Cybersecurity

Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after patch released

Multiple publicly available exploits have since been published for the critical flaw The number of public-facing installs of Jenkins servers vulnerable to a recently disclosed critical vulnerability is in the tens of thousands.…

Reg story prompts fresh security bulletin, review of Juniper Networks’ CVE process

Vendor gets tangled in its own web of undisclosed vulnerabilities Juniper Networks has disclosed separate vulnerabilities it was previously accused of concealing, and apologized to customers for the error in communication.…

UK biometrics boss bows out, bemoaning bureaucratic blunders

Questionable institutional change and myriad IT issues pervade the governance landscape The farewell report written by the UK's biometrics and surveillance commissioner highlights a litany of failings in the Home Office's approach to governing the technology.…

SolarWinds slams SEC lawsuit against it as ‘unprecedented’ victim blaming

18,000 customers, including the Pentagon and Microsoft, may have other thoughts SolarWinds – whose network monitoring software was backdoored by Russian spies so that the biz's customers could be spied upon – has accused America's financial watchdog of seeking to "revictimise the victim" after the agency sued it…

Tesla hacks make big bank at Pwn2Own’s first automotive-focused event

ALSO: SEC admits to X account negligence; New macOS malware family appears; and some critical vulns Infosec in brief  Trend Micro's Zero Day Initiative (ZDI) held its first-ever automotive-focused Pwn2Own event in Tokyo last week, and awarded over $1.3 million to the discoverers of 49 vehicle-related zero day…

750 million Indian mobile subscribers’ info for sale on dark web

ALSO: Samsung turns to Baidu for Galaxy AI in China; Terraform Labs files for bankruptcy; India's supercomputing ambitions Asia In Brief  Indian infosec firm CloudSEK last week claimed it found records describing 750 million Indian mobile network subscribers on the dark web, with two crime gangs offering the…

Microsoft sheds some light on Russian email heist – and how to learn from Redmond’s mistakes

Step one, actually turn on MFA Microsoft, a week after disclosing that Kremlin-backed spies broke into its network and stole internal emails and files from its executives and staff, has now confirmed the compromised corporate account used in the genesis of the heist didn't even have multi-factor authentication…

Wait, security courses aren’t a requirement to graduate with a computer science degree?

And software makers seem to be OK with this, apparently Comment  There's a line in the latest plea from CISA – the US government's cybersecurity agency – to software developers to do a better job of writing secure code that may make you spit out your coffee.…

Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months

Breach filings show Reddit post led to the discovery rather than any sophisticated cyber defenses Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking…

Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist

Cosmetics brand goes from Jackson Pollocking your bathwater to cleaning up serious a digital mess The Akira ransomware gang is claiming responsiblity for the "cybersecurity incident" at British bath bomb merchant.…

Copyright © 2024 Lugapel