News

Plus fixes for iPadOS, tvOS, watchOS, XCode, iCloud for Windows – and a day after Google disclosed Nork op

Apple today released software updates to patch vulnerabilities in iPhones and iPads that may have been exploited by miscreants to silently snoop on victims from afar.…

Hyperion Gray founder relates 'holy f**k' moment when he realised

A zero-day hunter has told The Register of the “holy f**k” moment when he realised he'd been targeted by a North Korean campaign aimed at stealing Western researchers' vulns.…

Lib Dem blows raspberry at Sir Humphrey-style non-answer

The British government has denied being "complacent" over the Solarwinds hack as a fed-up peer of the realm urged a minister to "answer the question".…

Security eggheads discover their PCs chatting with Kim Jong Un's hackers

North Korea's hackers homed in on specific infosec researchers and infected their systems with a backdoor after luring them to a suspicious website, Google revealed on Monday.…

With a little $10bn package proposed to help them on their way

President Biden is preparing to assemble a crack US government cybersecurity team, and has pledged $10bn in funding to shore up the defenses of Uncle Sam's computer networks.…

Miscreant fingered server that held docs related to credit applications down under

The Australian Securities and Investments Commission (ASIC) has admitted one of its servers was accessed without sanction and may have been digitally pawed by miscreants.…

Police pull out classic 'sophisticated cyber attack' line

A 28-year-old has been arrested after allegedly carrying out what police have labelled a "sophisticated cyber attack" on a school.…

The Department for Education needs to learn its lesson too

Column  It is not good form to ruin people's online privacy. It is especially bad form if you're in a position of authority when you do this. It goes beyond bad form altogether if you're the Department for Education and you are potentially exposing schoolchildren to online attacks. That is criminal neglect.…

Plus: SonicWall hacked, Qualcomm security wobble, warrantless cellphone monitoring by US snoops revealed

In brief  One-time ADT security engineer Telesforo Aviles, 35, pleaded guilty to computer fraud in the US after spying on women through their home surveillance cameras.…

Awa' an bile yer heid, SEPA tells ransomware scum

About 4,000 stolen files from the Scottish Environmental Protection Agency (SEPA) have been dumped online by frustrated ransomware criminals after the public sector body refused to pay out.…

Medium-sized firm, big revenues, big target

Updated  A London ad agency that counts Atlantic Records, Suzuki, and Penguin Random House among its clients has had its files dumped online by a ransomware gang, The Register can reveal.…

Has your password been pwned? MS browser will tell you

Microsoft has detailed how the Password Monitor feature in Edge works after it pushed version 88 of the browser into the Stable channel.…

And also fix up these other holes that can be exploited via HTTP requests, SQL injection, etc

Cisco this week emitted patches for four sets of critical-severity security holes in its products along with other fixes.…

Department for Education says 'we believe this is not widespread'

A shipment of laptops supplied to British schoolkids by the Department for Education to help them learn under lockdown came preloaded with malware, The Register can reveal.…

Thorough counter-detection methods laid bare by Redmond

The SolarWinds hackers triggered one of their Cobalt Strike implants in the firm's network through a cunning VBScript that was activated by a routine system process, Microsoft has said.…

Let’s think about what data management should look like in the future – tune in here next week

Webcast  What’s your tech infrastructure going to look like in the next few months or years? You know, once we get past the current situation and find time to start innovating again. All of which may come sooner than you think.…

Points finger at privilege escalation via application rights in Azure AD, which Microsoft says is as designed

Security company Malwarebytes suspects a breach of its Office 365 and Azure tenancies is by the same attacker behind the SolarWinds hack, but reckons flaws in Azure Active Directory security are also to blame.…

Element Matrix Services adds to the messaging interoperability toolbox

Element Matrix Services is adding a bridge between hipster chat platform Slack and the open-source world of Matrix messaging.…

Equinix levels the playing field for all fintechs

Sponsored  The future of banking is digital, of that there is no doubt. It may be at an early stage, but we can already see that future, as, all over the world, the banking community moves to embrace open banking.…

Get your updates when you can for gear from scores of manufacturers

Seven vulnerabilities have been found in a popular DNS caching proxy and DHCP server known as dnsmasq, raising the possibility of widespread online attacks on networking devices.…