The Register

Time to call in the legal team

Black Hat  Dylan Ayrey, a bug hunter and CEO of Truffle Security, discovered a big data company credential dump containing personal information belonging to about 50,000 of its users, and still hasn't fixed it. …

Most organizations don’t have the financial resources necessary to address ransomware and other cyberattacks, BlackBerry says

Black Hat  Many organizations are increasingly unprepared to deal with the skyrocketing costs of a ransomware attacks, at a time when the number of incidents and the payments demanded by cybercriminals are rising rapidly.…

'Until someone has to go to jail for doing it wrong the teeth are not going to be the same'

Black Hat video  The security industry needs to take a leaf from the manual of an industry where smart incident response is literally life and death, if it is to fix systemic problems.…

The inside scoop on the Ukrainian IT army, and what could happen next

Black Hat  The hacktivist attacks that have occurred during the ongoing war in Ukraine are setting a dangerous precedent for cyber norms — and infrastructure security, according to journalist and author Kim Zetter.…

OCSF initiative will give enterprise security teams an open standard for moving and analyzing threat data

Black Hat  AWS and Splunk are leading an initiative aimed at creating an open standard for ingesting and analyzing data, enabling enterprise security teams to more quickly respond to cyberthreats.…

Plus, spoiler alert: ransomware is gonna get a lot worse

Black Hat  It turns out that ex-CIA chief information security officers don't spill secrets at bars in Vegas. Or via Zoom, while pretending to be at a Black Hat cocktail party.…

Identity of a real person was used to lend credence to a package that dropped cryptominer in memory

Sonatype has unearthed yet more malware lurking on PyPI, this time a fileless Linux nasty designed to mine Monero and using the identity of a real person to lend credibility to the package.…

Stop ransomware with Zero Trust security networks in place

Webinar  Faced with relentless cyberattacks organizations need the kind of defenses usually reserved for small states. And everything that Zero Trust principles can pull into play will help safeguard against the nimble nastiness of the dark actors intent on doing harm.…

Failing to fix flaws, a crowded threat group scene, RaaS, and dependencies among crooks are fueling the trend

Security experts spent years warning enterprises to expect cyberattacks and to plan their defenses accordingly, now Sophos researchers are saying organizations shouldn't be surprised if they get attacked multiple times.…

Get advice from experts on how to nail cloud native security in a multi-cloud world

Sponsored Post  Protecting sensitive data and mission critical applications spread across multiple on- and off-prem cloud environments and different service providers is a tough gig for busy security professionals. So a chance to hear from experts and peers on how best to stop hackers from making hay will be welcome.…

Voice-phished their way in, but Switchzilla claims no damage done

Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee's personal Google account was compromised – an act a ransomware gang named "Yanluowang" has now claimed as its work.…

Ethical hackers, but for privacy programs

Black Hat  Miscreants aren't only working to exploit flaws in an enterprise's security posture, they're also looking for holes in organizations' privacy programs to steal user data, according to Meta's Scott Tenaglia.…

Guess what? Open source security still has gaps

The Open Source Security Foundation (OpenSSF), as its name plainly states, aims to help make open source software more secure, but improvements flowing from its efforts are hard to find.…

Black Hat kicks off with call for single infosec agency with real clout and less confused crossover

Black Hat  It's time to reorganize the US government and create a new agency focused solely on on digital risk management services, according to former CISA director Chris Krebs.…

Katie Moussouris tells it like it is

Black Hat interview  With the world's largest collection of security folk gathering in Las Vegas for Black hat there are encouraging signs that the US government might actually be getting smarter about hiring.…

Attack origins point to April 2021 first strike on Japanese target

The Maui ransomware that has been used against US healthcare operations has been linked to Andariel, a North Korean state-sponsored threat with links to the notorious Lazarus Group.…

Disclosing exploits, however, will earn you $100k

Simply finding vulnerabilities and patching them "is totally useless," according to Google's Eduardo Vela, who heads the cloud giant's product security response team.…

Attack was foiled by content delivery network's hardware security keys

Cloudflare says it was subject to a similar attack to one made on comms company Twilio last week, but in this case it was thwarted by hardware security keys that are required to access applications and services.…

It makes perfect sense for enterprises as well as enthusiasts. Just ask GitLab

Opinion  I've been preaching the gospel of the Linux desktop for more years than some of you have been alive. However, unless you argue that the Linux desktop includes Android smartphones and ChromeOS laptops, there will be no year of the Linux desktop.…

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too

August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …