News
Thousands of Juniper Networks devices vulnerable to critical RCE bug
More than 11,500 Juniper Networks devices are exposed to a new remote code execution (RCE) vulnerability, and infosec researchers are pressing admins to urgently apply the patches.…
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers
GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed.…
FTC secures first databroker settlement banning sale of sensitive location data
Infosec in brief The US Federal Trade Commission has secured its first data broker settlement agreement, prohibiting X-Mode Social from sharing or selling sensitive location data.…
Ransomware protection deconstructed
Sponsored Post Rubrik has combed through its archive to find what it judges to be the top 12 must-see demos of its products available to watch on demand whenever you feel like it.…
China loathes AirDrop so much it’s publicized an old flaw in Apple’s P2P protocol
In June 2023 China made a typically bombastic announcement: operators of short-distance ad hoc networks must ensure they run according to proper socialist principles, and ensure all users divulge their real-world identities.…
Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in
Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant's threat intel team.…
Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs
Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information – passwords, cookies, authentication tokens, you name it – to grab and leak.…
Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew
Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US's must-patch list.…
Secret multimillion-dollar cryptojacker snared by Ukrainian police
The criminal thought to be behind a multimillion-dollar cryptojacking scheme is in custody following a Europol-led investigation.…
Secure network operations for hybrid working
Webinar Remote working has rapidly become the norm for many organizations and isn't ever going away. But it still needs to be secure if it's to be a success.…
So, are we going to talk about how GitHub is an absolute boon for malware, or nah?
The popularity of Github has made it too big to block, which is a boon to dissidents ducking government censors but a problem for internet security.…
Data regulator fines HelloFresh £140k for sending 80M+ spams
Food delivery company HelloFresh is nursing a £140,000 ($178k) fine by Britain’s data privacy watchdog after a probe found it had dispatched upwards of a staggering 79 million spam email and one million texts in just seven months.…
While we fire the boss, can you lock him out of the network?
On Call Welcome once more, dear reader, to On Call, The Register's weekly reader-contributed column detailing the delights and dangers of working in tech support.…
Drivers: We'll take that plain dumb car over a flashy data-spilling internet one, thanks
CES Despite all the buzz around internet-connected smart cars at this year's CES in Las Vegas, most folks don't want vehicle manufacturers sharing their personal data with third parties – and even say they'd consider buying an older or dumber car to protect their privacy and security.…
eBay to cough up $3M after cyber-stalking couple who dared criticize the souk
eBay will pay $3 million to settle criminal charges that its security team stalked and harassed a Massachusetts couple in retaliation for their website's critical coverage of the online tat bazaar.…
Mandiant's brute-forced X account exposes perils of skimping on 2FA
Google-owned security house Mandiant's investigation into how its X account was taken over to push cryptocurrency scams concludes the "likely" cause was a successful brute-force password attack.…
Infoseccers think attackers backed by China are behind Ivanti zero-day exploits
Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti.…
Fidelity National now says 1.3M customers had data stolen by cyber-crooks
Fidelity National Financial now says criminals got hold of data belonging to 1.3 million customers after breaking into its IT network in November.…
Uncle Sam tells hospitals: Meet security standards or no federal dollars for you
US hospitals will be required to meet basic cybersecurity standards before receiving federal funding, according to rules the White House is expected to propose in the next few weeks.…
Be honest. Would you pay off a ransomware crew?
Kettle Believe us, we wish there was a simple solution that could stop ransomware dead in its tracks for good.…