Category: The Register – Security

Time for AWS and pals to start thinking about JVs? Cloud services providers that aren’t based in Europe — like the Big Three — may have to team up with a cloud that is operated and maintained from the EU if…

Read more →

Workers slam ‘horrendous’ handling of layoffs that left even ‘engineering managers in the dark’ Exclusive  Software supply chain management biz Sonatype has laid off 14 percent of its global workforce, according to internal documents seen by The Register.… This article…

Read more →

We’ll believe our DMs are encrypted when someone provides proof, thanks Twitter has rolled out some quality of life updates for direct messages on the platform, and CEO Elon Musk reckons the site is to start encrypting DMs, beginning today,…

Read more →

Admits to cyberstalking, wire fraud charges as Feds take $700k off him, claim he took part in swatting attacks A 23-year-old British citizen has confessed to “multiple schemes” involving computer crimes, including playing a part in the July 2020 Twitter…

Read more →

Don’t let the cyber-criminals spread through your enterprise Sponsored  Microsoft 365 has worked its way into so many facets of our organizations that it can be hard to imagine what life would be like without it.… This article has been…

Read more →

Admits to cyberstalking, wire fraud charges as Feds take $700k off him, claim he took part in swatting attacks A 23-year-old British citizen has confessed to “multiple schemes” involving computer crimes, including playing a part in the July 2020 Twitter…

Read more →

Analyst says expense ‘no small drop in ocean’ but reputational damage could be ‘far greater’ Britain’s leaky outsourcing behemoth Capita is warning investors that the clean-up bill for its recent digital break-in will cost up to £20 million ($25.24 million).……

Read more →

Fujitsu in the frame for foul up with government document dispersal app Japan’s minister for digital transformation and digital reform, Tono Karo, has apologized after a government app breached citizens’ privacy.… This article has been indexed from The Register –…

Read more →

On the plus side, this month’s update batch is a bit smaller than usual Patch Tuesday  May’s Patch Tuesday brings some good and some bad news, and if you’re a glass-half-full type, you’d lead off with Microsoft’s relatively low number…

Read more →

Perseus to the rescue as Snake eats itself The FBI has cut off a network of Kremlin-controlled computers used to spread the Snake malware which, according to the Feds, has been used by Russia’s FSB to steal sensitive documents from…

Read more →

Mandatory measure against attackers who spam MFA folks into submission Microsoft is hoping to curb a growing threat to multi-factor authentication (MFA) by enforcing a number-matching step for those using Microsoft Authenticator push notifications when signing into services.… This article…

Read more →

Potential roles for IT pros and lawyers, European city location included Tired of working for an egomaniacal startup boss or dull enterprise biz? A new org has been proposed called the Tech Lab, where you’d investigate the worst kinds of…

Read more →

Retaliation or national security? Beijing sent a message to foreign businesses this week when it launched an investigation into Shanghai-based Capvision Partners on the grounds of national security, accusing the consultancy firm of failure to prevent espionage.… This article has…

Read more →

Plus: Court-ordered domain seizures of DDoS-for-hire sites Intel is investigating reports that BootGuard private keys, used to protect PCs from hidden malware, were leaked when data belonging to Micro-Star International (MSI) was stolen and dumped online. … This article has been…

Read more →

Plus: Court-ordered domain seizures of DDoS-for-hire sites Intel is investigating reports that BootGuard private keys, used to protect PCs from hidden malware, were leaked when data belonging to Micro-Star International (MSI) was stolen and dumped online. … This article has been…

Read more →

Hard times for buyers of these hard drives Customer information was stolen from the IT systems of Western Digital in that March IT security breach, forcing the storage manufacturer to shut down its online store until at least next week.……

Read more →

XSS marks the spot WordPress users with the Advanced Custom Fields plugin on their website should upgrade after the discovery of a vulnerability in the code that could open up sites and their visitors to cross-site scripting (XSS) attacks.… This…

Read more →

Perhaps one of the thousands of people laid off from the biz could have fixed it, just a thought Twitter has finally admitted a “security incident” caused some users’ semi-private Twitter Circle tweets to show up on others’ timelines.… This…

Read more →

Guess this’ll have to do while we wait for *checks notes* ES 2025 Microsoft last year said that it was putting off the next version of Exchange Server until the second half of 2025 so engineers could continue bulking up…

