Category: The Register – Security

Illegitimi non carborundum? Nice password, Mr Ex-CISA Chris Krebs, the former head of the US Cybersecurity and Infrastructure Security Agency (CISA) and a longtime Trump target, has resigned from SentinelOne following a recent executive order that targeted him and revoked…

Read more →

Illegitimi non carborundum? Nice password, Mr Ex-CISA Chris Krebs, the former head of the US Cybersecurity and Infrastructure Security Agency (CISA) and a longtime Trump target, has resigned from SentinelOne following a recent executive order that targeted him and revoked…

Read more →

Truck-mounted demonstration weapon costs 10p a pop, says MOD British soldiers have successfully taken down drones with a radio-wave weapon.… This article has been indexed from The Register – Security Read the original article: Brit soldiers tune radio waves to…

Read more →

Ignored infosec rules, exfiltrated data … then the mysterious login attempts from a Russian IP address began – claim Democratic lawmakers are calling for an investigation after a tech staffer at the US National Labor Relations Board (NLRB) blew the…

Read more →

Extraordinary rendition of data, or just dropped it out of a helicopter? CIA Director John Ratcliffe’s smartphone has almost no trace left of the infamous Signalgate chat – the one in which he and other top US national security officials…

Read more →

Microsoft rewards those who patch early with bricks hurled through its operating system Keeping with its rich history of updates that break Windows in unexpected ways, Microsoft has warned that two recent patches for Windows 11 24H2 are triggering blue…

Read more →

From noise to clarity: Why CISOs are shifting to adversarial exposure validation Partner content  A vast majority of security teams are overwhelmed by the large number of security alerts and vulnerabilities.… This article has been indexed from The Register –…

Read more →

Feds extend vulnerability nerve-center contract at 11th hour In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) Program.… This article has been indexed from The Register – Security…

Read more →

DPP Law is appealing against data watchdog’s conclusions A law firm is appealing against a £60,000 fine from the UK’s data watchdog after 32 GB of personal information was stolen from its systems.… This article has been indexed from The…

Read more →

Vintage phishing varietal has improved with age Russia never stops using proven tactics, and its Cozy Bear, aka APT 29, cyber-spies are once again trying to lure European diplomats into downloading malware with a phony invitation to a lux event.……

Read more →

It involves a number close to three or six depending on the fiend Ransomware operators jack up their ransom demands by a factor of 2.8x if they detect a victim has cyber-insurance, a study highlighted by the Netherlands government has…

Read more →

Because vulnerability management has nothing to do with national security, right? US government funding for the world’s CVE program – the centralized Common Vulnerabilities and Exposures database of product security flaws – ends Wednesday.… This article has been indexed from…

Read more →

800K? Make that double, and we’ll need a double, too, for the pain A Texas firm that provides backend IT and other services for American insurers has admitted twice as many people had their info stolen from it than previously…

Read more →

Source code, moderator info, IP addresses, more allegedly swiped and leaked Thousands of 4chan users reported outages Monday night amid rumors on social media that the edgy anonymous imageboard had been ransacked by an intruder, with someone on a rival…

Read more →

Beijing claims NSA went for gold in offensive cyber, got caught in the act China’s state-run press has taken its turn in trying to highlight alleged foreign cyber offensives, accusing the US National Security Agency of targeting the 2025 Asian…

Read more →

Login green-lit for lone staffer if he’s trained, papered up, won’t pull an Elez A federal judge has partly lifted an injunction against Elon Musk’s Trump-blessed cost-trimming DOGE unit, allowing one staff member to access sensitive US Treasury payment systems.…

Read more →

Let the espionage and access resale campaigns begin (again) A cyberspy crew or individual with ties to China’s Ministry of State Security has infected global organizations with a remote access trojan (RAT) that’s “even better” than Cobalt Strike, using this…

Read more →

Stopping users shooting themselves in the foot with last century’s tech Microsoft has twisted the knife into ActiveX once again, setting Microsoft 365 to disable all controls without so much as a prompt.… This article has been indexed from The…

Read more →

Car hire biz takes your privacy seriously, though Car hire giant Hertz has confirmed that customer information was stolen during the zero-day data raids on Cleo file transfer products last year.… This article has been indexed from The Register –…

Read more →

That would put America on the same level as China for espionage The European Commission is giving staffers visiting the US on official business burner laptops and phones to avoid espionage attempts, according to the Financial Times.… This article has…

