Security News • The Register

Security

American diplomats' iPhones reportedly compromised by NSO Group intrusion software

Reuters claims nine State Department employees outside the US had their devices hacked

04 Dec 01:54 | 47

Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

All together now - R, A, N, S, O...

03 Dec 22:06 | 25

Feds charge two men with claiming ownership of others' songs to steal YouTube royalty payments

Alleged scheme said to have netted $20m since 2017

03 Dec 21:54 | 25

Protecting your critical infrastructure is one thing…protecting your backups is the same thing

Do you know what your recovery position really is?

Netgear router flaws exploitable with authentication ... like the default creds on Netgear's website

Don't just install the patch, change your router passwords too

03 Dec 17:30 | 15

BadgerDAO DeFi defunded as hackers apparently nab millions in crypto tokens

Badger, badger, badger, coin theft, coin theft!

02 Dec 22:58 | 20

New UK product security law won't be undercut by rogue traders upping and vanishing, government boasts

El Reg asks about phoenixing – but will answer convince world+dog?

02 Dec 09:15 | 37

European Cybercrime Centre confident it's kicked credit card crims – again

Poised to reveal similar haul to 2020's €40M loss prevention total

02 Dec 08:21 | 4

Three key ransomware actors changed jobs on October 18 – the same day REvil went dark

Underground industry grows in complexity and sophistication, says Santander Group researcher

02 Dec 05:58 | 4

Rewriting your disaster recovery plan might just save your company…and could transform it

Just be sure it actually works

Singapore and UK ink digital trade agreements at Future Tech Forum in London

Such memorandums of understanding are all the rage

Pension cold-calling financial services biz cops largest ever fine from UK data watchdog

EB Associates facing £140k penalty for 107,000 illegal calls

01 Dec 13:50 | 50

UK watchdog's punishment for Blackbaud, Easyjet, other big privacy lawbreakers was slap on the wrist in private

Is this what they call light-touch regulation?

01 Dec 07:28 | 22

UK intel chief says MI6 must outsource innovation – and James Bond's in-house 'Q' is nonsense

China is on the march, Russia loves to destabilise, no intelligence agency can stop 'em without help

01 Dec 03:56 | 37

It's the flu season – FluBot, that is: Surge of info-stealing Android malware detected

And a bunch of bank-account-raiding trojans also identified

30 Nov 20:11 | 5

Visiting a booby-trapped webpage could give attackers code execution privileges on HP network printers

Patches available for 150 affected products

30 Nov 15:59 | 25

Leaked footage shows British F-35B falling off HMS Queen Elizabeth and pilot's death-defying ejection

Parachute snagged on ship's bows

30 Nov 14:55 | 159

Lloyd's of London suggests insurers should not cover 'retaliatory cyber operations' between nation states

And they might attribute cyber attacks if governments won't

30 Nov 14:02 | 20

Winter is coming … with a blizzard of live and virtual SANS Institute events

Or a long, hot summer of cybersec training, depending where you are

Panasonic admits intruders were inside its servers for months

Spotted the crack after it ended – still not sure what was lost

30 Nov 04:27 | 10

Popular

Leaked footage shows British F-35B falling off HMS Queen Elizabeth and pilot's death-defying ejection

Parachute snagged on ship's bows

Why your external monitor looks awful on Arm-based Macs, the open source fix – and the guy who wrote it

Q&A with the developer of BetterDummy: from macOS secrets to his motivations

NixOS and the changing face of Linux operating systems

As with packaging systems, lightweight efficient approaches look set to lose out

You loved running JavaScript in your web browser. Now, get ready for Python scripting

All thanks to CPython, WebAssembly, and some clever developers (And yes, there's Pyodide, too)

Feds charge two men with claiming ownership of others' songs to steal YouTube royalty payments

Alleged scheme said to have netted $20m since 2017

Two Chinese companies leave US: China Telecom told it can't stay, DiDi gets out of Dodge

Just being practical here, but maybe they can share a cab?

You've seen the Raspberry Pi CM4 in a mini-ITX case. Now here's four in a mini-ITX case

How to coordinate 16 Arms

How do you call support when the telephones go TITSUP*?

Fix the printer, fix the phones

Register Debate

Computers cost money. We only make them more expensive by trying to manage them ourselves

And that's bad for your customers – who else is gonna ultimately pay for it?

