Tag: The Register – Security

Dependency manager used in millions of apps leaves a bitter taste CocoaPods, an open-source dependency manager used in over three million applications coded in Swift and Objective-C, left thousands of packages exposed and ready for takeover for nearly a decade…

Read more →

Notorious ‘Andariel’ crew takes a bite of HotCroissant backdoor for fresh attack A South Korean ERP vendor’s product update server has been attacked and used to deliver malware instead of product updates, according to local infosec outfit AhnLab.… This article…

Read more →

Full system takeovers on the cards, for those with enough patience to pull it off Glibc-based Linux systems are vulnerable to a new bug (CVE-2024-6387) in OpenSSH’s server (sshd) and should upgrade to the latest version.… This article has been…

Read more →

Full system takeovers on the cards, for those with enough patience to pull it off Glibc-based Linux systems are vulnerable to a new bug (CVE-2024-6387) in OpenSSH’s server (sshd) and should upgrade to the latest version.… This article has been…

Read more →

Get ’em while they’re hot A critical vulnerability affecting Juniper Networks routers forced the vendor to issue emergency patches last week, and users are advised to apply them as soon as possible.… This article has been indexed from The Register…

Read more →

There will always be bad actors in the system. We can always learn from the drama they create Opinion  Libraries. Hushed temples to the civilizing power of knowledge, or launchpads of global destruction? Yep, another word tech has borrowed and…

Read more →

Jen Easterly hopes CSRB’s Microsoft report won’t impede future private sector collaboration CISA director Jen Easterly says the Cybersecurity Safety Review Board (CSRB) “is not afraid to say when something is amiss” in response to questions about fears around private…

Read more →

Fasten your seat belts, secure your tray table, and try not to give away your passwords Australia’s Federal Police (AFP) has charged a man with running a fake Wi-Fi networks on at least one commercial flight and using it to…

Read more →

President has ordered a datacenter audit and made backups mandatory Indonesia’s president Joko Widodo has ordered an audit of government datacenters after it was revealed that most of the data they store is not backed up.… This article has been…

Read more →

Plus: US auto dealers still offline; Conti coders sanction; Rabbit R1 hardcoded API keys; and more security in brief  It took a while, but Microsoft has told customers that the Russian criminals who compromised its systems earlier this year made…

Read more →

So, so many lines of memory-unsafe routines in crucial open source, and unsafe dependencies The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has analyzed 172 critical open source projects and found that more than half contain code written in…

Read more →

Same APT29 crew that hit Microsoft and SolarWinds. How close were we to a mega backdoor situation? TeamViewer says it was Russian intelligence that broke into its systems this week.… This article has been indexed from The Register – Security…

Read more →

Join our exclusive webinar on identity security Webinar  In today’s rapidly evolving digital landscape, securing identities is more critical than ever.… This article has been indexed from The Register – Security Read the original article: Unlock the future of security

Read more →

Move comes weeks after Mozilla blasted certificate authority for failings Google is severing its trust in Entrust after what it describes as a protracted period of failures around compliance and general improvements.… This article has been indexed from The Register…

Read more →

Seeing weird warnings in Microsoft 365 and Office Online? That’ll be why Microsoft has expiration issues with its TLS certificates, resulting in unwanted security warnings.… This article has been indexed from The Register – Security Read the original article: Microsoft…

Read more →

Simple jailbreak prompt can bypass safety guardrails on major models Microsoft on Thursday published details about Skeleton Key – a technique that bypasses the guardrails used by makers of AI models to prevent their generative chatbots from creating harmful content.……

Read more →

No supply-chain attacks to see over here! After having its website shut down, the polyfill.io owner is fighting back against claims it smuggled suspicious code onto websites all across the internet.… This article has been indexed from The Register –…

Read more →

Says customer data, prod environment not affected as NCC sounds alarm TeamViewer on Thursday said its security team just “detected an irregularity” within one of its networks – which is a fancy way of saying someone broke in.… This article…

Read more →

Congressman warns tech is getting the ‘Huawei Playbook’ treatment US Congress members warned against Chinese dominance of the drone industry on Wednesday, elevating the threat posed by Beijing’s control of the technology as similar to that of semiconductors and ships.……

Read more →

KT may have had an entire team dedicated to infecting its own customers A South Korean media outlet has alleged that local telco KT deliberately infected some customers with malware due to their excessive use of peer-to-peer (P2P) downloading tools.……

Read more →