News

Metal maker meltdown: Nucor stops production after cyber-intrusion

The Register - Wed, 14/05/2025 - 21:40
Ransomware or critical infra hit? Top US manufacturer maintains steely silence

Nucor, the largest steel manufacturer in the US, shut down production operations after discovering its servers had been penetrated.…

Categories: News

Why CVSS is failing us and what we can do about it

The Register - Wed, 14/05/2025 - 19:15
How Adversarial Exposure Validation is changing the way we approach vulnerability management

Partner content  Two decades ago, CVSS revolutionized vulnerability management, enabling security teams to speak a common language when measuring and prioritizing risks posed by the vulnerability to the affected asset. However, today, the same tool that once guided us in the right direction is holding us back.…

Categories: News

Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play

The Register - Wed, 14/05/2025 - 18:40
Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated

The Department of Homeland Security (DHS) scrapped a highly lucrative cybersecurity contract originally awarded to Leidos following a legal challenge from rival bidder Nightwing, yet insists the pushback had nothing to do with it.…

Categories: News

Ivanti patches two zero-days under active attack as intel agency warns customers

The Register - Wed, 14/05/2025 - 17:29
Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product

Australia's intelligence agency is warning organizations about several new Ivanti zero-days chained for remote code execution (RCE) attacks. The vendor itself has said the vulns are linked to two mystery open source libraries which it declined to name.…

Categories: News

Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb

The Register - Wed, 14/05/2025 - 16:34
'Legitimate interest' won't wash, says privacy outfit, as Zuck's org claims activists want to 'delay AI innovation'

There's a Max Schrems-shaped object standing in the way of Meta's plans to train its AI on the data of its European users, and he's come armed with several justifications for why Zuckercorp might be violating EU regulations with its stated plans. …

Categories: News

VPN Secure parent company CEO explains why he had to axe thousands of 'lifetime' deals

The Register - Wed, 14/05/2025 - 15:17
Admits due diligence fell short - furious users cry ‘gaslighting’

Customers are blasting VPN Secure's new parent company after it abruptly axed thousands of "lifetime" accounts. The reason? The CEO admits in an interview with The Register that his team didn't dig deep enough before acquiring the virtual private network outfit, and simply can't afford to honor those legacy deals.…

Categories: News

Go ahead and ignore Patch Tuesday – it might improve your security

The Register - Wed, 14/05/2025 - 13:19
No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'

Patch Tuesday has rolled around again, but if you don't rush to implement the feast of fixes it delivered, your security won't be any worse off in the short term – and may improve in the future.…

Categories: News

Everyone's deploying AI, but no one's securing it – what could go wrong?

The Register - Wed, 14/05/2025 - 10:26
Crickets as senior security folk asked about risks at NCSC conference

CYBERUK  Peter Garraghan – CEO of Mindgard and professor of distributed systems at Lancaster University – asked the CYBERUK audience for a show of hands: how many had banned generative AI in their organizations? Three hands went up.…

Categories: News

Ransomware scum have put a target on the no man's land between IT and operations

The Register - Wed, 14/05/2025 - 07:33
Defenses are weaker, and victims are more likely to pay, SANS warns

Criminals who attempt to damage critical infrastructure are increasingly targeting the systems that sit between IT and operational tech.…

Categories: News

Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu

The Register - Wed, 14/05/2025 - 01:44
Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti

Patch Tuesday  It's that time of the month again, and Microsoft has made it extra spicy by revealing five flaws it says are under active exploitation – but rates as important rather than critical fixes.…

Categories: News

Intel's data-leaking Spectre defenses scared off yet again

The Register - Tue, 13/05/2025 - 22:15
ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit

Researchers at ETH Zurich in Switzerland have found a way around Intel's defenses against Spectre, a family of data-leaking flaws in the x86 giant's processor designs that simply won't die.…

Categories: News

Qatar’s $400M jet for Trump is a gold-plated security nightmare

The Register - Tue, 13/05/2025 - 21:37
Air Force Dumb

The Trump administration is set to accept a $400 million luxury 747-8 from the royal family of Qatar – a lavish "palace in the sky" meant as a temporary Air Force One. But getting it up to presidential security standards could take years and cost hundreds of millions more.…

Categories: News

Commvault fixes critical Command Center issue after flaw finder alert

The Register - Tue, 13/05/2025 - 18:31
Pay-to-play security on CVSS 10 issue is now fixed

An update that fixed a critical flaw in data protection biz Commvault's Command Center was initially not available to a significant user subset – those testing out a free trial version of the product. That is, until a security researcher pointed out the problem.…

Categories: News

'We still have embeds in CISA': CTO of Brit cyber agency talks post-Trump relationship with US counterpart

The Register - Tue, 13/05/2025 - 15:00
Both agencies seem unbothered despite tech world's clear concerns for US infoseccers

CYBERUK  The top brass from the UK's cyber agency say everything is business as usual when it comes to the GCHQ arm's relationship with CISA, amid growing unease about the current administration's treatment of its US equivalent.…

Categories: News

Marks & Spencer admits cybercrooks made off with customer info

The Register - Tue, 13/05/2025 - 11:45
Market cap down by more than £1B since April 22

Marks & Spencer has confirmed that customer data was stolen as part of its cyberattack, fueling conjecture that ransomware was involved.…

Categories: News

As US vuln-tracking falters, EU enters with its own security bug database

The Register - Tue, 13/05/2025 - 11:00
EUVD comes into play not a moment too soon

The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems.…

Categories: News

Türkiye-linked spy crew exploited a messaging app zero-day to snoop on Kurdish army in Iraq

The Register - Tue, 13/05/2025 - 08:29
'MarbledDust' gang has honed the skills it uses to assist Ankara

Turkish spies exploited a zero-day bug in a messaging app to collect info on the Kurdish army in Iraq, according to Microsoft, which says the attacks began more than a year ago.…

Categories: News

M365 apps on Windows 10 to get security fixes into 2028

The Register - Mon, 12/05/2025 - 23:03
Support for the underlying OS is another story

Microsoft has pledged to support and issue security fixes for M365 apps on Windows 10 into late 2028. That's well past a cut-off point of October 14 this year, when Redmond's support for Windows 10 officially ends unless you buy an extended support package.…

Categories: News

CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, email

The Register - Mon, 12/05/2025 - 20:04
Cripes, we were only joking when we called Elon's social network the new state media

The US government's Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X.…

Categories: News

Why aggregating your asset inventory leads to better security

The Register - Mon, 12/05/2025 - 19:42
Today’s complex IT environments demand a new approach

Partner content  For many organizations, managing IT assets is like trying to complete a jigsaw puzzle without all the pieces. Despite massive investments in security tools and controls, many companies still have critical gaps in their ecosystems that leave them vulnerable to breaches.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News