The Register

Subscribe to The Register feed
Biting the hand that feeds IT — Enterprise Technology News and Analysis
Updated: 2 hours 24 min ago

How to navigate NIS2 and secure your vulnerabilities

Fri, 07/06/2024 - 16:07
Meeting the challenges of managing risk for cyber-physical systems

Webinar  The risk of cyber attack hangs over every digital environment but cyber physical systems (CPS) tend to be more vulnerable - after all, they weren't usually designed with security in mind.…

Categories: News

Cisco fixes WebEx flaw that allowed government, military meetings to be spied on

Fri, 07/06/2024 - 16:04
Researchers were able to glean data from 10,000 meetings held by top Dutch gov officials

Cisco squashed some bugs this week that allowed anyone to view WebEx meeting information and join them, potentially opening up security and privacy concerns for highly sensitive meets.…

Categories: News

Russian hacktivists vow mass attacks against EU elections

Fri, 07/06/2024 - 11:29
But do they get to wear 'I DDoSed' stickers?

A Russian hacktivist crew has threatened to attack European internet infrastructure as four days of EU elections begin on Thursday.…

Categories: News

Spam blocklist SORBS closed by its owner, Proofpoint

Fri, 07/06/2024 - 07:27
Spammers will probably bid to buy it, so community is trying to find a better home for decades-old service

Exclusive  The Spam and Open Relay Blocking System (SORBS) – a longstanding source of info on known sources of spam widely used to create blocklists – has been shuttered by its owner, cyber security software vendor Proofpoint.…

Categories: News

POC exploit code published for 9.8-rated Apache HugeGraph RCE flaw

Fri, 07/06/2024 - 02:16
You upgraded when this was fixed in April, right? Right??

If you haven't yet upgraded to version 1.3.0 of Apache HugeGraph, now's a good time because at least two proof-of-concept exploits for a CVSS 9.8-rated remote command execution bug in the open-source graph database have been made public.…

Categories: News

FBI encourages LockBit victims to step right up for free encryption keys

Thu, 06/06/2024 - 20:45
The bad news? Gang wasn't deleting victim data after payments

LockBit victims who are still trying to clean up their encrypted files are in luck: the FBI has a big set of decryption keys it would love to let you try. …

Categories: News

Uncle Sam seeks to claw back $5M+ stolen from trade union through spoofed email

Thu, 06/06/2024 - 14:30
Funds are currently seized after being sent to offshore accounts

The US Justice Department is seeking permission to recover more than $5 million worth of funds stolen from a trade union by business email compromise (BEC) scammers.…

Categories: News

Microsoft shows venerable and vulnerable NTLM security protocol the door

Thu, 06/06/2024 - 13:00
Time to get moving if you still rely on this deprecated feature

Microsoft has finally decided to add the venerable NTLM authentication protocol to the Deprecated Features list.…

Categories: News

7-year-old Oracle WebLogic bug under active exploitation

Thu, 06/06/2024 - 11:37
Experts say Big Red will probably re-release patch in an upcoming cycle

A seven-year-old Oracle vulnerability is the latest to be added to CISA's Known Exploited Vulnerability (KEV) catalog, meaning the security agency considers it a significant threat to federal government.…

Categories: News

Microsoft Research chief scientist has no issue with Windows Recall

Thu, 06/06/2024 - 08:26
As tool emerges to probe OS feature's SQLite-based store of user activities

Asked to explore the data privacy issues arising from Microsoft Recall, the Windows maker's poorly received self-surveillance tool, Jaime Teevan, chief scientist and technical fellow at Microsoft Research, brushed aside concerns.…

Categories: News

TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability

Wed, 05/06/2024 - 22:45
Beware of zero-click malware sliding into your DMs

Miscreants exploited a zero-day in TikTok to compromised the accounts of CNN and other big names. The app maker has confirmed there was a cyberattack, and that it has scrambled to secure accounts and prevent any further exploitation.…

Categories: News

What is RansomHub? Looks like a Knight ransomware reboot

Wed, 05/06/2024 - 21:13
Malware code potentially sold off, tweaked, back at it infecting victims

RansomHub, a newish cyber-crime operation that has claimed to be behind the theft of data from Christie's auction house and others, is "very likely" some kind of rebrand of the Knight ransomware gang, according to threat hunters.…

Categories: News

Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes

Wed, 05/06/2024 - 18:30
That backdoor's not meant to be there?

Zyxel just released security fixes for two of its obsolete network-attached storage (NAS) devices after an intern at a security vendor reported critical flaws months ago.…

Categories: News

4 cuffed following probe into holiday scheme for cybercrooks

Wed, 05/06/2024 - 13:06
Public officials allegedly bribed to allow extradition-dodging travel

Four arrests were made this week as part of an international probe into two overlapping corruption schemes that allowed cybercrims on INTERPOL watch lists to travel freely without flagging any alerts.…

Categories: News

Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation

Wed, 05/06/2024 - 07:44
Let customers interfere with other tenants? That's our cloud working by design, Redmond seems to say

A vulnerability — or just Azure working as intended, depending on who you ask — in Microsoft's cloud potentially allows miscreants to wave away firewall rules and access other people's private web resources.…

Categories: News

Command senior chief busted for secretly setting up Wi-Fi on US Navy combat ship

Tue, 04/06/2024 - 21:04
In the Navy, no, you cannot have an unauthorized WLAN. In the Navy, no, that's not a good plan

The US Navy has cracked down on an illicit Wi-Fi network installed on a combat ship by demoting the command senior chief who ordered it to be set up.…

Categories: News

Pentagon 'doubling down' on Microsoft despite 'massive hack,' senators complain

Tue, 04/06/2024 - 19:42
Meanwhile Mr Smith goes to Washington to testify before Congress

The Pentagon is "doubling down" on its investment in Microsoft products despite the serious failings at the IT giant that put America's national security at risk, say two US senators.…

Categories: News

London hospitals declare critical incident after service partner ransomware attack

Tue, 04/06/2024 - 16:43
Pathology lab provider targeted, affecting blood transfusions and surgeries

Hospitals in London are struggling to deliver pathology services after a ransomware attack at a service partner downed some key systems.…

Categories: News

Christie's stolen data sold to highest bidder rather than leaked, RansomHub claims

Tue, 04/06/2024 - 15:32
Experts say auctioning the auctioneer’s data is unlikely to have been genuinely successful

The cybercrims who claimed the attack on Christie's fancy themselves as auctioneers as well, after they allegedly sold off the company's data to the highest bidder instead of leaking everything on the dark web.…

Categories: News

Microsoft accused of tracking kids with education software

Tue, 04/06/2024 - 15:00
Privacy group seeks clarification of whether EU data protection law has been breached

A privacy campaign group with a strong record in legal upheavals has asked the Austrian data protection authority to investigate Microsoft 365 Education to clarify if it breaches transparency provisions under GDPR.…

Categories: News