News

It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0

The Register - Fri, 09/08/2024 - 06:34
Can't reach someone's private server on localhost from outside? No problem

A years-old security oversight has been addressed in basically all web browsers – Chromium-based browsers, including Microsoft Edge and Google Chrome, WebKit browsers like Apple's Safari, and Mozilla's Firefox.…

Categories: News

Hello? Are you talking on a Cisco SPA300 or SPA500 IP phone? Now's the time to junk 'em

The Register - Fri, 09/08/2024 - 01:30
Multiple critical flaws found and they won't be fixed

A boffin from British defence contractor BAE has found three critical flaws in Cisco's Small Business SPA300 and SPA500 IP phones – and another couple of nasties – none of which will be fixed or mitigated.…

Categories: News

Delta: CrowdStrike's offer to help in Falcon meltdown was too little, too late

The Register - Thu, 08/08/2024 - 23:30
Airline unimpressed with 'unhelpful and untimely' phone call from CEO, Falcon maker says claims untrue

Delta Air Lines has come out swinging at CrowdStrike in a letter accusing the security giant of trying to "shift the blame" for the IT meltdown caused by its software – and that CrowdStrike CEO George Kurtz's offer of support was too little, too late.…

Categories: News

US 'laptop farm' man accused of outsourcing his IT jobs to North Korea to fund weapons programs

The Register - Thu, 08/08/2024 - 21:55
American and Brit firms thought they were employing a Westerner, but not so, it's alleged

The FBI today arrested a Tennessee man suspected of running a "laptop farm" that got North Koreans, posing as Westerners, IT jobs at American and British companies.…

Categories: News

Using 1Password on Mac? Patch up if you don’t want your Vaults raided

The Register - Thu, 08/08/2024 - 14:45
Hundreds of thousands of users potentially vulnerable

Password manager 1Password is warning that all Mac users running versions before 8.10.36 are vulnerable to a bug that allows attackers to steal vault items.…

Categories: News

US elections have never been more secure, says CISA chief

The Register - Thu, 08/08/2024 - 13:56
Election tech is fine – it's all thise idiots buying into the propaganda that's worrying Jen Easterly

Black Hat  US Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly and her counterparts from the UK and EU want the world to know that, when it comes to securing elections, they've never been more prepared.…

Categories: News

Report: Tech misconceptions plague the IT world

The Register - Thu, 08/08/2024 - 11:31
Just snapping the webcam shutter closed won't keep a user safe online

New research has shown that while many Brits will snap shut a laptop camera in the name of privacy, a worrying amount will just as happily shovel all manner of personal information into an online game in order to get a result they can share with their friends.…

Categories: News

Entrust faces years of groveling to regain browsers' trust, say rival chiefs

The Register - Thu, 08/08/2024 - 09:33
Sectigo bosses claim it's only a matter of time before Microsoft and Apple drop Big E from their root stores too

After falling down in the estimations of major browser makers Google and Mozilla, Entrust faces a lengthy fight on its hands to regain industry trust and once more issue trusted TLS certificates.…

Categories: News

Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware

The Register - Thu, 08/08/2024 - 02:58
Why run your own evil infrastructure when Big Tech offers robust tools hosted at trusted URLs?

Black Hat  State-sponsored cyber spies and criminals are increasingly using legitimate cloud services to attack their victims, according to Symantec's threat hunters who have spotted three such operations over recent months, plus new data theft and other malware tools in development by these goons.…

Categories: News

Samsung boosts bug bug bounty to a cool million for cracks of the Knox Vault subsystem

The Register - Thu, 08/08/2024 - 02:15
Good luck, crackers: It's an isolated processor and storage enclave, and top dollar only comes from a remote attack

Samsung has dangled its first $1 million bug bounty for anyone who successfully compromises Knox Vault – the isolated subsystem the Korean giant bakes into its smartphones to store info like credentials and run authentication routines.…

Categories: News

Faulty instructions in Alibaba's T-Head C910 RISC-V CPUs blow away all security

The Register - Wed, 07/08/2024 - 18:00
Let's get physical, physical ... I don't wanna hear your MMU talk

Black Hat  Computer security researchers at the CISPA Helmholtz Center for Information Security in Germany have found serious security flaws in some of Alibaba subsidiary T-Head Semiconductor's RISC-V processors.…

Categories: News

Fighting AI fire with AI fire

The Register - Wed, 07/08/2024 - 16:00
Palo Alto Networks reveals how AI can be harnessed to strengthen cyber security defenses David Gordon

Sponsored Post  Hackers and cyber criminals are busy finding new ways of using AI to launch attacks on businesses and organizations often unprepared to deal with the speed, scale and sophistication of the assaults directed against them.…

Categories: News

Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net

The Register - Wed, 07/08/2024 - 14:23
A simple HTML change and the warning is gone!

Researchers say cybercriminals can have fun bypassing one of Microsoft's anti-phishing measures in Outlook with some simple CSS tweaks.…

Categories: News

Police take just 2 days to recover $40M stolen in business email scam

The Register - Wed, 07/08/2024 - 12:35
Timor-Leste is a known cybercrime hotspot

Two days is all it took for Interpol to recover more than $40 million worth of stolen funds in a recent business email compromise (BEC) heist, the international cop shop said this week.…

Categories: News

EQT buys majority share in Swiss cybersecurity biz Acronis

The Register - Wed, 07/08/2024 - 11:06
Went at equivalent of $3.5B+ valuation for entire firm, though portion sold not specified

Acronis, the Swiss disaster recovery turned cybersecurity firm and catch-all for managed service providers, has been majority acquired by Europe’s largest private equity firm, EQT.…

Categories: News

UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack

The Register - Wed, 07/08/2024 - 09:26
Nearly 83,000 people had their data stolen amid chaos that struck NHS healthcare

The UK's data protection watchdog says it plans to fine a managed software provider to the NHS £6.09 million ($7.7 million) for failings that led to a 2022 ransomware attack.…

Categories: News

SharpRhino malware targets IT admins – Hunters International gang suspected

The Register - Wed, 07/08/2024 - 06:29
Fake Angry IP Scanner will make you furious - or maybe remind you of how the Hive gang went about its banal business

The latest malware from upstart criminal gang Hunters International appears to be targeting network admins, using attack code disguised as the popular networking tool Angry IP Scanner.…

Categories: News

Georgia's voter portal gets a crash course in client versus backend input validation

The Register - Wed, 07/08/2024 - 05:05
Trying to cancel a citizen's registration would be caught by humans no matter what the page said, officials say

The US state of Georgia has a website for cancelling voter registration, and it's had a bumpy start.…

Categories: News

Microsoft punches back at Delta Air Lines and its legal threats

The Register - Wed, 07/08/2024 - 02:50
SatNad himself offered CrowdStrike recovery help, Redmond says, before suggesting airline's IT is in a mess

Microsoft has labelled Delta Air Lines' accusations it's partly to blame for the outages caused by CrowdStrike’s buggy software "false" and "misleading" – and insulted the state of the carrier’s IT infrastructure.…

Categories: News

CrowdStrike hires outside security outfits to review troubled Falcon code

The Register - Wed, 07/08/2024 - 01:18
And reveals the small mistake that bricked 8.5M Windows boxes

CrowdStrike has hired two outside security firms to review the Falcon functionality that sparked a global IT outage last month – but it may not have an awful lot to find, because CrowdStrike has identified the simple mistake that caused the meltdown.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News