The Register

1. Polish train maker denies claims its software bricked rolling stock maintained by competitor

   Says it was probably hacked, which isn't good news either

   A trio of Polish security researchers claim to have found that trains built by Newag SA contain software that sabotages them if the hardware is serviced by competitors.…

2. Five Eyes nations warn Moscow's mates at the Star Blizzard gang have new phishing targets

   The Russians are coming! Err, they've already infiltrated UK, US inboxes

   Russia-backed attackers have named new targets for their ongoing phishing campaigns, with defense-industrial firms and energy facilities now in their sights, according to agencies of the Five Eyes alliance.…

3. Attacks abuse Microsoft DHCP to spoof DNS records and steal secrets

   Akamai says it reported the flaws to Microsoft. Redmond shrugged

   A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers.…

4. US and EU infosec authorities pen intel-sharing pact

   As Cyber Solidarity Act edges closer to full adoption in Europe

   The US Cybersecurity and Infrastructure Security Agency (CISA) has signed a working arrangement with its EU counterparts to increase cross-border information sharing and more to tackle criminals.…

5. Belgian man charged with smuggling sanctioned military tech to Russia and China

   Indictments allege plot to shift FPGAs, accelerometers, and spycams

   A Belgian man has been arrested and charged for his role in a years-long smuggling scheme to export military-grade electronics from the US to Russia and China.…

6. Australia building 'top secret' cloud to catch up and link with US, UK intel orgs

   Plans to share 'vast amounts of data' – very carefully

   Australia is building a top-secret cloud to host intelligence data and share it with the US and UK, which have their own clouds built for the same purpose.…

7. Apple and some Linux distros are open to Bluetooth attack

   Issue has been around since at least 2012

   A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe.…

8. A year on, CISA realizes debunked vuln actually a dud and removes it from must-patch list

   Apparently no one thought to check if this D-Link router 'issue' was actually exploitable

   A security vulnerability previously added to CISA's Known Exploited Vulnerability catalog (KEV), which was recognized by CVE Numbering Authorities (CNA), and included in reputable threat reports is now being formally rejected by infosec organizations.…

9. Shielding the data that drives AI

   Why we need the confidence to deploy secure, compliant AI-powered applications and workloads

   Sponsored Feature  Every organisation must prioritise the protection of mission critical data, applications and workloads or risk disaster in the face of an ever-widening threat landscape.…

10. Atlassian security advisory reveals four fresh critical flaws – in mail with dead links

    Bitbucket, Confluence and Jira all in danger, again. Sigh

    Atlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own – the links it contained weren't live for all readers at the time of despatch.…