Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks IOCONTROL targets IoT and OT devices from a ton of makers, apparently Research13 Dec 2024 |
Citrix goes shopping in Europe and returns with gifts for security-conscious customers Acquires two companies that help those on the nice list keep naughty list types at bay Virtualization12 Dec 2024 |
Blocking Chinese spies from intercepting calls? There ought to be a law Sen. Wyden blasts FCC's 'failure' amid Salt Typhoon hacks Security11 Dec 2024 | 17
Krispy Kreme Doughnut Corporation admits to hole in security Belly-busting biz says it's been hit by cowardly custards Security11 Dec 2024 | 32
US names Chinese national it alleges was behind 2020 attack on Sophos firewalls Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware Cyber-crime11 Dec 2024 | 4
AMD secure VM tech undone by DRAM meddling Boffins devise BadRAM attack to pilfer secrets from SEV-SNP encrypted memory Systems10 Dec 2024 | 9
Open source maintainers are drowning in junk bug reports written by AI Python security developer-in-residence decries use of bots that 'cannot understand code' Devops10 Dec 2024 | 88
WhatsApp finally fixes View Once flaw that allowed theft of supposedly vanishing pics And it only took four months, tut Security10 Dec 2024 | 22
China's Salt Typhoon recorded top American officials' calls, says White House No word yet on who was snooped on. Any bets? CSO09 Dec 2024 | 23
Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket Exclusive ShinyHunters-linked heist thought to have been ongoing since March Research09 Dec 2024 | 9
Microsoft dangles $10K for hackers to hijack LLM email service Outsmart an AI, win a little Christmas cash CSO09 Dec 2024 | 12
How Chinese insiders are stealing data scooped up by President Xi's national surveillance system Feature 'It's a double-edged sword,' security researchers tell The Reg Public Sector08 Dec 2024 | 52
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+ Updated Microsoft's OS sure loves throwing your creds at remote systems Patches06 Dec 2024 | 13
Facing sale or ban, TikTok tossed under national security bus by appeals court Video slinger looks to Supremes for salvation, though anything could happen under Trump Personal Tech06 Dec 2024 | 43
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files updated Still unpatched 100+ days later, watchTowr says Cyber-crime06 Dec 2024 | 4
Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' Redmond threat intel maven talks explains this persistent pain to The Reg Security06 Dec 2024 | 16
T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career' Interview Security chief talks to El Reg as Feds urge everyone to use encrypted chat CSO05 Dec 2024 | 54
Major energy contractor reports 'limited' access to IT after ransomware locks files ENGlobal customers include the Pentagon as well as major oil and gas producers Security03 Dec 2024 | 11
Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online Yet another result of the MOVEit mess Cyber-crime03 Dec 2024 | 3
AWS unveils cloud security IR service for a mere $7K a month Re:Invent Tap into the infinite scalability... of pricing Security03 Dec 2024 | 5
Telco security is a dumpster fire and everyone's getting burned Opinion The politics of cybersecurity are too important to be left to the politicians Security02 Dec 2024 | 63
The only thing worse than being fired is scammers fooling you into thinking you're fired Scumbags play on victims' worst fears in phishing campaign referencing UK Employment Tribunal Cyber-crime28 Nov 2024 | 50
Salt Typhoon's surge extends far beyond US telcos Plus, a brand-new backdoor, GhostSpider, is linked to the cyber spy crew's operations Security27 Nov 2024 | 7
T-Mobile US takes a victory lap after stopping cyberattacks: 'Other providers may be seeing different outcomes' Funny what putting more effort and resources into IT security can do CSO27 Nov 2024 | 9
Data broker leaves 600K+ sensitive files exposed online Exclusive Researcher spotted open database before criminals … we hope Research27 Nov 2024 | 22
The workplace has become a surveillance state Cracked Labs report explores the use of motion sensors and wireless networking kit to monitor offices CxO27 Nov 2024 | 70
CrowdStrike still doesn't know how much its Falcon flame-out will cost Thinks customers may have forgiven it after revenue hits a record Security27 Nov 2024 | 19
US senators propose law to require bare minimum security standards In case anyone forgot about Change Healthcare Security26 Nov 2024 | 15
Britain Putin up stronger AI defences to counter growing cyber threats 'Be in no doubt: the UK and others in this room are watching Russia' Security26 Nov 2024 | 26
Supply chain management vendor Blue Yonder succumbs to ransomware And it looks like major UK retailers that rely on it are feeling the pinch Cyber-crime26 Nov 2024 | 9
Security? We've heard of it: How Microsoft plans to better defend Windows Ignite Did we say CrowdStrike? We meant, er, The July Incident... CSO25 Nov 2024 | 27
