Promises to discourage use of kernel drivers – so they don’t crash the world again Microsoft has admitted that its estimate of 8.5 million machines crashed by CrowdStrike’s faulty software update was almost certainly too low, and vowed to reduce…
Tag: The Register – Security
China ponders creating a national ‘cyberspace ID’
Because clearly it’s better for Beijing to know who you are than for every ISP and social service to keep its own records Beijing may soon issue “cyberspace IDs” to its citizens, after floating a proposal for the scheme last…
Secure Boot useless on hundreds of PCs from major vendors after key leak
Plus: More stalkerware exposure; a $16M TracFone fine; Ransomware victims don’t use MFA, and more Infosec in brief Protecting computers’ BIOS and the boot process is essential for modern security – but knowing it’s important isn’t the same as actually…
CrowdStrike meets Murphy’s Law: Anything that can go wrong will
And boy, did last Friday’s Windows fiasco ever prove that yet again Opinion CrowdStrike’s recent Windows debacle will surely earn a prominent place in the annals of epic tech failures. On July 19, the cybersecurity giant accomplished what legions of…
Progress discloses second critical flaw in Telerik Report Server in as many months
These are the kinds of bugs APTs thrive on, just ask the Feds Progress Software’s latest security advisory warns customers about the second critical vulnerability targeting its Telerik Report Server in as many months.… This article has been indexed from…
North Korean chap charged for attacks on US hospitals, military, NASA – and even China
Microsoft, Mandiant, weigh in with info about methods used by Andariel gang alleged to have made many, many, heists The US Department of Justice on Thursday charged a North Korean national over a series of ransomware attacks on stateside hospitals…
North Korean chap charged for attacks on US hospitals, miiltary, NASA – and even China
Microsoft, Mandiant, weigh in with info about methods used by Andariel gang alleged to have made many, many, heists The US Department of Justice on Thursday charged a North Korean national over a series of ransomware attacks on stateside hospitals…
North Korean chap charged for attacks on US hospitals, NASA – and even China
Microsoft, Mandiant, weigh in with info about methods used by Andariel gang alleged to have made many, many, heists The US Department of Justice on Thursday charged a North Korean national over a series of ransomware attacks on stateside hospitals…
Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank
May even have targeted other malware gangs, and infosec researchers Infosec researchers have discovered a network of over three thousand malicious GitHub accounts used to spread malware, targeting groups including gamers, malware researchers, and even other threat actors who themselves…
CrowdStrike update blunder may cost world billions – and insurance ain’t covering it all
We offer this formula instead: RND(100.0)*(10^9) The cost of CrowdStrike’s apocalyptic Falcon update that brought down millions of Windows computers last week may be in the billions of dollars, and insurance isn’t covering most of that.… This article has been…
Beware of fake CrowdStrike domains pumping out Lumma infostealing malware
PSA: Only accept updates via official channels … ironically enough CrowdStrike is the latest lure being used to trick Windows users into downloading and running the notorious Lumma infostealing malware, according to the security shop’s threat intel team, which spotted…
FYI: Data from deleted GitHub repos may not actually be deleted
And the forking Microsoft-owned code warehouse doesn’t see this as much of a problem Researchers at Truffle Security have found, or arguably rediscovered, that data from deleted GitHub repositories (public or private) and from deleted copies (forks) of repositories isn’t…
Uncle Sam accuses telco IT pro of decade-long spying campaign for China
Beijing has a long history of recruiting US residents to carry out various espionage activities The US is looking to prosecute a Chinese immigrant over claims he has been drip-feeding information of interest to Beijing since at least 2012.… This…
You should probably fix this 5-year-old critical Docker vuln fairly sharpish
For some unknown reason, initial patch was omitted from later versions Docker is warning users to rev their Docker Engine into patch mode after it realized a near-maximum severity vulnerability had been sticking around for five years.… This article has…
Kaspersky says Uncle Sam snubbed proposal to open up its code for third-party review
Those national security threat claims? ‘No evidence,’ VP tells The Reg Exclusive Despite the Feds’ determination to ban Kaspersky’s security software in the US, the Russian business is moving forward with another proposal to open up its data and products…
Patch management still seemingly abysmal because no one wants the job
Are your security and ops teams fighting to pass the buck? Comment Patching: The bane of every IT professional’s existence. It’s a thankless, laborious job that no one wants to do, goes unappreciated when it interrupts work, and yet it’s…
How a cheap barcode scanner helped fix CrowdStrike’d Windows PCs in a flash
This one weird trick saved countless hours and stress – no, really Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered…
The months and days before and after CrowdStrike’s fatal Friday
‘In the short term, they’re going to have to do a lot of groveling’ Analysis The great irony of the CrowdStrike fiasco is that a cybersecurity company caused the exact sort of massive global outage it was supposed to prevent.…
Fatal timeline of CrowdStrike’s week from hell – Feb to now
‘In the short term, they’re going to have to do a lot of groveling’ Analysis The great irony of the CrowdStrike fiasco is that a cybersecurity company caused the exact sort of massive global outage it was supposed to prevent.…
Oops. Apple relied on bad code while flaming Google Chrome’s Topics ad tech
Yes, you can be fingerprinted and tracked via Privacy Sandbox – tho the risk is low Apple last week celebrated a slew of privacy changes coming to its Safari browser and took the time to bash rival Google for its…