Can Rust save the planet? Why, and why not

The snag: This programming language is safe and efficient, but hard to learn, impacting productivity

MORE
STORIES

Wind turbine maker Vestas confirms recent security incident was ransomware

10 days after attack 'almost all systems' up and running, refuses to say if ransom was paid

29 Nov 14:29 | 10

Australia will force social networks to identify trolls, so they can be sued for defamation

At the same time, will overrule court decision that traditional publishers are liable for comments on social media

29 Nov 01:15 | 54

EU needs more cybersecurity graduates, says ENISA infosec agency – pointing at growing list of master's degree courses

Skills gap needs filling somehow

26 Nov 16:37 | 6

Privacy Sandbox saga continues: UK watchdog extracts more commitments from Google over ad tech

Roll up, roll up. Come and be the CMA-approved trustee to keep an eye on the Chocolate Factory's antics

26 Nov 13:33 | 11

Government-favoured child safety app warned it could violate the UK's Investigatory Powers Act with message-scanning tech

Redesigned SafeToNet feature highlights tech law mess

26 Nov 12:23 | 63

If you want to see off next year’s cyber-threats, the time to prepare is … now

Fast forward into 2022 with Sophos’ Cybersecurity Summit 2021

Microsoft Defender for Endpoint laid low. Not by malware, but by another buggy Windows patch

Only affects Windows Server Core, so that's alright then

25 Nov 18:01 | 11

It’s about the survival of the fittest – CISOs must be brave enough to throw away their security playbook, or suffer the consequences

The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them.

UK.gov emits draft IoT and smartphone security law for Parliamentary scrutiny

Mandatory vuln reporting, hefty fines for non-compliance

25 Nov 09:30 | 53

Google advises passwords are good, spear phishing is bad, and free clouds get attacked

Ad giant's first stab at providing the 'world's premier security advisory' starts with the obvious

25 Nov 06:59 | 11

Huawei's AppGallery riddled with malware-infected games

Cynos.7 trojan found its way into 9.3 million downloads

25 Nov 04:58 | 19

US bans Chinese firms – including one linked to HPE’s China JV – for feeding tech to Beijing's military

Other additions to Entity List are accused of helping Pakistan, North Korea make nukes, missiles

25 Nov 01:11 | 33

Max Schrems hits Irish Data Protection Commissioner with corruption complaint

Watchdog argues 'fairness' in process should keep some documents confidential

24 Nov 15:05 | 17

Apple's Pegasus lawsuit a 'declaration of war' against offensive software developers, says Kaspersky director

Regional exec says Apple wants offensive researchers out of the field because they are harmful to the reputation of the company

24 Nov 13:12 | 75

How a malicious Android app could covertly turn the DSP in your MediaTek-powered phone into an eavesdropping bug

Millions of devices potentially vulnerable, we're told

24 Nov 11:00 | 22

Yes, ransomware is your number one security nightmare. But here’s how to sleep easy

Here’s a clue … it involves encryption

China trying to export its Great Firewall and governance model

Beware of Communists bearing internet governance proposals, says Australian Strategic Policy Institute

24 Nov 02:56 | 31

Apple sues 'amoral 21st century mercenaries' NSO for infecting iPhones with Pegasus spyware

iGiant pledges any damages plus $10m to anti-cybersurveillance groups

23 Nov 20:58 | 84

Zero-day proof-of-concept exploit lands for Windows make-me-admin vulnerability

InstallerFileTakeOver code pops up on GitHub

23 Nov 20:21 | 9

Crypto for cryptographers! Infosec types revolt against use of ancient abbreviation by Bitcoin and NFT devotees

Complaints abound that yoof use it to mean 'digital currency'

23 Nov 18:45 | 85

Alleged Brit SIM-swapper will kill himself if extradited to US for trial, London court told

'Exceptional' case involves 100 BTC payoff, judge told

23 Nov 16:10 | 71

UK Ministry of Justice secures HVAC systems 'protected' by passwordless Wi-Fi after Register tipoff

There's a default admin password online too

23 Nov 10:15 | 35

Infosec bods: After more than a year, Sky gets round to squashing hijacking bug in 6m home broadband routers

Plus: DNS cache poisoning again, cops probe property conveyancing group's IT outage, Azure hole addressed, and more

23 Nov 07:31 | 15

Indian bank smacks down allegation it exposed 180 million customers' accounts

Infosec firm says it found unpatched software, Bank admits Exchange may not have been in the best shape

23 Nov 01:58 | 1

SSL keys, sFTP passwords and more exposed after someone broke into GoDaddy Managed WordPress using 'compromised password'

Yikes: Up to 1.2 million customers affected

22 Nov 20:37 | 21

Ecommerce platforms (cough, Magento) need patching before Black Friday, warns UK's National Cyber Security Centre

You're your own security team, remember?