Read more →

Also, Capita’s buckets are leaking, ransomware attackers deliver demands via emergency alert, and this week’s critical vulns in brief  We’d say you’ll never guess which telco admitted to a security breakdown last week, but you totally will: T-Mobile US, and…

Read more →

Can’t wait to see how these AI models hold up against a weekend of red-teaming by infosec’s village people This year’s DEF CON AI Village has invited hackers to show up, dive in, and find bugs and biases in large…

Read more →

Security hole ranks 9.8 out of 10 in severity, 0 out of 10 in patch availability There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping…

Read more →

Texas officials preach limited government … but not this limited The city of Dallas, Texas, is working to restore city services following a ransomware attack that crippled its IT systems.… This article has been indexed from The Register – Security…

Read more →

Weeks after outsourcer admits ‘cyber incident’ more warnings issued Capita is telling pension customers that some data contained within its systems was potentially accessed when criminals broke into the outsourcing giant’s tech infrastructure earlier this year.… This article has been…

Read more →

National Savings & Investment contracting for massive tech deals as customers complain of 2FA failure The UK National Savings and Investment bank is being bombarded with complaints over failing online security and authentication features which customers say have locked them…

Read more →

Pot, meet kettle, both containing weak sauce The National Computer Virus Emergency Response Center of China and local infosec outfit 360 Total Security have conducted an investigation called “The Matrix” that found the CIA conducts offensive cyber ops, and labelled…

Read more →

Exec begged judge for leniency – and it worked Joe Sullivan won’t serve any serious time behind bars for his role in covering up Uber’s 2016 computer security breach and trying to pass off a ransom payment as a bug…

Read more →

Deals between Zuckercorp + FTC in 2012 and 2020 are being ignored, so time to get stricter, says commish The US Federal Trade Commission is preparing to take action against Facebook parent company Meta for a third time over claims…

Read more →

‘But they’re gonna take my thumbs’ hits different in 2023 Google wants to take us further into a passwordless future by allowing personal account holders to login using passkeys rather than using passphrases and multifactor authentication (MFA).… This article has…

Read more →

Who would have thought crims would try using Facebook to fool people? Meta says it has shut down over 1,000 links related to ChatGPT that lead its users to malware, as criminals seek to profit from the current craze for…

Read more →

‘The get-out-of-jail-free card option has been removed’ as one expert put it Merck’s insurers can’t use an “act of war” clause to deny the pharmaceutical giant an enormous payout to clean up its NotPetya infection, a court has ruled.… This…

Read more →

As blue check marks start showing up in Gmail Logowatch  Google plans to retire the padlock icon that appears in the Chrome status bar during a secure HTTPS web browsing session because the interface graphic has outlived its usefulness.… This…

Read more →

New GIAC Security Professional and revamped GIAC Security Expert qualifications offer increased choice and flexibility for cybersecurity pros Sponsored Post  The importance of certifications such as the GIAC (Global Information Assurance Certification) has never been greater for infosec professionals. Because…

Read more →

Maybe you’re just installing it wrong? Apple on Monday pushed to some iPhones and Macs its first-ever rapid security fix.… This article has been indexed from The Register – Security Read the original article: Apple pushes first-ever ‘rapid’ patch –…

Read more →

Oracle and Apache holes also on Uncle Sam’s list of big bad abused bugs The US government’s Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that…

Read more →

We moved fast and broke things, people got harassed and murdered, so let’s revisit privacy Apple and Google have come together to develop an industry specification to prevent “unwanted tracking,” otherwise known as stalking, via Bluetooth location tracking tags.… This…

Read more →

US tells criminals it ‘will find you’ and has a particular set of skills In an international operation 288 people have been arrested across the US, Europe and South America after allegedly selling opioids on the now-shuttered Monopoly Market dark…

Read more →

How to recover from cyber attacks on Microsoft 365 Webinar  Every organization needs a full set of data recovery tools. The sort that will get you back up and running quickly after a ransomware attack, outage, or accidental data deletion.…

Read more →

Ransoms, investigations, and breach-related lawsuits are hitting companies in the wallet, law firm says Data loss – particularly from ransomware attacks – has always been a costly proposition for enterprises. However, the price organizations have to pay is going up,…

