News

More work for admins on the cards as they await a full dump of fixes

Things aren't over yet for Fortinet customers – the security shop has disclosed yet another critical FortiCloud SSO vulnerability.…

Google researcher sits on UAC bypass for ages, only for it to become valid with new security feature

Microsoft patched a bevy of bugs that allowed bypasses of Windows Administrator Protection before the feature was made available earlier this month.…

Meta also replaces a legacy C++ media-handling security library with Rust

Users of Meta's WhatsApp messenger looking to simplify the process of protecting themselves are in luck, as the company is rolling out a new feature that combines multiple security settings under a single, toggleable option. …

Plus, the gang says it got in via Microsoft Entra SSO

ShinyHunters says it stole several slices of data from Panera Bread, but that's just the yeast of everyone's problems. The extortionist gang also claims to have stolen data from CarMax and Edmunds, in addition to three other organizations it posted to its blog last week.…

Reports say Salt Typhoon attackers accessed handsets of senior govt folk

Chinese state-linked hackers are accused of spending years inside the phones of senior Downing Street officials, exposing private communications at the heart of the UK government.…

French govt says state-run service 'Visio' will be more secure. Now where have we heard that name before?

France has officially told Zoom, Teams, and the rest of the US videoconferencing herd to take a hike in favor of its own homegrown app.…

Austrian education ministry unaware of tracking software until campaigners launched case

Updated  Microsoft illegally installed cookies on a school pupil's devices without consent, according to a ruling by the Austrian data protection authority (DSB).…

Victim and Big Brother Watch will argue the Met's policies are incompatible with human rights law

The High Court will hear from privacy campaigners this week who want to reshape the way the Metropolitan Police is allowed to use live facial recognition (LFR) tech.…

Another actively abused Office bug, another emergency patch – Office 2016 and 2019 users are left with registry tweaks instead of fixes.

Microsoft has issued an emergency Office patch after confirming a zero-day flaw is already being used in real world attacks.…

Atlassian, RingCentral, ZoomInfo also among tech targets

ShinyHunters has targeted around 100 organizations in its latest Okta single sign-on (SSO) credential stealing campaign, according to researchers and the criminal group itself.…

Probe follows outcry over use of creepy image generation tool

The European Commission has launched an investigation into X amid concerns that its GenAI model Grok offered users the ability to generate sexually explicit imagery, including sexualized images of children.…

US sports brand launches probe after extortion crew WorldLeaks claims it stole huge dataset

Nike says it is probing a possible breach after extortion crew WorldLeaks claimed to have lifted 1.4TB of internal data from the sportswear giant and posted samples on its leak site.…

Cyber sleuths believe Sandworm up to its old tricks with a brand-new sabotage toy

Russia was probably behind the failed attempts to compromise the systems of Poland's power companies in December, cybersecurity researchers claim.…

Big Red says 'sovereign' platform supports decision-making and operational learning at sea

Britain's Royal Navy is using Oracle Cloud edge infrastructure to operate AI-driven defenses on the aircraft carrier HMS Prince of Wales.…

Minister dodges cost questions while promising smartphone-free access and 'robust' verification

The UK government has revealed some thinking about digital identity in response to written questions from MPs, while continuing to say next to nothing about the scheme's cost.…

Also, cybercriminals get breached, Gemini spills the calendar beans, and more

infosec in brief  T'was a dark few days for automotive software systems last week, as the third annual Pwn2Own Automotive competition uncovered 76 unique zero-day vulnerabilities in targets ranging from Tesla infotainment to EV chargers.…

Drone, satellite, and other data combined to monitor unwanted vessels

The UK Home Office is spending up to £100 million on intelligence tech in part to tackle the so-called "small boats" issue of refugees and irregular immigrants coming across the English Channel.…

But ex-CISA boss and new RSAC CEO Jen Easterly will be there

exclusive  The US Cybersecurity and Infrastructure Security Agency won't attend the annual RSA Conference in March, an agency spokesperson confirmed to The Register.…

If you skipped it back then, now’s a very good time

You've got to keep your software updated. Some unknown miscreants are exploiting a critical VMware vCenter Server bug more than a year after Broadcom patched the flaw.…

If you're serious about encryption, keep control of your encryption keys

If you think using Microsoft's BitLocker encryption will keep your data 100 percent safe, think again. Last year, Redmond reportedly provided the FBI with encryption keys to unlock the laptops of Windows users charged in a fraud indictment.…