Tag: The Register – Security

Phony LinkedIn recruitment ads? Groundbreaking Chinese government snoops – hiding behind the guise of fake consulting companies – are actively trying to recruit the thousands upon thousands of US federal employees who have been fired since President Trump took office.……

Read more →

Crooks must be licking their lips at the possibilities Uncle Sam’s consumer watchdog has scrapped plans to implement Biden-era rules that would’ve treated certain data brokers as credit bureaus, forcing them to follow stricter laws when flogging Americans’ sensitive data.……

Read more →

‘We hope it makes attendees feel safe reporting violations’ A Seattle court this week dismissed with prejudice the defamation case brought against DEF CON and its organizer Jeff Moss by former conference stalwart Christopher Hadnagy.… This article has been indexed…

Read more →

The tech biz was in the process of dropping the payroll company as it learned of the breach EXCLUSIVE  A ransomware attack at a Middle Eastern subsidiary of payroll company ADP has led to customer data theft at Broadcom, The…

Read more →

We suspect Philippe Salle will need it, not to mention staff and customers If at first you don’t succeed, transform, transform, and transform again is the corporate motto at Atos these days. The lumbering French-based megacorp has created another blueprint…

Read more →

AI attacks are keeping most practitioners up at night, says Darktrace, and with good reason Sponsored feature  From the written word through to gunpowder and email, whenever an enabling technology comes along, you can be sure someone will be ready…

Read more →

Entire process took less than five minutes, prosecutors say A former DoorDash driver has pleaded guilty to participating in a $2.59 million scheme that used fake accounts, insider access to reassign orders, and bogus delivery reports to trigger payouts for…

Read more →

They’re smishing, they’re vishing The FBI has warned that fraudsters are impersonating “senior US officials” using deepfakes as part of a major fraud campaign.… This article has been indexed from The Register – Security Read the original article: Scammers are…

Read more →

DragonForce-riding ransomware ring also has ‘shiny object syndrome’ so will likely move on to another sector soon The same miscreants behind recent cyberattacks on British retailers are now trying to dig their claws into major American retailers’ IT environments –…

Read more →

One expert tells us: ‘It is the most unique breach disclosure I’ve ever seen’ Coinbase says some of its overseas support staff were paid off to steal information on behalf of cybercriminals, and the company is now being extorted for…

Read more →

Sometimes, less information is more In its latest gambit to reduce the noise of unnecessary security alerts, Socket has acquired Coana, a startup founded in 2022 by researchers from Aarhus University in Denmark that tells users which vulnerabilities they can…

Read more →

Lessons learned from last year’s security snafu interview  Being the chief information security officer at Snowflake is never an easy job, but last spring it was especially challenging.… This article has been indexed from The Register – Security Read the…

Read more →

Would you believe it, this RaaS cartel says Russia is off limits DragonForce, a new-ish ransomware-as-a-service operation, has given organizations another cyber threat to worry about — unless they’re in Russia, which is off limits to the would-be extortionists.… This…

Read more →

Ransomware or critical infra hit? Top US manufacturer maintains steely silence Nucor, the largest steel manufacturer in the US, shut down production operations after discovering its servers had been penetrated.… This article has been indexed from The Register – Security…

Read more →

How Adversarial Exposure Validation is changing the way we approach vulnerability management Partner content  Two decades ago, CVSS revolutionized vulnerability management, enabling security teams to speak a common language when measuring and prioritizing risks posed by the vulnerability to the…

Read more →

Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated The Department of Homeland Security (DHS) scrapped a highly lucrative cybersecurity contract originally awarded to Leidos following a legal challenge from rival bidder Nightwing, yet…

Read more →

Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Australia’s intelligence agency is warning organizations about several new Ivanti zero-days chained for remote code execution (RCE) attacks. The vendor itself has said the vulns…

Read more →

‘Legitimate interest’ won’t wash, says privacy outfit, as Zuck’s org claims activists want to ‘delay AI innovation’ There’s a Max Schrems-shaped object standing in the way of Meta’s plans to train its AI on the data of its European users,…

Read more →

Admits due diligence fell short – furious users cry ‘gaslighting’ Customers are blasting VPN Secure’s new parent company after it abruptly axed thousands of “lifetime” accounts. The reason? The CEO admits in an interview with The Register that his team…

