News

Google Workspace weaknesses allow plaintext password theft

The Register - Wed, 15/11/2023 - 18:30
Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here

Novel weaknesses in Google Workspace have been exposed by researchers, with exploits potentially leading to ransomware attacks, data exfiltration, and password decryption.…

Categories: News

FBI Director: FISA Section 702 warrant requirement a 'de facto ban'

The Register - Wed, 15/11/2023 - 14:00
War of words escalates as deadline draws near

FBI director Christopher Wray made yet another impassioned plea to US lawmakers to kill a proposed warrant requirement for so-called "US person queries" of data collected via the Feds' favorite snooping tool, FISA Section 702.…

Categories: News

How cyber training can help you beat the bad guys

The Register - Wed, 15/11/2023 - 13:52
No matter what stage your security career is at, SANS has resources that will add to your knowledge

Sponsored Post  Fighting cybercrime demands constant vigilance and can be a huge drain on time and resources. So it's good to know that not every weapon in the armory of the cybersecurity professional has to cost the earth. In fact, there's quite a bit of free stuff out there if you know where to look for it.…

Categories: News

Ransomware more efficient than ever, and baddies are still after your logs

The Register - Wed, 15/11/2023 - 09:30
Trying times for incident responders who battle fastest-ever ransomware blitz as attackers keep scrubbing evidence clean

Organizations are still failing to implement adequate logging measures, increasing the difficulty faced by defenders and incident responders to identify the cause of infosec attacks.…

Categories: News

Another month, another bunch of fixes for Microsoft security bugs exploited in the wild

The Register - Wed, 15/11/2023 - 00:36
Plus: VMware closes critical hole, Adobe fixes a whopping 76 flaws

Patch Tuesday  Heads up: Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities – including three that have already been found and abused in the wild.…

Categories: News

Russian national pleads guilty to building now-dismantled IPStorm proxy botnet

The Register - Tue, 14/11/2023 - 23:23
23K nodes earned operator more than $500K – and now perhaps jail time

The FBI says it has dismantled another botnet after collaring its operator, who admitted hijacking tens of thousands of machines around the world to create his network of obedient nodes.…

Categories: News

AMD SEV OMG: Trusted execution undone by cache meddling

The Register - Tue, 14/11/2023 - 18:30
Let's do the CacheWarp again

Boffins based in Germany and Austria have found a flaw in AMD's SEV trusted execution environment that makes it less than trustworthy.…

Categories: News

Intel out-of-band patch addresses privilege escalation flaw

The Register - Tue, 14/11/2023 - 18:00
Sapphire Rapids, Alder Lake, and Raptor Lake chip families treated for 'Redundant Prefix'

Intel on Tuesday issued an out-of-band security update to address a privilege escalation vulnerability in recent server and personal computer chips.…

Categories: News

Ransomware royale: US confirms Royal, BlackSuit are linked

The Register - Tue, 14/11/2023 - 14:45
Royal alone scored $275M in past year as FBI, other agencies hot on merging trail

The US' Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have released fresh guidance on the Royal ransomware operation, saying that evidence suggests it may soon undergo a long-speculated rebrand.…

Categories: News

Novel backdoor persists even after critical Confluence vulnerability is patched

The Register - Tue, 14/11/2023 - 11:00
Got a Confluence server? Listen up. Malware said to have wide-ranging capabilities

A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence.…

Categories: News

Bug hunters on your marks: TETRA radio encryption algorithms to enter public domain

The Register - Tue, 14/11/2023 - 08:00
Emergency comms standard had five nasty flaws but will be opened to academic research

A set of encryption algorithms used to secure emergency radio communications will enter the public domain after an about-face by the European Telecommunications Standards Institute (ETSI).…

Categories: News

NCSC says cyber-readiness of UK’s critical infrastructure isn’t up to scratch

The Register - Tue, 14/11/2023 - 07:02
And the world's getting more and more dangerous

The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI).…

Categories: News

Beijing reportedly asked Hikvision to identify fasting students in Muslim-majority province

The Register - Tue, 14/11/2023 - 05:59
University managment app also tracked library activity, holidays, and much more

US-based research group IPVM has accused Chinese video surveillance equipment company Hikvision of engaging with a contract to develop technology that can identify Muslim students that are fasting during Ramadan, based on their dining records.…

Categories: News

Passive SSH server private key compromise is real ... for some vulnerable gear

The Register - Tue, 14/11/2023 - 02:38
OpenSSL, LibreSSL, OpenSSH users, don't worry – you can sit this one out

An academic study has shown how it's possible for someone to snoop on certain devices' SSH connections and, with a bit of luck, impersonate that equipment after silently figuring out the hosts' private RSA keys.…

Categories: News

Google sues scammers peddling fake malware-riddled Bard chatbot download

The Register - Tue, 14/11/2023 - 00:59
Plus: Chocolate Factory launches second lawsuit against false DMCA takedowns

Google has sued three scammers for offering a fake download of its Bard AI chatbot that contained malware capable of stealing credentials for small business' social media accounts.…

Categories: News

Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks

The Register - Mon, 13/11/2023 - 14:33
Zyxel zero days and nation-state actors (maybe) had a hand in the sector’s worst cybersecurity event on record

Danish critical infrastructure faced the biggest online attack in the country's history in May, according to SektorCERT, Denmark's specialist organization for the cybersecurity of critical kit.…

Categories: News

Introducing the tech that keeps the lights on

The Register - Mon, 13/11/2023 - 10:15
Genuinely new ideas are rare in IT – this superhero is ready to make a real difference

Opinion  Cybersecurity has many supremely annoying aspects. It soaks up talent, time, and money like the English men's football squad, and like that benighted institution, the results never seem to change.…

Categories: News

When traditional AV solutions are not enough

The Register - Mon, 13/11/2023 - 10:10
Preventing cybercriminals from exfiltrating your data with ADX technology

Webinar  It seems counterintuitive to want to lock in a cybercriminal who has crept past all your defences to smuggle data out from under your nose.…

Categories: News

Royal Mail cyber security still a mess, say infosec researchers

The Register - Mon, 13/11/2023 - 06:31
ALSO: most Mainers are MOVEit victims, NY radiology firm fined for not updating kit, and some critical vulnerabilities

Infosec in brief  After spending almost a year cleaning up after various security snafus, the UK's Royal Mail has left an open redirect flaw on one of its sites, according to infosec types. We're told this vulnerability potentially exposes customers to malware infections and phishing attacks.…

Categories: News

Australia declares 'nationally significant cyber incident' after port attack

The Register - Mon, 13/11/2023 - 00:45
PLUS: Citrix quits China; Cambodia deports Japanese scammers; Chinese tech CEO disappears; and more

Asia in brief  Australia's National Cyber Security Coordinator has described an attack on logistics company DP World as a "nationally significant cyber incident."…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News