Category: The Register – Security

Espionage? Botnets? Trying to exploit a zero-day? Someone or something is probing devices made by Juniper Networks and Palo Alto Networks, and researchers think it could be evidence of espionage attempts, attempts to build a botnet, or an effort to…

Read more →

ProtectEU plan wants to have its cake and eat it too The EU has issued its plans to keep the continent’s denizens secure and among the pages of bureaucratese are a few worrying sections that indicate the political union wants…

Read more →

Recovery’s never been harder in today’s tangled, outsourced infrastructure Comment  Disaster recovery is getting tougher as IT estates sprawl across on-prem gear, public cloud, SaaS, and third-party ITaaS providers. And it’s not floods or fires causing most outages anymore –…

Read more →

Stamp it out: Infostealer malware at German outfit may be culprit Britain’s Royal Mail is investigating after a crew calling itself GHNA claimed it has put 144GB of the delivery giant’s data up for sale, perhaps after acquiring it with…

Read more →

Double-oh-sh… The name’s not Bond. It’s O’Brien – Keith O’Brien, now-former global payroll compliance manager at the Dublin, Ireland office of HR software-as-a-service maker Rippling.… This article has been indexed from The Register – Security Read the original article: Raw…

Read more →

Bosses say theft now the name of the game with a shift in tactics, apparent branding Big-game ransomware crew Hunters International says its criminal undertaking has become “unpromising, low-converting, and extremely risky,” and it is mulling shifting tactics amid an…

Read more →

Bosses say theft now the name of the game with a shift in tactics, apparent branding Big-game ransomware crew Hunters International says its criminal undertaking has become “unpromising, low-converting, and extremely risky,” and it is mulling shifting tactics amid an…

Read more →

Learn how Infinidat’s enterprise cyber storage solutions can enable near-immediate recovery Sponsored Post  It’s not a question of if your organization gets hit by a cyberattack – only when, and how quickly it recovers.… This article has been indexed from…

Read more →

Fallout shows how what you say must be central to disaster planning Opinion  Oracle is being accused of poor incident comms as it reels from two reported data security mishaps over the past fortnight, amid a reluctance to publicly acknowledge…

Read more →

Organizational, technological resilience combined defeat the disease that is cybercrime When IT disasters strike, it can become a matter of life and death for healthcare organizations – and criminals know it.… This article has been indexed from The Register –…

Read more →

Victims expect to spend considerable time and money over privacy incident, lawyers argue Specialist class action lawyers have launched proceedings against Oracle in Texas over two alleged data breaches.… This article has been indexed from The Register – Security Read…

Read more →

Kept quiet for 30 years before becoming an ‘unrivalled advocate’ for the site Obit  Betty Webb MBE, one of the team who worked at the code-breaking Bletchley Park facility during the Second World War, has died at the age of…

Read more →

Cupertino already squashed ’em in more recent releases – which this week get a fresh round of fixes Apple has delivered a big batch of OS updates, some of which belatedly patch older versions of its operating systems to address…

Read more →

With help from UK operatives, because it’s getting tougher to run the scam in the USA North Korea’s scamming, thieving, and AI-abusing fake IT workers are increasingly targeting European employers.… This article has been indexed from The Register – Security…

Read more →

But his emails! Sharing them with Google! Senior members of the US National Security Council, including the White House national security adviser Michael Waltz, have been accused of using their personal Gmail accounts to exchange sensitive information.… This article has…

Read more →

Copilot told us that half a century is 25 years. It feels much longer Microsoft will officially hit the half-century mark on Friday as the Windows giant turns 50 years old. What do you consider the highs and lows of…

Read more →

The UK government must be thrilled Google will soon offer end-to-end encrypted (E2EE) email for all users, even those who do not use Google Workspace, and says it’ll do so without imposing any undue stress on IT admins.… This article…

Read more →

Tech secretary reveals landmark legislation’s full details for first time The UK’s technology secretary revealed the full breadth of the government’s Cyber Security and Resilience (CSR) Bill for the first time this morning, pledging £100,000 ($129,000) daily fines for failing…

Read more →

Not exactly Snowden levels of skill A student at Britain’s top eavesdropping government agency has pleaded guilty to taking sensitive information home on the first day of his trial.… This article has been indexed from The Register – Security Read…