Read more →

Copilot vibe coding for OS development? Why not Canny Windows users who’ve spotted a mysterious folder on hard drives after applying last week’s security patches for the operating system can rest assured – it’s perfectly benign. In fact, it’s recommended…

Read more →

IT admins, get ready to grumble CA/Browser Forum – a central body of web browser makers, security certificate issuers, and friends – has voted to cut the maximum lifespan of new SSL/TLS certs to just 47 days by March 15,…

Read more →

IT admins, get ready to grumble CA/Browser Forum – a central body of web browser makers, security certificate issuers, and friends – has voted to cut the maximum lifespan of new SSL/TLS certs to just 47 days by March 15,…

Read more →

What’s the goal here, Homeland Insecurity or something? As drastic cuts to the US govt’s Cybersecurity and Infrastructure Security Agency loom, Rep Eric Swalwell (D-CA), the ranking member of the House’s cybersecurity subcommittee, has demanded that CISA brief the subcommittee…

Read more →

UK holds onto oversight by a whisker, but it’s utterly barefaced on the other side of the pond Opinion  The UK government’s attempts to worm into Apple’s core end-to-end encryption were set back last week when the country’s Home Office…

Read more →

Brit retailer says troubled breakup with tech platform of former US owner nearing conclusion Two of the top team behind Asda’s £1 billion ($1.31 billion) tech divorce from US retail giant Walmart — which has seen a number of setbacks…

Read more →

PLUS: Chinese robodogs include backdoor; OpenAI helps spammer; A Dutch data disaster; And more! Infosec In Brief  Fortinet last week admitted that attackers have found new ways to exploit three flaws it thought it had fixed last year.… This article…

Read more →

PLUS: India’s new electronics subsidies; Philippines unplugs a mobile carrier; Alibaba Cloud expands Asia In Brief  Chinese officials admitted to directing cyberattacks on US infrastructure at a meeting with their American counterparts, according to The Wall Street Journal.… This article…

Read more →

Military units, government nerds appear to join the fray, with physical infra in sights Feature  From triggering a water tank overflow in Texas to shutting down Russian state news services on Vladimir Putin’s birthday, self-styled hacktivists have been making headlines.……

Read more →

Military units, government nerds appear to join the fray, with physical infra in sights Feature  From triggering a water tank overflow in Texas to shutting down Russian state news services on Vladimir Putin’s birthday, self-styled hacktivists have been making headlines.……

Read more →

Hallucinated package names fuel ‘slopsquatting’ The rise of LLM-powered code generation tools is reshaping how developers write software – and introducing new risks to the software supply chain in the process.… This article has been indexed from The Register –…

Read more →

Hallucinated package names fuel ‘slopsquatting’ The rise of AI-powered code generation tools is reshaping how developers write software – and introducing new risks to the software supply chain in the process.… This article has been indexed from The Register –…

Read more →

Redmond hopes you’ve forgotten or got over why everyone hated it the first time After temporarily shelving its controversial Windows Recall feature amid a wave of backlash, Microsoft is back at it – now quietly slipping the screenshotting app into…

Read more →

Issues at the very top continue to worsen The UK government’s latest annual data breach survey shows the number of ransomware attacks on the isles is on the increase – and many techies are forced to constantly informally request company directors…

Read more →

Former policy boss claims Facebook cared little about national security as it chased the mighty Yuan Facebook’s former director of global public policy told a Senate committee that Meta CEO Mark Zuckerberg was willing to do almost anything to get…

Read more →

Former policy boss claims Facebook cared little about national security as it chased the mighty Yuan Facebook’s former director of global public policy told a Senate committee that Meta CEO Mark Zuckerberg was willing to do almost anything to get…

Read more →

Props for the transparency though US sensor maker Sensata has told regulators that a ransomware attack caused an operational disruption, and that it’s still working to fully restore affected systems.… This article has been indexed from The Register – Security…

Read more →

Props for the transparency though US sensor maker Sensata has told regulators that a ransomware attack caused operational disruption, and that it’s still working to fully restore affected systems.… This article has been indexed from The Register – Security Read…

Read more →

Scammers are already cashing in with fake invoices for import costs World War Fee  As the trade war between America and China escalates, some infosec and policy experts fear Beijing will strike back in cyberspace.… This article has been indexed…

