NYPD blues: Cops ignored 93 percent of surveillance law rules Who watches the watchmen? The Office of the Inspector General Security31 Mar 2023 |
Psst! Infosec bigwigs: Wanna be head of security at HM Treasury for £50k? Juicy private sector job vs … money off a season travel ticket Security31 Mar 2023 | 53
NHS Highland 'reprimanded' by data watchdog for BCC blunder with HIV patients 'Serious breach of trust' says ICO, 'stakes too high' for mistakes in cases like this Security31 Mar 2023 | 24
Pro-Russia cyber gang Winter Vivern puts US, Euro lawmakers in line of fire Winter is coming for NATO countries Security31 Mar 2023 | 9
Leaked IT contractor files detail Kremlin's stockpile of cyber-weapons Snowden-esque 'Vulkan' dossier links Moscow firm to FSB, GRU, SRV Research31 Mar 2023 | 24
Azure blunder left Bing results editable, MS 365 accounts potentially exposed 'BingBang' boo-boo affected other internal Microsoft apps, too Security30 Mar 2023 | 10
AlienFox malware caught in the cloud hen house Malicious toolkit targets misconfigured hosts in AWS and Office 365 Security30 Mar 2023 |
Do you use comms software from 3CX? What to do next after biz hit in supply chain attack Miscreants hit downstream customers with infostealers Cyber-crime30 Mar 2023 | 21
Microsoft uses carrot and stick with Exchange Online admins If you need extra time to dump RPS, OK, but email from unsupported Exchange servers is blocked till they’re up to date Security30 Mar 2023 | 12
Warning: Your wireless networks may leak data thanks to Wi-Fi spec ambiguity How someone can nab buffered info, by hook or by kr00k Research30 Mar 2023 | 13
Another year, another North Korean malware-spreading, crypto-stealing gang named Mandiant identifies 'moderately sophisticated' but 'prolific' APT43 as global menace Security30 Mar 2023 | 2
Smugglers busted sneaking tech into China 'Intel inside' a suspiciously baggy t-shirt gave the game away – as did a truckload of parts Security30 Mar 2023 | 27
Malware disguised as Tor browser steals $400k in cryptocash Beware of third party downloads Security30 Mar 2023 |
Microsoft Defender shoots down legit URLs as malicious Updated Those hoping to use nefarious websites like, er, Zoom are overrun by alerts. Redmond 'investigating' Security29 Mar 2023 | 25
EU mandated messaging platform love-in is easier said than done: Cambridge boffins Digital Market Act interoperability requirement a social challenge as well as a technical one Security29 Mar 2023 | 55
FTX cryptovillain Sam Bankman-Fried charged with bribing Chinese officials Court gives him new rules: Use one laptop, while living with the 'rents. Cyber-crime29 Mar 2023 | 52
DDoS DNS attacks are old-school, unsophisticated … and they’re back So why would you handle them on your own? Sponsored Feature
China urges Apple to improve security and privacy It's a juicy market that welcomes foreign investment, National development boss reminds Tim Cook Security29 Mar 2023 | 6
Apple patches all the iThings, including iOS 15 hole under attack right now Issue identified in February but owners of older kit weren't warned Patches28 Mar 2023 | 11
Leaked IT contractor files detail Kremlin's stockpile of cyber-weapons Snowden-esque 'Vulkan' dossier links Moscow firm to FSB, GRU, SRV
Warning: Your wireless networks may leak data thanks to Wi-Fi spec ambiguity How someone can nab buffered info, by hook or by kr00k
Boeing's first-ever crewed mission in Starliner ISS spacecraft delayed to late July Still hundreds of components, verification checks to complete before test flight
So you want to integrate OpenAI's bot. Here's how that worked for software security scanner Socket Exclusive Hint: Hundreds of malicious npm and PyPI packages spotted
TikTok: Is this really a national security scare or is something else going on? Register Kettle Our vultures who cover the news weigh in
Uptime guarantees don't apply when you turn a machine off, then on again, to 'fix' it On Call The chap who took the support call for the SEV-1 incident survived – just
