News

PLUS: Crypto mixer founders plead guilty; Another French telco hacked; Meta fights WhatsApp scams; And more!

Infosec In Brief  A critical vulnerability in the on-prem version of Trend Micro's Apex One endpoint security platform is under active exploitation, the company admitted last week, and there's no patch available.…

Five pilot deployments are just a drop in the bucket, so it's time to turbo scale

def con  A DEF CON hacker walks into a small-town water facility…no, this is not the setup for a joke or a (super-geeky) odd-couple rom-com. It's a true story that happened at five utilities across four states.…

It turns out no one was clean on OPSEC

DEF CON  On Saturday at DEF CON, security boffin Micah Lee explained just how he hacked into TeleMessage, the supposedly secure messaging app used by White House officials, which in turn led to a massive database dump of their communications.…

In misinformation, Russia might be the top dog but the Chinese are coming warns former NSA boss

DEF CON  A cache of documents uncovered by Vanderbilt University has revealed disturbing details about how a Chinese company is building up a database of US politicians and influencers with whom to share propaganda.…

Fun feature found in Debian 13: send your selected text to China – in plaintext

As Trixie gets ready to début, a little-known app is hogging the limelight: StarDict, which sends whatever text you select, unencrypted, to servers in China.…

Tells The Reg China's ability to p0wn Redmond's wares 'gives me a political aneurysm'

Comment  Roger Cressey served two US presidents as a senior cybersecurity and counter-terrorism advisor and currently worries he'll experience a "political aneurysm" due to Microsoft's many security messes.…

Not a very smart home: crims could hijack smart-home boiler, open and close powered windows and more. Now fixed

Black hat  A trio of researchers has disclosed a major prompt injection vulnerability in Google's Gemini large language model-powered applications.…

Campaigners brand Home Office’s lack of transparency as ‘astonishing’ and ‘dangerous’

Privacy groups report a surge in UK police facial recognition scans of databases secretly stocked with passport photos lacking parliamentary oversight.…

It's 'more than a temporary trend,' Decodo claims

Amid the furor around surging VPN usage in the UK, many users are eyeing proxies as a potential alternative to the technology.…

Will someone think of the deals politicians are making?

Opinion  You might think, since I write about tech all the time, my degrees are in computer science. Nope. I'm a bona fide, degreed historian, which is why I can say with confidence that the UK's recently passed Online Safety Act is doomed to fail.…

A pair of German researchers showed how easy it is

Black Hat  Four countries have now tested anti-satellite missiles (the US, China, Russia, and India), but it's much easier and cheaper just to hack them.…

Hello loophole could let a rogue admin, or a pwned one, inject new facial scans

Black Hat  Microsoft is pushing hard for Windows users to shift from using passwords to its Hello biometrics system, but researchers sponsored by the German government have found a critical flaw in its business implementation.…

No reported in-the-wild exploits…yet

Microsoft and the feds late Wednesday sounded the alarm on another high-severity bug in Exchange Server hybrid deployments that could allow attackers to escalate privileges from on-premises Exchange to the cloud.…

The Reg goes behind the scenes of the conference NOC, where volunteers 'look for a needle in a needle stack'

Black Hat  Neil "Grifter" Wyler is spending the week "looking for a needle in a needle stack," a task he'll perform from the network operations center (NOC) that powers the Black Hat security conference in Las Vegas.…

Indications of compromise and Sigma rules report for your security scanners amid ongoing 'ToolShell' blitz

CISA has published a malware analysis report with compromise indicators and Sigma rules for "ToolShell" attacks targeting specific Microsoft SharePoint Server versions.…

Watch out, the phishermen are about, customers told

European airline giants Air France and KLM say they are the latest in a string of major organizations to have their customers' data stolen by way of a break-in at a third party org.…

Privacy campaigner Max Schrem's NOYB is back on Zuck's back

Meta's enthusiasm for training its AI on user data is not shared by the users themselves – at least for some Europeans – according a study commissioned by Facebook legal nemesis Max Schrems and his privacy advocacy group Noyb.…

Human rights org calls for greater accountability and stronger enforcement of Online Safety Act

Amnesty International claims Elon Musk's X platform "played a central role" in pushing the misinformation that stoked racially charged violence following last year's Southport murders.…

Many hands make light work in the SOC

Sponsored feature  The cyberthreat landscape is evolving fast, with highly organized bad actors launching ever more devastating and sophisticated attacks against often ill-prepared targets.…

Project Ire promises to use LLMs to detect whether code is malicious or benign

Microsoft has rolled out an autonomous AI agent that it claims can detect malware without human assistance.…