Read more →

Resurge an apt name for malware targeting hardware maker that has security bug after security bug Owners of Ivanti’s Connect Secure, Policy Secure, and ZTA Gateway products have a new strain of malware to fend off, according to the US…

Read more →

1990s incident response in 2025 Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly – it may be scrubbing the web of evidence, too.……

Read more →

Indiana Uni rm -rf online profile while agents haul boxes of evidence A tenured computer security professor at Indiana University and his university-employed wife have not been seen publicly since federal agents raided their homes late last week.… This article…

Read more →

1990s incident response in 2025 Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly – it may be scrubbing the web of evidence, too.……

Read more →

1990s incident response in 2025 Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly – it may be scrubbing the web of evidence, too.……

Read more →

Explanation leaves a ‘lot of questions unanswered,’ says infosec researcher A digital burglar is claiming to have nabbed a trove of “highly sensitive” data from Check Point – something the American-Israeli security biz claims is a huge exaggeration.… This article…

Read more →

Think AWS has security covered? Think again. Discover real-world examples of what it doesn’t secure and how to protect your environment Advertorial  AWS customers might assume that security is taken care of for them – however, this is a dangerous…

Read more →

PLUS: Indonesia crimps social media, allows iPhones; India claims rocket boost; In-flight GenAI for Japan Airlines Asia In Brief  China last week commenced a crackdown on inappropriate collection and subsequent use of personal information.… This article has been indexed from…

Read more →

PLUS: OpenAI bumps bug bounties bigtime; INTERPOL arrests 300 alleged cyber-scammers; And more! Infosec in brief  Oracle Health appears to have fallen victim to an info stealing attack that has led to patient data stored by American hospitals being plundered.……

Read more →

Miscreants warming to Delphi, Haskell, and the like to evade detection Malware authors looking to evade analysis are turning to less popular programming languages like Delphi or Haskell.… This article has been indexed from The Register – Security Read the…

Read more →

Department director admits Welsh capital’s council still trying to get heads around threat of dark web leaks Cardiff City Council’s director of children’s services says data was leaked or stolen from the organization, although she did not clarify how or…

Read more →

Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target…

Read more →

WOW! DID! SOMEONE! REALLY! STEAL! DATA! ON! 400K! USERS?! A cyber-crime ring calling itself Arkana has made a cringe music video to boast of an alleged theft of subscriber account data from Colorado-based cableco WideOpenWest (literally, WOW!)… This article has…

Read more →

Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET The China-aligned FamousSparrow crew has resurfaced after a long period of presumed inactivity, compromising a US financial-sector trade group and a Mexican research institute. The gang also likely targeted…

Read more →

Researchers say ‘proactive’ approach is needed to combat global cybercrime Here’s one you don’t see every day: A cybersecurity vendor is admitting to breaking into a notorious ransomware crew’s infrastructure and gathering data it relayed to national agencies to help…

Read more →

Screenshot shows company head unhappy, claiming ‘real CVE is pending’ CrushFTP’s CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer tech disclosed almost a week…

Read more →

As if living in Croydon wasn’t bad enough The Metropolitan Police has confirmed its first permanent installation of live facial recognition (LFR) cameras is coming this summer and the lucky location will be the South London suburb of Croydon.… This…

Read more →

Data stolen included checklist for medics on how to get into vulnerable people’s homes The UK’s data protection watchdog is dishing out a £3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary’s security failings led to a…

Read more →

So F-18 launch times, weapons, drone support aren’t classified now … who knew? The Atlantic’s editor-in-chief who was inadvertently added to a Signal group in which the US Secretary of Defense, Vice President, and others discussed secret military plans has…

Read more →

MORSE to pay — .. .-.. .-.. .. — -. … for failing to meet cyber-grade A US defense contractor will cough up $4.6 million to settle complaints it failed to meet cybersecurity requirements on military contracts and knowingly submitted…

Read more →

Victims’ details at risk after criminals download 9,000 files from court database Australian police are currently investigating the theft of “sensitive” data from a New South Wales court system after they confirmed approximately 9,000 files were stolen.… This article has…

