Category: The Register – Security

CEO: Neural net tech ‘flattens our hiring curve, helps us innovate’ CrowdStrike – the Texas antivirus slinger famous for crashing millions of Windows machines last year – plans to cut five percent of its staff, or about 500 workers, in…

Read more →

Judge allows aspects of passenger lawsuit to proceed A federal judge has cleared the runway for a class action from disgruntled passengers against Delta Air Lines as turbulence from last year’s CrowdStrike debacle continues to buffet the carrier.… This article…

Read more →

We were shocked – SHOCKED – by the answer Mirror, mirror on the wall, who is the slurpiest mobile browser of them all? The answer, according to VPN vendor Surfshark, is Chrome.… This article has been indexed from The Register…

Read more →

Lead dev likens flood to ‘effectively being DDoSed’ Curl project founder Daniel Stenberg is fed up with of the deluge of AI-generated “slop” bug reports and recently introduced a checkbox to screen low-effort submissions that are draining maintainers’ time.… This…

Read more →

Prime Minister bemoans bullying, addiction, and inappropriate content – but isn’t planning a rapid vote New Zealand’s government has signaled its support for a bill to ban social media for children under 16, but without explicitly making it a government…

Read more →

Don’t f&#k with Zuck A California jury has awarded Meta more than $167 million in damages from Israeli surveillanceware slinger NSO Group, after the latter exploited a flaw in WhatsApp to allow its government customers to spy on supposedly secure…

Read more →

Don’t f&#k with Zuck A California jury has awarded Meta more than $167 million in damages from Israeli surveillanceware slinger NSO Group, after the latter exploited a flaw in WhatsApp to allow its government customers to spy on supposedly secure…

Read more →

What was the plan, showing her his big iron? A now-former manager at Computacenter claims he was unfairly fired after alerting management that a colleague was repeatedly giving his girlfriend unauthorized access to Deutsche Bank’s server rooms.… This article has…

Read more →

(If only that would keep folks off unsanctioned chat app side quests) The US Department of Defense (DoD) is overhauling its “outdated” software procurement systems, and insists it’s putting security at the forefront of decision-making processes.… This article has been…

Read more →

(If only that would keep folks off unsanctioned chat app side quests) The US Department of Defense (DoD) is overhauling its “outdated” software procurement systems, and insists it’s putting security at the forefront of decision-making processes.… This article has been…

Read more →

Because who needs cybersecurity when there’s culture wars to win President Trump’s dream 2026 budget would gut the US govt’s Cybersecurity and Infrastructure Security Agency, aka CISA, by $491 million – about 17 percent – and accuses the organization of…

Read more →

No, really? That’s a shocking surprise An unidentified miscreant is said to have obtained US government communications from TeleMessage, a messaging and archiving app based on the open-source Signal app and used by ousted national security advisor Michael Waltz.… This…

Read more →

Hails DOGE operatives for computer skills during interview in which he also flubbed some tech investment figures US President Donald Trump has said TikTok will be “very strongly protected” as the made-in-China social network has “a warm spot in my…

Read more →

PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more! PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more! India’s ambition to become a global semiconductor manufacturing player went backwards last…

Read more →

PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more! Infosec In Brief  Microsoft has decided to push its consumer customers to dump password in favor of passkeys.… This article has been indexed from The Register –…

Read more →

With North Korean IT workers storming the gates, too RSAC  Another RSAC has come and gone, with almost 44,000 attendees this year spread across San Francisco’s Moscone Center and the surrounding facilities, according to conference organizers. Hopefully, all of us…

Read more →

El Reg checks out shop in SF On Thursday, six stores across America opened their doors with a curious proposition: Come on in, let a metal orb scan your irises, and walk out with a new online profile that promises…

Read more →

A 25-year-old California man pleaded guilty to stealing and dumping 1.1TB of data from the House of Mouse When someone stole more than a terabyte of data from Disney last year, it was believed to be the work of Russian…

Read more →

Real-time video deepfakes? Not convincing yet RSAC  Spam messages predate the web itself, and generative AI has given it a fluency upgrade, churning out slick, localized scams and letting crooks hit regions and dialects they used to ignore.… This article…

Read more →

UK starts prosecution days after FBI vowed to clamp down on the crime Three young Brits are accused of stateside swatting offences and will appear in a UK court today to face their charges after a joint investigation by the…