22 Nov 17:14 | 1

Turbine maker Vestas Wind Systems admits to cyber incident, refuses to confirm if ransomware is at play

Company data compromised but not systems containing customer or supplier information

22 Nov 14:10 | 11

Nigeria's central bank digital currency is 'same Naira, more possibilities' – if you count government snooping

Privacy challenges and rushed implementation should make this cash alternative much less attractive

22 Nov 11:00 | 3

A tiny typo in an automated email to thousands of customers turns out to be a big problem for legal

Unexpected consequences of the SQL Slammer worm

22 Nov 08:30 | 156

After four bans, TikTok finally passes the Pakistan challenge

Video app promises not to let naughty content cross the border, and to ban those who try

22 Nov 04:59 | 5

Amazon India execs questioned after sellers allegedly use site to smuggle marijuana

Ganja believe it? Seller claimed to sell 'Stevia leaves', but shifted a tonne of wacky 'baccy before being busted

22 Nov 03:58 | 23

Defending critical infrastructure: The status quo isn’t working

AI can help thwart attacks before they affect operations

Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure

Boffins measure the black hole of dubious certs and find it troubling

19 Nov 04:00 | 101

Canadian teen nabbed in $36.5M crypto heist – possibly the biggest haul yet by a single individual

Plus, US gov to sell off $56M of Bitcoin – the largest single sum recovered so far from a cryptocurrency fraud

18 Nov 23:04 | 13

Boffins find way to use a standard smartphone to find hidden spy cams

Smartphones now have lasers so we're gonna use them to find voyeurs

18 Nov 22:43 | 60

Thousands of Firefox users accidentally commit login cookies on GitHub

GitHub: 'Credentials exposed by our users are not in scope'

18 Nov 20:04 | 27

What’s the biggest threat to your best-laid plans? Events, dear boy. Events

Learn how to build a resilient disaster response plan

Singaporean regulator punishes biggest-ever data breach: Almost 5.9 million hotel customers' info exposed

RedDoorz.com left red-faced after leaving AWS access key in an APK

18 Nov 04:01 | 4

Cybercriminals are looking forward to 2022, so you need to plan your response now

Rapid7's 2022 Planning webinars are here to help

UK government publishes guidance on security rules for tech takeovers

National Security and Investment Act 2021 give ministers power to halt M&As

17 Nov 11:46 | 21

You wanna use GCHQ offshoot NCSC's threat intel feeds? Why not, say bosses

Annual review boasts of fending off health org attacks

17 Nov 11:15 | 8

South Korean privacy watchdog apologises for violating privacy while mediating privacy lawsuit

You had one job …

17 Nov 05:15 | 4

The inside story of ransomware repeatedly masquerading as a popular JS library for Roblox gamers

Ongoing typosquatting attacks target kids as Discord drags its feet

16 Nov 21:46 | 12

Lock up your Office macros: Emotet botnet back from the dead with Trickbot links

Nice to have nearly a year off from that malspam threat, but now it's returned

16 Nov 19:57 | 4

GitHub fixes authorisation vulnerability in the NPM JavaScript package registry

Flaw allowed 'an attacker to publish new versions of any npm package'

16 Nov 17:33 | 4

Mozilla sprinkles Firefox Relay with Premium fairy dust

You want more than five email aliases? Sure, but it'll cost you

16 Nov 16:22 | 1

Not only MSPs: All cloudy firms are in line for UK security law crackdown

Now's a good time to read up on Cyber Essentials Plus

16 Nov 15:15 | 15

Intel's recent Atom, Celeron, Pentium chips can be lulled into a debug mode, potentially revealing system secrets

Testing times for Chipzilla as it emits patches to protect PCs, equipment

16 Nov 08:29 | 11

If cybercriminals can’t see data because it’s encrypted, they have nothing to steal

This is a no-brainer, says Thales

China Telecom's US arm sues in last-ditch bid to retain license

Company claims it poses no threat, yet regs want China influence out

16 Nov 06:15 | 9

Chinese Communist Party official expelled for mining cryptocurrency

Middle Kingdom floats fresh data security rules, too, with eight-hour privacy breach notification requirement

16 Nov 00:49 | 10

When the world ends, all that will be left are cockroaches and new Rowhammer attacks: RAM defenses broken again

Blacksmith is latest hammer horror

15 Nov 21:46 | 18

America, when you're done hitting us with the ban hammer, see these on-prem Zoom vulns, says Positive

Now would be a good idea to check you're up-to-date

15 Nov 20:27 | 10

Email encryption should be a no-brainer, not a brain melter

Warm up your email security smarts with this online broadcast

There's something to be said for delayed gratification when Windows 11 is this full of bugs

Also: Emergency patch for Windows Server after Patch Tuesday broke single sign-on for some users

15 Nov 13:15 | 57

FBI spams thousands with fake infosec advice after 'software misconfiguration'

Looks like feuding hackers wanted to expose Feds' failings as a public service. We want to believe

15 Nov 02:30 | 9

Black Hat Europe

ChaosDB: Infosec bods could pull anyone's plaintext Azure Cosmos DB keys at will from Microsoft admin tools

And they had a wildcard cert too. Still feeling secure?

