tag:theregister.com,2005:feed/theregister.com/security/cso/
The Register - Security: CSO
Copyright © 2024, Situation Publishing
Team Register
webmaster@theregister.co.uk
https://www.theregister.com/odds/about/contact/
https://www.theregister.com/Design/graphics/icons/favicon.png
Biting the hand that feeds IT — Enterprise Technology News and Analysis
https://www.theregister.com/Design/graphics/Reg_default/The_Register_r.png
2024-03-28T07:45:06.00Z
tag:theregister.com,2005:story233108
2024-03-28T07:45:06.00Z
2024-03-28T07:45:06.00Z
Iain Thomson
https://search.theregister.com/?author=Iain%20Thomson
These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb
<h4>One might say this is a wurst case scenario</h4> <p>The German Federal Office for Information Security (BIS) has issued an urgent alert about the poor state of Microsoft Exchange Server patching in the country.…</p> <p><!--#include virtual='/data_centre/_whitepaper_textlinks_top.html' --></p>
tag:theregister.com,2005:story233113
2024-03-27T20:40:07.00Z
2024-03-27T21:17:31.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw
<h4>Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders</h4> <p>Thousands of companies remain vulnerable to a remote-code-execution bug in Ray, an open-source AI framework used by Amazon, OpenAI, and others, that is being abused by miscreants in the wild to steal sensitive data and illicitly mine for cryptocurrency.…</p>
tag:theregister.com,2005:story233057
2024-03-26T08:24:13.00Z
2024-03-26T23:47:33.00Z
Thomas Claburn
https://search.theregister.com/?author=Thomas%20Claburn
Row breaks out over true severity of two DNSSEC flaws
<h4>Some of us would be happy being rated 7.5 out of 10, just sayin'</h4> <p><strong>Updated</strong> Two DNSSEC vulnerabilities were disclosed last month with similar descriptions and the same severity score, but they are not the same issue.…</p>
tag:theregister.com,2005:story232924
2024-03-18T21:29:13.00Z
2024-03-18T21:29:13.00Z
Thomas Claburn
https://search.theregister.com/?author=Thomas%20Claburn
Don't be like these 900+ websites and expose millions of passwords via Firebase
<h4>Warning: Poorly configured Google Cloud databases spill billing info, plaintext credentials</h4> <p>At least 900 websites built with Google's Firebase, a cloud database, have been misconfigured, leaving credentials, personal info, and other sensitive data inadvertently exposed to the public internet, according to security researchers.…</p>
tag:theregister.com,2005:story232822
2024-03-12T22:39:12.00Z
2024-03-12T22:39:12.00Z
Brandon Vigliarolo
https://search.theregister.com/?author=Brandon%20Vigliarolo
Meta sues ex infra VP for allegedly stealing top-secret datacenter blueprints
<h4>Exec accused of using own work PC to swipe confidential AI and staffing docs for stealth cloud startup</h4> <p>An ex-Meta veep has been sued by his former bosses for "brazenly disloyal and dishonest conduct" – and by that, they mean he allegedly stole confidential documents to help him build and recruit colleagues for an AI cloud startup. …</p>
tag:theregister.com,2005:story232774
2024-03-08T22:55:25.00Z
2024-03-08T23:11:29.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes
<h4>Plus: CISA pulls plug on couple of systems feared compromised</h4> <p>There's yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed vulnerabilities before vendors have issued a fix.…</p> <p><!--#include virtual='/data_centre/_whitepaper_textlinks_top.html' --></p>
tag:theregister.com,2005:story232748
2024-03-08T01:02:10.00Z
2024-03-08T01:02:10.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Securing open source software: Whose job is it, anyway?