Read more →

Bad news about the Linux system monitor may be on the way Veteran sysadmin and tech blogger Rachel Kroll posted a cryptic warning yesterday about a popular Linux system monitoring tool. Maybe it’s better to be safe than sorry.… This…

Read more →

Who knew social media stars had a role to play in building national cyber resilience? The world’s biggest brands have benefited from influencer marketing for years – now the UK’s National Cyber Security Centre (NCSC) has hopped on the bandwagon…

Read more →

Customers come forward claiming info was swiped from prod Oracle Cloud’s denial of a digital break-in is now in clear dispute. A infosec researcher working on validating claims that the cloud provider’s login servers were compromised earlier this year says…

Read more →

16,000 stolen records pertain to former and active mail subscribers Infosec veteran Troy Hunt of HaveIBeenPwned fame is notifying thousands of people after phishers scooped up his Mailchimp mailing list.… This article has been indexed from The Register – Security…

Read more →

Just an FYI, like Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.… This article has been indexed from The Register – Security Read the original article: You know that generative AI browser…

Read more →

There’s only one rule – don’t attack Russia, duh Check Point has spotted a fresh ransomware-as-a-service crew in town: VanHelsing, touting a cross-platform locker targeting Microsoft Windows, Linux, and VMware ESXi systems, among others. But so far, only Windows machines…

Read more →

Time to update your firmware, if you can, to one with the security fixes, cough cough DrayTek router owners in the UK and beyond had a pretty miserable weekend after some ISPs began to notice a lot of their customers’…

Read more →

How many K8s systems are sat on the internet front porch like that … Oh, thousands, apparently Cloudy infosec outfit Wiz has discovered serious vulnerabilities in the admission controller component of Ingress-Nginx Controller that could allow the total takeover of…

Read more →

Kari, OK, we’ll see you in court An organization that bankrolls various internet security projects has asked a Washington DC court to prevent the Trump administration from cancelling its federal funding – and expressed fears that if the cash stops…

Read more →

Massive OPSEC fail from the side who brought you ‘lock her up’ Senior Trump administration officials used the messaging app Signal to discuss secret government business – including detailed plans to attack Houthi rebels in Yemen – and accidentally invited…

Read more →

Be vewy vewy quiet, I’m hunting rackets The FCC is investigating whether Chinese manufacturers black-listed on its so-called Covered List – including Huawei – are still somehow doing business in America, either by misreading the rules or willfully ignoring them.……

Read more →

Ex-US Air Force officer says companies shouldn’t wait for govt mandates Interview  Former US Air Force cyber officer Sarah Cleveland worries about the threat of a major supply-chain attack from China or another adversarial nation. So she installed solar panels…

Read more →

Looking to sort through large volumes of security info? Redmond has your backend Microsoft’s Security Copilot is getting some degree of agency, allowing the underlying AI model to interact more broadly with the company’s security software to automate various tasks.……

Read more →

CEO steps down after multiple failed attempts to take the DNA testing company private Beleaguered DNA testing biz 23andMe – hit by a massive cyber attack in 2023 – is filing for bankruptcy protection in the US following years of…

Read more →

It’s been a very busy week for Digicash Donald’s administration Analysis  Is the US retreating from its hardline stance on crypto? On Friday, the US Treasury Department lifted sanctions imposed on notorious crypto mixer Tornado Cash, once accused of washing…

Read more →

Throw a spanner in the works, best get good at fixing things. Now, where did you put that spanner? Opinion  Never attribute to malice that which is adequately explained by stupidity. This works well in sane times, less so when…

Read more →

PLUS: Russian bug-buyers seeks Telegram flaws; Another WordPress security mess; NIST backlog grows; and more! Infosec In Brief  Organized crime networks are now reliant on digital tech for most of their activities according to Europol, the European agency that fights…

Read more →

PLUS: Zoho’s Ulaa anointed India’s most patriotic browser; Typhoon-like gang targets Taiwan; Japan debates offensive cyber-ops; and more Asia In Brief  China’s Cyberspace Administration and Ministry of Public Security have outlawed the use of facial recognition without consent.… This article…

Read more →

Despite evidence to the contrary as alleged pilfered info goes on sale Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen.… This article has been indexed from The Register…

