Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

Forget the outside hacker, the bigger threat is inside by the coffee machine

After a week of incidents, Register vultures pick over the innards

Iain Thomson Thu 26 Oct 2023  //  20:15 UTC

Kettle In this week's Kettle the topic is one that's been much in the news this week - the much-underrated insider threat issue.

There are thousands of security shops willing to sell elaborate firewalls, zero-trust barriers, and AI security systems that claim to be able to spot a wrong'un easily. But time and again the most effective thieves are already inside the building and using their corporate-issued credentials.

Such was the case this week in the NSA of all places, where a rogue systems engineer, who resigned in anger, tried to sell purloined documents to a Russian agent in exchange for cryptocurrency. Brandon Vigliarolo covered the case and explains what motivated the plot and the surprisingly easy way he was discovered.

News of another insider who did get away with it, it seems, came on Tuesday, as an ex-staffer at Dutch chip-making biz ASML appears to have taken a new job with Huawei, and is accused of taking secrets with him. Tobias Mann has the inside information of the case and, as Biden's sanctions bite harder, we may see more of these sorts of shenanigans.

Then there's the ultimate insider - yourself. On Wednesday Jessica Hardcastle reported on an ACLU Freedom of Information lawsuit showing that US Immigration and Customs Enforcement hired security snoops to trawl through social media content to look for anti-American sentiments. She explains the complex web behind this and it's something we all had a lot to say on. You can see the full discussion below.

So join us for 15 minutes of news, insight, and more than a little snark in the latest Kettle, hosted by Iain Thomson and spun to gold by producer Nicole Hemsoth. There's also an audio version available now on Apple, Amazon, Spotify and Google. ®
Send us news
20 Comments

You have a fake North Korean IT worker problem – here's how to stop it

Thick resumes with thin LinkedIn connections are one sign. Refusing an in-person interview is another

Crims hijacking fully patched SonicWall VPNs to deploy stealthy backdoor and rootkit

Someone's OVERSTEPing the mark

Nvidia warns its GPUs – even Blackwells – need protection against Rowhammer attacks

PLUS: Bluetooth mess leaves cars exposed; Bitcoin ATMs attacked; Deepfakers imitate US secretary of state Marco Rubio; and more

At last, a use case for AI agents with sky-high ROI: Stealing crypto

Boffins outsmart smart contracts with evil automation

Watch out, another max-severity, make-me-root Cisco bug on the loose

Three perfect 10s in the last month - ISE, ISE, baby

Now everybody but Citrix agrees that CitrixBleed 2 is under exploit

Add CISA to the list

Microsoft offers vintage Exchange and Skype server users six more months of security updates

It looks like enough of you are struggling to migrate that Redmond is willing to help out – for a price that might buy nothing

CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands

NetScaler vendor issued a patch but otherwise, stony silence

Iranian ransomware crew reemerges, promises big bucks for attacks on US or Israel

Tells would-be affiliates they don't need to worry because cyberattacks don't violate a cease fire

Massive browser hijacking campaign infects 2.3M Chrome, Edge users

These extensions weren't malware-laced from the start, researcher says

Quantum code breaking? You'd get further with an 8-bit computer, an abacus, and a dog

Computer scientist Peter Gutmann tells The Reg why it's 'bollocks'

Curl creator mulls nixing bug bounty awards to stop AI slop

Maintainers struggle to handle growing flow of low-quality bug reports written by bots