<h4>CISA announces more help, and calls on app makers to step up</h4> <p>The US government and some of the largest open source foundations and package repositories have announced a series of initiatives intended to improve software supply-chain security, while also repeating calls for developers to increase support for such efforts.…</p>
tag:theregister.com,2005:story232721
2024-03-07T00:37:23.00Z
2024-03-07T01:39:15.00Z
Simon Sharwood
https://search.theregister.com/?author=Simon%20Sharwood
Chinese chap charged with stealing Google’s AI datacenter secrets
<h4>Moonlighted for PRC companies after side-stepping Big G's security, allegedly</h4> <p>A now-former Google employee has been charged with stealing the ad giant’s AI trade secrets while quietly working for two Chinese companies – after easily defeating whatever security controls Big G had in place.…</p>
tag:theregister.com,2005:story232715
2024-03-06T20:49:31.00Z
2024-03-06T21:33:27.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
FBI: Critical infrastructure suffers spike in ransomware attacks
<h4>Jump in overall cybercrime reports, $60M-plus reportedly lost to extortionists alone, Feds reckon</h4> <p>Digital crimes potentially cost victims more than $12.5 billion last year, according to the FBI's latest Internet Crime Complaint Center (IC3) annual report. …</p>
tag:theregister.com,2005:story232683
2024-03-05T16:18:04.00Z
2024-03-06T02:07:44.00Z
Brandon Vigliarolo
https://search.theregister.com/?author=Brandon%20Vigliarolo
IP address X-posure now a feature on Musk's social media thing
<h4>Just a little FYI</h4> <p>Video and audio calling features for X Premium users added last year to Elon Musk's version of Twitter have been expanded to everyone on the platform, and FYI: It may reveal your IP address to those you're nattering away to.…</p>
tag:theregister.com,2005:story232547
2024-02-27T20:22:38.00Z
2024-02-27T21:10:26.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Sandvine put on America's export no-fly list after Egypt used network tech for spying
<h4>Canadian network box maker floats in denial</h4> <p>The US Commerce Department has blacklisted Sandvine for selling its networking monitoring technology to Egypt, where the Feds say the gear was used to spy on political and human-rights activists.…</p> <p><!--#include virtual='/data_centre/_whitepaper_textlinks_top.html' --></p>
tag:theregister.com,2005:story232490
2024-02-25T16:09:12.00Z
2024-02-25T16:09:12.00Z
Larry Peterson
https://search.theregister.com/?author=Larry%20Peterson
Security is hard because it has to be right all the time? Yeah, like everything else
<h4>It takes only one bottleneck or single point of failure to ruin your week</h4> <p><strong>Systems Approach</strong> One refrain you often hear is that security must be built in from the ground floor; that retrofitting security to an existing system is the source of design complications, or worse, outright flawed designs.…</p>
tag:theregister.com,2005:story232366
2024-02-17T02:10:11.00Z
2024-02-17T02:10:11.00Z
Katyanna Quach
https://search.theregister.com/?author=Katyanna%20Quach
Google open sources file-identifying Magika AI for malware hunters and others
<h4>Cool, but it's 2024 – needs more hype, hand wringing, and flashy staged demos to be proper ML</h4> <p>Google has open sourced Magika, an in-house machine-learning-powered file identifier, as part of its AI Cyber Defense Initiative, which aims to give IT network defenders and others better automated tools.…</p>
tag:theregister.com,2005:story232343
2024-02-16T01:20:13.00Z
2024-02-16T01:20:13.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Quest Diagnostics pays $5M after mixing patient medical data with hazardous waste
<h4>Will cough up less than two days of annual profit in settlement – and California calls this a win</h4> <p>Quest Diagnostics has agreed to pay almost $5 million to settle allegations it illegally dumped protected health information – and hazardous waste – at its facilities across California.…</p>
tag:theregister.com,2005:story232174
2024-02-08T00:06:00.00Z
2024-02-08T00:06:00.00Z
Brandon Vigliarolo
https://search.theregister.com/?author=Brandon%20Vigliarolo