Read more →

Experts suggest the obvious: There is an ongoing coordinated attack on the Britain’s retail sector Globally recognized purveyor of all things luxury Harrods is the third major UK retailer to confirm an attempted cyberattack on its systems in under two…

Read more →

House Oversight probes missing Musk disclosures, background checks, data mess at NLRB Elon Musk is backing away from his Trump-blessed government gig, but now House Democrats want to see the permission slip that got him in the door.… This article…

Read more →

This time criminals targeted partner’s third-party software It’s more bad news from Ascension Health which is informing some of its patients, potentially for the second time in the space of a year, that their medical data was compromised during a…

Read more →

Will the personal assistant shop for groceries? Or get hijacked by a teen? RSAC  If Amazon’s Alexa+ works as intended, it could show how an AI assistant helps with everyday tasks like making dinner reservations or arranging an oven repair.…

Read more →

President’s campaign continues against man he claims covered up evidence of electoral fraud in 2020 Chris Krebs, former CISA director and current political punching bag for the US President, says his Global Entry membership was revoked.… This article has been…

Read more →

No MFA? No problem – as long as you show you’ve learned your lesson The UK’s data protection overlord is not going to pursue any further investigation into the British Library’s 2023 ransomware attack.… This article has been indexed from…

Read more →

For now it’s a potential bug-finder and friend to defenders RSAC  Former NSA cyber-boss Rob Joyce thinks today’s artificial intelligence is dangerously close to becoming a top-tier vulnerability exploit developer.… This article has been indexed from The Register – Security…

Read more →

Cybersecurity is national security, says Jen Easterly RSAC  America’s top cyber-defense agency is “being undermined” by personnel and budget cuts under the Trump administration, some of which are being driven by an expectation of perfect loyalty to the President rather…

Read more →

Feds say $970K scheme defrauded 13+ companies A Maryland man has pleaded guilty to fraud after landing a job with a contractor working on US government software, and then outsourcing the work to a self-described North Korean developer in China.……

Read more →

Feds say $970k scheme defrauded 13+ companies A Maryland man has pleaded guilty to fraud after landing a job with a contractor working on US government software, and then outsourcing the work to a self-described North Korean developer in China.……

Read more →

No specific law against it yet, but that’s set to change A spate of high-profile swatting incidents in the US recently forced the FBI into action with its latest awareness campaign about the occasionally deadly practice.… This article has been…

Read more →

Go ahead, please do Bash static analysis Shell scripting may finally get a proper bug-checker. A group of academics has proposed static analysis techniques aimed at improving the correctness and reliability of Unix shell programs.… This article has been indexed…

Read more →

A cloud security platform that manages the attack surface and security vulnerabilities in AWS Sponsored post  You’d be naïve to believe that the cloud is secure by default, and while most hosting services provide basic defenses, it’s not always clear…

Read more →

Google dumped io_uring after $1M in bug bounties A proof-of-concept program has been released to demonstrate a so-called monitoring “blind spot” in how some Linux antivirus and other endpoint protection tools use the kernel’s io_uring interface.… This article has been…

Read more →

As Big Tech gets used to the pain, smaller vendors urged to up their game This article has been indexed from The Register – Security Read the original article: Enterprise tech dominates zero-day exploits with no signs of slowdown

Read more →

Former Rear Admiral calls for National Guard online deployment and corporates to be held accountable RSAC  Russia used to be considered America’s biggest adversary online, but over the past couple of years China has taken the role, and is proving…

Read more →

Top voices warn that political retaliation puts democracy and national defense at risk The Electronic Frontier Foundation (EFF) and numerous infosec leaders are lobbying US President Donald Trump to drop his enduring investigation into Chris Krebs, claiming that targeting the…

Read more →

Artificial intelligence is helping Beijing’s goons break in faster and stay longer RSAC  The biggest threat to US critical infrastructure, according to FBI Deputy Assistant Director Cynthia Kaiser, can be summed up in one word: “China.”… This article has been…

Read more →

FBI and others list how to spot NK infiltrators, but AI will make it harder RSAC  Concerned a new recruit might be a North Korean stooge out to steal intellectual property and then hit an org with malware? There is…

