News

Yet more support for the argument to adopt memory-safe languages

More than 11,500 Juniper Networks devices are exposed to a new remote code execution (RCE) vulnerability, and infosec researchers are pressing admins to urgently apply the patches.…

The bug with a perfect 10 severity score has been ripe for exploitation since May

GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed.…

Also, iOS spyware abused Apple's own ECC, breach victim says it can't figure out what hackers took, and some critical vulns

Infosec in brief  The US Federal Trade Commission has secured its first data broker settlement agreement, prohibiting X-Mode Social from sharing or selling sensitive location data.…

Check out the top 12 must see Rubrik product demos of 2023 for tips on how to foil attacks in 2024

Sponsored Post  Rubrik has combed through its archive to find what it judges to be the top 12 must-see demos of its products available to watch on demand whenever you feel like it.…

Infosec academic suggests Beijing’s warning that iThing owners aren’t anonymous deserves attention outside the great firewall, too

In June 2023 China made a typically bombastic announcement: operators of short-distance ad hoc networks must ensure they run according to proper socialist principles, and ensure all users divulge their real-world identities.…

Snoops had no fewer than five custom bits of malware to hand to backdoor networks

Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant's threat intel team.…

Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc

Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information – passwords, cookies, authentication tokens, you name it – to grab and leak.…

It’s taken months for crims to hack together a working exploit chain

Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US's must-patch list.…

Criminal scored $2M in crypto proceeds but ends up in ‘cuffs following property raid

The criminal thought to be behind a multimillion-dollar cryptojacking scheme is in custody following a Europol-led investigation.…

How to have zero trust connectivity and optimize the remote user experience

Webinar  Remote working has rapidly become the norm for many organizations and isn't ever going away. But it still needs to be secure if it's to be a success.…

Microsoft says it's doing its best to crack down on crims

The popularity of Github has made it too big to block, which is a boon to dissidents ducking government censors but a problem for internet security.…

Messaging menace used text and email to bombard people

Food delivery company HelloFresh is nursing a £140,000 ($178k) fine by Britain’s data privacy watchdog after a probe found it had dispatched upwards of a staggering 79 million spam email and one million texts in just seven months.…

And he would have got away with it, too, if it weren’t for this one tiny backdoor

On Call  Welcome once more, dear reader, to On Call, The Register's weekly reader-contributed column detailing the delights and dangers of working in tech support.…

Now that's a smart move

CES  Despite all the buzz around internet-connected smart cars at this year's CES in Las Vegas, most folks don't want vehicle manufacturers sharing their personal data with third parties – and even say they'd consider buying an older or dumber car to protect their privacy and security.…

Staff sent live cockroaches, porno – and more – in harassment campaign to silence pair

eBay will pay $3 million to settle criminal charges that its security team stalked and harassed a Massachusetts couple in retaliation for their website's critical coverage of the online tat bazaar.…

Speculation builds over whether a nearly year-old policy change was to blame

Google-owned security house Mandiant's investigation into how its X account was taken over to push cryptocurrency scams concludes the "likely" cause was a successful brute-force password attack.…

Customers currently left patchless while attacks are expected to increase

Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti.…

It's still not calling it ransomware

Fidelity National Financial now says criminals got hold of data belonging to 1.3 million customers after breaking into its IT network in November.…

Expect new rules in upcoming weeks

US hospitals will be required to meet basic cybersecurity standards before receiving federal funding, according to rules the White House is expected to propose in the next few weeks.…

Today us vultures are debating bans on ransom payments, deplorable tactics by extortionists, and more

Kettle  Believe us, we wish there was a simple solution that could stop ransomware dead in its tracks for good.…