Read more →

No rush, according to Gartner chap who says: ‘Nobody has ever out-patched threat actors at scale’ Patch Tuesday has rolled around again, but if you don’t rush to implement the feast of fixes it delivered, your security won’t be any…

Read more →

Crickets as senior security folk asked about risks at NCSC conference CYBERUK  Peter Garraghan – CEO of Mindgard and professor of distributed systems at Lancaster University – asked the CYBERUK audience for a show of hands: how many had banned…

Read more →

Defenses are weaker, and victims are more likely to pay, SANS warns Criminals who attempt to damage critical infrastructure are increasingly targeting the systems that sit between IT and operational tech.… This article has been indexed from The Register –…

Read more →

Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti Patch Tuesday  It’s that time of the month again, and Microsoft has made it extra spicy by revealing five flaws it says are under active exploitation – but…

Read more →

ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit Researchers at ETH Zurich in Switzerland have found a way around Intel’s defenses against Spectre, a family of data-leaking flaws in the…

Read more →

Air Force Dumb The Trump administration is set to accept a $400 million luxury 747-8 from the royal family of Qatar – a lavish “palace in the sky” meant as a temporary Air Force One. But getting it up to…

Read more →

Pay-to-play security on CVSS 10 issue is now fixed An update that fixed a critical flaw in data protection biz Commvault’s Command Center was initially not available to a significant user subset – those testing out a free trial version…

Read more →

Both agencies seem unbothered despite tech world’s clear concerns for US infoseccers CYBERUK  The top brass from the UK’s cyber agency say everything is business as usual when it comes to the GCHQ arm’s relationship with CISA, amid growing unease…

Read more →

Market cap down by more than £1BN since April 22 Marks & Spencer has confirmed that customer data was stolen as part of its cyberattack, fueling conjecture that ransomware was involved.… This article has been indexed from The Register –…

Read more →

EUVD comes into play not a moment too soon The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and…

Read more →

‘MarbledDust’ gang has honed the skills it uses to assist Ankara Turkish spies exploited a zero-day bug in a messaging app to collect info on the Kurdish army in Iraq, according to Microsoft, which says the attacks began more than…

Read more →

Support for the underlying OS is another story Microsoft has pledged to support and issue security fixes for M365 apps on Windows 10 into late 2028. That’s well past a cut-off point of October 14 this year, when Redmond’s support…

Read more →

Cripes, we were only joking when we called Elon’s social network the new state media The US government’s Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity…

Read more →

Today’s complex IT environments demand a new approach Partner content  For many organizations, managing IT assets is like trying to complete a jigsaw puzzle without all the pieces. Despite massive investments in security tools and controls, many companies still have…

Read more →

Intruders claim they stole GlobalX’s flight records and manifests GlobalX, a charter airline used for deportations by the US government, has admitted someone broke into its network infrastructure.… This article has been indexed from The Register – Security Read the…

Read more →

Providers argue that if end users prioritized security, they’d get it CYBERUK  Intervention is required to ensure the security market holds vendors to account for shipping insecure wares – imposing costs on those whose failures lead to cyberattacks and having…

Read more →

We need to make taking IT systems ‘off the books’ a problem for corporate types Opinion  It’s been a devastating few weeks for UK retail giants. Marks and Spencer, the Co-Op, and now uber-posh Harrods have had massive disruptions due…

Read more →

PLUS: Celsius scammer sent to slammer; Death-by-hacking victim warns you’re never safe; and more Infosec in brief  Good cybersecurity habits don’t appear to qualify anyone to work at DOGE, as one Musk minion seemingly fell victim to infostealer malware.… This…

Read more →

Rapid7 threat hunter told The Reg wrote a PoC. No he’s not releasing it RSAC  If Rapid7’s Christiaan Beek decided to change careers and become a ransomware criminal, he knows exactly how he’d innovate: CPU ransomware.… This article has been…

Read more →

The FBI also issued a list of end-of-life routers you need to replace Earlier this week, the FBI urged folks to bin aging routers vulnerable to hijacking, citing ongoing attacks linked to TheMoon malware. In a related move, the US…

Read more →

France’s share of MOD cash is growing while the US’s shrinks The UK’s Ministry of Defence (MOD) is gradually shifting its spending from the US to Europe, according to research from Tussell.… This article has been indexed from The Register…