Read more →

Nasty emails designed to infect systems with info-stealing malware The Kremlin-backed threat group APT28 is flooding Ukrainian government agencies with email messages about bogus Windows updates in the hope of dropping malware that will exfiltrate system data.… This article has…

Read more →

119,000 instances of homeland snooping as the power to do so comes under review Warrantless searches of US residents’ communications by the FBI dropped sharply last year – from about 3.4 million in 2021 to 119,383 in 2022, according to…

Read more →

Patient data ‘was and is never endangered’, says medical tech slinger German IT services provider Bitmarck has shut down all of its customer and internal systems, including entire datacenters in some cases, following a cyberattack. … This article has been indexed…

Read more →

Patient data ‘was and is never endangered’ German IT services provider Bitmarck has shut down all of its customer and internal systems, including entire datacenters in some cases, following a cyberattack. … This article has been indexed from The Register –…

Read more →

How cloud migration and machine identities are fueling enterprise demand for secrets management systems Sponsored Feature  There’s no question that fast-feedback software delivery offers multiple advantages by streamlining processes for developers. But in software development, as in life, there is…

Read more →

Also: Your Salesforce Community site might be leaking; a new CPU side-channel; and this week’s critical vunls in brief  You may have heard news this week that Google is finally updating its authenticator app to add Google account synchronization. Before…

Read more →

There are pranks, and savage pranks, and this prank when the CTO and HR ganged up on a very stressed techie Who, Me?  Welcome once again, gentle reader, to the safe space we call Who, Me? in which Reg readers…

Read more →

Combatting it is going to take more money. Lots of more money. China has 50 hackers for every one of the FBI’s cyber-centric agents, the Bureau’s director told a congressional committee last week.… This article has been indexed from The…

Read more →

World’s encyclopedia warns draft law could boot it offline in UK Wikipedia won’t be age-gating its services no matter what final form the UK’s Online Safety Bill takes, two senior folks from nonprofit steward the Wikimedia Foundation said this morning.……

Read more →

Hands off those Chrome users, they’re ours! Google said it obtained a court order to shut down domains used to distribute CryptBot after suing the distributors of the info-stealing malware.… This article has been indexed from The Register – Security…

Read more →

Now that’s a C change we can back Microsoft is rewriting core Windows libraries in the Rust programming language, and the more memory-safe code is already reaching developers.… This article has been indexed from The Register – Security Read the…

Read more →

Now that’s a C change we can support Microsoft is rewriting core Windows libraries in the Rust programming language, and the more memory-safe code is already reaching developers.… This article has been indexed from The Register – Security Read the…

Read more →

Remember next time Redmond begs you not to install another browser You might want to think twice before typing anything into Microsoft’s Edge browser, as an apparent bug in a recent release of Redmond’s Chromium clone appears to be funneling…

Read more →

Remember that next time Redmond begs you not to install another browser You might want to think twice before typing anything into Microsoft’s Edge browser, as an apparent bug in a recent release of Redmond’s Chromium clone appears to be…

Read more →

If the DPRK is named, you know it somehow involves Lazarus Group The US government is aggressively pursuing three men accused of wide-ranging and complex conspiracies of laundering stolen and illicit cryptocurrency that the North Korean regime used to finance…

Read more →

ChatGPT is just the beginning: CISOs need to prepare for the next wave of AI-powered attacks Sponsored Feature  Change in the tech industry is usually evolutionary, but perhaps more interesting are the exceptions to this rule – the microprocessor in…

Read more →

Two out of three public-facing app instances open to hijacking Apache Superset until earlier this year shipped with an insecure default configuration that miscreants could exploit to login and take over the data visualization application, steal data, and execute malicious…

Read more →

OT firms construct handy early-warning info-sharing system RSA Conference  A group of some of the largest operational technology companies are using this year’s RSA Conference as an opportunity to launch an open source early-threat-warning system designed for OT and industrial…

Read more →

Send in the LLMs RSA Conference  Google Cloud used the RSA 2023 conference to talk about how it’s injected artificial intelligence into various corners of its security-related services.… This article has been indexed from The Register – Security Read the…

Read more →

It’s like those TV movies where a spy cuts a wire and the whole building’s security goes out Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into…

Read more →

It’s like those TV movies where a spy cuts a wire and the whole building’s security goes out Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into…

