January 2025

Raspberry Pi hands out prizes to all in the RP2350 Hacking Challenge

Power-induced glitches, lasers, and electromagnetic fields are all tools of the trade Raspberry Pi has given out prizes for extracting a secret value from the one-time-programmable (OTP) memory of the Raspberry Pi RP2350 microcontroller – awarding a pile of cash to all four entrants.…

Infoseccer: Private security biz let guard down, exposed 120K+ files

Assist Security’s client list includes fashion icons, critical infrastructure orgs A London-based private security company allegedly left more than 120,000 files available online via an unsecured server, an infoseccer told The Register.…

GoDaddy slapped with wet lettuce for years of lax security and ‘several major breaches’

Watchdog alleged it had no SIEM or MFA, orders rapid adoption of basic infosec tools GoDaddy has failed to protect its web-hosting platform with even basic infosec tools and practices since 2018, according to the FTC, but the internet giant won’t face any immediate consequences for its many…

Windows Patch Tuesday hits snag with Citrix software, workarounds published

Microsoft starts 2025 as it hopefully doesn't mean to go on Devices that have Citrix's Session Recording software installed are having problems completing this month's Microsoft Patch Tuesday update, which includes important fixes.…

Crypto klepto North Korea stole $659M over just 5 heists last year

US, Japan, South Korea vow to intensify counter efforts North Korean blockchain bandits stole more than half a billion dollars in cryptocurrency in 2024 alone, the US, Japan, and South Korea say.…

Microsoft fixes under-attack privilege-escalation holes in Hyper-V

Plus: Excel hell, angst for Adobe fans, and life's too Snort for Cisco Patch Tuesday  The first Patch Tuesday of 2025 has seen Microsoft address three under-attack privilege-escalation flaws in its Hyper-V hypervisor, plus plenty more problems that deserve your attention.…

FBI wipes Chinese PlugX malware from thousands of Windows PCs in America

Hey, Xi: Zài jiàn! The FBI, working with French cops, obtained nine warrants to remotely wipe PlugX malware from thousands of Windows-based computers that had been infected by Chinese government-backed criminals, according to newly unsealed court documents.…

Snyk appears to deploy ‘malicious’ packages targeting Cursor for unknown reason

Packages removed, vendor said to have apologized to AI code editor as onlookers say it could have been a test Updated  Developer security company Snyk is at the center of allegations concerning the possible targeting or testing of Cursor, an AI code editor company, using "malicious" packages uploaded…

Azure and M365 MFA outage locks out users across regions

It's sorted out (mostly), but European users had a manic Monday Microsoft's multi-factor authentication (MFA) for Azure and Microsoft 365 (M365) was offline for four hours during Monday's busy start for European subscribers.…

NATO’s newest member comes out swinging following latest Baltic Sea cable attack

'Sweden has changed,' PM warns as trio of warships join defense efforts Sweden has committed to sending naval forces into the Baltic Sea following yet another suspected Russian attack on underwater cables in the region.…

Copyright © 2024 Lugapel