Mozilla fixes $100,000 Firefox zero-days following two-day hackathon

The Register - Mon, 25/03/2024 - 15:00
Users may have to upgrade twice to protect their browsers

Mozilla has swiftly patched a pair of critical Firefox zero-days after a researcher debuted them at a Vancouver cybersec competition.…

Categories: News

GoFetch security exploit can't be disabled on M1 and M2 Apple chips

The Register - Mon, 25/03/2024 - 14:30
For now, cryptographic work should be run on slower Icestorm cores

The GoFetch vulnerability found on Apple M-series and Intel Raptor Lake CPUs has been further unpacked by the researchers who first disclosed it.…

Categories: News

Time to examine the anatomy of the British Library ransomware nightmare

The Register - Mon, 25/03/2024 - 09:30
Mistakes years in the making tell a universal story that must not be ignored

Opinion  Quiz time: name one thing you know about the Library of Alexandria. Points deducted for "it’s a library. In Alexandria." Looking things up is cheating and you know it.…

Categories: News

That Asian meal you eat on holidays could launder money for North Korea

The Register - Mon, 25/03/2024 - 06:32
United Nations finds IT contract and crypto scams are just two of DPRK's illicit menu items

If you dine out at an Asian restaurant on your next holiday, the United Nations thinks your meal could help North Korea to launder money.…

Categories: News

Microsoft confirms memory leak in March Windows Server security update

The Register - Mon, 25/03/2024 - 01:15
ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns

Infosec in brief  If your Windows domain controllers have been crashing since a security update was installed earlier this month, there's no longer any need to speculate why: Microsoft has admitted it introduced a memory leak in its March patches and fixed the issue.…

Categories: News

Some 300,000 IPs vulnerable to this Loop DoS attack

The Register - Sun, 24/03/2024 - 18:37
Easy to exploit, not yet exploited, not widely patched – pick three

As many as 300,000 servers or devices on the public internet are thought to be vulnerable right now to the recently disclosed Loop Denial-of-Service technique that works against some UDP-based application-level services.…

Categories: News

Vans claims cyber crooks didn't run off with its customers' financial info

The Register - Sun, 24/03/2024 - 10:08
Just 35.5M names, addresses, emails, phone numbers … no biggie

Clothing and footwear giant VF Corporation is letting 35.5 million of its customers know they may find themselves victims of identity theft following last year's security breach.…

Categories: News

Russia's Cozy Bear caught phishing German politicos with phony dinner invites

The Register - Sat, 23/03/2024 - 07:51
Forget the Riesling, bring on the WINELOADER

The Kremlin's cyberspies targeted German political parties in a phishing campaign that used emails disguised as dinner party invitations, according to Mandiant.…

Categories: News

Chinese snoops use F5, ConnectWise bugs to sell access into top US, UK networks

The Register - Fri, 22/03/2024 - 22:02
Crew may well be working under contract for Beijing

Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to compromised US defense organizations, UK government agencies, and hundreds of other entities, according to Mandiant.…

Categories: News

3 million doors open to uninvited guests in keycard exploit

The Register - Fri, 22/03/2024 - 17:00
As months go by without fixes, hotels take the scenic route to securing rooms

Around 3 million doors protected by popular keycard locks are thought to be vulnerable to security flaws that allow miscreants to quickly slip into locked rooms.…

Categories: News

Hardware-level Apple Silicon vulnerability can leak cryptographic keys

The Register - Fri, 22/03/2024 - 15:03
Short of rearchitecting hardware, the fix will seriously degrade performance

Apple is having its own Meltdown/Spectre moment with a new side-channel vulnerability found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys. …

Categories: News

NVD slowdown leaves thousands of vulnerabilities without analysis data

The Register - Fri, 22/03/2024 - 13:45
Security world reacts as NIST does a lot less of oft criticized, 'almost always thankless' work

Opinion  The United States National Institute of Standards and Technology (NIST) has almost completely stopped adding analysis to Common Vulnerabilities and Exposures (CVEs) listed in the National Vulnerability Database. That means big headaches for anyone using CVEs to maintain their security. …

Categories: News

Truck-to-truck worm could infect – and disrupt – entire US commercial fleet

The Register - Fri, 22/03/2024 - 00:03
The device that makes it possible is required in all American big rigs, and has poor security

Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University.…

Categories: News

FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert

The Register - Thu, 21/03/2024 - 22:20
You better watch out, you better not cry, better not pout, they're telling you why

The US government has recommended a series of steps that critical infrastructure operators should take to prevent distributed-denial-of-service (DDoS) attacks.…

Categories: News

Microsoft faces bipartisan criticism for alleged censorship on Bing in China

The Register - Thu, 21/03/2024 - 21:25
Redmond says it does what it's told, but still thinks users are better off

Microsoft is the subject of growing criticism in the US over allegations that its Bing search engine censors results for users in China that relate to sensitive subjects the state wants blocked.…

Categories: News

Congress votes unanimously to ban brokers selling American data to enemies

The Register - Thu, 21/03/2024 - 20:30
At least we can all agree on something

The US House of Representatives has passed a bill that would prohibit data brokers from selling Americans' data to foreign adversaries with an unusual degree of bipartisan support: It passed without a single opposing vote.…

Categories: News

Yacht dealer to the stars attacked by Rhysida ransomware gang

The Register - Thu, 21/03/2024 - 15:30
MarineMax may be in choppy waters after 'stolen data' given million-dollar price tag

The Rhysida ransomware group claims it was responsible for the cyberattack at US luxury yacht dealer MarineMax earlier this month.…

Categories: News

UK council won't say whether two-week 'cyber incident' impacted resident data

The Register - Thu, 21/03/2024 - 11:37
Security experts insist ransomware is involved but Leicester zips its lips

Leicester City Council continues to battle a suspected ransomware attack while keeping schtum about the key details.…

Categories: News

Exposed: Chinese smartphone farms that run thousands of barebones mobes to do crime

The Register - Thu, 21/03/2024 - 06:32
Operators pack twenty phones into a chassis – then rack 'em and stack 'em ready to do evil

Chinese upstarts are selling smartphone motherboards – and kit to run and manage them at scale – to operators of outfits that use them to commit various scams and crimes, according to an undercover investigation by state television broadcaster China Central Television (CCTV) revealed late last week.…

Categories: News

It's 2024 and North Korea's Kimsuky gang is exploiting Windows Help files

The Register - Thu, 21/03/2024 - 05:30
New infostealer may indicate a shift in tactics – and maybe targets too, beyond Asia

North Korea's notorious Kimsuky cyber crime gang has commenced a campaign using fresh tactics, according to infosec tools vendor Rapid7.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News