Read more →

Weapons-grade fuel for fraud Insight Partners, a mega venture capital firm with more than $90 billion in funds under management, fears network intruders got their hands on internal sensitive data about employees, portfolio companies, investors, and more.… This article has…

Read more →

Linux giant finds Chinese environment to be perilous beneath pretty exterior SUSE has kicked the Deepin Desktop Environment (DDE) out of its community-driven Linux distro, openSUSE, and the reasons it gives for doing so are revealing.… This article has been…

Read more →

Ubuntu 25.10 fitted with Rust-written admin tool by default for memory safety’s sake Canonical’s Ubuntu 25.10 is set to make sudo-rs, a Rust-based rework of the classic sudo utility, the default – part of a push to cut memory-related security…

Read more →

Now individual school districts extorted by fiends An education tech provider that paid a ransom to prevent the leak of stolen student and teacher data is now watching its school district customers get individually extorted by either the same ransomware…

Read more →

CEO: Neural net tech ‘flattens our hiring curve, helps us innovate’ CrowdStrike – the Texas antivirus slinger famous for crashing millions of Windows machines last year – plans to cut five percent of its staff, or about 500 workers, in…

Read more →

Judge allows aspects of passenger lawsuit to proceed A federal judge has cleared the runway for a class action from disgruntled passengers against Delta Air Lines as turbulence from last year’s CrowdStrike debacle continues to buffet the carrier.… This article…

Read more →

We were shocked – SHOCKED – by the answer Mirror, mirror on the wall, who is the slurpiest mobile browser of them all? The answer, according to VPN vendor Surfshark, is Chrome.… This article has been indexed from The Register…

Read more →

Lead dev likens flood to ‘effectively being DDoSed’ Curl project founder Daniel Stenberg is fed up with of the deluge of AI-generated “slop” bug reports and recently introduced a checkbox to screen low-effort submissions that are draining maintainers’ time.… This…

Read more →

Prime Minister bemoans bullying, addiction, and inappropriate content – but isn’t planning a rapid vote New Zealand’s government has signaled its support for a bill to ban social media for children under 16, but without explicitly making it a government…

Read more →

Don’t f&#k with Zuck A California jury has awarded Meta more than $167 million in damages from Israeli surveillanceware slinger NSO Group, after the latter exploited a flaw in WhatsApp to allow its government customers to spy on supposedly secure…

Read more →

Don’t f&#k with Zuck A California jury has awarded Meta more than $167 million in damages from Israeli surveillanceware slinger NSO Group, after the latter exploited a flaw in WhatsApp to allow its government customers to spy on supposedly secure…

Read more →

What was the plan, showing her his big iron? A now-former manager at Computacenter claims he was unfairly fired after alerting management that a colleague was repeatedly giving his girlfriend unauthorized access to Deutsche Bank’s server rooms.… This article has…

Read more →

(If only that would keep folks off unsanctioned chat app side quests) The US Department of Defense (DoD) is overhauling its “outdated” software procurement systems, and insists it’s putting security at the forefront of decision-making processes.… This article has been…

Read more →

(If only that would keep folks off unsanctioned chat app side quests) The US Department of Defense (DoD) is overhauling its “outdated” software procurement systems, and insists it’s putting security at the forefront of decision-making processes.… This article has been…

Read more →

Because who needs cybersecurity when there’s culture wars to win President Trump’s dream 2026 budget would gut the US govt’s Cybersecurity and Infrastructure Security Agency, aka CISA, by $491 million – about 17 percent – and accuses the organization of…

Read more →

No, really? That’s a shocking surprise An unidentified miscreant is said to have obtained US government communications from TeleMessage, a messaging and archiving app based on the open-source Signal app and used by ousted national security advisor Michael Waltz.… This…

Read more →

Hails DOGE operatives for computer skills during interview in which he also flubbed some tech investment figures US President Donald Trump has said TikTok will be “very strongly protected” as the made-in-China social network has “a warm spot in my…

Read more →

PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more! PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more! India’s ambition to become a global semiconductor manufacturing player went backwards last…

Read more →

PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more! Infosec In Brief  Microsoft has decided to push its consumer customers to dump password in favor of passkeys.… This article has been indexed from The Register –…

Read more →

With North Korean IT workers storming the gates, too RSAC  Another RSAC has come and gone, with almost 44,000 attendees this year spread across San Francisco’s Moscone Center and the surrounding facilities, according to conference organizers. Hopefully, all of us…

