The Register

Subscribe to The Register feed
Biting the hand that feeds IT — Enterprise Technology News and Analysis
Updated: 2 hours 49 min ago

FAANGs failing on keeping user data safe from bug hunters

10 hours 18 min ago
Time to call in the legal team

Black Hat  Dylan Ayrey, a bug hunter and CEO of Truffle Security, discovered a big data company credential dump containing personal information belonging to about 50,000 of its users, and still hasn't fixed it. …

Categories: News

Higher risks and premiums are creating critical gap in cyber insurance

12 hours 13 min ago
Most organizations don’t have the financial resources necessary to address ransomware and other cyberattacks, BlackBerry says

Black Hat  Many organizations are increasingly unprepared to deal with the skyrocketing costs of a ransomware attacks, at a time when the number of incidents and the payments demanded by cybercriminals are rising rapidly.…

Categories: News

Security needs to learn from the aviation biz to avoid crashing

Thu, 11/08/2022 - 23:30
'Until someone has to go to jail for doing it wrong the teeth are not going to be the same'

Black Hat video  The security industry needs to take a leaf from the manual of an industry where smart incident response is literally life and death, if it is to fix systemic problems.…

Categories: News

Russian invasion has dangerously destabilized cyber security norms

Thu, 11/08/2022 - 22:30
The inside scoop on the Ukrainian IT army, and what could happen next

Black Hat  The hacktivist attacks that have occurred during the ongoing war in Ukraine are setting a dangerous precedent for cyber norms — and infrastructure security, according to journalist and author Kim Zetter.…

Categories: News

AWS and Splunk partner for faster cyberattack response

Thu, 11/08/2022 - 21:45
OCSF initiative will give enterprise security teams an open standard for moving and analyzing threat data

Black Hat  AWS and Splunk are leading an initiative aimed at creating an open standard for ingesting and analyzing data, enabling enterprise security teams to more quickly respond to cyberthreats.…

Categories: News

Ex-CIA security boss predicts coming crackdown on spyware

Thu, 11/08/2022 - 20:15
Plus, spoiler alert: ransomware is gonna get a lot worse

Black Hat  It turns out that ex-CIA chief information security officers don't spill secrets at bars in Vegas. Or via Zoom, while pretending to be at a Black Hat cocktail party.…

Categories: News

Sonatype spots another PyPI package behaving badly

Thu, 11/08/2022 - 19:30
Identity of a real person was used to lend credence to a package that dropped cryptominer in memory

Sonatype has unearthed yet more malware lurking on PyPI, this time a fileless Linux nasty designed to mine Monero and using the identity of a real person to lend credibility to the package.…

Categories: News

Keeping the enemy at the gate

Thu, 11/08/2022 - 18:21
Stop ransomware with Zero Trust security networks in place

Webinar  Faced with relentless cyberattacks organizations need the kind of defenses usually reserved for small states. And everything that Zero Trust principles can pull into play will help safeguard against the nimble nastiness of the dark actors intent on doing harm.…

Categories: News

Don't be surprised if your organization suffers multiple cyberattacks

Thu, 11/08/2022 - 17:15
Failing to fix flaws, a crowded threat group scene, RaaS, and dependencies among crooks are fueling the trend

Security experts spent years warning enterprises to expect cyberattacks and to plan their defenses accordingly, now Sophos researchers are saying organizations shouldn't be surprised if they get attacked multiple times.…

Categories: News

Making the cloud a safer place with SANS

Thu, 11/08/2022 - 12:01
Get advice from experts on how to nail cloud native security in a multi-cloud world

Sponsored Post  Protecting sensitive data and mission critical applications spread across multiple on- and off-prem cloud environments and different service providers is a tough gig for busy security professionals. So a chance to hear from experts and peers on how best to stop hackers from making hay will be welcome.…

Categories: News

Cisco admits corporate network compromised by gang with links to Lapsus$

Thu, 11/08/2022 - 06:59
Voice-phished their way in, but Switchzilla claims no damage done

Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee's personal Google account was compromised – an act a ransomware gang named "Yanluowang" has now claimed as its work.…

Categories: News

Meta privacy red team lead: Does your business know its privacy adversaries?

Thu, 11/08/2022 - 02:15
Ethical hackers, but for privacy programs

Black Hat  Miscreants aren't only working to exploit flaws in an enterprise's security posture, they're also looking for holes in organizations' privacy programs to steal user data, according to Meta's Scott Tenaglia.…

Categories: News

Boffins rate npm and PyPI package security and it's not good

Thu, 11/08/2022 - 01:54
Guess what? Open source security still has gaps

The Open Source Security Foundation (OpenSSF), as its name plainly states, aims to help make open source software more secure, but improvements flowing from its efforts are hard to find.…

Categories: News

Ex-CISA chief Krebs calls for US to get serious on security

Thu, 11/08/2022 - 00:26
Black Hat kicks off with call for single infosec agency with real clout and less confused crossover

Black Hat  It's time to reorganize the US government and create a new agency focused solely on on digital risk management services, according to former CISA director Chris Krebs.…

Categories: News

As Black Hat kicks off, the US government is getting the message on hiring security talent

Wed, 10/08/2022 - 21:58
Katie Moussouris tells it like it is

Black Hat interview  With the world's largest collection of security folk gathering in Las Vegas for Black hat there are encouraging signs that the US government might actually be getting smarter about hiring.…

Categories: News

Maui ransomware linked to North Korean group Andariel

Wed, 10/08/2022 - 19:14
Attack origins point to April 2021 first strike on Japanese target

The Maui ransomware that has been used against US healthcare operations has been linked to Andariel, a North Korean state-sponsored threat with links to the notorious Lazarus Group.…

Categories: News

Google's bug bounty boss: Finding and patching vulns? 'Totally useless'

Wed, 10/08/2022 - 17:00
Disclosing exploits, however, will earn you $100k

Simply finding vulnerabilities and patching them "is totally useless," according to Google's Eduardo Vela, who heads the cloud giant's product security response team.…

Categories: News

Cloudflare: Someone tried to pull the Twilio phishing tactic on us too

Wed, 10/08/2022 - 15:23
Attack was foiled by content delivery network's hardware security keys

Cloudflare says it was subject to a similar attack to one made on comms company Twilio last week, but in this case it was thwarted by hardware security keys that are required to access applications and services.…

Categories: News

Businesses should dump Windows for the Linux desktop

Wed, 10/08/2022 - 11:32
It makes perfect sense for enterprises as well as enthusiasts. Just ask GitLab

Opinion  I've been preaching the gospel of the Linux desktop for more years than some of you have been alive. However, unless you argue that the Linux desktop includes Android smartphones and ChromeOS laptops, there will be no year of the Linux desktop.…

Categories: News

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Tue, 09/08/2022 - 22:51
Oh, and that critical VMware auth bypass vuln? Miscreants found it, too

August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …

Categories: News