Security
Apple preps fix for Safari's web-history-leaking IndexedDB privacy bug
Disclosure of WebKit flaw appears to have prodded iBiz to undertake repairs
21 Jan 22:56 | 7
Security
Security
Arm rages against the insecure chip machine with new Morello architecture
Prototypes now available for testing
21 Jan 18:21 | 27
On Call
Why should I pay for that security option? Hijacking only happens to planes
But if I give him my bank details, I'll be rich!
21 Jan 08:30 | 51
Security
UK, Australia, to build 'network of liberty that will deter cyber attacks before they happen'
Enhanced 'Cyber and Critical Technology Partnership' will transport crime to harsh penal regime on the other side of the world
21 Jan 08:02 | 49
Security
Japan's Supreme Court rules cryptojacking scripts are not malware
Coinhive-slinger wins on appeal
21 Jan 06:58 | 14
Security
Russia's Putin out the idea of a broad cryptocurrency ban
Central bank worries that block-bucks reduce government control and are used by crims
21 Jan 04:57 | 20
Security
Crypto.com now says someone tried to drain $34m from hundreds of accounts
Won't reveal net loss, says it stopped some withdrawals and has reimbursed those who had funds taken
20 Jan 22:29 | 8
Security
For those worried about Microsoft's Pluton TPM chip: Lenovo won't even switch it on by default in latest ThinkPads
Folks can enable or disable it, install Linux as normal. Just sayin'
20 Jan 20:44 | 53
Security
UK mulls making MSPs subject to mandatory security standards where they provide critical infrastructure
And to pay for the privilege. Consultation's open, though
20 Jan 17:15 | 10
Opinion
Privacy is for paedophiles, UK government seems to be saying while spending £500k demonising online chat encryption
So far we've got a pisspoor video and... er, that's it
20 Jan 15:06 | 155
Security
'Now' would be the right time to patch Ubuntu container hosts and ditch 21.04 thanks to heap buffer overflow bug
Red Hat agrees
20 Jan 14:38 | 11
Security
NortonLifeLock and Avast tie-up falls under UK competition regulator's spotlight
CMA invites comments from 'interested parties' on what merger means to them
20 Jan 11:03 | 7
Security
Red Cross forced to shutter family reunion service following cyberattack and data leak
Director-general pleads with cyber-scum: leave this data alone, because the people involved have suffered enough
20 Jan 07:58 | 18
Advertorial
Being 'Threat-Led' is the answer. Your ISO certificate won’t save you from a breach!
The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them
20 Jan 07:30 |
LogoWatch
McAfee Enterprise and FireEye rename themselves ‘Trellix’
To evoke support for growing things, not the 1990s vendor of web-pages-made-easy-ware
20 Jan 07:01 | 19
Security
Singapore gives banks two-week deadline to fix SMS security
Edict follows widespread bank phishing scam claiming well over $6.3 million
20 Jan 06:01 | 11
Security
Need to prioritize security bug patches? Don't forget to scan Twitter as well as use CVSS scores
Exploit, vulnerability discussion online can offer useful signals
19 Jan 21:22 | 2
Security
Sniff those Ukrainian emails a little more carefully, advises Uncle Sam in wake of Belarusian digital vandalism
NotPetya started over there, don't forget
19 Jan 20:01 | 4
Security
Vulnerabilities and censorship tools among hot new features in Beijing's Olympics app
Visitors have to install it 14 days prior to arrival in China until their departure
19 Jan 18:11 | 37
Security
US mergers doubled in 2021 so FTC and DoJ seek new guidelines to stop illegal ones
Last set of rules written in 2010 – a whole different era in tech terms
19 Jan 12:31 | 5
Popular
Science
Almost there: James Webb Space Telescope frees its mirrors and prepares for insertion
Freed of launch restraints, mirror segments can waggle at will
Friday FOSS Fest
Wolfing down ebooks during lockdown? You might want to check out Calibre, the Swiss Army ebook tool
When audiobooks just take too darn long...
Comment
Another US president, time for another big Intel factory promise by another CEO
Let's not get too excited about this right away
Security
Arm rages against the insecure chip machine with new Morello architecture
Prototypes now available for testing
Legal
Multi-level marketing corporation that sells weightloss products sues ex-exec over 'fraudulent' Dell deal
Alleges he had an off-the-books agreement with reseller
Security
Apple preps fix for Safari's web-history-leaking IndexedDB privacy bug
Disclosure of WebKit flaw appears to have prodded iBiz to undertake repairs
Bootnotes
Dog forgets all about risk of drowning in a marsh as soon as drone dangles a sausage
It's not the wurst idea in the world
Analysis
Tougher rules on targeted ads, deepfakes, crafty web design, and more? Euro lawmakers give a thumbs up
'This is strongly limiting the scope of maneuver by Big Tech', expert tells El Reg
On-Prem
European silicon output shrinking, metal smelters closing as electricity prices quadruple, trade body warns
Probably something to tackle before those chip fabs are built, eh?
