Microsoft's July Patch Tuesday fixes actively exploited bug

The Register - Tue, 12/07/2022 - 23:11
No, Windows Autopatch didn't kill the monthly patchapalooza

Patch Tuesday  Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live — with a slew of caveats — the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit. …

Categories: News

Amazon squashes years-old authentication bugs in AWS Kubernetes service

The Register - Tue, 12/07/2022 - 19:45
Three vulnerabilities in one line of code

AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could allow an attacker to escalate privileges within a Kubernetes cluster.…

Categories: News

Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant

The Register - Tue, 12/07/2022 - 17:00
Speculative execution side-channels continue to haunt silicon world

Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place. Mitigating this side channel is expected to take a toll on performance.…

Categories: News

Microsoft 365 patches for Windows 7 to end in 2023

The Register - Tue, 12/07/2022 - 13:15
By then you won't be able to install the suite on Windows 8.1

Microsoft has warned users clinging to Windows 7 and Windows 8.1 that the end really is nigh.…

Categories: News

UK Info Commissioner slams use of WhatsApp by health officials during pandemic

The Register - Tue, 12/07/2022 - 07:55
Sure, stuff got done fast – but personal information was put at risk

The UK Information Commissioner's Office (ICO) on Monday issued a reprimand and called for a review of how and whether messaging services should be used for government business practices, after finding widespread and potentially dangerous use of private email, WhatsApp and other messaging tools by officials at the Department of Health and Social Care (DHSC).…

Categories: News

Take the day off: Windows Autopatch is live and can even fix cloudy PCs

The Register - Tue, 12/07/2022 - 07:03
But first, there's a whole lot of AD and Intune prep to be done

Microsoft's promised service to enable automatic patching of Windows has gone live.…

Categories: News

San Francisco cops want real-time access to private security cameras for surveillance

The Register - Tue, 12/07/2022 - 00:24
ACLU hits back at 'unprecedented power grab'

San Francisco lawmakers are mulling a proposed law that would allow police to use private security cameras – think: those in residential doorbells, medical clinics, and retail shops – in real time for surveillance purposes.…

Categories: News

Defense contractor pays $9m to settle whistleblower's cybersecurity allegations

The Register - Mon, 11/07/2022 - 19:18
Former Aerojet Rocketdyne employee cites failure to meet minimums for NASA, Pentagon

Aerojet Rocketdyne, which makes propulsion and power systems for launch vehicles, missiles and satellites for NASA and the US military, has agreed to pay $9 million to settle charges it misrepresented its products' compliance with cybersecurity requirements in federal government contracts.…

Categories: News

HavanaCrypt ransomware sails in as a fake Google update

The Register - Mon, 11/07/2022 - 17:00
Difficult to detect, hiding its window by using the ShowWindow function in Windows

A new ransomware family is being delivered as a bogus Google Software Update, using Microsoft functionality as part of its attack.…

Categories: News

US military contractor moves to buy Israeli spy-tech company NSO Group

The Register - Mon, 11/07/2022 - 14:00
Biden blacklist a stumbling block for any possible deal

US security technology provider L3Harris has courted controversial Israeli spyware firm NSO with an aim to buy it, according to reports.…

Categories: News

UK response to China's tech ambitions labelled 'incoherent and muted'

The Register - Mon, 11/07/2022 - 05:59
Working outside power blocs, without policy, leaves Blighty a likely rule-taker says Foreign Affairs Committee

The UK's response to China's well-publicized efforts to use technology standards to shape the world in its image has been "incoherent and muted" according to report by the House of Commons Foreign Affairs Committee.…

Categories: News

How data on a billion people may have leaked from a Chinese police dashboard

The Register - Sun, 10/07/2022 - 17:48
Record-breaking dump thanks to password-less Kibana endpoint?

Details have emerged on how more than a billion personal records were stolen in China and put up for sale on the dark web, and it all boils down to a unprotected online dashboard that left the data open to anyone who could find it.…

Categories: News

How to survive a SYN flood attack

The Register - Fri, 08/07/2022 - 15:02
G-Core Labs' XDP-based DDoS protection platform filters bad traffic across a network of high capacity CDNs

Sponsored Post  If you do any sort of business via the web, the damage caused by a distributed denial of service (DDoS) attack could be catastrophic for your bottom line.…

Categories: News

Microsoft rolls back default macro blocks in Office without telling anyone

The Register - Fri, 08/07/2022 - 04:02
Based on 'feedback'. Which one of you asked for this, and why?

Microsoft appears set to roll back its decision to adopt a default stance of preventing macros sourced from the internet from running in Office unless given explicit permission.…

Categories: News

Time to rethink data protection for cloud workloads

The Register - Fri, 08/07/2022 - 01:05
Cohesity beefs up protection services for Microsoft 365 users in South East Asia

Sponsored Post  Enterprises often forget that SLAs with cloud providers cover access to the service, but not necessarily protection for the data.…

Categories: News

Five accused of trying to silence China critics in US

The Register - Thu, 07/07/2022 - 19:56
Alleged campaign involved stalking via GPS and hidden cameras, fake interviews, confidential government data

Five suspects were indicted in a federal court in Brooklyn, New York on Wednesday for alleged crimes related to a campaign to silence dissidents in the US who opposed the government of the People's Republic of China (PRC).…

Categories: News

Someone may be prepping an NPM crypto-mining spree

The Register - Thu, 07/07/2022 - 18:55
1,300 packages from 1,000 automated user accounts set the stage for something big

A burst of almost 1,300 JavaScript packages automatically created on NPM via more than 1,000 user accounts could be the initial step in a major crypto-mining campaign, according to researchers at Checkmarx.…

Categories: News

The agent of successful cyber security defense

The Register - Thu, 07/07/2022 - 17:15
A two-pronged approach that combines agent and agentless tools may offer the best protection

Webinar  Agents sit on devices to perform security scanning and reporting, system restarts/reboots, software patching, configuration and general system monitoring. Agentless security tools do much the same, just without the agents, making them a better bet for security vulnerability scanning on remote machines where its harder to install an agent – like the cloud.…

Categories: News

Chromium's WebRTC zero-day fix arrives in Microsoft Edge

The Register - Thu, 07/07/2022 - 17:00
Update addresses heap buffer overflow and type confusion bugs in Google's browser engine

Microsoft has followed Google's lead and issued an update for its Edge browser following the arrival of a WebRTC zero-day.…

Categories: News

IT reseller giant SHI International knocked offline by cyberattack

The Register - Thu, 07/07/2022 - 13:15
Major supplier to US government and enterprise only just getting back on its feet

New Jersey-based IT reseller and service provider SHI International was knocked off the web after a July 4 cyberattack.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News