IT suppliers hacked off with Uncle Sam's demands in aftermath of cyberattacks
<h4>Plan says to hand over keys to networks – and report intrusions within eight hours of discovery</h4> <p>Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident.…</p>
tag:theregister.com,2005:story232167
2024-02-07T20:31:16.00Z
2024-02-07T20:35:49.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Half of polled infosec pros say their degree was less than useful for real-world work
<h4>The other half paid attention in class?</h4> <p>Half of infosec professionals polled by Kaspersky said any cybersecurity knowledge they picked up from their higher education is at best somewhat useful for doing their day jobs. On the other hand, half said the know-how was at least very useful. We're a glass half-empty lot.…</p> <p><!--#include virtual='/data_centre/_whitepaper_textlinks_top.html' --></p>
tag:theregister.com,2005:story232138
2024-02-06T17:15:07.00Z
2024-02-06T17:15:07.00Z
Connor Jones
https://search.theregister.com/?author=Connor%20Jones
Chinese Coathanger malware hung out to dry by Dutch defense department
<h4>Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions</h4> <p>Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense (MoD), blaming Chinese state-sponsored attackers for the espionage-focused intrusion.…</p>
tag:theregister.com,2005:story232093
2024-02-02T21:12:20.00Z
2024-02-02T21:12:20.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Blackbaud settles with FTC after that IT breach exposed millions of people's info
<h4>Cloud software slinger admits no guilt, promises better basic security hygiene</h4> <p>Blackbaud, which had data on millions of people stolen from it by one or more crooks, has promised to shore up its IT defenses in a proposed deal with the FTC.…</p>
tag:theregister.com,2005:story232074
2024-02-02T01:12:46.00Z
2024-02-02T01:14:08.00Z
Thomas Claburn
https://search.theregister.com/?author=Thomas%20Claburn
Cloudflare sheds more light on Thanksgiving security breach in which tokens, source code accessed by suspected spies
<h4>Atlassian systen compromised via October Okta intrusion</h4> <p>Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October.…</p>
tag:theregister.com,2005:story232061
2024-02-01T18:45:08.00Z
2024-02-01T18:51:43.00Z
Lindsay Clark
https://search.theregister.com/?author=Lindsay%20Clark
Rise of deepfake threats means biometric security measures won't be enough
<h4>Defenses need a rethink in face of increasing sophistication</h4> <p>Cyber attacks using AI-generated deepfakes to bypass facial biometrics security will lead a third of organizations to doubt the adequacy of identity verification and authentication tools as standalone protections.…</p>
tag:theregister.com,2005:story231994
2024-01-29T20:52:28.00Z
2024-01-29T20:52:28.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
SolarWinds slams SEC lawsuit against it as 'unprecedented' victim blaming
<h4>18,000 customers, including the Pentagon and Microsoft, may have other thoughts</h4> <p>SolarWinds – whose network monitoring software was backdoored by Russian spies so that the biz's customers could be spied upon – has accused America's financial watchdog of seeking to "revictimise the victim" after the agency sued it over the 2020 attack.…</p> <p><!--#include virtual='/data_centre/_whitepaper_textlinks_top.html' --></p>
tag:theregister.com,2005:story231969
2024-01-27T00:32:44.00Z
2024-01-27T01:34:16.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Microsoft sheds some light on Russian email heist – and how to learn from Redmond's mistakes
<h4>Step one, actually turn on MFA</h4> <p>Microsoft, a week after disclosing that Kremlin-backed spies broke into its network and stole internal emails and files from its executives and staff, has now confirmed the compromised corporate account used in the genesis of the heist didn't even have multi-factor authentication (MFA) enabled. …</p>
tag:theregister.com,2005:story231940
2024-01-26T21:28:07.00Z
2024-01-26T21:58:39.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Wait, security courses aren't a requirement to graduate with a computer science degree?
