Tag: The Register – Security

How Adversarial Exposure Validation is changing the way we approach vulnerability management Partner content  Two decades ago, CVSS revolutionized vulnerability management, enabling security teams to speak a common language when measuring and prioritizing risks posed by the vulnerability to the…

Read more →

Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated The Department of Homeland Security (DHS) scrapped a highly lucrative cybersecurity contract originally awarded to Leidos following a legal challenge from rival bidder Nightwing, yet…

Read more →

Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Australia’s intelligence agency is warning organizations about several new Ivanti zero-days chained for remote code execution (RCE) attacks. The vendor itself has said the vulns…

Read more →

‘Legitimate interest’ won’t wash, says privacy outfit, as Zuck’s org claims activists want to ‘delay AI innovation’ There’s a Max Schrems-shaped object standing in the way of Meta’s plans to train its AI on the data of its European users,…

Read more →

Admits due diligence fell short – furious users cry ‘gaslighting’ Customers are blasting VPN Secure’s new parent company after it abruptly axed thousands of “lifetime” accounts. The reason? The CEO admits in an interview with The Register that his team…

Read more →

No rush, according to Gartner chap who says: ‘Nobody has ever out-patched threat actors at scale’ Patch Tuesday has rolled around again, but if you don’t rush to implement the feast of fixes it delivered, your security won’t be any…

Read more →

Crickets as senior security folk asked about risks at NCSC conference CYBERUK  Peter Garraghan – CEO of Mindgard and professor of distributed systems at Lancaster University – asked the CYBERUK audience for a show of hands: how many had banned…

Read more →

Defenses are weaker, and victims are more likely to pay, SANS warns Criminals who attempt to damage critical infrastructure are increasingly targeting the systems that sit between IT and operational tech.… This article has been indexed from The Register –…

Read more →

Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti Patch Tuesday  It’s that time of the month again, and Microsoft has made it extra spicy by revealing five flaws it says are under active exploitation – but…

Read more →

ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit Researchers at ETH Zurich in Switzerland have found a way around Intel’s defenses against Spectre, a family of data-leaking flaws in the…

Read more →

Air Force Dumb The Trump administration is set to accept a $400 million luxury 747-8 from the royal family of Qatar – a lavish “palace in the sky” meant as a temporary Air Force One. But getting it up to…

Read more →

Pay-to-play security on CVSS 10 issue is now fixed An update that fixed a critical flaw in data protection biz Commvault’s Command Center was initially not available to a significant user subset – those testing out a free trial version…

Read more →

Both agencies seem unbothered despite tech world’s clear concerns for US infoseccers CYBERUK  The top brass from the UK’s cyber agency say everything is business as usual when it comes to the GCHQ arm’s relationship with CISA, amid growing unease…

Read more →

Market cap down by more than £1BN since April 22 Marks & Spencer has confirmed that customer data was stolen as part of its cyberattack, fueling conjecture that ransomware was involved.… This article has been indexed from The Register –…

Read more →

EUVD comes into play not a moment too soon The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and…

Read more →

‘MarbledDust’ gang has honed the skills it uses to assist Ankara Turkish spies exploited a zero-day bug in a messaging app to collect info on the Kurdish army in Iraq, according to Microsoft, which says the attacks began more than…

Read more →

Support for the underlying OS is another story Microsoft has pledged to support and issue security fixes for M365 apps on Windows 10 into late 2028. That’s well past a cut-off point of October 14 this year, when Redmond’s support…

Read more →

Cripes, we were only joking when we called Elon’s social network the new state media The US government’s Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity…

Read more →

Today’s complex IT environments demand a new approach Partner content  For many organizations, managing IT assets is like trying to complete a jigsaw puzzle without all the pieces. Despite massive investments in security tools and controls, many companies still have…

Read more →

Intruders claim they stole GlobalX’s flight records and manifests GlobalX, a charter airline used for deportations by the US government, has admitted someone broke into its network infrastructure.… This article has been indexed from The Register – Security Read the…

Read more →