FreshRSS

πŸ”’
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayThe Register - Security

Pushers of insecure software in Biden's crosshairs

Just-revealed US cybersecurity strategy 'has fangs' for catching crafty criminals and crummy coders

Analysis Technology providers can expect more regulations, while cyber criminals can look for US law enforcement to step up their efforts to disrupt ransomware gangs and other illicit activities, under the Biden administration's computer security plan announced on Thursday.…

  • March 3rd 2023 at 00:15

CI/CD: Necessary for modern software development, yet it carries a lot of risk

With great speed comes great insecurity

SCSW CI/CD over the past decade has become the cornerstone of modern software development.…

  • March 2nd 2023 at 23:10

Intruder alert: WH Smith hit by another cyber attack

Less than a year after Funky Pigeon leaked data of greetings cards biz

Less than a year after its online greetings card subsidiary Funky Pigeon was attacked, WH Smith has admitted someone broke into its systems.…

  • March 2nd 2023 at 13:27

Forget ChatGPT, the most overhyped security tool is technology itself, Wiz warns

Infosec also needs to widen its talent pool or miss out

Interview It's a tough economy to ask for a bigger security team or larger budget to buy technology to protect against cyberattacks. …

  • March 2nd 2023 at 08:30

It's official: BlackLotus malware can bypass Secure Boot on Windows machines

The myth 'is now a reality'

BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.…

  • March 1st 2023 at 21:30

PlugX RAT masquerades as legit Windows debugger to slip past security

DLL side-loading does the trick, again

Cybercriminals are disguising the PlugX remote access trojan as a legitimate open-source Windows debugging tool to evade detection and compromise systems.…

  • March 1st 2023 at 07:30

Google: You get crypto, you get crypto, almost everyone gets email crypto!

Personal Gmail users still out of luck

Google continued its client-side encryption rollout, the feature generally available to some Gmail and Calendar users who can now send and receive encrypted messages and meeting invites.…

  • March 1st 2023 at 01:38

US government sets a 30-day deadline for wiping TikTok from feds' phones

Last chance to film yourself doing a ByteDance, in the US and abroad

The White House has ordered all federal government employees to delete TikTok from work devices, over fears the video-sharing app could be used to spy on Americans. …

  • March 1st 2023 at 00:30

US cybersecurity chief: Software makers shouldn't lawyer their way out of security responsibilities

Who apart from Microsoft is happy with the ship now, oh just fix it later approach?

SCSW What's more dangerous than Chinese spy balloons? Unsafe software and other technology products, according to America's Cybersecurity and Infrastructure Agency (CISA) Director Jen Easterly.…

  • February 28th 2023 at 22:32

Dish: Someone snatched our data, if you're wondering why our IT systems went down

Outage-hit telco still won't confirm ransomware infection, or if it's paying up

Dish has confirmed what everyone was suspecting, given the ongoing downtime experienced by some of its systems, that the US telco was hit by criminal hackers.…

  • February 28th 2023 at 21:06

News Corp outfoxed by IT intruders for years

All the news that's fit to pwn

The miscreants who infiltrated News Corporation's corporate IT network spent two years in the media monolith's system before being detected early last year.…

  • February 28th 2023 at 08:31

Russian hacktivists DDoS hospitals, with pathetic results

Not that we're urging them to try harder or anything

A series of distributed-denial-of-service (DDoS) attacks shut down nine Danish hospitals' websites for a few hours on Sunday, but did not have any life-threatening impact on the medical centers' operations or digital infrastructure.…

  • February 28th 2023 at 07:30

US Marshals Service leaks β€˜law enforcement sensitive information’ in ransomware incident

It’s not just another data breach when the victim oversees witness protection programs

The US Marshals Service, the enforcement branch of the nation’s federal courts, has admitted a β€œmajor” breach of its information security defenses led to a ransomware infection and exfiltration of β€œlaw-enforcement sensitive information."…

  • February 28th 2023 at 06:59

Feeling VEXed by software supply chain security? You’re not alone

Chainguard CEO explains how to secure code given crims know to poison it at the source

SCSW The vast majority of off-the-shelf software is composed of imported components, whether that's open source libraries or proprietary code. And that spells a security danger: if someone can subvert one of those components, they can infiltrate every installation of applications using those dependencies.…

  • February 28th 2023 at 01:01

Dish multi-day outage rolls on as ransomware fears grow

Techies 'hard at work' and all of that

US telco Dish said it is investigating a multi-day network "issue" that knocked some of its systems offline, leaving customers stranded from the web.…

  • February 27th 2023 at 20:30

China makes it even harder for data to leave its shores

Many foreign companies had already given up – now there's more red tape

Starting in June, companies operating in China must undergo a regulatory intervention when sending data abroad, thanks to the Cyberspace Administration of China (CAC).…

  • February 27th 2023 at 13:30

Russian charged with smuggling US counterintel tech to Motherland

Also, don't download that 'ChatGPT Windows client,' and this week's critical vulnerabilities to keep an eye on

In brief A Russian national has been hit with a five-count indictment alleging he smuggled hardware and software used for counterintelligence operations out of the US to the Russian Federal Security Service (FSB) and North Korea.…

  • February 27th 2023 at 11:30

Microsoft: For better security, scan more Exchange server objects

Software giant takes some files and processes off the exclusion list

Microsoft is recommending that Exchange server users scan certain objects for viruses and other threats that until now had been excluded.…

  • February 26th 2023 at 09:00

'Ethical hacker' among ransomware suspects cuffed by Dutch cops

Beware the Dark Side

Dutch police have arrested three men for their alleged involvement with a ransomware gang that stole sensitive data and extorted hundreds of thousands of euros from thousands of companies.…

  • February 25th 2023 at 09:04

Telus source code, staff info for sale on dark web forum

$50k buys you '1,000 unique repositories' that may or may not be legit

Canadian communications giant Telus is investigating whether crooks have stolen employee data and its source code, all of which is being offered for sale on a criminal forum.…

  • February 25th 2023 at 00:30

Bitcoin mining rig found stashed in school crawlspace

Don't blame the kids! Ex-city employee charged with $17k power theft

Pics A Massachusetts man accused of using his job as a city's assistant facilities director to hide a cryptocurrency mining operation in the crawlspace of a school has surrendered himself to authorities on Friday morning after skipping his Thursday arraignment. …

  • February 24th 2023 at 23:30

Google destroyed evidence for antitrust battle, Feds complain

rm -rf'ing staff chat logs can't go unpunished, says Uncle Sam

The US Department of Justice (DoJ) asked the judge hearing its antitrust case against Google to sanction the search advertising giant for destruction of evidence.…

  • February 24th 2023 at 22:30

European Commission bans TikTok from staff gadgets

Cyber Europe cyber worried about cyber threats, doesn't cyber use the other C word (China)

The European Commission on Thursday banned the use of the TikTok short video app on corporate devices and on the personal devices of employees enrolled in the commission's mobile device management service.…

  • February 24th 2023 at 07:27

Microsoft grows automated assault disruption to cover BEC, ransomware campaigns

There’s no HumOR in cyberattacks

At last year's Ignite show, Microsoft talked up a capability in its 365 Defender that automatically detects and disrupts a cyberattack while still in progress, hopefully stopping or reducing any resulting damage. Now it's extending that to include additional criminal areas.…

  • February 24th 2023 at 06:30

Ukraine invasion blew up Russian cybercrime alliances

Study: Old pacts ditched the moment Moscow moved in

The so-called "brotherhood" or Russian-speaking cybercriminals is yet another casualty of the war in Ukraine, albeit one that few outside of Moscow are mourning.…

  • February 24th 2023 at 05:00

Suspected Russian NLBrute malware boss extradited to US

Dariy Pankov accused of infiltrating systems, selling tool and passwords to other miscreants

A Russian national accused of developing the NLBrute brute-force hacking tool has made his first court appearance this week in Florida over accusations he used the tool to spawn a criminal empire.…

  • February 23rd 2023 at 23:30

Dole production plants crippled by ransomware, stores run short

Yes, we have no bananas, and things aren't looking peachy on the salad front

Irish agricultural megacorp Dole has confirmed that it has fallen victim to a ransomware infection that reportedly shut down some of its North American production plants.…

  • February 23rd 2023 at 21:30

FTX fiasco founder SBF faces further fraud charges

Fake donors allegedly padded politicians' pockets, both Republican and Democrat

FTX founder Sam Bankman-Fried's eight-count indictment related to the collapse of his crypto empire has been superseded by a new 12-count indictment unsealed in New York which provide graphic details about the extent the defunct biz paid off politicians. …

  • February 23rd 2023 at 20:30

Sensitive DoD emails exposed by unsecured Azure server

AWS, Google and Oracle may benefit as Microsoft blames the Pentagon and the Pentagon blames Microsoft

A hole in a US military email server operated by Microsoft left more than a terabyte of sensitive data exposed to the internet less than a month after Office 365 was awarded a higher level of government security accreditation.…

  • February 23rd 2023 at 19:30

Kremlin claims Ukraine hackers behind fake missile strike alerts

Ten cities panic after emergency systems start Putin out warnings of an impending attack

Millions of Russians in almost a dozen cities throughout the country were greeted Wednesday morning by radio alerts, text messages, and sirens warning of an air raid or missile strikes that never occurred. The warnings were later blamed on hackers.…

  • February 23rd 2023 at 06:30

Datacenters in China, Singapore cracked by crims who then targeted tenants

Infiltrators tried to create fake remote hands tasks, alter visitor lists

Criminals have targeted datacenter operators in Singapore and China, tapping into their CCTV cameras, accessing their tenant lists and then attacking those customers.…

  • February 23rd 2023 at 05:45

Lawyers join forces to fight common enemy: The SEC and its probes into cyber-victims

Did the financial watchdog just do the impossible and herd cats?

More than 80 law firms say they are "deeply troubled" by the US Securities and Exchange Commission's demand that Covington & Burling hand over names of its clients whose information was stolen by Chinese state-sponsored hackers.…

  • February 23rd 2023 at 02:00

Open source software has its perks, but supply chain risks can't be ignored

While app development is faster and easier, security is still a concern

Analysis Open source components play an increasingly central role in the software development scene, proving to be a boon in a time of continuous integration and deployment, DevOps, and daily software updates.…

  • February 22nd 2023 at 12:46

Global threats fuel cyber defence training

SANS Institute ramps up delivery of new security training courses to help keep info sec pros ahead of cyber criminals

Sponsored Post The global impact of cyber threats on businesses, governments, organisations and individuals around the world is ramping up exponentially, with experts warning that danger is set to dramatically worsen in coming months and years.…

  • February 22nd 2023 at 09:13

Accidental WhatsApp account takeovers? It's a thing

Blame it on phone number recycling (yes, that's a thing, too)

A stranger may be receiving your private WhatsApp messages, and also be able to send messages to all of your contacts – if you have changed your phone number and didn't delete the WhatsApp account linked to it.…

  • February 21st 2023 at 11:00

Locking down the remote printer

No longer a blind spot, printer security is now a grown up conversation says Brother

Sponsored Feature As businesses journey deeper into an era of restless digital change, it's surprising how inventions from past decades still define the office environment.…

  • February 21st 2023 at 07:21

DNA testing biz vows to improve infosec after criminals break into database it forgot it had

Settles lawsuit with two states after wider leak that affected millions

A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on over two million people from a nine-year-old "legacy" database the company forgot it had.…

  • February 20th 2023 at 20:30

What Mary, Queen of Scots, can teach today’s cybersec royalty

Tech has changed in 400 years. The rules haven’t

Opinion Mary, Queen of Scots, was a hapless CEO, even by the standards of 1600s Europe. Mother of the first Stuart King of England, James I (and VI of Scotland; let's not go into that), she was herself the first Stuart monarch to lose both throne and head. She wasn't the last. The family had issues.…

  • February 20th 2023 at 09:30

GoDaddy joins the dots and realizes it's been under attack for three years

Also: Russia may legalize hacking; Oakland declares ransomware emergency; the CVEs you should know about this week

In brief Web hosting and domain name concern GoDaddy has disclosed a fresh attack on its infrastructure, and concluded that it is one of a series of linked incidents dating back to 2020.…

  • February 20th 2023 at 02:27

If you're struggling to secure email forwarding, it's not you, it's ... the protocols

Eggheads prove they can mimic messages and bag bug bounty bucks

Analysis Over the past two decades, efforts have been made to make email more secure. Alas, defensive protocols implemented during this period, such as SPF, DKIM, and DMARC, remain unable to deal with the complexity of email forwarding and differing standards, a study has concluded.…

  • February 19th 2023 at 09:00

Intruder alert: FBI tackles 'isolated' IT security breach

Move along, totally nothing to see here

The FBI claims it has dealt with a cybersecurity "incident" that reportedly involved computer systems being used to investigate child sexual exploitation.…

  • February 17th 2023 at 22:30

'Russian hacktivists' brag of flooding German airport sites

In other words, script kiddies up to shenanigans again

A series of distributed denial-of-service (DDoS) attacks shut down seven German airports' websites on Thursday, a day after a major IT glitch at Lufthansa grounded flights.…

  • February 17th 2023 at 18:30

Cry Havoc and let slip dogs of war ... there's an upgraded malware server in town

ThreatLabz finds free alternative to Cobalt Strike and other tools used in the wild

There's a fresh open-source command-and-control (C2) framework on the loose, dubbed Havoc, as an alternative to the popular Cobalt Strike, and other mostly legitimate tools, that have been abused to spread malware.…

  • February 17th 2023 at 10:30

EU lawmakers argue against signing US data-transfer pact

Committee: Something about complaints process being dealt with in total secrecy doesn't sit right

Lawmakers in the European Parliament have urged the European Commission not to issue the "adequacy decision" needed for the EU-US Data Privacy Framework (DPF) to officially become the pipeline for data to freely flow from the EU to the States.…

  • February 17th 2023 at 09:30

Antivirus apps are there to protect you – Cisco's ClamAV has a heckuva flaw

Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution

Antivirus software is supposed to be an important part of an organization's defense against the endless tide of malware.…