AI + ML
Nvidia pushes crowd-pleasing container support into AI Enterprise suite
As long as you're running on VMware
STORIES
Security
Crypto.com acknowledges 'unauthorized activity' on servers, maintains no funds have been lost
Security biz PeckShield claims $15m in Ethereum taken
18 Jan 21:12 | 8
Security
International police shut down 15 server infrastructures as part of VPNLab.net's takedown
VPN service used by crims to support ransomware attacks and other illicit activity
18 Jan 17:01 | 20
Security
More contractor pain: Parasol's sister firms, SJD Accountancy and Nixon Williams, confirm cyberattack
Ransomware suspected but not confirmed
18 Jan 14:45 | 4
Updated
Singapore monetary authority threatens action on bank over widespread phishing scam
Scam has claimed 469 victims in December alone, of which OCBC has issued goodwill payments to 30
18 Jan 13:04 | 11
Paid Feature
Why global DDoS protection is essential for Anycast networks
‘If you don’t have Anycast it’s not a good DNS service’
18 Jan 11:55 |
Security
Microsoft patches the patch that broke VPNs, Hyper-V, and left servers in boot loops
Testing? Isn't that what users are for?
18 Jan 11:34 | 34
Security
Bug in WebKit's IndexedDB implementation makes Safari 15 leak Google account info... and more
Glitch is spilling private data and there's not much Apple users can do about it
17 Jan 18:31 | 40
Security
Ukraine blames Belarus for PC-wiping 'ransomware' that has no recovery method and nukes target boxen
And for last week's digital graffiti operations, too
17 Jan 16:24 | 34
Security
Umbrella company Parasol Group confirms cyber attack as 'root cause' of prolonged network outage
'Malicious activity on our network' spotted, says CEO, as some contractors say they've still not been paid
17 Jan 13:28 | 21
In brief
North Korea pulled in $400m in cryptocurrency heists last year – report
Plus: FIFA 22 players lose their identity and Texas gets phony QR codes
16 Jan 11:01 | 28
Security
Russia starts playing by the rules: FSB busts 14 REvil ransomware suspects
Cybercrook gang has 'ceased to exist' says Putin's military service
14 Jan 21:01 | 50
Security
Multi-day IT systems outage whacks umbrella biz Parasol Group amid fears of a cyber attack
Contractors say they haven't been paid, and are in the dark too
14 Jan 16:30 | 19
Security
Ukraine shrugs off mass govt website defacement as world turns to stare at Russia
Despite threatening messages nothing's been leaked, say victims
14 Jan 15:49 | 33
Webinar
Visibility, immutability, security … a revolutionary approach to fighting off ransomware
This webinar shows how throwing up barricades isn’t enough anymore
14 Jan 07:30 |
Security
Federal Communications Commission proposed stricter rules on how telco carriers should report data breaches
Customers shouldn't need to wait seven days before being told
13 Jan 22:42 | 5
Security
Orca Security tells AWS fail tale with a happy ending
Those critical AWS flaws that exposed data and broke tenant separation? All fixed!
13 Jan 21:02 | 4
Paid feature
Continuous security and compliance for hybrid cloud, the Red Hat way
Tune in, turn on, run in the background, using Red Hat DevSecOps framework
13 Jan 18:00 |
Security
Ukrainian cops nab husband and wife suspected to be part of $1m ransomware operation
Plus three other suspects nicked in raids today
13 Jan 15:31 | 5
Security
Austrian watchdog rules German company's use of Google Analytics breached GDPR by sending data to US
Schrems II ruling continues to trouble transatlantic data sharing
13 Jan 14:48 | 44
Updated
Admins report Hyper-V and domain controller issues after first Patch Tuesday of 2022
Start as you mean to go on, Microsoft
13 Jan 13:17 | 28
Security
Volunteer Dutch flaw finders bag $100k to forward national bug bounty goal
Huntress Labs tips some loose change into vuln-spotters' cup
13 Jan 08:33 |
Security
Ransomware puts New Mexico prison in lockdown: Cameras, doors go offline
Bernalillo County's Metropolitan Detention Center still recovering from infection
12 Jan 22:03 | 22
Webinar
Ransomware demands… a new approach to security
Spending more time thinking about trust could mean spending less cash on ransom
12 Jan 18:00 |
Security
Info-saturated techie builds bug alert service that phones you to warn of new vulns
Or SMSes, if the idea of midnight robot calls worries you
12 Jan 11:02 | 10
Patch Tuesday
Microsoft starts 2022 with big bundle fixes for 96 security bugs in its software
Nothing is certain except death, taxes, and programming errors
12 Jan 01:14 | 11
Security
Make sure you're up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out
Nothing like topping off unauth'd remote code execution with a su password of ... password
11 Jan 22:46 | 1
Security
EU data watchdog to Europol: You've helped yourself to too much data
Law enforcement agency now has one year to delete any data older than 6 months not related to criminal activity
11 Jan 11:47 | 8
Security
Secure boot for UK electric car chargers isn't mandatory until 2023 – but why the delay?
Good: New requirements in new law. Bad: Grace period
11 Jan 10:17 | 108
Security
Four million outdated Log4j downloads were served from Apache Maven Central alone despite vuln publicity blitz
It's not as though folks haven't been warned about this
11 Jan 08:27 | 20
Security
Signal CEO Moxie Marlinspike resigns, leaves WhatsApp co-founder to run things until a successor is named
Departure comes as app courts controversy by integrating private cryptocurrency scheme
11 Jan 01:02 | 60
Security
Avira also mines imaginary internet money on customers' PCs
Who should your PC work for: you, or your antivirus vendor?
10 Jan 18:36 | 45
Security
China puts Walmart in the naughty corner, citing 19 alleged cybersecurity 'violations'
Warning comes weeks after govt body accused subsidiary Sam’s Club of 'ulterior motive' in goods stocking spat
10 Jan 13:35 | 17
Security
GCHQ was rebuked for ignoring spy law safeguards as pandemic hit Britain
Auditor IPCO flagged it up – but then approved 99.94% of state snooping
10 Jan 12:47 | 21
Opinion
No defence for outdated defenders as consumer AV nears RIP
How sad would you be to see AV go? Us neither
10 Jan 10:00 | 90
Security
WebSpec, a formal framework for browser security analysis, reveals new cookie attack
Boffins in Vienna devise way to make software prove how it behaves
08 Jan 08:45 | 23
Paid Feature
Salesforce mandates MFA by default
Thales: ‘Significant change in security culture'
07 Jan 07:30 |
Webinar
Your backups can save you from ransomware. But how do you protect your backups?
Immutability, analytics, and a complete lack of trust…
06 Jan 18:15 |
Security
You better have patched those Log4j holes or we'll see what a judge has to say – FTC
Apply fixes responsibly in a timely manner or face the wrath of Lina Khan
05 Jan 22:30 | 9
Security
US Army journal's top paper from 2021 says Taiwan should destroy TSMC if China invades
No more chip factories would surely change Beijing's mind about unification
05 Jan 19:01 | 85
Updated
Remember Norton 360's bundled cryptominer? Irritated folk realise Ethereum crafter is tricky to delete
Disable anti-tamper features first and you'll be all right
05 Jan 15:56 | 68
Security
Windows giant seeks Pluton-ic relationship with chipmaker: AMD first out of the gates with Microsoft's security processor
Yes, you're going to have to get a new CPU (again)
05 Jan 12:11 | 37
Paid Feature
How ransomware gangs went pro
They're developing new techniques 'in every area' says Darktrace
05 Jan 08:30 |
Updated
SlimPay fined €180k after 12 million customers' bank data publicly accessible for 5 years
French regulator's investigation finds multiple breaches of GDPR
04 Jan 17:33 | 13
Security
John Edwards takes the reins at the UK's data protection watchdog
Information Commissioner faces a year of upheaval in data law
04 Jan 13:58 | 14
Security
Four years: That's how long Azure's App Service had a source code leak bug
Firm that found the flaw also spotted ChaosDB and OMIGOD, confident this one’s been exploited
24 Dec 06:01 | 7
Security
Fisher Price's Bluetooth reboot of pre-school play phone has adult privacy flaw
‘Chatter’ can be bugged thanks to kindergarten-grade security
23 Dec 08:02 | 94
Security
Alibaba Cloud slapped by Chinese ministry for mishandling Log4j
Beijing's not saying what cloudy contender did wrong
23 Dec 05:58 | 12
Security
Of course a Bluetooth-using home COVID test was cracked to fake results
The Ellume COVID-19 Home Test was connected to the internet of woefully insecure things for a while
22 Dec 03:58 | 25
Paid Feature
How to tackle hybrid cloud security and DevSecOps
Putting the Sec into DevOps is key, says Red Hat
21 Dec 20:29 |
Security
Belgian defence ministry admits attackers accessed its computer network by exploiting Log4j vulnerability
Perpetrators' ID unknown, however
21 Dec 12:33 | 60
Security
UK National Crime Agency finds 225 million previously unexposed passwords
Shares them with Troy Hunt’s Have I Been Pwned after sweeping them up from ‘compromised cloud storage’
21 Dec 07:10 | 54
Security
US bags Russian accused of bagging millions after stealing pre-release financial filings
Swiss cough up accused crim while Russia is 'deeply disappointed'
20 Dec 22:23 | 27
Security
Police National Computer not pwned by Clop ransomware crims, insists Home Office
Scottish MSP Dacoll was hit, however
20 Dec 15:51 | 20
Paid Feature
How to keep on top of cloud security best practices
Trend Micro outlines common misconfigurations and how to avoid them
20 Dec 08:30 |
In Brief
VMware 2FA flaw can divulge that vital second credential to malicious actors
Plus: Deep dive into the NSO Group's zero-click exploit and 'Hack the DHS!'
