News

WordPress forces user conf organizers to share social media credentials, arousing suspicions

The Register - Mon, 28/10/2024 - 06:27
One told to take down posts that said nice things about WP Engine

Organisers of WordCamps, community-organized events for WordPress users, have been ordered to take down some social media posts and share their login credentials for social networks.…

Categories: News

Senator accuses sloppy domain registrars of aiding Russian disinfo campaigns

The Register - Sun, 27/10/2024 - 15:44
Also, Change Healthcare sets a record, cybercrime cop suspect indicted, a new Mallox decryptor, and more

in brief  Senate intelligence committee chair Mark Warner (D-VA) is demanding to know why, in the wake of the bust-up of a massive online Russian disinformation operation, the names of six US-based domain registrars seem to keep popping up as, at best, negligent facilitators of election meddling. …

Categories: News

Worker surveillance must comply with credit reporting rules

The Register - Sat, 26/10/2024 - 06:30
US Consumer Financial Protection Bureau demands transparency, accountability from sellers of employee metrics

The US Consumer Financial Protection Bureau on Thursday published guidance advising businesses that third-party reports about workers must comply with the consent and transparency requirements set forth in the Fair Credit Reporting Act.…

Categories: News

Just how private is Apple's Private Cloud Compute? You can test it to find out

The Register - Fri, 25/10/2024 - 16:04
Also updates bug bounty program with $1M payout

In June, Apple used its Worldwide Developer Conference to announce the creation of the Private Cloud Compute platform to run its AI Intelligence applications, and now it's asking people to stress test the system for security holes.…

Categories: News

Putin's pro-Trump trolls accuse Harris of poaching rhinos

The Register - Fri, 25/10/2024 - 02:30
Plus: Iran's IRGC probes election-related websites in swing states

Russian, Iranian, and Chinese trolls are all ramping up their US election disinformation efforts ahead of November 5, but – aside from undermining faith in the democratic process and confidence in the election result – with very different objectives, according to Microsoft.…

Categories: News

AWS Cloud Development Kit flaw exposed accounts to full takeover

The Register - Thu, 24/10/2024 - 23:33
Remember Bucket Monopoly? Yeah, it gets worse

Amazon Web Services has fixed a flaw in its open source Cloud Development Kit that, under the right conditions, could allow an attacker to hijack a user's account completely.…

Categories: News

Emergency patch: Cisco fixes bug under exploit in brute-force attacks

The Register - Thu, 24/10/2024 - 19:15
Who doesn't love abusing buggy appliances, really?

Cisco has patched an already exploited security hole in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that miscreants have been brute-forcing in attempted denial of service attacks.…

Categories: News

Bitwarden's FOSS halo slips as new SDK requirement locks down freedoms

The Register - Thu, 24/10/2024 - 12:36
Arguments continue but change suggests it's not Free Software anymore

The Bitwarden online credentials storage service is changing its build requirements – which some commentators feel mean it's no longer FOSS.…

Categories: News

Ransomware's ripple effect felt across ERs as patient care suffers

The Register - Thu, 24/10/2024 - 11:37
389 US healthcare orgs infected this year alone

Ransomware infected 389 US healthcare organizations this fiscal year, putting patients' lives at risk and costing facilities up to $900,000 a day in downtime alone, according to Microsoft.…

Categories: News

Voice-enabled AI agents can automate everything, even your phone scams

The Register - Thu, 24/10/2024 - 07:30
All for the low, low price of a mere dollar

Scammers, rejoice. OpenAI's real-time voice API can be used to build AI agents capable of conducting successful phone call scams for less than a dollar.…

Categories: News

China's top messaging app WeChat banned from Hong Kong government computers

The Register - Thu, 24/10/2024 - 06:11
Google and WhatsApp also binned, which is far easier to explain than canning a local hero

Hong Kong’s government has updated infosec guidelines to restrict the use of Chinese messaging app WeChat, alongside Meta and Google products like WhatsApp and Google Drive, on computers it operates.…

Categories: News

Anthropic's latest Claude model can interact with computers – what could go wrong?

The Register - Thu, 24/10/2024 - 05:30
For starters, it could launch a prompt injection attack on itself...

The latest version of AI startup Anthropic's Claude 3.5 Sonnet model can use computers – and the developer makes it sound like that's a good thing.…

Categories: News

Perfctl malware strikes again as crypto-crooks target Docker Remote API servers

The Register - Thu, 24/10/2024 - 03:30
Attacks on unprotected servers reach 'critical level'

An unknown attacker is abusing exposed Docker Remote API servers to deploy perfctl cryptomining malware on victims' systems, according to Trend Micro researchers.…

Categories: News

Samsung phone users under attack, Google warns

The Register - Thu, 24/10/2024 - 01:16
Don't ignore this nasty zero day exploit says TAG

A nasty bug in Samsung's mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google security researchers.…

Categories: News

Penn State pays DoJ $1.25M to settle cybersecurity compliance case

The Register - Thu, 24/10/2024 - 00:29
Fight On, State? Not this time

Pennsylvania State University has agreed to pay the Justice Department $1.25 million to settle claims of misrepresenting its cybersecurity compliance to the federal government and leaving sensitive data improperly secured. …

Categories: News

Warning! FortiManager critical vulnerability under active attack

The Register - Wed, 23/10/2024 - 23:47
Security shop and CISA urge rapid action

Fortinet has gone public with news of a critical flaw in its software management platform.…

Categories: News

'Satanic' data thief claims to have slipped into 350M Hot Topic shoppers info

The Register - Wed, 23/10/2024 - 21:30
We know where you got your skinny jeans - big deal

A data thief calling themselves Satanic claims to have purloined the records of around 350 million customers of fashion retailer Hot Topic.…

Categories: News

Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch

The Register - Wed, 23/10/2024 - 20:30
Plus, a POC to make it extra easy for attackers

A Microsoft SharePoint bug that can allow an attacker to remotely inject code into vulnerable versions is under active exploitation, according to the US Cybersecurity and Infrastructure Security Agency (CISA).…

Categories: News

Millions of Android and iOS users at risk from hardcoded creds in popular apps

The Register - Wed, 23/10/2024 - 01:31
Azure Blob Storage, AWS, and Twilio keys all up for grabs

An analysis of widely used mobile apps offered on Google Play and the Apple App Store has found hardcoded and unencrypted cloud service credentials, exposing millions of users to major security problems.…

Categories: News

US lawmakers push DoJ to prosecute tax prep firms for leaking taxpayer data to big tech

The Register - Tue, 22/10/2024 - 23:31
TaxSlayer, H&R Block, TaxAct, and Ramsey Solutions accused of sharing info with Meta and Google

A quartet of lawmakers have penned a letter to the Department of Justice asking it to prosecute tax preparation companies for sharing customer data, including tax return information, with Meta and Google.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News