  • February 17th 2023 at 06:02

Norway finds a way to recover crypto North Korea pinched in Axie heist

Meanwhile South Korea's Do Kwon is sought for fraud by US authorities

Norwegian authorities announced on Thursday that they had recovered $5.9 million of cryptocurrency stolen in the Axie Infinity hack – an incident widely held to have been perpetrated by the Lazarus Group, which has links to North Korea.…

  • February 17th 2023 at 05:15

Google's big security cert log overhaul broke Android apps. Now it's hit undo

Devs missed warnings plus tons of code relies again on lone open source maintainer

Google this week reversed an overhaul of one of its security-related file formats after the transition broke Android apps.…

  • February 16th 2023 at 22:26

VMware, Windows 11 shafted by Windows Server 2022

OS won't start on some systems with ESXi VMs, while Win11 updates may not make it to devices

Updated Microsoft is sorting through two issues with Windows Server 2022 that affect VMware virtual machines and updates not getting passed on to Windows 11 devices.…

  • February 16th 2023 at 20:30

More victims of fake crypto investor scam speak to The Register

UK-based Coin Publishers were conned out of $206,000 after meeting in a Barcelona hotel

Exclusive When Ahad Shams detailed on Twitter how his company was scammed out of $4 million in cryptocurrency after a face-to-face meeting, Chris Hunter immediately recognized what was going on.…

  • February 16th 2023 at 18:30

ESXiArgs ransomware fights off Team America's data recovery script

Want a clue to what you’re dealing with? Check the ransom note

That didn't take long.…

  • February 16th 2023 at 01:30

Intel patches up SGX best it can after another load of security holes found

Plus bugs squashed in Server Platform Services and more

Intel's Software Guard Extensions (SGX) are under the spotlight again after the chipmaker disclosed several newly discovered vulnerabilities affecting the tech, and recommended users update their firmware.…

  • February 15th 2023 at 20:40

Storage security toughen-up for compliance and cyberwar in 2023

Giving storage platforms enhanced built-in security features will be a significant step toward counteracting the impacts of cybercrime in 2023, Dell experts predict

Sponsored Feature Cybercriminals tend not to discriminate when it comes to the type of data they steal. Structured or unstructured, both formats contain valuable information that will bring them a profit. From a cybersecurity practitioner's perspective, however, structural state presents specific challenges when it comes to storing and moving sensitive data assets around.…

  • February 15th 2023 at 12:23

Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack

Gone in 60 seconds using a USB-A plug and brute force instead of a key

Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths.…

  • February 15th 2023 at 07:29

Apple splats zero-day bug, other gremlins in macOS, iOS

WebKit flaw 'may have been exploited' – just like Tim Cook 'may have' made a million bucks this week

Apple this week released bug-splatting updates to its operating systems and Safari browser, to fix a zero-day vulnerability in its WebKit browser engine that's reported to have been actively exploited.…

  • February 15th 2023 at 05:27

Russian crook made $90M exploiting stolen info on Tesla, Roku, Avnet, Snap, more

Undisclosed earnings reports swiped, exploited

A Russian national with ties to the Kremlin exploited stolen upcoming financial filings belonging to hundreds of companies to help him and his associates net more than $90 million.…

  • February 15th 2023 at 00:58

Microsoft delivers 75-count box of patches for Valentine's Day

Adobe, SAP, Intel, AMD, Android also show up with bouquet of fixes

Patch Tuesday Happy Patch Tuesday for February, 2023, which falls on Valentine's Day.…

  • February 14th 2023 at 22:25

Record-breaking number of record-breaking DDoS attacks confirmed

And growing abuse of cloud – because using hijacked Brazilian cable modems to down sites is so 2013

Dozens of companies over the weekend were hit by distributed denial-of-service (DDoS) attacks, including the largest one yet recorded, or so Cloudflare says.…

  • February 14th 2023 at 20:15

Google lets a few Android devices into its Privacy Sandbox

Chocolate Factory's ad tech renovation is moving ahead, like it or not

Google on Tuesday began rolling out a beta test of its Privacy Sandbox software for a small portion of Android 13 devices to learn how its purportedly privacy-protecting ad tech actually performs.…

  • February 14th 2023 at 17:00

Romance scam targets security researcher, hilarity ensues

Happy Valentine's Day! Now don't get fooled

It sounds like the plot of a somewhat far-fetched romcom-slash-thriller Netflix series, maybe billed as You meets Your Place or Mine, dropping just in time for Valentine's Day.…

  • February 14th 2023 at 02:30

Pepsi Bottling Ventures says info-stealing malware swiped sensitive data

That's not what I like

Crooks have breached Pepsi Bottling Ventures' network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers.…

  • February 14th 2023 at 00:30
❌