The Register

Subscribe to The Register feed
Biting the hand that feeds IT — Enterprise Technology News and Analysis
Updated: 1 hour 57 min ago

Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility

Mon, 16/12/2024 - 23:45
But can you really take crims at their word?

Supply chain integration vendor Cleo has urged its customers to upgrade three of its products after an October security update was circumvented, leading to widespread ransomware attacks that Russia-linked gang Cl0p has claimed are its evil work.…

Categories: News

Trump administration wants to go on cyber offensive against China

Mon, 16/12/2024 - 19:30
The US has never attacked Chinese critical infrastructure before, right?

President-elect Donald Trump's team wants to go on the offensive against America's cyber adversaries, though it isn't clear how the incoming administration plans to achieve this. …

Categories: News

Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat'

Mon, 16/12/2024 - 18:01
Personal and financial data probably stolen

A cyberattack on a Deloitte-managed government system in Rhode Island carries a "high probability" of sensitive data theft, the state says.…

Categories: News

Are your Prometheus servers and exporters secure? Probably not

Sun, 15/12/2024 - 23:58
Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more

Infosec in brief  There's a problem of titanic proportions brewing for users of the Prometheus open source monitoring toolkit: hundreds of thousands of servers and exporters are exposed to the internet, creating significant security risks and leaving organizations vulnerable to attack.…

Categories: News

Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks

Fri, 13/12/2024 - 23:56
IOCONTROL targets IoT and OT devices from a ton of makers, apparently

An Iranian government-linked cybercriminal crew used custom malware called IOCONTROL to attack and remotely control US and Israel-based water and fuel management systems, according to security researchers.…

Categories: News

Scumbag gets 30 years in the clink for running CSAM dark-web chatrooms, abusing kids

Fri, 13/12/2024 - 22:50
'Today’s sentencing is more than just a punishment. It’s a message'

A Texan who ran a forum on the dark web where depraved netizens could swap child sex abuse material (CSAM), and chat freely about abusing kids, has been sentenced to 30 years in prison.…

Categories: News

Google Timeline location purge causes collateral damage

Fri, 13/12/2024 - 21:08
Privacy measure leaves some mourning lost memories

A year ago, Google announced plans to save people's Location History, which it now calls Timeline, locally on devices rather than on its servers.…

Categories: News

Cyber protection made intuitive and affordable

Fri, 13/12/2024 - 14:37
How Cynet delivered 100 percent Protection and 100 percent Detection Visibility in 2024 MITRE ATT&CK Evaluation

Partner Content  Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running.…

Categories: News

Taming the multi-vault beast

Fri, 13/12/2024 - 09:02
GitGuardian takes on enterprise secrets sprawl

Partner Content  With Non-Human Identities (NHIs) now outnumbering human users 100 to one in enterprise environments, managing secrets across multiple vaults has become a significant security concern.…

Categories: News

North Korea's fake IT worker scam hauled in at least $88 million over six years

Fri, 13/12/2024 - 00:32
DoJ thinks it's found the folks that ran it, and some of the 'IT warriors' sent out to fleece employers

North Korea's fake IT worker scams netted the hermit kingdom $88 million over six years, according to the US Department of Justice, which thinks it's found the people who run them.…

Categories: News

Apache issues patches for critical Struts 2 RCE bug

Thu, 12/12/2024 - 13:31
More details released after devs allowed weeks to apply fixes

We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE.…

Categories: News

Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push

Thu, 12/12/2024 - 12:01
Holiday cheer comes in the form of three arrests and 27 shuttered domains

The Europol-coordinated Operation PowerOFF struck again this week as cross-border cops pulled the plug on 27 more domains tied to distributed denial of service (DDoS) criminality.…

Categories: News

British Army zaps drones out of the sky with laser trucks

Thu, 12/12/2024 - 10:26
High-energy weapon proves its mettle in testing

The British Army has successfully destroyed flying drones for the first time using a high-energy laser mounted on an armored vehicle. If perfected, the technology could form an effective counter-measure against drone attacks.…

Categories: News

Firefox ditches Do Not Track because nobody was listening anyway

Thu, 12/12/2024 - 08:49
Few websites actually respect the option, says Mozilla

When Firefox 135 is released in February, it'll ship with one less feature: Mozilla plans to remove the Do Not Track toggle from its Privacy and Security settings. …

Categories: News

Citrix goes shopping in Europe and returns with gifts for security-conscious customers

Thu, 12/12/2024 - 05:02
Acquires two companies that help those on the nice list keep naughty list types at bay

Citrix has gone on a European shopping trip, and come home with its bag of gifts bulging thanks to a pair of major buys: infosec outfits deviceTRUST and Strong Network.…

Categories: News

Blocking Chinese spies from intercepting calls? There ought to be a law

Wed, 11/12/2024 - 23:03
Sen. Wyden blasts FCC's 'failure' amid Salt Typhoon hacks

US telecoms carriers would be required to implement minimum cyber security standards and ensure their systems are not susceptible to hacks by nation-state attackers – like Salt Typhoon – under legislation proposed by senator Ron Wyden (D-OR).…

Categories: News

Krispy Kreme Doughnut Corporation admits to hole in security

Wed, 11/12/2024 - 19:00
Belly-busting biz says it's been hit by cowardly custards

Doughnut slinger Krispy Kreme has admitted to an attack that has left many customers unable to order online.…

Categories: News

Three more vulns spotted in Ivanti CSA, all critical, one 10/10

Wed, 11/12/2024 - 12:04
Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker

Ivanti just put out a security advisory warning of three critical vulnerabilities in its Cloud Services Application (CSA), including a perfect 10.…

Categories: News

Pages