News

What's worse than paying an extortion bot that auto-pwned your database?

The Register - Wed, 17/01/2024 - 15:00
Paying one that lied to you and only saved the first 20 rows of each table

Publicly exposed PostgreSQL and MySQL databases with weak passwords are being autonomously wiped out by a malicious extortion bot – one that marks who pays up and who is not getting their data back.…

Categories: News

Windows Server 2022 patch is breaking apps for some users

The Register - Wed, 17/01/2024 - 11:45
Uninstall the update or edit the Windows registry to restore order

The latest Windows Server 2022 patch has broken the Chrome browser, and short of uninstalling the update, a registry hack is the only way to restore service for affected users.…

Categories: News

Home improvement marketers dial up trouble from regulator

The Register - Wed, 17/01/2024 - 09:30
ICO slaps penalties on two businesses that collectively made more than 3 million cold calls

Another week and yet another couple of pesky cold callers face fines from the UK's data privacy watchdog for "bombarding" unsuspecting households with marketing messages about home improvements.…

Categories: News

Combination of cheap .cloud domains and fake Shark Tank news fuel unhealthy wellness scams

The Register - Wed, 17/01/2024 - 06:29
.SBS gTLD once owned by Australian broadcaster is another source of strife

Scammers are buying up cheap domain names to host sites that sell dodgy health products using fake articles, according to cybercrime disruption outfit Netcraft.…

Categories: News

Nokia walks the walk about its RAN to play on Uncle Sam’s China fears

The Register - Wed, 17/01/2024 - 02:59
It pays not to be Huawei, and the US military can be lucrative, too

Comment  A vendor establishing a business unit dedicated to government sales is not new or unusual. But Finnish telecommunications giant Nokia’s decision to do so in the USA this week tells a bigger story about Washington’s paranoia regarding the security of critical communications infrastructure security.…

Categories: News

FBI: Beware of thieves building Androxgh0st botnets using stolen creds

The Register - Wed, 17/01/2024 - 01:29
Infecting networks via years-old CVEs that should have been patched by now

Crooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).…

Categories: News

Locking down the edge

The Register - Tue, 16/01/2024 - 20:16
Watch this webinar to find out how Zero Trust fits into the edge security ecosystem

Commissioned  Edge security is a growing headache. The attack surface is expanding as more operational functions migrate out of centralized locations and into distributed sites and devices.…

Categories: News

Double trouble for VMware and Atlassian admins – critical flaws to fix

The Register - Tue, 16/01/2024 - 18:09
You didn't have anything else to do this Tuesday, right?

VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment.…

Categories: News

More than 178,000 SonicWall firewalls are exposed to old denial of service bugs

The Register - Tue, 16/01/2024 - 17:02
Majority of public-facing devices still unpatched against critical vulns from as far back as 2022

More than 178,000 SonicWall firewalls are still vulnerable to years-old vulnerabilities, an infosec reseacher claims.…

Categories: News

Ivanti zero-day exploits explode as bevy of attackers get in on the act

The Register - Tue, 16/01/2024 - 15:00
Customers still patchless and mitigation only goes so far

There's a "reasonable chance" that Ivanti Connect Secure (ICS) VPN users are already compromised if they didn't apply the vulnerability mitigation released last week, experts say.…

Categories: News

China’s gambling crackdown spawned wave of illegal online casinos and crypto-crime in Asia

The Register - Tue, 16/01/2024 - 03:30
‘Inaccessible and autonomous armed group territories’ host crooks who use tech to launder cash, run slave scam gangs, and more

Global crime networks have set up shop in autonomous territories run by armed gangs across Southeast Asia, and are using them to host physical and online casinos that, in concert with crypto exchanges, have led to an explosion of money laundering, cyberfraud, and cybercrime across the region and beyond.…

Categories: News

Thousands of Juniper Networks devices vulnerable to critical RCE bug

The Register - Mon, 15/01/2024 - 19:34
Yet more support for the argument to adopt memory-safe languages

More than 11,500 Juniper Networks devices are exposed to a new remote code execution (RCE) vulnerability, and infosec researchers are pressing admins to urgently apply the patches.…

Categories: News

Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers

The Register - Mon, 15/01/2024 - 17:36
The bug with a perfect 10 severity score has been ripe for exploitation since May

GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed.…

Categories: News

FTC secures first databroker settlement banning sale of sensitive location data

The Register - Mon, 15/01/2024 - 15:34
Also, iOS spyware abused Apple's own ECC, breach victim says it can't figure out what hackers took, and some critical vulns

Infosec in brief  The US Federal Trade Commission has secured its first data broker settlement agreement, prohibiting X-Mode Social from sharing or selling sensitive location data.…

Categories: News

Ransomware protection deconstructed

The Register - Mon, 15/01/2024 - 08:42
Check out the top 12 must see Rubrik product demos of 2023 for tips on how to foil attacks in 2024

Sponsored Post  Rubrik has combed through its archive to find what it judges to be the top 12 must-see demos of its products available to watch on demand whenever you feel like it.…

Categories: News

China loathes AirDrop so much it’s publicized an old flaw in Apple’s P2P protocol

The Register - Mon, 15/01/2024 - 02:58
Infosec academic suggests Beijing’s warning that iThing owners aren’t anonymous deserves attention outside the great firewall, too

In June 2023 China made a typically bombastic announcement: operators of short-distance ad hoc networks must ensure they run according to proper socialist principles, and ensure all users divulge their real-world identities.…

Categories: News

Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in

The Register - Sat, 13/01/2024 - 02:20
Snoops had no fewer than five custom bits of malware to hand to backdoor networks

Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant's threat intel team.…

Categories: News

Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs

The Register - Fri, 12/01/2024 - 23:54
Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc

Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information – passwords, cookies, authentication tokens, you name it – to grab and leak.…

Categories: News

Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew

The Register - Fri, 12/01/2024 - 19:34
It’s taken months for crims to hack together a working exploit chain

Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US's must-patch list.…

Categories: News

Secret multimillion-dollar cryptojacker snared by Ukrainian police

The Register - Fri, 12/01/2024 - 17:22
Criminal scored $2M in crypto proceeds but ends up in ‘cuffs following property raid

The criminal thought to be behind a multimillion-dollar cryptojacking scheme is in custody following a Europol-led investigation.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News