The Register - Anti-Virus

Multiple critical flaws found and they won't be fixed

A boffin from British defence contractor BAE has found three critical flaws in Cisco's Small Business SPA300 and SPA500 IP phones – and another couple of nasties – none of which will be fixed or mitigated.…

Airline unimpressed with 'unhelpful and untimely' phone call from CEO, Falcon maker says claims untrue

Delta Air Lines has come out swinging at CrowdStrike in a letter accusing the security giant of trying to "shift the blame" for the IT meltdown caused by its software – and that CrowdStrike CEO George Kurtz's offer of support was too little, too late.…

American and Brit firms thought they were employing a Westerner, but not so, it's alleged

The FBI today arrested a Tennessee man suspected of running a "laptop farm" that got North Koreans, posing as Westerners, IT jobs at American and British companies.…

Hundreds of thousands of users potentially vulnerable

Password manager 1Password is warning that all Mac users running versions before 8.10.36 are vulnerable to a bug that allows attackers to steal vault items.…

Election tech is fine – it's all those idiots buying into the propaganda that's worrying Jen Easterly

Black Hat  US Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly and her counterparts from the UK and EU want the world to know that, when it comes to securing elections, they've never been more prepared.…

Just snapping the webcam shutter closed won't keep a user safe online

New research shows that while many Brits will snap shut a laptop camera in the name of privacy, a worrying amount will just as happily shovel all manner of personal information into an online game in order to get a result they can share with their friends.…

Sectigo bosses claim it's only a matter of time before Microsoft and Apple drop Big E from their root stores too

After falling down in the estimations of major browser makers Google and Mozilla, Entrust faces a lengthy fight on its hands to regain industry trust and once more issue trusted TLS certificates.…

Why run your own evil infrastructure when Big Tech offers robust tools hosted at trusted URLs?

Black Hat  State-sponsored cyber spies and criminals are increasingly using legitimate cloud services to attack their victims, according to Symantec's threat hunters who have spotted three such operations over recent months, plus new data theft and other malware tools in development by these goons.…

Good luck, crackers: It's an isolated processor and storage enclave, and top dollar only comes from a remote attack

Samsung has dangled its first $1 million bug bounty for anyone who successfully compromises Knox Vault – the isolated subsystem the Korean giant bakes into its smartphones to store info like credentials and run authentication routines.…

Let's get physical, physical ... I don't wanna hear your MMU talk

Black Hat  Computer security researchers at the CISPA Helmholtz Center for Information Security in Germany have found serious security flaws in some of Alibaba subsidiary T-Head Semiconductor's RISC-V processors.…

Palo Alto Networks reveals how AI can be harnessed to strengthen cyber security defenses David Gordon

Sponsored Post  Hackers and cyber criminals are busy finding new ways of using AI to launch attacks on businesses and organizations often unprepared to deal with the speed, scale and sophistication of the assaults directed against them.…

A simple HTML change and the warning is gone!

Researchers say cybercriminals can have fun bypassing one of Microsoft's anti-phishing measures in Outlook with some simple CSS tweaks.…

Timor-Leste is a known cybercrime hotspot

Two days is all it took for Interpol to recover more than $40 million worth of stolen funds in a recent business email compromise (BEC) heist, the international cop shop said this week.…

Went at equivalent of $3.5B+ valuation for entire firm, though portion sold not specified

Acronis, the Swiss disaster recovery turned cybersecurity firm and catch-all for managed service providers, has been majority acquired by Europe’s largest private equity firm, EQT.…

Nearly 83,000 people had their data stolen amid chaos that struck NHS healthcare

The UK's data protection watchdog says it plans to fine a managed software provider to the NHS £6.09 million ($7.7 million) for failings that led to a 2022 ransomware attack.…

Fake Angry IP Scanner will make you furious - or maybe remind you of how the Hive gang went about its banal business

The latest malware from upstart criminal gang Hunters International appears to be targeting network admins, using malicious code disguised as the popular networking tool Angry IP Scanner.…

Trying to cancel a citizen's registration would be caught by humans no matter what the page said, officials say

The US state of Georgia has a website for cancelling voter registration, and it's had a bumpy start.…

SatNad himself offered CrowdStrike recovery help, Redmond says, before suggesting airline's IT is in a mess

Microsoft has labelled Delta Air Lines' accusations it's partly to blame for the outages caused by CrowdStrike’s buggy software "false" and "misleading" – and insulted the state of the carrier’s IT infrastructure.…

And reveals more and more about small mistake that bricked 8.5M Windows boxes

CrowdStrike has hired two outside security firms to review its threat-detection suite Falcon that sparked a global IT outage last month – though it may not have an awful lot to find, because CrowdStrike has identified the simple mistake that caused the meltdown.…

And Qualcomm addresses 'permanent denial of service' flaw in its stuff

Google released 46 fixes for Android in its August security patch batch, including one for a Linux kernel flaw in the mobile OS that can lead to remote code execution (RCE).…