12 Nov 19:19 | 11

AMD reveals an Epyc 50 flaws – 23 of them rated high severity. Intel has 25 bugs, too

Think of an attack – DoS, arbitrary code execution, memory corruption – and one of these vulns allows it

12 Nov 06:02 | 22

There's no Huawei back now: Biden signs law that forbids US buyers acquiring kit on naughty list

FCC Commissioner said the act closes the 'Huawei loophole'

12 Nov 04:26 | 29

Philippines gov takes down passport application website amid privacy leak fears

Google searches reportedly produce applicants' personal information

11 Nov 23:52 | 1

Dutch newspaper accuses US spy agencies of orchestrating 2016 Booking.com breach

Journalists' book claims company was targeted for Middle Eastern data

11 Nov 20:07 | 10

If even tech leaders struggle with email encryption, are we all doomed?

And the answer is ... well, tune in next week and we'll reveal all

Palo Alto Networks patches 9.8 severity CVE in popular GlobalProtect product

Arbitrary code execution by unauthenticated attacker? Big oops

11 Nov 16:40 | 7

Malicious Chrome extensions are bad. But what about nice ones that can be hijacked? This new tool spots them

DoubleX static analyzer is doubleplusgood

11 Nov 08:36 | 5

Ransomware: The ones that didn't get away (with it)

We're talking bad guys here, not the victims

USA signs internet freedom and no-hack pact it's ignored since 2018

Joins 79 nations supporting Paris Call for Trust and Security in Cyberspace – China and Russia aren't on the list

11 Nov 05:31 | 22

New Zealand spooks say satellite snooping is obsolete – better intel is found elsewhere

Kiwis are done with dishes, and the Five Eyes alliance is cool with it

11 Nov 04:16 | 18

Boat biz breaches itself: Brittany Ferries 'fesses up to leaks caused by routine website update

Customers' passport data potentially exposed, says company, promises to carry out password testing

10 Nov 15:29 | 14

Stor-a-File hit by ransomware after crooks target SolarWinds Serv-U FTP software

New research says it's Clop's favourite attack method du jour

10 Nov 12:28 | 14

Former Broadcom engineer accused of pinching chip tech to share with new Chinese employer

We're guessing it wasn't Fiber Channel, but it would be weirdly cool if it was

10 Nov 05:56 | 14

Let us give thanks that this November, Microsoft has given us just 55 security fixes, two of which are for actively exploited flaws

Light load has infosec bods wondering what awaits next month

09 Nov 21:07 | 16

Shotgun targeting of malware attacks will be the defining infosec theme of 2022, reckons Sophos

And more badness going for Linux and virtualization, too

The future of OT security in an IT-OT converged world

Securing ICS in the cloud requires 'fundamentally different' approach

Indian securities depository exposed 44 million investors' personal info – twice

Didn't act until CERT stepped in and pointed out problems

09 Nov 04:58 | 1

Investment app Robinhood: Extortionist tricked our support desk and made off with customer information

Robinhood, Robinhood, had a data leak. Robinhood, Robinhood, infosec was weak

09 Nov 01:50 | 27

NSO fails once again to claim foreign sovereign immunity in WhatsApp spying lawsuit

US appeals court allows legal battle to resume, says it will be an 'easy case'

09 Nov 00:53 | 27

Ukrainian cuffed, faces extradition to US for allegedly orchestrating Kaseya ransomware infection

American, European officials announce raft of arrests, indictments, sanctions, rewards

Will they try it for 30 days first? McAfee goes private again in $14bn cash deal

Plus: Uncle Sam gets tough on patching, NIST needs you, and more

08 Nov 20:59 | 3

You'll never guess who's been exploiting the ManageEngine service to steal passwords

Webshells and backdoors come with Chinese instructions

08 Nov 16:15 | 17

Angling (re)Direct: Criminals net website of Brit fishing tackle retailer, send users straight to smut site

We've signed everyone up for PornHub Premium, crow immature attackers

08 Nov 14:09 | 18

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Biting the hand that feeds IT © 1998–2021

Do not sell my personal information Cookies Privacy Ts&Cs