Read more →

Officials teased more details to come later this year Following the 2024 takedown of several major malware operations under Operation Endgame, law enforcement has continued its crackdown into 2025, detaining five individuals linked to the Smokeloader botnet.… This article has…

Read more →

TL;DR: Move along, still nothing to see here – an idea that leaves infosec pros aghast Oracle’s letter to customers about an intrusion into part of its public cloud empire – while insisting Oracle Cloud Infrastructure was untouched – has…

Read more →

Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories The Trump administration on Wednesday ordered a criminal investigation into alleged censorship conducted by the USA’s Cybersecurity and Infrastructure Security Agency, aka CISA, plus revocation of any security clearances held by…

Read more →

Can’t Redmond ask its whizz-bang Copilot AI to fix it? Those keen to get their Microsoft PCs patched up as soon as possible have been getting an unpleasant shock when they try to get in using Windows Hello.… This article…

Read more →

It worked for in 2018 with Chris Krebs. Will it work again? Uncle Sam’s Cybersecurity and Infrastructure Security Agency, aka CISA, has been “actively hiding information” about American telecommunications networks’ weak security for years, according to Senator Ron Wyden.… This…

Read more →

OCC mum on who broke into email, but Treasury fingered China in similar hack months ago A US banking regulator fears sensitive financial oversight data was stolen from its IT systems in what’s been described as “a major information security…

Read more →

How Chocolate Factory hopes to double down on enterprise-sec Cloud Next  Google will today reveal a new unified security platform that analysts think can help it battle Microsoft for a bigger chunk of the enterprise infosec market.… This article has…

Read more →

Chocolate Factory doubles down on enterprise security at Cloud Next Google will today reveal a new unified security platform that analysts think can help it battle Microsoft for a bigger chunk of the enterprise infosec market.… This article has been…

Read more →

Lawsuit claims sick cyber-voyeurism went undetected for years, using hundreds of PCs, due to lax infosec A now-former pharmacist at the University of Maryland Medical Center (UMMC) has been accused of compromising the US healthcare organization’s IT systems to ogle…

Read more →

A novel way to encourage upgrades? Microsoft would never stoop so low Patch Tuesday  Patch Tuesday has arrived, and Microsoft has revealed one flaw in its products under active exploitation and 11 critical issues in its code to fix.… This…

Read more →

A novel way to encourage upgrades? Microsoft would never stoop so low Patch Tuesday  Patch Tuesday has arrived, and Microsoft has revealed one flaw in its products under active exploitation and 11 critical issues in its code to fix.… This…

Read more →

What a MIME field A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment – and, to be fair, it doesn’t take much craft…

Read more →

What a MIME field A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment – and, to be fair, it doesn’t take much craft…

Read more →

Despite arrests, eight-legged menace targeted more victims this year Despite several arrests last year, Scattered Spider’s social engineering attacks are continuing into 2025 as the cybercrime collective targets high-profile organizations and adds another phishing kit to its arsenal along with…

Read more →

Will ‘gutting’ the civilian defense agency make American cybersecurity great again? Analysis  Slashing staff at the US govt’s Cybersecurity and Infrastructure Security Agency, aka CISA, and scrapping vital programs, isn’t exactly boosting national security, say infosec and national security officials…

Read more →

Reliability, honesty, accuracy. And then there’s this lot Oracle has briefed some customers about a successful intrusion into its public cloud, as well as the theft of their data, after previously denying it had been compromised.… This article has been…

Read more →

But this mystery isn’t over yet, Unit 42 opines That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow – exposed way back in November, months earlier…

Read more →

Crummy OPSEC leads to potentially decades in prison Noah Michael Urban, 20, of alleged Scattered Spider infamy, has pleaded guilty to various charges and potentially faces decades in prison.… This article has been indexed from The Register – Security Read…

Read more →

Last month’s secret hearing comes to light Details of Apple’s appeal against the UK’s so-called “backdoor order” will now play out in public after the Home Office failed in its bid to keep them secret on national security grounds.… This…

Read more →

After 23 years, the privacy plumber has finally arrived to clean up this mess A 23-year-old side-channel attack for spying on people’s web browsing histories will get shut down in the forthcoming Chrome 136, released last Thursday to the Chrome…

Read more →

Last month’s secret hearing comes to light Details of Apple’s appeal against the UK’s so-called “backdoor order” will now play out in public after the Home Office failed in its bid to keep them secret on national security grounds.… This…