Read more →

They’re sorry/not sorry for testing if bots can change minds by pretending to be a trauma counselor or a victim of sexual abuse Researchers from the University of Zurich have admitted to secretly posting AI-generated material to popular Subreddit r/changemyview…

Read more →

Whoever could be behind this attack on an ethnic minority China despises? Researchers at Canada’s Citizen Lab have spotted a phishing campaign and supply chain attack directed at Uyghur people living outside China, and suggest it’s an example of Beijing’s…

Read more →

Florida man altered allergen info, DoSed former colleagues Former Disney employee Michael Scheuer was sentenced to 36 months in prison and fined almost $688,000 for screwing up a software application the entertainment giant used to cook up its restaurant menus.……

Read more →

Sometimes, silence is the best option An Oklahoma City cybersecurity professional accused of installing spyware on a hospital PC confirmed on LinkedIn key details of the drama.… This article has been indexed from The Register – Security Read the original…

Read more →

Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel RSAC  Chief security officers should negotiate personal liability insurance and a golden parachute when they start a new job – in case things go…

Read more →

Homeland Security boss Noem added as last-minute keynote, mind you RSAC  There’s a notable absence from this year’s RSA Conference that kicked off today in San Francisco: The NSA’s State of the Hack panel.… This article has been indexed from…

Read more →

Think of artificial intelligence as your embedded ally Sponsored post  AI is reshaping cybersecurity in real time, raising the stakes on both sides of the battlefield. For defenders, it brings speed, precision, and automation at scale, helping security teams detect…

Read more →

It took a 1 year+ probe, plenty of client calls for VeriSource to understand just how much of a yikes it has on its hands Houston-based VeriSource Services’ long-running probe into a February 2024 digital break-in shows the data of…

Read more →

It took a 1 year+ probe, plenty of client calls for VeriSource to understand just how much of a yikes it has on its hands Houston-based VeriSource Services’ long-running probe into a February 2024 digital break-in shows the data of…

Read more →

Image board hints that rumors of a poorly maintained back end may be true Clearweb cesspit 4chan is back up and running, but says the damage caused by a cyberattack earlier this month was “catastrophic.”… This article has been indexed…

Read more →

Image board hints that rumors of a poorly maintained back end may be true Clearweb cesspit 4chan is back up and running, but says the damage caused by a cyberattack earlier this month was “catastrophic.”… This article has been indexed…

Read more →

Redmond reckons $1.50/core/month hotpatch service is worth it to avoid eight Patch Tuesday scrambles each year Microsoft has announced that its preview of hotpatching for on-prem Windows Server 2025 will become a paid subscription service in July.… This article has…

Read more →

PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more! Infosec in brief  Samsung has warned that some of its Galaxy devices store passwords in plaintext.… This article has been indexed from…

Read more →

Infosec is a team sport … unless you’re in the White House Opinion  Just when it seems they couldn’t be that careless, US officials tasked with defending the nation go and do something else that puts American critical infrastructure, national…

Read more →

What next for US-bankrolled vulnerability tracker? It’s edging closer to a more independent, global future Kent Landfield, a founding member of the Common Vulnerabilities and Exposures (CVE) program and member of the board, learned through social media that the system…

Read more →

GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures Ivanti VPN users should stay alert as IP scanning for the vendor’s Connect Secure and Pulse Secure systems surged by 800 percent last week, according to…

Read more →

Where have we heard this before? Feb security update needs its own fix More than one month after complaints starting flying, Microsoft has fixed a Windows bug that caused some Remote Desktop sessions to freeze.… This article has been indexed…

Read more →

One step forward and one step back as earlier hopes of progress dashed by latest update Marks & Spencer has paused online orders for customers via its website and app as the UK retailer continues to wrestle with an ongoing…

Read more →

German software giant paywalls details, but experts piece together the clues SAP’s latest out-of-band patch is for a perfect 10/10 bug in NetWeaver that experts suspect could have already been exploited as a zero-day.… This article has been indexed from…

Read more →

Third-party data supplier also in hot water with Brit regulator over consent issues Britain’s data privacy watchdog has slapped a fine of £90k ($120k) on a business that targeted people with intrusive marketing phone calls, despite them being registered with…