Microsoft uses carrot and stick with Exchange Online admins If you need extra time to dump RPS, OK, but email from unsupported Exchange servers is blocked till they’re up to date
Do you use comms software from 3CX? What to do next after biz hit in supply chain attack Miscreants hit downstream customers with infostealers
Azure blunder left Bing results editable, MS 365 accounts potentially exposed 'BingBang' boo-boo affected other internal Microsoft apps, too
It's official: Ubuntu Cinnamon remix has been voted in And it looks like educational flavor Edubuntu is returning, too
Google again accused of willfully destroying evidence in Android antitrust battle Updated Starting to see a pattern here? Judge seems to think so Security28 Mar 2023 | 35
President Biden kind of mostly bans commercial spyware from US govt Executive order has loopholes for Uncle Sam's snoop tools and American-made code Cyber-crime28 Mar 2023 | 15
Lawyers cough up $200k after health data stolen in Microsoft Exchange pillaging In addition to $100k given to LockBit Security27 Mar 2023 | 8
Gone in 120 seconds: Tesla Model 3 child's play for hackers In brief Plus OIG finds Uncle Sam fibbed over Login.gov Research27 Mar 2023 | 36
China crisis is a TikToking time bomb Opinion ByteDance with the devil if you dare Security27 Mar 2023 | 66
CISA unleashes Untitled Goose Tool to honk at danger in Microsoft's cloud Not a headline we expected to write today CSO24 Mar 2023 | 11
GitHub publishes RSA SSH host keys by mistake, issues update Getting connection failures? Don't panic. Get new keys Security24 Mar 2023 | 34
French parliament says oui to AI surveillance for 2024 Paris Olympics Liberté, égalité, reconnaissance faciale for all Security24 Mar 2023 | 46
Uncle Sam reveals it sent cyber-soldiers to Albania to hunt for Iranian threats 'Hunt forward' teams of this sort aid with defense and learn how attackers like Tehran operate Security24 Mar 2023 | 8
Critical infrastructure gear is full of flaws, but hey, at least it's certified Security researchers find bugs, big and small, in every industrial box probed CSO23 Mar 2023 | 20
Attackers hit Bitcoin ATMs to steal $1.5 million in crypto cash Terminal maker General Bytes shutters its cloud business after second breach in seven months Security23 Mar 2023 | 30
Bogus ChatGPT extension steals Facebook cookies All aboard the chatbot hype train! Next stop: Fraud Cyber-crime23 Mar 2023 | 9
B-List celebs including Lindsay Lohan fined after crypto shill probe Didn't disclose payments as mastermind pumped up value of tokens with fake trades Cyber-crime23 Mar 2023 | 40
South Korea fines McDonald's for data leak from raw SMB share British American Tobacco, Samsung, also burgered up their infosec Security23 Mar 2023 | 2
Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit Maybe this is deserved given the problem's in a hidden telnet service Research22 Mar 2023 | 24
German political parties accused of microtargeting voters on Facebook Country's super strong data rights under magnifying glass after half a dozen complaints filed Security22 Mar 2023 | 16
Unknown actors deploy malware to steal data in occupied regions of Ukraine If this is Kyiv's work, Russia can Crimea river Security22 Mar 2023 | 25
India's absurd infosec reporting rules get just 15 followers CERT-In was told its six-hour notification requirement was a bad idea – now it knows just how bad Security22 Mar 2023 | 3
Xi, Putin declare intent to rule the world of AI, infosec 'Technological sovereignty is the key to sustainability' states Russian despot Security22 Mar 2023 | 23
BreachForums shuts down ... but the RaidForums cybercrime universe will likely spawn a trilogy Admins decide reviving crime-mart is dangerous, hint at new chapter Cyber-crime22 Mar 2023 | 2
You just gonna take that AWS? Let Microsoft school your users on cloud security? And Google Cloud is next CSO21 Mar 2023 | 3
Ex-Meta security staffer accuses Greece of spying on her phone Beware of Greeks bearing GIFs Security21 Mar 2023 | 26