Read more →

Native tools help, but they don’t cover everything – here’s what they miss and how to close the gaps Partner Content  : AWS provides a number of security services, such as GuardDuty, Inspector, Config, and Security Hub, designed to protect…

Read more →

PLUS: Qualcomm acquires Vietnamese AI outfit; China claims US hacked winter games; India’s browser challenge winner disputed; and more Asia In Brief  Asian nations and tech companies are trying to come to terms with the USA’s new universal import tariffs…

Read more →

PLUS: Google re-patches Quick Share flaws; Critical Cisco flaw exploited; WordPress plugin trouble; and more Infosec in Brief  How did journalist Jeffrey Goldberg’s phone number end up in a Signal group chat? According to The Guardian, US national security adviser…

Read more →

Intelligence chief booted after less than two years on the job President Trump today fired the head of the NSA and US Cyber Command and his deputy.… This article has been indexed from The Register – Security Read the original…

Read more →

The industry’s approach to keeping quality backups may be masking the importance of other recovery mainstays Maintaining good-quality backups is often seen as the spine of any organization’s ability to recover from cyberattacks quickly. Naturally, given the emphasis placed on…

Read more →

Law enforcement facing huge gap in ‘AI adoption’ The National Crime Agency (NCA) will “closely examine” the recommendations made by the Alan Turing Institute after it claimed the UK was ill-equipped to tackle AI-enabled crime.… This article has been indexed…

Read more →

We’re not Putin up with this alleged industrial espionage, say the Dutch A Russian national appeared in a Netherlands court on Thursday accused of industrial espionage against ASML, the world’s leading manufacturer of chip factory equipment and a key supplier…

Read more →

Australians checking their pensions are melting down call centres and websites Australian retirement fund operators are scrambling after reports emerged of unauthorized access to customer accounts leading to theft of cash.… This article has been indexed from The Register –…

Read more →

Classification compliance? Records retention requirements? How quaint A US Department of Defense watchdog has opened an investigation into its own Secretary of Defense, Pete Hegseth, over his use of instant-messaging app Signal to discuss government business.… This article has been…

Read more →

Shape shifting technique described as menace to national security The US govt’s Cybersecurity Infrastructure Agency, aka CISA, on Thursday urged organizations, internet service providers, and security firms to strengthen defenses against so-called fast flux attacks.… This article has been indexed…

Read more →

Simple denial-of-service blunder turned out to be a remote unauth code exec disaster Suspected Chinese government spies have been exploiting a newly disclosed critical bug in Ivanti VPN appliances since mid-March. This is now at least the third time in…

Read more →

It’s going to happen to you one day, so get your ducks in a row As Benjamin Franklin famously said: “An ounce of prevention is worth a pound of cure,” and that’s especially true when it comes to disaster recovery.……

Read more →

Espionage? Botnets? Trying to exploit a zero-day? Someone or something is probing devices made by Juniper Networks and Palo Alto Networks, and researchers think it could be evidence of espionage attempts, attempts to build a botnet, or an effort to…

Read more →

ProtectEU plan wants to have its cake and eat it too The EU has issued its plans to keep the continent’s denizens secure and among the pages of bureaucratese are a few worrying sections that indicate the political union wants…

Read more →

Recovery’s never been harder in today’s tangled, outsourced infrastructure Comment  Disaster recovery is getting tougher as IT estates sprawl across on-prem gear, public cloud, SaaS, and third-party ITaaS providers. And it’s not floods or fires causing most outages anymore –…

Read more →

Stamp it out: Infostealer malware at German outfit may be culprit Britain’s Royal Mail is investigating after a crew calling itself GHNA claimed it has put 144GB of the delivery giant’s data up for sale, perhaps after acquiring it with…

Read more →

Double-oh-sh… The name’s not Bond. It’s O’Brien – Keith O’Brien, now-former global payroll compliance manager at the Dublin, Ireland office of HR software-as-a-service maker Rippling.… This article has been indexed from The Register – Security Read the original article: Raw…

Read more →

Bosses say theft now the name of the game with a shift in tactics, apparent branding Big-game ransomware crew Hunters International says its criminal undertaking has become “unpromising, low-converting, and extremely risky,” and it is mulling shifting tactics amid an…

Read more →

Bosses say theft now the name of the game with a shift in tactics, apparent branding Big-game ransomware crew Hunters International says its criminal undertaking has become “unpromising, low-converting, and extremely risky,” and it is mulling shifting tactics amid an…

