7-year-old Oracle WebLogic bug under active exploitation

The Register - Thu, 06/06/2024 - 11:37
Experts say Big Red will probably re-release patch in an upcoming cycle

A seven-year-old Oracle vulnerability is the latest to be added to CISA's Known Exploited Vulnerability (KEV) catalog, meaning the security agency considers it a significant threat to federal government.…

Categories: News

Microsoft Research chief scientist has no issue with Windows Recall

The Register - Thu, 06/06/2024 - 08:26
As tool emerges to probe OS feature's SQLite-based store of user activities

Asked to explore the data privacy issues arising from Microsoft Recall, the Windows maker's poorly received self-surveillance tool, Jaime Teevan, chief scientist and technical fellow at Microsoft Research, brushed aside concerns.…

Categories: News

TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability

The Register - Wed, 05/06/2024 - 22:45
Beware of zero-click malware sliding into your DMs

Miscreants exploited a zero-day in TikTok to compromised the accounts of CNN and other big names. The app maker has confirmed there was a cyberattack, and that it has scrambled to secure accounts and prevent any further exploitation.…

Categories: News

What is RansomHub? Looks like a Knight ransomware reboot

The Register - Wed, 05/06/2024 - 21:13
Malware code potentially sold off, tweaked, back at it infecting victims

RansomHub, a newish cyber-crime operation that has claimed to be behind the theft of data from Christie's auction house and others, is "very likely" some kind of rebrand of the Knight ransomware gang, according to threat hunters.…

Categories: News

Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes

The Register - Wed, 05/06/2024 - 18:30
That backdoor's not meant to be there?

Zyxel just released security fixes for two of its obsolete network-attached storage (NAS) devices after an intern at a security vendor reported critical flaws months ago.…

Categories: News

4 cuffed following probe into holiday scheme for cybercrooks

The Register - Wed, 05/06/2024 - 13:06
Public officials allegedly bribed to allow extradition-dodging travel

Four arrests were made this week as part of an international probe into two overlapping corruption schemes that allowed cybercrims on INTERPOL watch lists to travel freely without flagging any alerts.…

Categories: News

Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation

The Register - Wed, 05/06/2024 - 07:44
Let customers interfere with other tenants? That's our cloud working by design, Redmond seems to say

A vulnerability — or just Azure working as intended, depending on who you ask — in Microsoft's cloud potentially allows miscreants to wave away firewall rules and access other people's private web resources.…

Categories: News

Command senior chief busted for secretly setting up Wi-Fi on US Navy combat ship

The Register - Tue, 04/06/2024 - 21:04
In the Navy, no, you cannot have an unauthorized WLAN. In the Navy, no, that's not a good plan

The US Navy has cracked down on an illicit Wi-Fi network installed on a combat ship by demoting the command senior chief who ordered it to be set up.…

Categories: News

Pentagon 'doubling down' on Microsoft despite 'massive hack,' senators complain

The Register - Tue, 04/06/2024 - 19:42
Meanwhile Mr Smith goes to Washington to testify before Congress

The Pentagon is "doubling down" on its investment in Microsoft products despite the serious failings at the IT giant that put America's national security at risk, say two US senators.…

Categories: News

London hospitals declare critical incident after service partner ransomware attack

The Register - Tue, 04/06/2024 - 16:43
Pathology lab provider targeted, affecting blood transfusions and surgeries

Hospitals in London are struggling to deliver pathology services after a ransomware attack at a service partner downed some key systems.…

Categories: News

Christie's stolen data sold to highest bidder rather than leaked, RansomHub claims

The Register - Tue, 04/06/2024 - 15:32
Experts say auctioning the auctioneer’s data is unlikely to have been genuinely successful

The cybercrims who claimed the attack on Christie's fancy themselves as auctioneers as well, after they allegedly sold off the company's data to the highest bidder instead of leaking everything on the dark web.…

Categories: News

Microsoft accused of tracking kids with education software

The Register - Tue, 04/06/2024 - 15:00
Privacy group seeks clarification of whether EU data protection law has been breached

A privacy campaign group with a strong record in legal upheavals has asked the Austrian data protection authority to investigate Microsoft 365 Education to clarify if it breaches transparency provisions under GDPR.…

Categories: News

Cybercrooks get cozy with BoxedApp to dodge detection

The Register - Tue, 04/06/2024 - 13:00
Some of the biggest names in the game are hopping on the trend

Malware miscreants are increasingly showing a penchant for abusing legitimate, commercial packer apps to evade detection.…

Categories: News

Hudson Rock yanks report fingering Snowflake employee creds snafu for mega-leak

The Register - Tue, 04/06/2024 - 03:25
Cloud storage giant lawyers up against infosec house

Analysis  Hudson Rock, citing legal pressure from Snowflake, has removed its online report that claimed miscreants broke into the cloud storage and analytics giant's underlying systems and stole data from potentially hundreds of customers including Ticketmaster and Santander Bank.…

Categories: News

NIST turns to IT consultants to clear National Vulnerability Database backlog

The Register - Mon, 03/06/2024 - 22:46
Aims to get CVE logjam cleared by the end of FY 24

Facing a growing backlog of reported flaws, NIST has extended a commercial contract with an outside consultancy to help it get on top of its National Vulnerability Database (NVD).…

Categories: News

Crooks threaten to leak 3B personal records 'stolen from background check firm'

The Register - Mon, 03/06/2024 - 20:36
Turns out opting out actually works?

Billions of records detailing people's personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks and other requests for folks' private info.…

Categories: News

Russia takes gold for disinformation as Olympics approach

The Register - Mon, 03/06/2024 - 15:45
Featuring Tom Cruise deepfakes and multiple made-up terrorism threats

Still throwing toys out the pram over its relationship with international sport, Russia is engaged in a multi-pronged disinformation campaign against the Olympic Games and host nation France that's intensifying as the opening ceremony approaches.…

Categories: News

Check Point warns customers to patch VPN vulnerability under active exploitation

The Register - Mon, 03/06/2024 - 13:02
Also, free pianos are the latest internet scam bait, Cooler Master gets pwned, and some critical vulnerabilities

Infosec in brief  Cybersecurity software vendor Check Point is warning customers to update their software immediately in light of a zero day vulnerability under active exploitation.…

Categories: News

Derisking your CNI

The Register - Mon, 03/06/2024 - 10:00
How to strengthen cyber risk management for cyber physical systems (CPS)

Webinar  Can organizations ever scale back on the relentless task of identifying, prioritizing, and remediating vulnerabilities, and misconfigurations across their industrial and critical infrastructure environments?…

Categories: News

Researchers crash Baidu robo-cars with tinfoil and paint daubed on cardboard

The Register - Mon, 03/06/2024 - 06:48
The fusion of Lidar, radar, and cameras can be fooled by stuff from your kids' craft box

A team of researchers from prominent universities – including SUNY Buffalo, Iowa State, UNC Charlotte, and Purdue – were able to turn an autonomous vehicle (AV) operated on the open sourced Apollo driving platform from Chinese web giant Baidu into a deadly weapon by tricking its multi-sensor fusion system.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News