Viry a Červi

And boy, did last Friday's Windows fiasco ever prove that yet again

Opinion  CrowdStrike's recent Windows debacle will surely earn a prominent place in the annals of epic tech failures. On July 19, the cybersecurity giant accomplished what legions of hackers could only dream of – bringing millions of Windows systems worldwide to their knees with a single botched update.…

These are the kinds of bugs APTs thrive on, just ask the Feds

Progress Software's latest security advisory warns customers about the second critical vulnerability targeting its Telerik Report Server in as many months.…

Microsoft, Mandiant, weigh in with info about methods used by Andariel gang alleged to have made many, many, heists

The US Department of Justice on Thursday charged a North Korean national over a series of ransomware attacks on stateside hospitals and healthcare providers, US defense companies, NASA, and even a Chinese target.…

May even have targeted other malware gangs, and infosec researchers

Infosec researchers have discovered a network of over three thousand malicious GitHub accounts used to spread malware, targeting groups including gamers, malware researchers, and even other threat actors who themselves seek to spread malware.…

We offer this formula instead: RND(100.0)*(10^9)

The cost of CrowdStrike's apocalyptic Falcon update that brought down millions of Windows computers last week may be in the billions of dollars, and insurance isn't covering most of that.…

PSA: Only accept updates via official channels ... ironically enough

CrowdStrike is the latest lure being used to trick Windows users into downloading and running the notorious Lumma infostealing malware, according to the security shop's threat intel team, which spotted the scam just days after the Falcon sensor update fiasco.…

And the forking Microsoft-owned code warehouse doesn't see this as much of a problem

Researchers at Truffle Security have found, or arguably rediscovered, that data from deleted GitHub repositories (public or private) and from deleted copies (forks) of repositories isn't necessarily deleted.…

Beijing has a long history of recruiting US residents to carry out various espionage activities

The US is looking to prosecute a Chinese immigrant over claims he has been drip-feeding information of interest to Beijing since at least 2012.…

For some unknown reason, initial patch was omitted from later versions

Docker is warning users to rev their Docker Engine into patch mode after it realized a near-maximum severity vulnerability had been sticking around for five years.…

Those national security threat claims? 'No evidence,' VP tells The Reg

Exclusive  Despite the Feds' determination to ban Kaspersky's security software in the US, the Russian business continues to push its proposal to open up its data and products to independent third-party review – and prove to Uncle Sam that its code hasn't been and won't be compromised by Kremlin spies.…

Are your security and ops teams fighting to pass the buck?

Comment  Patching: The bane of every IT professional's existence. It's a thankless, laborious job that no one wants to do, goes unappreciated when it interrupts work, and yet it's more critical than ever in this modern threat landscape.…

This one weird trick saved countless hours and stress – no, really

Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards.…

'In the short term, they're going to have to do a lot of groveling'

Analysis  The great irony of the CrowdStrike fiasco is that a cybersecurity company caused the exact sort of massive global outage it was supposed to prevent. And it all started with an effort to make life more difficult for criminals and their malware, with an update to its endpoint detection and response tool Falcon.…

Yes, you can be fingerprinted and tracked via Privacy Sandbox – tho the risk isn't as high as feared

Apple last week celebrated a slew of privacy changes coming to its Safari browser and took the time to bash rival Google for its Topics system that serves online ads based on your Chrome history.…

Concerns abound over why it has taken so long to recover compared to competitors

The US Department of Transportation (DoT) is investigating Delta Air Lines over its handling of the global IT outage caused by CrowdStrike's content update.…

Not now, Microsoft

Some Windows devices are presenting users with a BitLocker recovery screen upon reboot following the installation of July's Patch Tuesday update.…

With numerous US government agency customers, any leak could be serious

Updated  Internal documents stolen from Leidos Holdings, an IT services provider contracted with the Department of Defense and other US government agencies, have been leaked on the dark web.…

Watchdog reprimand follows similar cases in 2021

The UK's data protection watchdog has reprimanded a school in Essex for using facial recognition for canteen payments, nearly three years after other schools were warned about doing the same.…

Web puzzles don't protect against bots, but humans have spent 819 million unpaid hours solving them

Updated  Google promotes its reCAPTCHA service as a security mechanism for websites, but researchers affiliated with the University of California, Irvine, argue it's harvesting information while extracting human labor worth billions.…

Something called 'Content Validator' did not validate the content, and the rest is history

CrowdStrike has blamed a bug in its own test software for the mass-crash-event it caused last week.…