Read more →

Learn how Infinidat’s enterprise cyber storage solutions can enable near-immediate recovery Sponsored Post  It’s not a question of if your organization gets hit by a cyberattack – only when, and how quickly it recovers.… This article has been indexed from…

Read more →

Fallout shows how what you say must be central to disaster planning Opinion  Oracle is being accused of poor incident comms as it reels from two reported data security mishaps over the past fortnight, amid a reluctance to publicly acknowledge…

Read more →

Organizational, technological resilience combined defeat the disease that is cybercrime When IT disasters strike, it can become a matter of life and death for healthcare organizations – and criminals know it.… This article has been indexed from The Register –…

Read more →

Victims expect to spend considerable time and money over privacy incident, lawyers argue Specialist class action lawyers have launched proceedings against Oracle in Texas over two alleged data breaches.… This article has been indexed from The Register – Security Read…

Read more →

Kept quiet for 30 years before becoming an ‘unrivalled advocate’ for the site Obit  Betty Webb MBE, one of the team who worked at the code-breaking Bletchley Park facility during the Second World War, has died at the age of…

Read more →

Cupertino already squashed ’em in more recent releases – which this week get a fresh round of fixes Apple has delivered a big batch of OS updates, some of which belatedly patch older versions of its operating systems to address…

Read more →

With help from UK operatives, because it’s getting tougher to run the scam in the USA North Korea’s scamming, thieving, and AI-abusing fake IT workers are increasingly targeting European employers.… This article has been indexed from The Register – Security…

Read more →

But his emails! Sharing them with Google! Senior members of the US National Security Council, including the White House national security adviser Michael Waltz, have been accused of using their personal Gmail accounts to exchange sensitive information.… This article has…

Read more →

Copilot told us that half a century is 25 years. It feels much longer Microsoft will officially hit the half-century mark on Friday as the Windows giant turns 50 years old. What do you consider the highs and lows of…

Read more →

The UK government must be thrilled Google will soon offer end-to-end encrypted (E2EE) email for all users, even those who do not use Google Workspace, and says it’ll do so without imposing any undue stress on IT admins.… This article…

Read more →

Tech secretary reveals landmark legislation’s full details for first time The UK’s technology secretary revealed the full breadth of the government’s Cyber Security and Resilience (CSR) Bill for the first time this morning, pledging £100,000 ($129,000) daily fines for failing…

Read more →

Not exactly Snowden levels of skill A student at Britain’s top eavesdropping government agency has pleaded guilty to taking sensitive information home on the first day of his trial.… This article has been indexed from The Register – Security Read…

Read more →

Resurge an apt name for malware targeting hardware maker that has security bug after security bug Owners of Ivanti’s Connect Secure, Policy Secure, and ZTA Gateway products have a new strain of malware to fend off, according to the US…

Read more →

1990s incident response in 2025 Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly – it may be scrubbing the web of evidence, too.……

Read more →

Indiana Uni rm -rf online profile while agents haul boxes of evidence A tenured computer security professor at Indiana University and his university-employed wife have not been seen publicly since federal agents raided their homes late last week.… This article…

Read more →

1990s incident response in 2025 Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly – it may be scrubbing the web of evidence, too.……

Read more →

1990s incident response in 2025 Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly – it may be scrubbing the web of evidence, too.……

Read more →

Explanation leaves a ‘lot of questions unanswered,’ says infosec researcher A digital burglar is claiming to have nabbed a trove of “highly sensitive” data from Check Point – something the American-Israeli security biz claims is a huge exaggeration.… This article…

Read more →

Think AWS has security covered? Think again. Discover real-world examples of what it doesn’t secure and how to protect your environment Advertorial  AWS customers might assume that security is taken care of for them – however, this is a dangerous…

Read more →

PLUS: Indonesia crimps social media, allows iPhones; India claims rocket boost; In-flight GenAI for Japan Airlines Asia In Brief  China last week commenced a crackdown on inappropriate collection and subsequent use of personal information.… This article has been indexed from…

Read more →

PLUS: OpenAI bumps bug bounties bigtime; INTERPOL arrests 300 alleged cyber-scammers; And more! Infosec in brief  Oracle Health appears to have fallen victim to an info stealing attack that has led to patient data stored by American hospitals being plundered.……

Read more →