Read more →

El Reg checks out shop in SF On Thursday, six stores across America opened their doors with a curious proposition: Come on in, let a metal orb scan your irises, and walk out with a new online profile that promises…

Read more →

A 25-year-old California man pleaded guilty to stealing and dumping 1.1TB of data from the House of Mouse When someone stole more than a terabyte of data from Disney last year, it was believed to be the work of Russian…

Read more →

Real-time video deepfakes? Not convincing yet RSAC  Spam messages predate the web itself, and generative AI has given it a fluency upgrade, churning out slick, localized scams and letting crooks hit regions and dialects they used to ignore.… This article…

Read more →

UK starts prosecution days after FBI vowed to clamp down on the crime Three young Brits are accused of stateside swatting offences and will appear in a UK court today to face their charges after a joint investigation by the…

Read more →

Experts suggest the obvious: There is an ongoing coordinated attack on the Britain’s retail sector Globally recognized purveyor of all things luxury Harrods is the third major UK retailer to confirm an attempted cyberattack on its systems in under two…

Read more →

House Oversight probes missing Musk disclosures, background checks, data mess at NLRB Elon Musk is backing away from his Trump-blessed government gig, but now House Democrats want to see the permission slip that got him in the door.… This article…

Read more →

This time criminals targeted partner’s third-party software It’s more bad news from Ascension Health which is informing some of its patients, potentially for the second time in the space of a year, that their medical data was compromised during a…

Read more →

Will the personal assistant shop for groceries? Or get hijacked by a teen? RSAC  If Amazon’s Alexa+ works as intended, it could show how an AI assistant helps with everyday tasks like making dinner reservations or arranging an oven repair.…

Read more →

President’s campaign continues against man he claims covered up evidence of electoral fraud in 2020 Chris Krebs, former CISA director and current political punching bag for the US President, says his Global Entry membership was revoked.… This article has been…

Read more →

No MFA? No problem – as long as you show you’ve learned your lesson The UK’s data protection overlord is not going to pursue any further investigation into the British Library’s 2023 ransomware attack.… This article has been indexed from…

Read more →

For now it’s a potential bug-finder and friend to defenders RSAC  Former NSA cyber-boss Rob Joyce thinks today’s artificial intelligence is dangerously close to becoming a top-tier vulnerability exploit developer.… This article has been indexed from The Register – Security…

Read more →

Cybersecurity is national security, says Jen Easterly RSAC  America’s top cyber-defense agency is “being undermined” by personnel and budget cuts under the Trump administration, some of which are being driven by an expectation of perfect loyalty to the President rather…

Read more →

Feds say $970K scheme defrauded 13+ companies A Maryland man has pleaded guilty to fraud after landing a job with a contractor working on US government software, and then outsourcing the work to a self-described North Korean developer in China.……

Read more →

Feds say $970k scheme defrauded 13+ companies A Maryland man has pleaded guilty to fraud after landing a job with a contractor working on US government software, and then outsourcing the work to a self-described North Korean developer in China.……

Read more →

No specific law against it yet, but that’s set to change A spate of high-profile swatting incidents in the US recently forced the FBI into action with its latest awareness campaign about the occasionally deadly practice.… This article has been…

Read more →

Go ahead, please do Bash static analysis Shell scripting may finally get a proper bug-checker. A group of academics has proposed static analysis techniques aimed at improving the correctness and reliability of Unix shell programs.… This article has been indexed…

Read more →

A cloud security platform that manages the attack surface and security vulnerabilities in AWS Sponsored post  You’d be naïve to believe that the cloud is secure by default, and while most hosting services provide basic defenses, it’s not always clear…

Read more →

Google dumped io_uring after $1M in bug bounties A proof-of-concept program has been released to demonstrate a so-called monitoring “blind spot” in how some Linux antivirus and other endpoint protection tools use the kernel’s io_uring interface.… This article has been…

Read more →

As Big Tech gets used to the pain, smaller vendors urged to up their game This article has been indexed from The Register – Security Read the original article: Enterprise tech dominates zero-day exploits with no signs of slowdown

Read more →

Former Rear Admiral calls for National Guard online deployment and corporates to be held accountable RSAC  Russia used to be considered America’s biggest adversary online, but over the past couple of years China has taken the role, and is proving…

