News

Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost

The Register - Thu, 14/11/2024 - 22:22
Plus a bonus hard-coded local API key

A now-patched, high-severity bug in Fortinet's FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher privileges from another user, execute code and possibly take over the box, and delete log files.…

Categories: News

Cybercriminal devoid of boundaries gets 10-year prison sentence

The Register - Thu, 14/11/2024 - 20:27
Serial extortionist of medical facilities stooped to cavernous lows in search of small payouts

A rampant cybercrook and repeat attacker of medical facilities in the US is being sentenced to a decade in prison, around seven years after the first of his many crimes.…

Categories: News

Kids' shoemaker Start-Rite trips over security again, spilling customer card info

The Register - Thu, 14/11/2024 - 11:57
Full details exposed, putting shoppers at serious risk of fraud

Children's shoemaker Start-Rite is dealing with a nasty "security incident" involving customer payment card details, its second significant lapse during the past eight years.…

Categories: News

NatWest blocks bevy of apps in clampdown on unmonitorable comms

The Register - Thu, 14/11/2024 - 10:53
From guidance to firm action... no more WhatsApp, Meta's Messenger, Signal, Telegram and more

The full list of messaging apps officially blocked by Brit banking and insurance giant NatWest Group is more extensive than WhatsApp, Meta's Messenger, and Skype – as first reported.…

Categories: News

Asda security chief replaced, retailer sheds jobs during Walmart tech divorce

The Register - Thu, 14/11/2024 - 09:30
British grocer's workers called back to office as clock ticks for contractors

The head of tech security at Asda, the UK's third-largest food retailer, has left amid an ongoing tech divorce from US grocery giant Walmart.…

Categories: News

Five Eyes infosec agencies list 2024's most exploited software flaws

The Register - Thu, 14/11/2024 - 08:31
Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns

The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities, and warned that attacks on zero-day exploits have become more common.…

Categories: News

Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'

The Register - Thu, 14/11/2024 - 01:54
Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds

The US government has confirmed there was "a broad and significant cyber espionage campaign" conducted by China-linked snoops against "multiple" American telecommunications providers' networks.…

Categories: News

ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue

The Register - Thu, 14/11/2024 - 00:14
Plus: CISA's ScubaGear dives deep to fix M365 misconfigs

Bitdefender has released a free decryption tool that can unlock data encrypted by the ShrinkLocker ransomware.…

Categories: News

Data broker amasses 100M+ records on people – then someone snatches, sells it

The Register - Wed, 13/11/2024 - 21:44
We call this lead degeneration

What's claimed to be more than 183 million records of people's contact details and employment info has been stolen or otherwise obtained from a data broker and put up for sale by a miscreant.…

Categories: News

Ransomware fiends boast they've stolen 1.4TB from US pharmacy network

The Register - Wed, 13/11/2024 - 19:10
American Associated Pharmacies yet to officially confirm infection

American Associated Pharmacies (AAP) is the latest US healthcare organization to have had its data stolen and encrypted by cyber-crooks, it is feared.…

Categories: News

Microsoft slips Task Manager and processor count fixes into Patch Tuesday

The Register - Wed, 13/11/2024 - 17:35
Sore about cores no more

Microsoft has resolved two issues vexing Windows 11 24H2 and Windows Server 2025 users among the many security updates that emerged on Patch Tuesday.…

Categories: News

Admins can give thanks this November for dollops of Microsoft patches

The Register - Wed, 13/11/2024 - 01:29
Don't be a turkey – get these fixed

Patch Tuesday  Patch Tuesday has swung around again, and Microsoft has released fixes for 89 CVE-listed security flaws in its products – including two under active attack – and reissued three more.…

Categories: News

China's Volt Typhoon crew and its botnet surge back with a vengeance

The Register - Wed, 13/11/2024 - 00:58
Ohm, for flux sake

China's Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.…

Categories: News

Air National Guardsman gets 15 years after splashing classified docs on Discord

The Register - Wed, 13/11/2024 - 00:01
Jack Teixeira, 22, talked of 'culling the weak minded' – hmm!

A former Air National Guard member who stole classified American military secrets, and showed them to his gaming buddies on Discord, has been sentenced to 15 years in prison.…

Categories: News

Here's what we know about the suspected Snowflake data extortionists

The Register - Tue, 12/11/2024 - 21:10
A Canadian and an American living in Turkey 'walk into' cloud storage environments…

Two men allegedly compromised what's believed to be multiple organizations' Snowflake-hosted cloud environments, stole sensitive data within, and extorted at least $2.5 million from at least three victims.…

Categories: News

'Cybersecurity issue' at Food Lion parent blamed for US grocery mayhem

The Register - Tue, 12/11/2024 - 19:30
Stores still open, but customers report delayed deliveries, invoicing issues, and more at Stop & Shop and others

Retail giant Ahold Delhaize, which owns Food Lion and Stop & Shop, among others, is confirming outages at several of its US grocery stores are being caused by an ongoing "cybersecurity issue."…

Categories: News

HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code

The Register - Tue, 12/11/2024 - 16:11
'Once again, we've lost a little more faith in the internet,' researcher says

Researchers are publicizing a proof of concept (PoC) exploit for what they're calling an unauthenticated remote code execution (RCE) vulnerability in Citrix's Virtual Apps and Desktops.…

Categories: News

Managing third-party risks in complex IT environments

The Register - Tue, 12/11/2024 - 15:08
Key steps to protect your organization’s data from unauthorized external access

Webinar  With increasing reliance on contractors, partners, and vendors, managing third-party access to systems and data is a complex security challenge.…

Categories: News

Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

The Register - Tue, 12/11/2024 - 13:29
Over 5 million records from 25 organizations posted to black hat forum

Amazon employees' data is part of a stolen trove posted to a cybercrime forum linked to last year's MOVEit vulnerability.…

Categories: News

FBI issues warning as crooks ramp up emergency data request scams

The Register - Mon, 11/11/2024 - 16:23
Just because it's .gov doesn't mean that email is trustworthy

Cybercrooks abusing emergency data requests in the US isn't new, but the FBI says it's becoming a more pronounced issue as the year draws to a close.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News