<h4>And software makers seem to be OK with this, apparently</h4> <p><strong>Comment</strong> There's a line in the latest plea from CISA – the US government's cybersecurity agency – to software developers to do a better job of writing secure code that may make you spit out your coffee.…</p>
tag:theregister.com,2005:story231887
2024-01-24T11:02:25.00Z
2024-01-25T01:04:54.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
What Microsoft's latest email breach says about this IT security heavyweight
<h4>Senator Wyden tells The Reg this latest infosec lapse is 'inexcusable'</h4> <p><strong>Comment</strong> For most organizations – especially security vendors – disclosing a corporate email breach, in which executives' internal messages and attachments were stolen, would noticeably ding their stock prices.…</p>
tag:theregister.com,2005:story231797
2024-01-18T19:04:10.00Z
2024-01-19T21:51:43.00Z
Brandon Vigliarolo
https://search.theregister.com/?author=Brandon%20Vigliarolo
JPMorgan exec claims bank repels '45 billion' cyberattack attempts per day
<h4>Assets boss also reckons she has more engineers than Amazon</h4> <p><strong>Updated</strong> The largest bank in the United States repels 45 billion cyberattack attempts per day, one of its leaders claimed at the World Economic Forum in Davos. …</p>
tag:theregister.com,2005:story231745
2024-01-17T01:29:09.00Z
2024-01-17T01:29:09.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
FBI: Beware of thieves building Androxgh0st botnets using stolen creds
<h4>Infecting networks via years-old CVEs that should have been patched by now</h4> <p>Crooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).…</p> <p><!--#include virtual='/data_centre/_whitepaper_textlinks_top.html' --></p>
tag:theregister.com,2005:story231692
2024-01-13T02:20:15.00Z
2024-01-13T02:26:04.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in
<h4>Snoops had no fewer than five custom bits of malware to hand to backdoor networks</h4> <p>Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant's threat intel team.…</p>
tag:theregister.com,2005:story231522
2024-01-06T13:24:12.00Z
2024-01-08T19:06:56.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Ransomware payment ban: Wrong idea at the wrong time
<h4>Won't stop the chaos, may lead to attacks with more dire consequences</h4> <p><strong>Opinion</strong> A general ban on ransomware payments, as was floated by some this week, sounds like a good idea. Eliminate extortion as a source of criminal income, and the attacks are undoubtedly going to drop. …</p>
tag:theregister.com,2005:story231569
2024-01-05T21:54:33.00Z
2024-01-05T23:17:47.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
After injecting cancer hospital with ransomware, crims threaten to swat patients
<h4>Remember the good old days when ransomware crooks vowed not to infect medical centers?</h4> <p>Extortionists are now threatening to swat hospital patients — calling in bomb threats or other bogus reports to the police so heavily armed cops show up at victims' homes — if the medical centers don't pay the crooks' ransom demands.…</p>
tag:theregister.com,2005:story231545
2024-01-05T07:30:10.00Z
2024-01-05T07:30:10.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Sandworm's Kyivstar attack should serve as a reminder of the Kremlin crew's 'global reach'
<h4>'Almost everything' wiped in the telecom attack, says Ukraine's top cyber spy</h4> <p>Russia's Sandworm crew appear to have been responsible for knocking out mobile and internet services to about 24 million users in Ukraine last month with an attack on telco giant Kyivstar.…</p>
tag:theregister.com,2005:story231524
2024-01-04T10:15:11.00Z
2024-01-04T10:15:11.00Z
Laura Dobberstein
https://search.theregister.com/?author=Laura%20Dobberstein
Three Chinese balloons float near Taiwanese airbase
<h4>Also: Remember that balloon over the US last February? It might have used a US internet provider</h4> <p>Four Chinese balloons have reportedly floated over the Taiwan Strait, three of them crossing over the island's land mass and near its Ching-Chuan-Kang air base before disappearing, according to the Taiwan's defense ministry.…</p> <p><!--#include virtual='/data_centre/_whitepaper_textlinks_top.html' --></p>
tag:theregister.com,2005:story231246
2023-12-28T17:05:10.00Z
2024-01-02T10:04:00.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
A tale of 2 casino ransomware attacks: One paid out, one did not
<h4>What can be learned from MGM's and Caesars' infosec moves</h4> <p><strong>Feature</strong> The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains.…</p>
tag:theregister.com,2005:story230898
2023-11-22T10:58:11.00Z
2023-11-22T10:58:11.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure?
<h4>Katie Moussouris, who pioneered Redmond's program, says folks are focusing on the wrong thing</h4> <p><strong>Interview</strong> Microsoft's bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade – with $60 million awarded to bug hunters in the past five years alone, according to Redmond.…</p>
tag:theregister.com,2005:story230808
2023-11-17T15:01:14.00Z
2023-11-17T15:01:14.00Z
Connor Jones
https://search.theregister.com/?author=Connor%20Jones
SonicWall swallows Solutions Granted amid cybersecurity demand surge
<h4>CEO Bob VanKirk makes near-20-year partnership official, teases big things coming to EMEA</h4> <p>Channel-focused cybersecurity company SonicWall is buying Virginia-based MSSP Solutions Granted – its first acquisition in well over a decade.…</p>
tag:theregister.com,2005:story230809
2023-11-16T21:23:09.00Z
2023-11-17T01:59:56.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
How much to clean up a ransomware infection? For Rackspace, about $11M
<h4>And that's not counting the incoming lawsuits. Thank goodness for insurance, eh?</h4> <p>Rackspace's costs from last year's ransomware infection continue to mount. The cloud hosting biz has told America's financial watchdog, the SEC, its total expenses to date regarding that cyberattack have now reached about $11 million, though insurance has helped cover half of that.…</p>
tag:theregister.com,2005:story230790
2023-11-16T00:43:50.00Z
2023-11-21T18:36:31.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Clorox CISO flushes self after multimillion-dollar cyberattack
<h4>Plus: Ransomware crooks file SEC complaint against victim</h4> <p>The Clorox Company's chief security officer has left her job in the wake of a corporate network breach that cost the manufacturer hundreds of millions of dollars.…</p> <p><!--#include virtual='/data_centre/_whitepaper_textlinks_top.html' --></p>
tag:theregister.com,2005:story230734
2023-11-14T07:02:14.00Z
2023-11-14T07:02:14.00Z
Connor Jones
https://search.theregister.com/?author=Connor%20Jones
NCSC says cyber-readiness of UK’s critical infrastructure isn’t up to scratch
<h4>And the world's getting more and more dangerous</h4> <p>The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI).…</p>
tag:theregister.com,2005:story230087
2023-10-10T20:37:04.00Z
2023-10-10T20:40:26.00Z
Connor Jones
https://search.theregister.com/?author=Connor%20Jones
HTTP/2 'Rapid Reset' zero-day exploited in biggest DDoS deluge seen yet
<h4>Botnet storm drowned last record with 398 million requests per second</h4> <p>A zero-day vulnerability in the HTTP/2 protocol was exploited to launch the largest distributed denial-of-service (DDoS) attack on record, according to Cloudflare.…</p>
tag:theregister.com,2005:story229973
2023-10-04T19:03:00.00Z
2023-10-05T00:32:27.00Z
Connor Jones
https://search.theregister.com/?author=Connor%20Jones
Red Cross lays down hacktivism law as Ukraine war rages on
<h4>Rules apply to cyber vigilantes and their home nations, but experts cast doubt over potential benefits</h4> <p>New guidelines have been codified to govern the rules of engagement concerning hacktivists involved in ongoing cyber warfare.…</p>
tag:theregister.com,2005:story229879
2023-09-28T23:13:06.00Z
2023-09-28T23:28:43.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Chinese snoops stole 60K State Department emails in that Microsoft email heist
<h4>No classified systems involved apparently, but internal diplomatic notes, travel details, staff SSNs, etc</h4> <p>Chinese snoops stole about 60,000 State Department emails when they broke into Microsoft-hosted Outlook and Exchange Online accounts belonging to US government officials over the summer.…</p> <p><!--#include virtual='/data_centre/_whitepaper_textlinks_top.html' --></p>
tag:theregister.com,2005:story229397
2023-08-31T22:47:11.00Z
2023-09-01T09:47:53.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Good news for Key Group ransomware victims: Free decryptor out now
<h4>That's what we call a static shock</h4> <p>Even ransomware operators make mistakes, and in the case of ransomware gang the Key Group, a cryptographic error allowed a team of security researchers to develop and release a decryption tool to restore scrambled files.…</p>
tag:theregister.com,2005:story229374
2023-08-30T23:00:48.00Z
