News

There is no such thing as a gratis lunch, after all

Analysis  Nothing super-fuels a security sales pitch like the sort of threat it’s hard to ignore.…

Plus: Gov pay sites take a dive, and more

Roundup  When we weren't dealing with malware bricked-breweries, poorly-wiped servers or litigious vendors, we had a number of other security headaches to keep busy with.…

Cisco has patched vulnerability in its video surveillance manager software that could give an unauthenticated, remote attacker the ability to execute arbitrary commands on targeted systems.

Internet outrage mobile insists year-long API bug would have been super-hard to exploit

Twitter is in full damage control mode after disclosing that it may have inappropriately exposed some unlucky twits' private tweets and direct messages to strangers.…

Fiends use vulns to lure victims into tech support scams

Website admins are urged to update their WordPress installations as soon as possible to the latest version following a rash of attacks exploiting known vulnerabilities in the web publishing software.…

The company said it has issued a patch for the issue, which has been ongoing since May 2017.

Many different threat actors are using this crypting service/tool for their operations, possibly buying it from the developer itself.

Microsoft said that it's working on a fix for a zero-day flaw in its JET Database Engine.

Plus: The Reg chats to wartime Bombe operator Ruth Bourne

The Bombe team at The National Museum Of Computing (TNMOC) has succeeded in breaking an Enigma-encrypted message in a live Poland-to-England demo.…

Trouble ferments after hackers lock system and Arran with it

Staff at Arran Brewery were locked out of its computer systems this week following a ransomware attack.…

New boats, decommissioning old ones, skills shortage...

The Ministry of Defence has too many too many bigshots and not enough grunts – or cash – to reliably keep Britain’s nuclear deterrent hiding beneath the ocean waves, according to Parliament’s Public Accounts Committee.…

Infosec bod claims he glimpsed sensitive personal info left on unwiped servers

Servers that once belonged to defunct Canadian gadget retailer NCIX turned up on the second-hand market without being wiped – and their customer data sold overseas – it is claimed.…

Mediocre malware operator 'fesses up to DC infection

A Romanian woman has admitted running a ransomware operation from infected Washington DC's CCTV systems just days before President Trump was sworn into office in the US capital.…

Don't click on the link, people – well, people using the database on a vulnerable installation

The Zero Day Initiative has gone public with an unpatched remote-code execution bug in Microsoft's Jet database engine, after giving Redmond 120 days to fix it. The Windows giant did not address the security blunder in time, so now everyone knows about the flaw, and no official patch is available.…

Don't click on the link, people – well, people using the database on a vulnerable installation

The Zero Day Initiative has gone public with an unpatched remote-code execution bug in Microsoft's Jet database engine, after giving Redmond 120 days to fix it. The Windows giant did not address the security blunder in time, so now everyone knows about the flaw, and no official patch is available.…

Shooter dead and now named by cops, one worker in critical condition, two serious

Cops have named the programmer who went on a gun rampage at WTS Paradigm – a US maker of enterprise resource planning software – this week. He shot four colleagues, leaving one in a critical condition.…

The threat actor's Android-focused cyber-arms package, dubbed Black Rose Lucy, is limited in reach for now, but clearly has global ambitions.

Alleges CrowdStrike, Symantec, ESET, Anti-Malware Testing Standards Org collusion

NSS Labs has thrown a hand grenade into the always fractious but slightly obscure world of security product testing by suing multiple vendors as well as an industry standards organisation.…

Vulnerability allowed an unauthenticated remote attacker to log in to a device at the time the system initially boots up.

Janitor probed over child sex abuse image allegations, facility reopens

On September 6, the Sunspot Solar Observatory in New Mexico, USA, was evacuated and sealed off without explanation, sparking wild conspiracy theories as to why.…