Read more →

Top voices warn that political retaliation puts democracy and national defense at risk The Electronic Frontier Foundation (EFF) and numerous infosec leaders are lobbying US President Donald Trump to drop his enduring investigation into Chris Krebs, claiming that targeting the…

Read more →

Artificial intelligence is helping Beijing’s goons break in faster and stay longer RSAC  The biggest threat to US critical infrastructure, according to FBI Deputy Assistant Director Cynthia Kaiser, can be summed up in one word: “China.”… This article has been…

Read more →

FBI and others list how to spot NK infiltrators, but AI will make it harder RSAC  Concerned a new recruit might be a North Korean stooge out to steal intellectual property and then hit an org with malware? There is…

Read more →

They’re sorry/not sorry for testing if bots can change minds by pretending to be a trauma counselor or a victim of sexual abuse Researchers from the University of Zurich have admitted to secretly posting AI-generated material to popular Subreddit r/changemyview…

Read more →

Whoever could be behind this attack on an ethnic minority China despises? Researchers at Canada’s Citizen Lab have spotted a phishing campaign and supply chain attack directed at Uyghur people living outside China, and suggest it’s an example of Beijing’s…

Read more →

Florida man altered allergen info, DoSed former colleagues Former Disney employee Michael Scheuer was sentenced to 36 months in prison and fined almost $688,000 for screwing up a software application the entertainment giant used to cook up its restaurant menus.……

Read more →

Sometimes, silence is the best option An Oklahoma City cybersecurity professional accused of installing spyware on a hospital PC confirmed on LinkedIn key details of the drama.… This article has been indexed from The Register – Security Read the original…

Read more →

Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel RSAC  Chief security officers should negotiate personal liability insurance and a golden parachute when they start a new job – in case things go…

Read more →

Homeland Security boss Noem added as last-minute keynote, mind you RSAC  There’s a notable absence from this year’s RSA Conference that kicked off today in San Francisco: The NSA’s State of the Hack panel.… This article has been indexed from…

Read more →

Think of artificial intelligence as your embedded ally Sponsored post  AI is reshaping cybersecurity in real time, raising the stakes on both sides of the battlefield. For defenders, it brings speed, precision, and automation at scale, helping security teams detect…

Read more →

It took a 1 year+ probe, plenty of client calls for VeriSource to understand just how much of a yikes it has on its hands Houston-based VeriSource Services’ long-running probe into a February 2024 digital break-in shows the data of…

Read more →

It took a 1 year+ probe, plenty of client calls for VeriSource to understand just how much of a yikes it has on its hands Houston-based VeriSource Services’ long-running probe into a February 2024 digital break-in shows the data of…

Read more →

Image board hints that rumors of a poorly maintained back end may be true Clearweb cesspit 4chan is back up and running, but says the damage caused by a cyberattack earlier this month was “catastrophic.”… This article has been indexed…

Read more →

Image board hints that rumors of a poorly maintained back end may be true Clearweb cesspit 4chan is back up and running, but says the damage caused by a cyberattack earlier this month was “catastrophic.”… This article has been indexed…

Read more →

Redmond reckons $1.50/core/month hotpatch service is worth it to avoid eight Patch Tuesday scrambles each year Microsoft has announced that its preview of hotpatching for on-prem Windows Server 2025 will become a paid subscription service in July.… This article has…

Read more →

PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more! Infosec in brief  Samsung has warned that some of its Galaxy devices store passwords in plaintext.… This article has been indexed from…

Read more →

Infosec is a team sport … unless you’re in the White House Opinion  Just when it seems they couldn’t be that careless, US officials tasked with defending the nation go and do something else that puts American critical infrastructure, national…

Read more →

What next for US-bankrolled vulnerability tracker? It’s edging closer to a more independent, global future Kent Landfield, a founding member of the Common Vulnerabilities and Exposures (CVE) program and member of the board, learned through social media that the system…

Read more →

GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures Ivanti VPN users should stay alert as IP scanning for the vendor’s Connect Secure and Pulse Secure systems surged by 800 percent last week, according to…

Read more →

Where have we heard this before? Feb security update needs its own fix More than one month after complaints starting flying, Microsoft has fixed a Windows bug that caused some Remote Desktop sessions to freeze.… This article has been indexed…

Read more →