2023-08-30T23:00:48.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Barracuda gateway attacks: How Chinese snoops keep a grip on victims' networks
<h4>Backdoors detailed, plus CISA releases more IOCs for IT depts to check</h4> <p>Nearly a third of organizations compromised by Chinese cyberspies via a critical bug in some Barracuda Email Security Gateways were government units, according to Mandiant.…</p>
tag:theregister.com,2005:story229344
2023-08-29T21:37:13.00Z
2023-08-30T19:54:15.00Z
Thomas Claburn
https://search.theregister.com/?author=Thomas%20Claburn
University cuts itself off from internet after mystery security snafu
<h4>Halls of learning are stuck offline, but go Wolverines!</h4> <p><strong>Updated</strong> The University of Michigan has isolated itself from the internet but, hey, everything's fine!…</p>
tag:theregister.com,2005:story229310
2023-08-28T16:30:09.00Z
2023-08-28T16:30:09.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Malware loader lowdown: The big 3 responsible for 80% of attacks so far this year
<h4>Top of the list to trip sensors</h4> <p>Three malware loaders — QBot, SocGholish, and Raspberry Robin — are responsible for 80 percent of observed attacks on computers and networks so far this year.…</p>
tag:theregister.com,2005:story228953
2023-08-03T21:24:10.00Z
2023-08-03T21:24:10.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Russia's Cozy Bear is back and hitting Microsoft Teams to phish top targets
<h4>Plus: Tenable CEO blasts Redmond's bug disclosure habits</h4> <p>An infamous Kremlin-backed gang has been using Microsoft Teams chats in attempts to phish marks in governments, NGOs, and IT businesses, according to the Windows giant.…</p> <p><!--#include virtual='/data_centre/_whitepaper_textlinks_top.html' --></p>
tag:theregister.com,2005:story228861
2023-07-31T08:30:13.00Z
2023-07-31T08:30:13.00Z
Rupert Goodwins
https://search.theregister.com/?author=Rupert%20Goodwins
What would sustainable security even look like?
<h4>Clue: Nothing like what’s on offer today</h4> <p><strong>Opinion</strong> "There seems to be something wrong with our bloody ships today," fumed Admiral David Beatty during 1916's Battle of Jutland. Fair enough: three of the Royal Navy's finest vessels had just blown up and sank.…</p>
tag:theregister.com,2005:story228874
2023-07-29T00:59:05.00Z
2023-07-30T16:47:50.00Z
Thomas Claburn
https://search.theregister.com/?author=Thomas%20Claburn
Florida man accused of hoarding America's secrets faces fresh charges
<h4>Mar-a-Lago IT director told 'the boss wanted the server deleted'</h4> <p>Federal prosecutors have expanded their criminal case against a famous Floridian and his loyal minions for allegedly mishandling national security secrets and not being forthright about the storage and handling of hundreds of classified documents.…</p>
tag:theregister.com,2005:story228872
2023-07-29T00:09:38.00Z
2023-07-29T00:09:38.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Millions of people's data stolen because web devs forget to check access perms
<h4>IDORs of the storm</h4> <p>Personal, financial, and health information belonging to millions of folks has been stolen via a particular class of website vulnerability, say cybersecurity agencies in the US and Australia. They're urging developers to review their code and squish these bugs for good.…</p>
tag:theregister.com,2005:story228834
2023-07-26T23:48:51.00Z
2023-07-26T23:48:51.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
Crooks pwned your servers? You've got four days to tell us, SEC tells public companies
<h4>Cripes, they actually sound serious</h4> <p>Public companies that suffer a computer crime likely to cause a "material" hit to an investor will soon face a four-day time limit to disclose the incident, according to rules approved today by the US Securities and Exchange Commission.…</p>
tag:theregister.com,2005:story228790
2023-07-24T20:41:28.00Z
2023-08-01T20:19:21.00Z
Jessica Lyons
https://search.theregister.com/?author=Jessica%20Lyons
AMD Zenbleed chip bug leaks secrets fast and easy
<h4>Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can</h4> <p>AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system.…</p> <p><!--#include virtual='/data_centre/_whitepaper_textlinks_top.html' --></p>