20 Dec 07:02 | 12
Security
Bad things come in threes: Apache reveals another Log4J bug
Third major fix in ten days is an infinite recursion flaw rated 7.5/10
19 Dec 22:57 | 36
Security
US distrust of Huawei linked in part to malicious software update in 2012
Report claims Huawei techs working for Chinese intelligence compromised Australian telco
18 Dec 11:01 | 68
Security
CISA issues emergency directive to fix Log4j vulnerability
Federal agencies have a week to get their systems patched
17 Dec 21:29 | 12
Security
RAF shoots down 'terrorist drone' over US-owned special ops base in Syria
£200k Anglo-French heat-seeking missile does its thing
17 Dec 15:29 | 112
Security
Over Log4j? VMware has another critical flaw for you to patch
Workspace ONE Unified Endpoint Management can leak info via server-side request forgery
17 Dec 02:28 | 6
Security
Facebook locks out 1,500 fake accounts used by cyber-spy firms to snoop on people, alerts 50k potential targets
Meta adverse to internet mercenaries using its social networks to help governments violate human rights
17 Dec 01:41 | 25
Paid Feature
Why ransomware attacks happen out of hours or during the holidays
Security teams have a choice to make – and doing nothing is not an option
16 Dec 18:00 |
Security
East Londoners nicked under Computer Misuse Act after NHS vaccine passport app sprouted clump of fake entries
App runs off a database, and databases are run by humans
16 Dec 16:04 | 105
Advertorial
Move fast, break security: Why CISOs must push back against Agile IT
The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them
16 Dec 08:30 |
Security
National Cyber Strategy will lead to BritChip for mobile devices by 2025, claims UK.gov
And potentially an increase in UK state-backed hacks
16 Dec 07:29 | 39
Security
Japan draws a LINE: web giants must reveal where they store user data
Looks a lot like a response to messaging services passing data through China
16 Dec 06:46 | 4
Security
Facebook expands bug bounty program to include scraping attacks, two years after it was scraped – hard
But still allows limited harvesting
16 Dec 01:33 | 6
Security
As CISA tells US govt agencies to squash Log4j bug by Dec 24, fingers start pointing at China, Iran, others
Microsoft says cyber-spies linked to Beijing, Tehran are getting busy with security flaw along with world + dog
15 Dec 23:31 | 11
Security
US lawmakers want to put NSO Group, 3 other spyware makers out of business with fresh severe sanctions
Export controls aren't enough, Dems say: Bring on the Global Magnitsky Act
15 Dec 20:50 | 17
Security
Pen Test Partners: Anyone could view Gumtree users' GPS location by pressing F12
And online flea market had IDOR in an iOS-focused API
15 Dec 15:31 | 18
Patch Tuesday
Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild
Round off the year with a large crop of fixes for programming blunders
15 Dec 03:29 | 8
Security
Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16
Now open-source logging library's JNDI disabled entirely by default, message lookups removed
14 Dec 23:30 | 15
Paid Post
You may have cracked serverless development, but it’s almost certain you haven’t solved serverless security
Here’s how to secure that ever-expanding attack surface
14 Dec 18:00 |
Security
Popular password manager LastPass to be spun out from LogMeIn
Private equity owners play pass the parcel
14 Dec 17:11 | 34
Security
MPs charged with analysing Online Safety Bill say end-to-end encryption should be called out as 'specific risk factor'
Too far? Committee thinks it doesn't go far enough
14 Dec 16:00 | 118
Updated
Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching
This might be the bug that deserves the website, logo and book deal
13 Dec 23:07 | 36
Webinar
When disaster strikes, data recovery really is a race against time
But exactly how much time are we talking about?
13 Dec 18:00 |
In Brief
Is VPOTUS Bluetooth-phobic or sensible? The answer's pretty clear
Plus: bugs found on Mars! Of the software kind, of course
13 Dec 17:01 | 29
Updated
Timekeeping biz Kronos hit by ransomware and warns customers to engage biz continuity plans
Big implications for millions of staffers' Christmas pay packets
13 Dec 15:07 | 24
Who, Me?
Ooh, an update. Let's install it. What could possibly go wro-
Patching the patch
13 Dec 08:30 | 96
