January 2025

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation 2025-01-14 at 19:21 By Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as “root” to bypass the operating system’s System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. […]

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains 2025-01-14 at 19:21 By New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. “Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s

Oracle open source overlord calls it quits, leaves with big ol’ pile of shares 2025-01-14 at 18:49 By Lindsay Clark 38-year veteran Edward Screven led technology and architecture decisions since Sun merger One of Oracle’s longest-serving senior team members, chief corporate architect Edward Screven, has announced plans to retire on a comfortable sum.… This article

Microsoft and OEMs cut prices of CoPilot+ PCs in Europe during Q4, analyst stats confirm 2025-01-14 at 18:05 By Dan Robinson Double digit reduction only served to ‘stimulate some interest’ Microsoft and its close circle of OEMs slashed the price of Copilot+ PCs being sold into Europe in Q4, an analyst confirmed to The Register,

Brit watchdog probes Google’s search and ad empire 2025-01-14 at 17:33 By Richard Speed Third front opened amid continued scrutiny from US and European regulators The UK’s Competition and Markets Authority (CMA) is the latest regulator investigating Google’s position in the search and search advertising business.… This article is an excerpt from The Register View

Report: Software security awareness training is at an all-time low 2025-01-14 at 17:08 By A recent report discovered only 51.2% of organizations are offering basic software security awareness training. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

Intel and AMD engineers rush to save Linux 6.13 after dodgy Microsoft tweak 2025-01-14 at 16:16 By Richard Speed ‘Let’s not do this again please’… days before release date Intel and AMD engineers have stepped in at the eleventh to deal with a code contribution from a Microsoft developer that could have broken Linux 6.13

Snyk appears to deploy ‘malicious’ packages targeting Cursor for unknown reason 2025-01-14 at 15:34 By Connor Jones Packages removed, vendor said to have apologized to AI code editor as onlookers say it could have been a test Developer security company Snyk is at the center of allegations concerning the possible targeting or testing of Cursor,

Tim cooking up the dough as his Apple pay rises 18% to $74.6M 2025-01-14 at 15:04 By Paul Kunert He could buy 49,766 and a half MacBook Pros with that Apple supremo Tim Cook bagged an 18 percent pay rise in 2024, taking his total compensation to $74.6 million, according to a regulatory filing.… This

Absolute Linux has reached the end – where to next? 2025-01-14 at 13:52 By Liam Proven Linux distros that don’t exist, but we wish did Analysis  In an overcrowded field full of distributions, there are still many empty gaps. The Register would like to point in the direction of a few.… This article is an

UK floats ransomware payout ban for public sector 2025-01-14 at 13:20 By Connor Jones Stronger proposals may also see private sector applying for a payment ‘license’ A total ban on ransomware payments across the public sector might actually happen after the UK government opened a consultation on how to combat the trend of criminals locking

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored 2025-01-14 at 13:03 By What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can

Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions 2025-01-14 at 11:46 By The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit marketplace to have ever operated. The figures, released by

Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces 2025-01-14 at 11:46 By Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. “The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL