The Register - Anti-Virus

Yank access to management interface, stat

A critical zero-day vulnerability in Palo Alto Networks' firewall management interface that can allow an unauthenticated attacker to remotely execute code is now officially under active exploitation.…

Names and social security numbers of folks looking for the biggest loan of their lives exposed

A major US mortgage lender has told customers looking to make the biggest financial transaction of their lives that an intruder broke into its systems and saw data belonging to 171,000 of them.…

Discover unified strategies to secure and manage all endpoints across your organization

Webinar  As organizations expand their digital footprint, the range of endpoints - spanning from laptops to IoT devices - continues to grow.…

A nervous wait for rapper wife who also faces a stint in the clink

The US is sending the main figure behind the 2016 intrusion at crypto exchange Bitfinex to prison for five years after he stole close to 120,000 Bitcoin.…

NHS supplier that leaked employee info fell victim to fiddly access controls that can leave databases dangling online

Private businesses and public-sector organizations are unwittingly exposing millions of people's sensitive information to the public internet because they misconfigure Microsoft’s Power Pages website creation program.…

Plus a bonus hard-coded local API key

A now-patched, high-severity bug in Fortinet's FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher privileges from another user, execute code and possibly take over the box, and delete log files.…

Serial extortionist of medical facilities stooped to cavernous lows in search of small payouts

A rampant cybercrook and repeat attacker of medical facilities in the US is being sentenced to a decade in prison, around seven years after the first of his many crimes.…

Full details exposed, putting shoppers at serious risk of fraud

Updated  Children's shoemaker Start-Rite is dealing with a nasty "security incident" involving customer payment card details, its second significant lapse during the past eight years.…

From guidance to firm action... no more WhatsApp, Meta's Messenger, Signal, Telegram and more

The full list of messaging apps officially blocked by Brit banking and insurance giant NatWest Group is more extensive than WhatsApp, Meta's Messenger, and Skype – as first reported.…

British grocer's workers called back to office as clock ticks for contractors

The head of tech security at Asda, the UK's third-largest food retailer, has left amid an ongoing tech divorce from US grocery giant Walmart.…

Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns

The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued a list of the 15 most exploited vulnerabilities in 2023, and warned that attacks on zero-day exploits have become more common.…

Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds

Updated  The US government has confirmed there was "a broad and significant cyber espionage campaign" conducted by China-linked snoops against "multiple" American telecommunications providers' networks.…

Plus: CISA's ScubaGear dives deep to fix M365 misconfigs

Bitdefender has released a free decryption tool that can unlock data encrypted by the ShrinkLocker ransomware.…

We call this lead degeneration

What's claimed to be more than 183 million records of people's contact details and employment info has been stolen or otherwise obtained from a data broker and put up for sale by a miscreant.…

American Associated Pharmacies yet to officially confirm infection

American Associated Pharmacies (AAP) is the latest US healthcare organization to have had its data stolen and encrypted by cyber-crooks, it is feared.…

Sore about cores no more

Microsoft has resolved two issues vexing Windows 11 24H2 and Windows Server 2025 users among the many security updates that emerged on Patch Tuesday.…

Don't be a turkey – get these fixed

Patch Tuesday  Patch Tuesday has swung around again, and Microsoft has released fixes for 89 CVE-listed security flaws in its products – including two under active attack – and reissued three more.…

Ohm, for flux sake

China's Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.…

22-year-old talked of 'culling the weak minded' – hmm!

A former Air National Guard member who stole classified American military secrets, and showed them to his gaming buddies on Discord, has been sentenced to 15 years in prison.…

A Canadian and an American living in Turkey 'walk into' cloud storage environments…

Two men allegedly compromised what's believed to be multiple organizations' Snowflake-hosted cloud environments, stole sensitive data within, and extorted at least $2.5 million from at least three victims.…