Read more →

Because coding phishing sites from scratch is a real pain in the neck Darcula, a cybercrime outfit that offers a phishing-as-a-service kit to other criminals, this week added AI capabilities to its kit that help would-be vampires spin up phishing…

Read more →

At least it wasn’t Harvard Yale New Haven Health has notified more than 5.5 million people that their private details were likely stolen by miscreants who broke into the healthcare system’s network last month.… This article has been indexed from…

Read more →

This one weird trick can stop Windows updates dead in their tracks Turns out Microsoft’s latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now…

Read more →

Collecting data from solo players is a Far Cry from being necessary, says noyb For anyone who’s ever been frustrated by the need to go online to play a single-player video game, the European privacy specialists at noyb have heard…

Read more →

Customers told to expect further delays as contactless payments still down UK high street retailer Marks & Spencer says contactless payments are still down following its “cyber incident” and order delays are likely to continue.… This article has been indexed…

Read more →

Cybercriminals are targeting software shops, accountants, lawyers The percentage of confirmed data breaches involving third-party relationships doubled last year as cybercriminals increasingly exploited weak links in supply chains and partner ecosystems.… This article has been indexed from The Register –…

Read more →

Back of the nyet! Russian soldiers are being targeted with an Android app specially altered to pinpoint their location and scan their phones for files, with the ability to exfiltrate sensitive documents if instructed.… This article has been indexed from…

Read more →

Biggest threat to America’s critical infrastructure? Ransomware Digital scammers and extortionists bilked businesses and individuals in the US out of a “staggering” $16.6 billion last year, according to the FBI — the highest losses recorded since bureau’s Internet Crime Complaint…

Read more →

Tech giants don’t need smartphone mics to target adverts – your insurer just gives your data away, anyway US health insurance giant Blue Shield of California handed sensitive health information belonging to as many as 4.7 million members to Google’s…

Read more →

A mystery thief and a critical CVE involved in crypto cash grab Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.… This article has been indexed from The Register – Security…

Read more →

All aboard the hype train The security industry loves its buzzwords, and this is always on full display at the annual RSA Conference event in San Francisco. Don’t believe us? Take a lap on the expo floor, and you’ll be…

Read more →

Stolen credentials edge out email tricks for cloud break-ins because they’re so easy to get Criminals used stolen credentials more frequently than email phishing to gain access into their victims’ IT systems last year, marking the first time that compromised…

Read more →

Bake in security now or pay later, says Mike Rogers AI engineers should take a lesson from the early days of cybersecurity and bake safety and security into their models during development, rather than trying to bolt it on after…

Read more →

The CVE system nearly dying shows that someone has lost the plot Opinion  We almost lost the Common Vulnerabilities and Exposures (CVE) database system, but that’s only the tip of the iceberg of what President Trump and company are doing…

Read more →

Chrome will keep third-party cookies, a loss for privacy but a win for web ad rivals After six years of work, Google’s Privacy Sandbox, technology for delivering ads while protecting privacy, looks like dust in the wind.… This article has…

Read more →

As cyber-agency faces cuts, makes noises about switching up program Two top officials have resigned from Uncle Sam’s Cybersecurity and Infrastructure Security Agency, aka CISA, furthering fears of a brain drain amid White House cuts to the federal workforce.… This…

Read more →

In effect: ‘Ha ha – the government is borked and so are you’ Ransomware scumbags – potentially those behind the Fog gang – are channeling their inner Elon Musk with their latest ransom note, spotted by researchers at Trend Micro.……

Read more →

Security bods can earn up to $10K per report Ransomware threat hunters can now collect rewards of $10,000 for each piece of intel they file under a new bug bounty that aims to squash extortionists.… This article has been indexed…

Read more →

Retailer tight-lipped on details as digital hiccup disrupts customer orders UK high street mainstay Marks & Spencer told the London Stock Exchange this afternoon it has been managing a “cyber incident” for “the past few days.”… This article has been…

Read more →

What used to be a serious issue mainly in Southeast Asia is now the world’s problem Scam call centers are metastasizing worldwide “like a cancer,” according to the United Nations, which warns the epidemic has reached a global inflection point…

Read more →

10 other certificates ‘were mis-issued and have now been revoked’ Certificate issuer SSL.com’s domain validation system had an unfortunate bug that was exploited by miscreants to obtain, without authorization, digital certs for legit websites.… This article has been indexed from…

Read more →

Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative…

Read more →

It’s now hitting govt, enterprise targets On March 11 – Patch Tuesday – Microsoft rolled out its usual buffet of bug fixes. Just eight days later, miscreants had weaponized one of the vulnerabilities, using it against government and private sector…

Read more →

AI-spoofed Mark joins fellow billionaires as the voice of the street – here’s how it was probably done Video  Crosswalk buttons in various US cities were hijacked over the past week or so to – rather than robotically tell people…

Read more →

Using LLMs to pick programs, people, contracts to cut is bad enough – but doing it with Musk’s Grok? Yikes A group of 48 House Democrats is concerned that Elon Musk’s cost-trimmers at DOGE are being careless in their use…

Read more →

Some in the infosec world definitely want to see Big Red crucified CISA – the US government’s Cybersecurity and Infrastructure Security Agency – has issued an alert for those who missed Oracle grudgingly admitting some customer data was stolen from…

Read more →

MITRE, EUVD, GCVE … WTF? Comment  The splintering of the global system for identifying and tracking security bugs in technology products has begun.… This article has been indexed from The Register – Security Read the original article: CVE fallout: The…

Read more →

Illegitimi non carborundum? Nice password, Mr Ex-CISA Chris Krebs, the former head of the US Cybersecurity and Infrastructure Security Agency (CISA) and a longtime Trump target, has resigned from SentinelOne following a recent executive order that targeted him and revoked…

Read more →

Illegitimi non carborundum? Nice password, Mr Ex-CISA Chris Krebs, the former head of the US Cybersecurity and Infrastructure Security Agency (CISA) and a longtime Trump target, has resigned from SentinelOne following a recent executive order that targeted him and revoked…

Read more →

Truck-mounted demonstration weapon costs 10p a pop, says MOD British soldiers have successfully taken down drones with a radio-wave weapon.… This article has been indexed from The Register – Security Read the original article: Brit soldiers tune radio waves to…

Read more →

Ignored infosec rules, exfiltrated data … then the mysterious login attempts from a Russian IP address began – claim Democratic lawmakers are calling for an investigation after a tech staffer at the US National Labor Relations Board (NLRB) blew the…

Read more →

Extraordinary rendition of data, or just dropped it out of a helicopter? CIA Director John Ratcliffe’s smartphone has almost no trace left of the infamous Signalgate chat – the one in which he and other top US national security officials…

Read more →

Microsoft rewards those who patch early with bricks hurled through its operating system Keeping with its rich history of updates that break Windows in unexpected ways, Microsoft has warned that two recent patches for Windows 11 24H2 are triggering blue…

Read more →

From noise to clarity: Why CISOs are shifting to adversarial exposure validation Partner content  A vast majority of security teams are overwhelmed by the large number of security alerts and vulnerabilities.… This article has been indexed from The Register –…

Read more →

Feds extend vulnerability nerve-center contract at 11th hour In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) Program.… This article has been indexed from The Register – Security…

Read more →

DPP Law is appealing against data watchdog’s conclusions A law firm is appealing against a £60,000 fine from the UK’s data watchdog after 32 GB of personal information was stolen from its systems.… This article has been indexed from The…

Read more →

Vintage phishing varietal has improved with age Russia never stops using proven tactics, and its Cozy Bear, aka APT 29, cyber-spies are once again trying to lure European diplomats into downloading malware with a phony invitation to a lux event.……

Read more →

It involves a number close to three or six depending on the fiend Ransomware operators jack up their ransom demands by a factor of 2.8x if they detect a victim has cyber-insurance, a study highlighted by the Netherlands government has…

Read more →

Because vulnerability management has nothing to do with national security, right? US government funding for the world’s CVE program – the centralized Common Vulnerabilities and Exposures database of product security flaws – ends Wednesday.… This article has been indexed from…

Read more →

800K? Make that double, and we’ll need a double, too, for the pain A Texas firm that provides backend IT and other services for American insurers has admitted twice as many people had their info stolen from it than previously…

Read more →

Source code, moderator info, IP addresses, more allegedly swiped and leaked Thousands of 4chan users reported outages Monday night amid rumors on social media that the edgy anonymous imageboard had been ransacked by an intruder, with someone on a rival…

Read more →