News

VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time

The Register - Tue, 22/10/2024 - 18:02
If the first patches don't work, try, try again

VMware has pushed a second patch for a critical, heap-overflow bug in the vCenter Server that could allow a remote attacker to fully compromise vulnerable systems after the first software update, issued last month, didn't work.…

Categories: News

Tech firms to pay millions in SEC penalties for misleading SolarWinds disclosures

The Register - Tue, 22/10/2024 - 17:31
Unisys, Avaya, Check Point, and Mimecast settled with the agency without admitting or denying wrongdoing

Four high-profile tech companies reached an agreement with the Securities and Exchange Commission to pay millions of dollars in penalties for misleading investors about their exposure to the 2020 SolarWinds hack.…

Categories: News

Akira ransomware is encrypting victims again following pure extortion fling

The Register - Tue, 22/10/2024 - 16:31
Crooks revert to old ways for greater efficiency

Experts believe the Akira ransomware operation is up to its old tricks again, encrypting victims' files after a break from the typical double extortion tactics.…

Categories: News

Pixel perfect Ghostpulse malware loader hides inside PNG image files

The Register - Tue, 22/10/2024 - 06:30
Miscreants combine it with an equally tricky piece of social engineering

The Ghostpulse malware strain now retrieves its main payload via a PNG image file's pixels. This development, security experts say, is "one of the most significant changes" made by the crooks behind it since launching in 2023.…

Categories: News

China’s Spamouflage cranks up trolling of US Senator Rubio as election day looms

The Register - Mon, 21/10/2024 - 23:30
Note to Xi: Marco and Ted Cruz aren't the same person

China's Spamouflage disinformation crew has been targeting US Senator Marco Rubio (R-Florida) with its fake news campaigns over the past couple of months, trolling the Republican lawmaker's official X account and posting negative stories about Rubio on Reddit and Medium.…

Categories: News

Sophos to snatch Secureworks in $859M buyout: Why fight when you can just buy?

The Register - Mon, 21/10/2024 - 22:30
Private equity giant Thoma Bravo adds another trophy to its growing collection

British security biz Sophos has announced a plan to gobble up competitor Secureworks in an $859 million deal that will make Dell happy.…

Categories: News

The billionaire behind Trump's 'unhackable' phone is on a mission to fight Tesla's FSD

The Register - Mon, 21/10/2024 - 20:30
Dan O'Dowd tells El Reg about the OS secrets and ongoing clash with Musk

Interview  This month, presidential hopeful Donald Trump got a tool in his arsenal, some allegedly "unhackable" communications kit, and The Register has talked to the man behind the operating system, who also ran for the US Senate on a campaign to get self-driving Teslas off the road and is on something of a crusade about the matter.…

Categories: News

macOS HM Surf vuln might already be under exploit by major malware family

The Register - Mon, 21/10/2024 - 14:32
Like keeping your camera and microphone private? Patch up

In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems.…

Categories: News

Tesla, Intel, deny they're the foreign company China just accused of making maps that threaten national security

The Register - Mon, 21/10/2024 - 06:33
As TSMC defends itself against report it may have helped Huawei

Tesla has denied it was involved in illegal-map making activities in China after Beijing asserted an unnamed foreign firm working on a smart car project had done so – and even stolen state secrets – through a collaboration with a local business.…

Categories: News

Internet Archive exposed again – this time through Zendesk

The Register - Mon, 21/10/2024 - 02:29
Org turns its woes into a fundraising opportunity

Despite the Internet Archive's assurances it's back on its feet after a recent infosec incident, the org still appears to be in trouble after parties unknown claimed to hold access tokens to its Zendesk implementation and to have used them to send a mass email blast.…

Categories: News

Open source LLM tool primed to sniff out Python zero-days

The Register - Sun, 20/10/2024 - 10:00
The static analyzer uses Claude AI to identify vulns and suggest exploit code

Researchers with Seattle-based Protect AI plan to release a free, open source tool that can find zero-day vulnerabilities in Python codebases with the help of Anthropic's Claude AI model.…

Categories: News

Jetpack fixes 8-year-old flaw affecting millions of WordPress sites

The Register - Fri, 18/10/2024 - 23:30
Also, new EU cyber reporting rules are live, exploiters hit the gas pedal, free PDNS for UK schools, and more

in brief  A critical security update for the near-ubiquitous WordPress plugin Jetpack was released last week. Site administrators should ensure the latest version is installed to keep their sites secure. …

Categories: News

Alleged Bitcoin crook faces 5 years after SEC's X account pwned

The Register - Fri, 18/10/2024 - 13:30
SIM swappers strike again, warping cryptocurrency prices

An Alabama man faces five years in prison for allegedly attempting to manipulate the price of Bitcoin by pwning the US Securities and Exchange Commission's X account earlier this year.…

Categories: News

ESET denies it was compromised as Israeli orgs targeted with 'ESET-branded' wipers

The Register - Fri, 18/10/2024 - 12:00
Says 'limited' incident isolated to 'partner company'

ESET denies being compromised after an infosec researcher highlighted a wiper campaign that appeared to victims as if it was launched using the Slovak security shop's infrastructure.…

Categories: News

Intel robustly refutes China's accusations it bakes in NSA backdoors

The Register - Fri, 18/10/2024 - 06:32
Chipzilla uses WeChat post to defend record of following local laws

Intel has roundly rebutted Chinese accusations that its chips include security backdoors at the direction of the US National Security Agency (NSA).…

Categories: News

Biz hired, and fired, a fake North Korean IT worker – then the ransom demands began

The Register - Fri, 18/10/2024 - 05:28
'My webcam isn't working today' is the new 'The dog ate my network'

It's a pattern cropping up more and more frequently: a company fills an IT contractor post, not realizing it's mistakenly hired a North Korean operative. The phony worker almost immediately begins exfiltrating sensitive data, before being fired for poor performance. Then the six-figure ransom demands – accompanied by proof of the stolen files – start appearing.…

Categories: News

Uncle Sam puts $10M bounty on Russian troll farm Rybar

The Register - Fri, 18/10/2024 - 02:00
Propaganda op focuses on anti-West narratives to meddle with elections

The US has placed a $10 million bounty on Russian media network Rybar and a number of its key staffers following alleged attempts to sway the upcoming US presidential election.…

Categories: News

Troubled US insurance giant hit by extortion after data leak

The Register - Fri, 18/10/2024 - 00:30
Globe Life claims blackmailers shared stolen into with short sellers

US insurance provider Globe Life, already grappling with legal troubles, now faces a fresh headache: an extortion attempt involving stolen customer data.…

Categories: News

Brazilian police claim they've cuffed serial cybercrook behind FBI and Airbus attacks

The Register - Thu, 17/10/2024 - 15:00
Early stage opsec failures lead to landmark arrest of suspected serial data thief

Brazilian police are being cagey with the details about the arrest of a person suspected to be responsible for various high-profile data thefts.…

Categories: News

WeChat devs introduced security flaws when they modded TLS, say researchers

The Register - Thu, 17/10/2024 - 09:31
No attacks possible, but enough issues to cause concern

Messaging giant WeChat uses a network protocol that the app's developers modified – and by doing so introduced security weaknesses, researchers claim.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News