China has utterly pwned 'thousands and thousands' of devices at US telcos Senate Intelligence Committee chair says his 'hair is on fire' as execs front the White House Cyber-crime25 Nov 2024 | 51
Volunteer DEF CON hackers dive into America's leaky water infrastructure Six sites targeted for security clean-up, just 49,994 to go Security24 Nov 2024 | 13
We can clone you wholesale: Boffins build ML agents that respond like specific people Oh, AI wanna be like you, AI wanna walk like you, talk like you, too AI + ML24 Nov 2024 | 49
Trump taps border hawk to head DHS. Will Noem's 'enthusiasm' extend to digital domain? Analysis Meanwhile, CISA chief Jen Easterly will step down prior to inauguration Public Sector23 Nov 2024 | 51
Andrew Tate's site ransacked, subscriber data stolen He'll just have to take this one on the chin Cyber-crime22 Nov 2024 | 106
1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole Updated PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more CSO22 Nov 2024 | 22
Here's what happens if you don't layer network security – or remove unused web shells TL;DR: Attackers will break in and pwn you, as a US government red team demonstrated Security22 Nov 2024 | 4
DARPA-backed voting system for soldiers abroad savaged VotingWorks, developer of the system, disputes critics' claims Security21 Nov 2024 | 5
Five Scattered Spider suspects indicted for phishing spree and crypto heists DoJ also shutters allleged crimeware and credit card mart PopeyeTools Cyber-crime21 Nov 2024 | 3
Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator Meet Liminal Panda, which prowls telecom networks in South Asia and Africa CSO20 Nov 2024 | 32
Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed OSS-Fuzz is making a strong argument for LLMs in security research AI + ML20 Nov 2024 | 9
Data is the new uranium – incredibly powerful and amazingly dangerous Column CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value CSO20 Nov 2024 | 46
Healthcare org Equinox notifies 21K patients and staff of data theft Ransomware scum LockBit claims it did the dirty deed Cyber-crime20 Nov 2024 | 1
China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer No word on when or if the issue will be fixed Security19 Nov 2024 | 2
Russian suspected Phobos ransomware admin extradited to US over $16M extortion This malware is FREE for EVERY crook ($300 decryption keys sold separately) Cyber-crime19 Nov 2024 | 5
Microsoft unleashes autonomous Copilot AI agents in public preview Ignite They can learn, adapt, and make decisions – but don't worry, they're not coming for your job PaaS + IaaS19 Nov 2024 | 9
iOS 18 added secret and smart security feature that reboots iThings after three days Security researcher's reverse engineering effort reveals undocumented reboot timer that will make life harder for attackers Security19 Nov 2024 | 43
Citrix gives its Platform a polish with enhanced management tools Admins promised they can get stuff done with fewer clicks this year … or maybe next Software19 Nov 2024 | 5
Ford 'actively investigating' after employee data allegedly parked on leak site Updated Plus: Maxar Space Systems confirms employee info stolen in digital intrusion Security18 Nov 2024 | 3
Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble If you didn't fix this a month ago, your to-do list probably needs a reshuffle Virtualization18 Nov 2024 | 4
T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears updated Un-carrier said to be among those hit by Salt Typhoon, including AT&T, Verizon Networks18 Nov 2024 | 2
Will passkeys ever replace passwords? Can they? Systems Approach Here's why they really should Security17 Nov 2024 | 125
Rust haters, unite! Fil-C aims to Make C Great Again It's memory-safe, with a few caveats Software16 Nov 2024 | 104
Letting chatbots run robots ends as badly as you'd expect LLM-controlled droids easily jailbroken to perform mayhem, researchers warn AI + ML16 Nov 2024 | 44
Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit Yank access to management interface, stat CSO15 Nov 2024 | 28
Microsoft Power Pages misconfigurations exposing sensitive data NHS supplier that leaked employee info fell victim to fiddly access controls that can leave databases dangling online Security15 Nov 2024 | 6
Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost Plus a bonus hard-coded local API key Patches14 Nov 2024 |
Five Eyes infosec agencies list 2023's most exploited software flaws Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns CSO14 Nov 2024 | 28
Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' Updated Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds Research14 Nov 2024 | 5
ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue Plus: CISA's ScubaGear dives deep to fix M365 misconfigs CSO14 Nov 2024 | 3
Here's how a Trump presidency could change the tech industry Kettle Anything could happen in the next half ... decade Public Sector13 Nov 2024 | 123