Read more →

AuKill abuses a deprecated tool to disable security processes ahead of the attack Ransomware gangs are abusing an out-of-date Microsoft software driver to disable security defenses before dropping malware into the targeted systems.… This article has been indexed from The…

Read more →

AuKill abuses a deprecated tool to disable security processes ahead of the attack Ransomware gangs are abusing an out-of-date Microsoft software driver to disable security defenses before dropping malware into the targeted systems.… This article has been indexed from The…

Read more →

Also, Finland sentences CEO of breach company to prison (kind of), and this week’s laundry list of critical vulns In Brief  We thought it was probably the case when the news came out, but now it’s been confirmed: The X_Trader…

Read more →

ALSO: Australia says offensive hacking is working; DJI hit with $279m patent suit; Philippines Police leak data; and more Asia In Brief  Chinese scientists have estimated the mass of the Milky Way.… This article has been indexed from The Register…

Read more →

Another cyber nuisance in support of Putin’s war, nothing too serious Europe’s air-traffic agency appears to be the latest target in pro-Russian miscreants’ attempts to disrupt air travel.… This article has been indexed from The Register – Security Read the…

Read more →

Redmond tops industry average, still got a way to go Microsoft has partnered with organizations around the globe to bring more women into infosec roles, though the devil is in the details.… This article has been indexed from The Register…

Read more →

Why? Well, think of the children, of course An international group of law enforcement agencies are urging Meta not to standardize end-to-end encryption on Facebook Messenger and Instagram, which they say will harm their ability to fight child sexual abuse…

Read more →

Patient data covering sensitive areas has long been a high-value target for cybercriminals Sponsored Post  Digital patient medical records now cover a whole gamut of sensitive details such as clinical diagnoses/treatments, prescriptions, personal finances and insurance policies. Which makes keeping…

Read more →

Guessing the admin password is cool. Using it, even for good, is dangerous On Call  It’s always twelve o’clock somewhere, the saying goes, but Friday comes around but once a week and only this day dies The Register offer a…

Read more →

Admits criminals accessed 4% of servers from March 22 until it spotted them at month-end Business process outsourcing and tech services player Capita says there is proof that some customer data was scooped up by cyber baddies that broke into…

Read more →

Threat hunters traced it back to malware-laced Trading Technologies’ software The supply-chain attack against 3CX last month was caused by an earlier supply-chain compromise of a different software firm — Trading Technologies — according to Mandiant, whose consulting crew was…

Read more →

Operational AI cybersecurity systems have been gaining valuable experience that will enable them to defend against AI-armed opponents. Sponsored Feature  For some time now, alerts concerning the utilisation of AI by cybercriminals have been sounded in specialist and mainstream media…

Read more →

ICS security is fast becoming a frontline defense against hackers intent on causing mayhem Sponsored Post  Some of the most famous cyber attacks in history have been directed against Industrial Control Systems (ICS).… This article has been indexed from The…

Read more →

‘Does have a somewhat Lapsus$ish feel’ we’re told The Medusa ransomware gang has posted what it claims is a massive leak of internal Microsoft materials, including Bing and Cortana source code.… This article has been indexed from The Register –…

Read more →

Chocolate Factory can afford some staples now, or? Six years after a jury decided otherwise, Google has convinced an appeals court to reverse a $20 million judgment against the web giant after Chrome infringed some patents.… This article has been…

Read more →

Chocolate Factory can afford some staples now, or? Six years after a jury decided otherwise, Google has convinced an appeals court to reverse a $20 million judgment against the web giant after Chrome infringed some patents.… This article has been…

Read more →

NSO and others are still out there, but pariahs find it hard to do business Analysis  Israeli spyware shop QuaDream is reportedly shutting down due to financial troubles.… This article has been indexed from The Register – Security Read the…

Read more →

Publishing provenance possibly prevents problems Developers who use GitHub Actions to build software packages for the npm registry can now add a command flag that will publish details about the code’s origin.… This article has been indexed from The Register…

Read more →

How to manage your cloud and container vulnerabilities at scale Webinar  There’s nothing complicated about the statistics released in Sysdig’s latest report. They’re alarming and should keep many an IT team up at night.… This article has been indexed from…

Read more →

Also a bunch of Russians plus someone giving free trips to the Motherland Four US citizens have been accused of working on behalf of the Russian government to push pro-Kremlin propaganda and unduly influence elections in Florida.… This article has…