Read more →

Plus AI in the infosec world, why CISA should know its place, and more Interview  Russia appears to be having second thoughts on how aggressively, or at least how visibly, it attempts to influence American elections, according to a former…

Read more →

Plus AI in the infosec world, why CISA should know its place, and more Interview  Russia appears to be having second thoughts on how aggressively, or at least how visibly, it attempts to influence American elections, according to a former…

Read more →

Made up revenue and pretended to use non-existent data The former CEO of Kubient, an advertising tech company that developed a cloudy product capable of detecting fraudulent ads, has been jailed for fraud.… This article has been indexed from The…

Read more →

Plus: Customer info stolen from ‘parental control’ software slinger SpyX; F-35 kill switch denied Infosec newsbytes  Israeli spyware maker Paragon Solutions pitches its tools as helping governments and law enforcement agencies to catch criminals and terrorists, but a fresh Citizen…

Read more →

Feds want harsher sentence for Paige Thompson, who pinched 100M customer records Paige Thompson, the perpetrator of the Capital One data theft, may be sent back behind bars after an appeals court ruled her sentence of time served plus probation…

Read more →

So much for that vacation A US Department of Defense electrical engineer has turned his world upside down after printing 155 pages from 20 documents, all of which were marked top secret and classified, from his DoD workspace, brought them…

Read more →

Palming off the blame using an ‘unknown’ best practice didn’t go down well either In patching the latest critical remote code execution (RCE) bug in Backup and Replication, software shop Veeam is attracting criticism from researchers for the way it…

Read more →

How to avoid another SolarWinds, Log4j, and XZ Utils situation Organizations concerned about software supply chain attacks should focus on role-based access control, system monitoring, and boundary protection, according to a new preprint paper on the topic.… This article has…

Read more →

Wow, a government project that could be on time for once … cos it’s gonna be wayyyy more than a decade The UK’s National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have…

Read more →

SSNs, payment details, and health info too The Pennsylvania State Education Association (PSEA) says a July 2024 “security incident” exposed sensitive personal data on more than half a million individuals, including financial and health info.… This article has been indexed…

Read more →

Cyber-crime is officially getting out of hand One of the world’s largest sperm banks, California Cryobank, is in a sticky situation: It’s had to tell folks their sensitive information, including names and bank account numbers, may have been stolen from…

Read more →

Big Blue’s workstation workhorse patches hole in network installation manager that could let the bad guys in IBM “strongly recommends” customers running its Advanced Interactive eXecutive (AIX) operating system apply patches after disclosing two critical vulnerabilities, one of which has…

Read more →

Cue deepening existential European dread as Rest of World contemplates Trump turning off the info tap If the United States stopped sharing cyber-threat intel with Ukraine, its European allies and the rest of the Five Eyes nations wouldn’t be able…

Read more →

One more time, with feeling … Garbage in, garbage out, in training and inference Researchers have found that large language models (LLMs) tend to parrot buggy code when tasked with completing flawed snippets.… This article has been indexed from The…

Read more →

DOGE efficiency in action The upheaval at the US government’s Cybersecurity and Infrastructure Security Agency, aka CISA, took another twist on Tuesday, as it moved to reinstate staffers it had fired over the past few weeks – specifically those still…

Read more →

Hiring remains relatively strong as analysts warn of slowdown A pair of reports on tech sector employment trends in the United States suggest out-of-work techies right now have relatively decent prospects, but economic uncertainty and rapid policy changes initiated by…

Read more →

‘Only’ a local access bug but important part of N Korea, Russia, and China attack picture An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there’s no sign of a fix from Microsoft,…

Read more →

Ad giant’s cloudy arm to pay $30B in security shop deal Wiz security researchers think they’ve found the root cause of the GitHub supply chain attack that unfolded over the weekend, and they say that a separate attack may have…

Read more →

Govt wants to learning mistakes of serially breached record holders so it can, er, liberalize data sharing regs under new law The UK government is inviting experts to provide insights about the data brokerage industry and the potential risks it…

Read more →

Don’t laugh. This kind of warning shows crims are getting desperate Dark web analysts at infosec software vendor Fortra have discovered an extortion crew named Ox Thief that threatened to contact Edward Snowden if a victim didn’t pay to protect…

Read more →

One PUT request, one poisoned session file, and the server’s yours A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the wild within a week of…

