The Register

Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least

Googlers have not only figured out how to break AMD's security – allowing them to load unofficial microcode into its processors to modify the silicon's behavior as they wish – but also demonstrated this by producing a microcode patch that makes the chips always output 4 when asked for a random number.…

Researcher says ecosystem's auto-caching is a net positive but presents exploitable quirks

A security researcher says a backdoor masquerading as a legitimate Go programming language package used by thousands of organizations was left undetected for years.…

Contact info and partial payment details may be compromised

US food and grocery delivery platform Grubhub says a security incident at a third-party service provider is to blame after user data was compromised.…

Suspect, still at large, said to back concept that 'code is law'

New York feds today unsealed a five-count criminal indictment charging a 22-year-old Canadian math prodigy with exploiting vulnerabilities in two decentralized finance protocols, allegedly using them to fraudulently siphon around $65 million from investors in the platforms.…

Healthcare chiefs say impact will persist for months

NHS execs admit that last year's cyberattack on hospitals in Wirral, northwest England, continues to "significantly" impact waiting times for cancer treatments, and suspect this will last for "months."…

When cloud customers don't clean up after themselves, part 97

Abandoned AWS S3 buckets could be reused to hijack the global software supply chain in an attack that would make Russia's "SolarWinds adventures look amateurish and insignificant," watchTowr Labs security researchers have claimed.…

Tackle longstanding issues around productivity, cyber resilience and public sector culture, advises spending watchdog

The UK's government spending watchdog has called on the current administration to make better use of technology to kickstart the misfiring economy and ensure better delivery public services amid tightened budgets.…

Also, Netgear fixes critical router, access point vulnerabilities

Google has released its February Android security updates, including a fix for a high-severity kernel-level vulnerability, which is suspected to be in use by targeted exploits.…

Going beyond the traditional “Prevent, Detect, and Respond” framework and taking a proactive approach

Partner Content  In today's highly connected and technology-driven world, digital resilience is not just a competitive advantage for banks - it is a necessity.…

Senators ask, Homeland Security watchdog answers: Is it worth the money?

The Department of Homeland Security's Inspector General has launched an audit of the Transportation Security Administration's use of facial recognition technology at US airports, following criticism from lawmakers and privacy advocates.…

Investigating compensation to police whose sensitive info was leaked in 2023

The Police Service of Northern Ireland (PSNI) has bailed two officers after they were arrested as part of a fraud investigation related to the payments to cops whose sensitive data was mistakenly published in 2023.…

Australian government staff mixed medical info for folk who share names and birthdays

Australia’s privacy commissioner has found that government agencies down under didn’t make enough of an effort to protect data describing “digital doppelgangers” – people who share a name and date of birth and whose government records sometimes contain data describing other people.…

PLUS: MGM settles breach suits; AWS doesn't trust you with security defaults; A new .NET backdoor; and more

Infosec in brief  The United States Food and Drug Administration has told medical facilities and caregivers that monitor patients using Contec equipment to disconnect the devices from the internet ASAP.…

As if secure design is the only bullet point in a list of software engineering best practices

Systems Approach  As my Systems Approach co-author Bruce Davie and I think through what it means to apply the systems lens to security, I find that I keep asking myself what it is, exactly, that’s unique about security as a system requirement?…

Nulled and Cracked had a Lorelai-cal rise - until Operation Talent stepped in

Law enforcement officers across Europe assembled again to collectively disrupt major facilitators of cybercrime, with at least one of those cuffed apparently a fan of the dramedy series The Gilmore Girls.…

How to communicate risk to executives

Partner Content  Have you ever watched ? It's one of my all-time favorite movies, not just for the story but for how it handles complexity.…

And it doesn't take a crystal ball to predict the future

If the nonstop flood of ransomware attacks doesn't already make every day feel like Groundhog Day, then a look back at 2024 – and predictions for 2025 – definitely will.…

And you, China, Russia, North Korea ... Guardrails block malware generation

Google says it's spotted Chinese, Russian, Iranian, and North Korean government agents using its Gemini AI for nefarious purposes, with Tehran by far the most frequent naughty user out of the four.…

Why organizations should protect everything, everywhere, all at once

Sponsored Feature  Considering it has such a large share of the data protection market, Veeam doesn't talk much about backups in meetings with enterprise customers these days.…

Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom's virtualization giant

Broadcom has fixed five flaws, collectively deemed "high severity," in VMware's IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to credential leakage under certain conditions.…