Read more →

Spying on foreign targets? That’s our job! The UK and US governments have sounded the alarm on Russian intelligence targeting unpatched Cisco routers to deploy malware and carry out surveillance.… This article has been indexed from The Register – Security…

Read more →

Surprised there’s no ChatGPT angle shoe-horned into this and that it’s not called MalwareTotal Security researchers and analysts can now search Microsoft’s Threat Intelligence Defender database using file hashes and URLs when pulling together information for network intrusion investigations and…

Read more →

‘My computer locked up and a siren went off,’ one mark tells Better Business Bureau Two execs and a multinational payment processing company must pay $650k to the US government, says the FTC, which accuses them of knowingly processing credit…

Read more →

Officers didn’t know software was saving personal data and neither did people on other end Several police forces in Britain are being put on the naughty step by the UK’s data watchdog for using a calling app that recorded hundreds…

Read more →

Plus: Signal, WhatsApp, and Viber also write online protest over Online Safety Bill back door The UK’s chartered institute for IT has slammed proposed legislation that could see the government open a “back door” to encrypted messaging.… This article has…

Read more →

No worries, outsourcer only handles government tech contracts worth billions Black Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale sensitive details, including bank account information, addresses, and passport…

Read more →

Charges laid against 44, including officers of China’s Cyberspace Administration The United States Department of Justice has charged 44 people over schemes prosecutors allege were run by China’s National Police to silence opponents of the Communist Party of China.… This…

Read more →

A rather nice beach in Australia now has a rather unusual and hopefully temporary feature An Australian military helicopter crash was reportedly caused by failure to apply a software patch, with a heft side serving of pilot error.… This article…

Read more →

Please, no need to fix these bugs LockBit has developed ransomware that can encrypt files on Arm-powered Macs, said to be a first for the prolific cybercrime crew. … This article has been indexed from The Register – Security Read the…

Read more →

Recruitment company fined £130,000 by data regulator for breaking PECR A recruitment business that sent out an eye watering 107 million spam emails is now nursing a £130,000 ($161,000) fine from Britain’s data watchdog.… This article has been indexed from…

Read more →

Old architectures just don’t stack up Opinion  Most data theft does clear harm to the victim, and often to its customers. But while embarrassing, the cyberattack against MSI in which source code was said to be stolen is harder to…

Read more →

The punishment – Windows 98 administration chores – was far worse than the crime Who, Me?  Welcome once more to Who Me? The Register’s confessional column in which readers admit to being the source of SNAFUs.… This article has been…

Read more →

Also: Tech players spin up white hat protection, this week’s critical bugs, and more In brief  Google on Friday released an emergency update for Chrome to address a zero-day security flaw.… This article has been indexed from The Register –…

Read more →

Let’s go through all the proposed problematic powers, starting with surveillance and censorship Special report  United Nations negotiators convened this week in Vienna, Austria, to formulate a draft cybercrime treaty, and civil society groups are worried.… This article has been…

Read more →

Let’s go through all the proposed problematic powers, starting with surveillance and censorship Special report  United Nations negotiators convened this week in Vienna, Austria, to formulate a draft cybercrime treaty, and civil society groups are worried.… This article has been…

Read more →

Maybe our prince has come at last A suspected Nigerian fraudster is scheduled to appear in court Friday for his alleged role in a $6 million plot to scam businesses via email.… This article has been indexed from The Register…

Read more →

Windows LAPS and legacy LAPS don’t play nicely under certain conditions, Microsoft says Integrating the Local Administrator Password Solution (LAPS) into Windows and Windows Server that came with updates earlier this week is causing interoperability problems with what’s called legacy…

Read more →

Redmond expands a digital ID process for its platform as Musk seeks cash for blue check marks As Elon Musk tears at Twitter’s credibility by demanding businesses and individuals pay for their blue verification checks, Microsoft is pushing ts own…

Read more →

Kernel 6.2 ditched a useful defense against ghostly chip design flaw The Spectre vulnerability that has haunted hardware and software makers since 2018 continues to defy efforts to bury it.… This article has been indexed from The Register – Security…

Read more →

Pilot turned CISO says when admitting to an error isn’t seen as a failure, improvement becomes easier to achieve To improve security, the cybersecurity industry needs to follow the aviation industry’s shift from a blame culture to a “just” culture,…

Read more →