Read more →

More light shed on what went down with Marko Elez, thanks to NY AG and co’s lawsuit A now-former DOGE aide violated US Treasury policy by emailing an unencrypted database containing people’s private information to two Trump administration officials, according…

Read more →

Web souk says Echo hardware doesn’t have the oomph for next-gen AI anyway Come March 28, those who opted to have their voice commands for Amazon’s AI assistant Alexa processed locally on their Echo devices will lose that option, with…

Read more →

Web souk says Echo hardware doesn’t have the oomph for next-gen AI anyway Come March 28, those who opted to have their voice commands for Amazon’s AI assistant Alexa processed locally on their Echo devices will lose that option, with…

Read more →

Large organizations among those cleaning up the mess It’s not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.… This article has been indexed from The Register –…

Read more →

Technology Services 4 framework expands by £4B, with procurement to begin this week UK government is set to crack open the pork barrel for up to £16 billion in contracts for a range of IT services. The buying framework was…

Read more →

Maddening techno loop, Zoolander reference, and 14 minutes of time wasted A vulnerability analyst and prominent member of the infosec industry has blasted Microsoft for refusing to look at a bug report unless he submitted a video alongside a written…

Read more →

PLUS: Alleged Garantex admin arrested in India; Google deletes more North Korean malware Infosec In Brief  United States Federal Communications Commission chair Brendan Carr has unveiled plans to form a Council on National Security that will combat foreign threats to…

Read more →

National security defense being used to keep appeal behind closed doors US politicians and privacy campaigners are calling for the private hearing between Apple and the UK government regarding its alleged encryption-busting order to be aired in public.… This article…

Read more →

It’s March already and you haven’t patched? Researchers are tracking a newly discovered ransomware group with suspected links to LockBit after a series of intrusions were reported starting in January.… This article has been indexed from The Register – Security…

Read more →

Pouring sensitive info into unapproved, unaccountable, unsafe models would be a ‘severe’ cybersecurity fail House Democrats have sent letters to 24 federal agencies asking for assurances that Elon Musk’s DOGE team is not feeding sensitive government data into “unapproved and…

Read more →

It’ll take a few days, give or take your situation Google has told The Register it’s beginning to roll out a fix for Chromecast devices that were bricked due to an expired security certificate authority. We’re assured this deployment will…

Read more →

Phishers check in, your credentials check out, Microsoft warns An ongoing phishing campaign disguised as a Booking.com email casts keystroke and credential-stealing malware into hospitality employees’ inboxes for financial fraud and theft, according to Microsoft Threat Intelligence.… This article has…

Read more →

Agency tries to save face as it also pulls essential funding for election security initiatives The US cybersecurity agency is trying to save face by seeking to clear up what it’s calling “inaccurate reporting” after a former senior pentester claimed…

Read more →

It might need polishing, but a useful find for any budding cybercrooks out there DeepSeek’s flagship R1 model is capable of generating a working keylogger and basic ransomware code, just as long as a techie is on hand to tinker…

Read more →

Feds warn gang still rampant and now cracked 300+ victims around the world A crook who distributes the Medusa ransomware tried to make a victim cough up three payments instead of the usual two, according to a government advisory on…

Read more →

Root cert expiry may bring breakage or worse for add-ons, media playback, and more If you’re running an outdated version of Firefox, update by Friday or risk broken add-ons, failing DRM-protected media playback, and other errors, due to an expiring…

Read more →

Fewer than 10 known victims, but Mandiant suspects others compromised, too Chinese spies have for months exploited old Juniper Networks routers, infecting the buggy gear with custom backdoors and gaining root access to the compromised devices.… This article has been…

Read more →

Power utility GM talks to El Reg about getting that call and what happened next Nick Lawler, general manager of the Littleton Electric Light and Water Departments (LELWD), was at home one Friday when he got a call from the…

Read more →

Leaders call for fewer contractors and more top talent installed across government Senior officials in the UK’s civil service understand that future cyber hires in Whitehall will need to be paid a salary higher than that of the Prime Minister…

Read more →

Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy Patch Tuesday  Microsoft’s Patch Tuesday bundle has appeared, with a dirty dozen flaws competing for your urgent attention – six of them rated critical and…

Read more →