Putin to staffers: Throw out your iPhones, or 'give it to the kids' April Fools should use Russian or Chinese tech instead, Kremlin advises Security21 Mar 2023 | 38
Google suspends top Chinese shopping app Pinduoduo Alleges it’s infected with malware – but not the version in its own digital tat bazaar Security21 Mar 2023 | 4
Australian FinTech takes itself offline to deal with cyber incident that caused data leak Latitude blames a 'major vendor' for its woes. Is that a vendor? A cloud? Whoever they are, they're in trouble Cyber-crime21 Mar 2023 | 4
Ferrari in a spin as crims steal a car-load of customer data Speeds away from the very suggestion it would ever pay a ransom Cyber-crime21 Mar 2023 | 8
Privacy fail: Pictures cropped, redacted by Google Pixel phones can be recovered Updated aCropalypse Now, starring any 2018-or-later device Security20 Mar 2023 | 36
BBC to staff: Uninstall TikTok from our corporate kit unless you can 'justify' having it Those with 'sensitive' work-related information told to contact Beeb's security team Security20 Mar 2023 | 69
Vessels claiming to be Chinese warships are messing with passenger planes Australian airline Qantas warns pilots to keep calm and carry on amid reports of satnav and altimeter jamming Security20 Mar 2023 | 150
Police pounce on 'pompompurin' – alleged mastermind of BreachForums In Brief Crypto laundering service gets cleaned up by police and SVB mess draws in more criminals Security20 Mar 2023 | 3
TikTok cannot be considered a private company, says Australian report Asia In Brief ALSO: Japan ends chip supply crimp on South Korea, APAC infosec spending surges; Philippines SIM registration stalls Security19 Mar 2023 | 19
BianLian ransomware crew goes 100% extortion after free decryptor lands No good deed goes unpunished, or something like that Cyber-crime19 Mar 2023 | 5
You've been pwned, how much will each stolen customer SSN cost you? How about $7.5k? At the very least, with other costs on top Cyber-crime18 Mar 2023 | 16
Google: Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs Four flaws open mobiles, cars to remote-control at baseband level with just a phone number Patches17 Mar 2023 | 39
Eufy security cams 'ignore cloud opt-out, store unique IDs' of anyone who walks by Gadget maker accused of 'corporate voyeurism' by gathering up footage against your wishes Security17 Mar 2023 | 59
Feds arrest and charge exiled Chinese billionaire over massive crypto fraud This one has it all: Donald Trump’s inner circle, a Beijing bot backlash, conspiracy theories, and more Cyber-crime17 Mar 2023 | 22
Here's how Chinese cyber spies exploited a critical Fortinet bug Looks to be the same baddies attacking VMware hypervisors last year Security17 Mar 2023 | 6
FTX inner circle helped itself to $3.2B, liquidators say SBF alone pocketed $2.2B, or so this bankruptcy paperwork goes Cyber-crime16 Mar 2023 | 20
Got Conti? Here's the ransomware cure to avoid paying up Kaspersky cracks the code, so get busy before the next update comes Security16 Mar 2023 | 5
UK.gov bans TikTok from its devices as a 'precaution' over spying fears Gov staff using it on personal mobes just fine... it's not like ministers use WhatsApp etc for business ... oh wait Security16 Mar 2023 | 45
Hands up who DIDN'T exploit this years-old flaw to ransack a US govt web server... Why patching matters: Everyone seemingly had a crack at security bug Security15 Mar 2023 | 16
Cancer patient sues hospital after ransomware gang leaks her nude medical photos Victim offered two years of credit monitoring after highly sensitive records dumped online Security15 Mar 2023 | 36
SVB collapse's mix of money, urgency and uncertainty makes it irresistible to scammers Phishing, dodgy domain names, and sophisticated attacks already deployed Security15 Mar 2023 | 1
China sought control of submarine cables to spy, says Micronesia Outgoing president alleges Beijing is systematically bullying strategically located island paradise Security15 Mar 2023 | 18
