerability tracker? It’s edging closer to a more independent, global future Kent Landfield, a founding member of the Common Vulnerabilities and Exposures (CVE) program and member of the board, learned through social media that the system…

Read more →

GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures Ivanti VPN users should stay alert as IP scanning for the vendor’s Connect Secure and Pulse Secure systems surged by 800 percent last week, according to…

Read more →

Where have we heard this before? Feb security update needs its own fix More than one month after complaints starting flying, Microsoft has fixed a Windows bug that caused some Remote Desktop sessions to freeze.… This article has been indexed…

Read more →

One step forward and one step back as earlier hopes of progress dashed by latest update Marks & Spencer has paused online orders for customers via its website and app as the UK retailer continues to wrestle with an ongoing…

Read more →

German software giant paywalls details, but experts piece together the clues SAP’s latest out-of-band patch is for a perfect 10/10 bug in NetWeaver that experts suspect could have already been exploited as a zero-day.… This article has been indexed from…

Read more →

Third-party data supplier also in hot water with Brit regulator over consent issues Britain’s data privacy watchdog has slapped a fine of £90k ($120k) on a business that targeted people with intrusive marketing phone calls, despite them being registered with…

Read more →

Because coding phishing sites from scratch is a real pain in the neck Darcula, a cybercrime outfit that offers a phishing-as-a-service kit to other criminals, this week added AI capabilities to its kit that help would-be vampires spin up phishing…

Read more →

At least it wasn’t Harvard Yale New Haven Health has notified more than 5.5 million people that their private details were likely stolen by miscreants who broke into the healthcare system’s network last month.… This article has been indexed from…

Read more →

This one weird trick can stop Windows updates dead in their tracks Turns out Microsoft’s latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now…

Read more →

Collecting data from solo players is a Far Cry from being necessary, says noyb For anyone who’s ever been frustrated by the need to go online to play a single-player video game, the European privacy specialists at noyb have heard…

Read more →

Customers told to expect further delays as contactless payments still down UK high street retailer Marks & Spencer says contactless payments are still down following its “cyber incident” and order delays are likely to continue.… This article has been indexed…

Read more →

Cybercriminals are targeting software shops, accountants, lawyers The percentage of confirmed data breaches involving third-party relationships doubled last year as cybercriminals increasingly exploited weak links in supply chains and partner ecosystems.… This article has been indexed from The Register –…

Read more →

Back of the nyet! Russian soldiers are being targeted with an Android app specially altered to pinpoint their location and scan their phones for files, with the ability to exfiltrate sensitive documents if instructed.… This article has been indexed from…

Read more →

Biggest threat to America’s critical infrastructure? Ransomware Digital scammers and extortionists bilked businesses and individuals in the US out of a “staggering” $16.6 billion last year, according to the FBI — the highest losses recorded since bureau’s Internet Crime Complaint…

Read more →

Tech giants don’t need smartphone mics to target adverts – your insurer just gives your data away, anyway US health insurance giant Blue Shield of California handed sensitive health information belonging to as many as 4.7 million members to Google’s…

Read more →

A mystery thief and a critical CVE involved in crypto cash grab Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.… This article has been indexed from The Register – Security…

Read more →

All aboard the hype train The security industry loves its buzzwords, and this is always on full display at the annual RSA Conference event in San Francisco. Don’t believe us? Take a lap on the expo floor, and you’ll be…

Read more →

Stolen credentials edge out email tricks for cloud break-ins because they’re so easy to get Criminals used stolen credentials more frequently than email phishing to gain access into their victims’ IT systems last year, marking the first time that compromised…

Read more →

Bake in security now or pay later, says Mike Rogers AI engineers should take a lesson from the early days of cybersecurity and bake safety and security into their models during development, rather than trying to bolt it on after…

Read more →

The CVE system nearly dying shows that someone has lost the plot Opinion  We almost lost the Common Vulnerabilities and Exposures (CVE) database system, but that’s only the tip of the iceberg of what President Trump and company are doing…

Read more →

Chrome will keep third-party cookies, a loss for privacy but a win for web ad rivals After six years of work, Google’s Privacy Sandbox, technology for delivering ads while protecting privacy, looks like dust in the wind.… This article has…

Read more →

As cyber-agency faces cuts, makes noises about switching up program Two top officials have resigned from Uncle Sam’s Cybersecurity and Infrastructure Security Agency, aka CISA, furthering fears of a brain drain amid White House cuts to the federal workforce.… This…

Read more →