News

Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw

The Register - Tue, 25/03/2025 - 03:12
How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently

Cloudy infosec outfit Wiz has discovered serious vulnerabilities in the admission controller component of Ingress-Nginx Controller that could allow the total takeover of Kubernetes clusters – and thinks more than 6,000 deployments of the software are at risk on the internet.…

Categories: News

OTF, which backs Tor, Let's Encrypt and more, sues to save funding from Trump cuts

The Register - Tue, 25/03/2025 - 00:46
Kari, OK, we'll see you in court

An organization that bankrolls various internet security projects has asked a Washington DC court to prevent the Trump administration from cancelling its federal funding – and expressed fears that if the cash stops flowing, the tools it supports could become harder to access.…

Categories: News

Top Trump officials text classified Yemen airstrike plans to journo in Signal SNAFU

The Register - Mon, 24/03/2025 - 23:02
Massive OPSEC fail from the side who brought you 'lock her up'

Senior Trump administration officials used the messaging app Signal to discuss secret government business – including detailed plans to attack Houthi rebels in Yemen - and accidentally invited a journalist to join the group in which they chatted.…

Categories: News

FCC on the prowl for Huawei and other blocked Chinese makers in America

The Register - Mon, 24/03/2025 - 21:24
Be vewy vewy quiet, I'm hunting rackets

The FCC is investigating whether Chinese manufacturers black-listed on its so-called Covered List - including Huawei - are still somehow doing business in America, either by misreading the rules or willfully ignoring them.…

Categories: News

As nation-state hacking becomes 'more in your face,' are supply chains secure?

The Register - Mon, 24/03/2025 - 20:32
Ex-US Air Force officer says companies shouldn't wait for govt mandates

Interview  Former US Air Force cyber officer Sarah Cleveland worries about the threat of a major supply-chain attack from China or another adversarial nation. So she installed solar panels on her house: "Because what if the electric grid goes down?" …

Categories: News

AI agents swarm Microsoft Security Copilot

The Register - Mon, 24/03/2025 - 16:00
Looking to sort through large volumes of security info? Redmond has your backend

Microsoft's Security Copilot is getting some degree of agency, allowing the underlying AI model to interact more broadly with the company's security software to automate various tasks.…

Categories: News

23andMe's genes not strong enough to avoid Chapter 11

The Register - Mon, 24/03/2025 - 14:01
CEO steps down after multiple failed attempts to take the DNA testing company private

Beleaguered DNA testing biz 23andMe - hit by a massive cyber attack in 2023 - is filing for bankruptcy protection in the US following years of financial uncertainty.…

Categories: News

Is Washington losing its grip on crypto, or is it a calculated pivot to digital dominance?

The Register - Mon, 24/03/2025 - 11:45
It's been a very busy week for Digicash Donald's administration

Analysis  Is the US retreating from its hardline stance on crypto? On Friday, the US Treasury Department lifted sanctions imposed on notorious crypto mixer Tornado Cash, once accused of washing billions in illicit crypto for criminals and nation-states alike.…

Categories: News

Microsoft tastes the unexpected consequences of tariffs on time

The Register - Mon, 24/03/2025 - 09:30
Throw a spanner in the works, best get good at fixing things. Now, where did you put that spanner?

Opinion  Never attribute to malice that which is adequately explained by stupidity. This works well in sane times, less so when "but it's both" is the default. Apply it to Microsoft's decision to make bug reports include not only a working example but a video of the same, and the meter oscillates wildly. What were they thinking? What did they expect?…

Categories: News

Mobsters now overlap with cybercrime gangs and use AI for evil, Europol warns

The Register - Mon, 24/03/2025 - 05:29
PLUS: Russian bug-buyers seeks Telegram flaws; Another WordPress security mess; NIST backlog grows; and more!

Infosec In Brief  Organized crime networks are now reliant on digital tech for most of their activities according to Europol, the European agency that fights international crime on the continent and beyond.…

Categories: News

China bans compulsory facial recognition and its use in private spaces like hotel rooms

The Register - Sun, 23/03/2025 - 23:29
PLUS: Zoho's Ulaa anointed India’s most patriotic browser; Typhoon-like gang targets Taiwan; Japan debates offensive cyber-ops; and more

Asia In Brief  China’s Cyberspace Administration and Ministry of Public Security have outlawed the use of facial recognition without consent.…

Categories: News

Oracle Cloud says it's not true someone broke into its login servers and stole data

The Register - Sun, 23/03/2025 - 21:09
Despite evidence to the contrary as alleged pilfered info goes on sale

Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen.…

Categories: News

Ex-NSA boss: Good news. Election security focus helped dissuade increase in Russian meddling with US

The Register - Sun, 23/03/2025 - 13:04
Plus AI in the infosec world, why CISA should know its place, and more

Interview  Russia appears to be having second thoughts on how aggressively, or at least how visibly, it attempts to influence American elections, according to a former head of the NSA.…

Categories: News

AdTech CEO whose products detected fraud jailed for financial fraud

The Register - Fri, 21/03/2025 - 07:32
Made up revenue and pretended to use non-existent data

The former CEO of Kubient, an advertising tech company that developed a cloudy product capable of detecting fraudulent ads, has been jailed for fraud.…

Categories: News

Paragon spyware deployed against journalists and activists, Citizen Lab claims

The Register - Fri, 21/03/2025 - 06:26
Plus: Customer info stolen from 'parental control' software slinger SpyX; F-35 kill switch denied

Infosec newsbytes  Israeli spyware maker Paragon Solutions pitches its tools as helping governments and law enforcement agencies to catch criminals and terrorists, but a fresh Citizen Lab report claims its software has been used to target journalists, activists, and other civilians.…

Categories: News

Capital One cracker could be sent back to prison after judges rule she got off too lightly

The Register - Fri, 21/03/2025 - 01:06
Feds want book thrown at Paige Thompson, who pinched 100M customer records

Paige Thompson, the perpetrator of the Capital One data theft, may be sent back behind bars – after an appeals court ruled her sentence of time served plus five years of probation was too lenient.…

Categories: News

Dept of Defense engineer took home top-secret docs, booked a fishing trip to Mexico – then the FBI showed up

The Register - Thu, 20/03/2025 - 23:02
So much for that vacation

A US Department of Defense electrical engineer has turned his world upside down after printing 155 pages from 20 documents, all of which were marked top secret and classified, from his DoD workspace, brought them home with him – and was collared on his way to Mexico.…

Categories: News

Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist

The Register - Thu, 20/03/2025 - 18:33
Palming off the blame using an ‘unknown’ best practice didn’t go down well either

In patching the latest critical remote code execution (RCE) bug in Backup and Replication, software shop Veeam is attracting criticism from researchers for the way it handles uncontrolled deserialization vulnerabilities.…

Categories: News

Too many software supply chain defense bibles? Boffins distill advice

The Register - Thu, 20/03/2025 - 13:31
How to avoid another SolarWinds, Log4j, and XZ Utils situation

Organizations concerned about software supply chain attacks should focus on role-based access control, system monitoring, and boundary protection, according to a new preprint paper on the topic.…

Categories: News

The post-quantum cryptography apocalypse will be televised in 10 years, says UK's NCSC

The Register - Thu, 20/03/2025 - 13:15
Wow, a government project that could be on time for once ... cos it's gonna be wayyyy more than a decade

The UK's National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have ten years to migrate to a safer future.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News