Microsoft: Patch this severe Outlook bug that Russian miscreants exploited Patch Tuesday Plus: Fixes for SAP, Adobe. Android, Chrome Patches14 Mar 2023 | 37
Microsoft squashes Windows bug exploited to inflict ransomware misery Not-so-smart SmartScreen flagged up by Googlers Patches14 Mar 2023 | 5
UK refreshes national security plan to stop more of China's secret-stealing cyber-tricks A threat that needs two orgs to tackle it: the 'Integrated Security Fund' and the 'National Protective Security Authority' CSO14 Mar 2023 | 39
LockBit brags: We'll leak thousands of SpaceX blueprints stolen from supplier And also, Ring hit with ransomware, too? No, says Amazon Cyber-crime13 Mar 2023 | 19
Zoll Medical says intruders had 1M+ patient, staff records at their fingertips Names, addresses, SSNs all up for grabs Security13 Mar 2023 | 3
CISA joins forces with Women in CyberSecurity to break up the boy's club in brief Also, the FBI just admitted to bypassing warrants by buying cellphone location data, and this week's actionable items Security13 Mar 2023 | 17
The UK's bad encryption law can't withstand global contempt Opinion Any sufficiently stupid technology is indistinguishable from magical thinking Security13 Mar 2023 | 296
India floats idea of dedicated tribunal to handle online offences Consultation for the long-awaited Digital India Act is finally under way although the draft law's still not been revealed Cyber-crime13 Mar 2023 | 2
Google euthanizes Chrome Cleanup Tool because it no longer has a purpose Times have changed and unwanted software on Windows is a rarity (unless you count Windows itself) Security11 Mar 2023 | 4
What happens if you 'cover up' a ransomware infection? For Blackbaud, a $3m charge File under cost of doing business CSO10 Mar 2023 | 9
Electronics market shows US-China decoupling will hike inflation and slow growth Singapore's central bank has a gloomy vision of the future Security10 Mar 2023 | 7
Acronis downplays intrusion after 12GB trove leaks online Cyber-thief said goal was to 'humiliate' data-protection biz Cyber-crime10 Mar 2023 | 8
Catholic clergy surveillance org 'outs gay priests' Religious non-profit allegedly hoovered up location data from dating apps to ID clerics Security10 Mar 2023 | 100
FBI and international cops catch a NetWire RAT Malware-seekers were diverted to the Feds, severing a Croatian connection Cyber-crime10 Mar 2023 | 4
AT&T blames marketing bods for exposing 9M accounts Says it was old and boring data, so that's OK, then ... Security09 Mar 2023 | 8
US House reps, staff health data swiped in cyber-heist Data for sale via dark web, Senate in line of fire, too Cyber-crime09 Mar 2023 | 8
Refreshed from its holiday, Emotet has gone phishing Notorious botnet starts spamming again after a three-month pause Research09 Mar 2023 | 2
Suspected Chinese cyber spies target unpatched SonicWall devices They've been lurking in networks since at least 2021 Security09 Mar 2023 | 2
Dems, Repubs eye up ban on chat apps they don't like Clock is ticking for TikTok and other foreign natter-ware Security09 Mar 2023 | 14
Securing ways to share workplace passwords Keeper protects your team’s credentials without slowing down business Sponsored Feature
Boeing signs off design of anti-jamming tech that keeps satellites online China and Russia won't be jammin' US sats no more Security08 Mar 2023 | 27
Aussie tech worker payroll scheme operators found guilty of tax fraud Contractors left hanging while principals splurged on luxury goods Cyber-crime08 Mar 2023 | 19
Acer confirms server intrusion after miscreant offers 160GB cache of stolen files Customer info safe, or so we're told Cyber-crime08 Mar 2023 | 4
Alert: Crims hijack these DrayTek routers to attack biz Workaround: Throw away kit? Hope there's a patch? Security08 Mar 2023 | 4
Pro-Putin scammers trick politicians and celebrities into low-tech hoax video calls Who needs deepfakes when you've got makeup and 'element of surprise'? Security07 Mar 2023 | 13
EPA orders US states to check cyber security of public water supplies Don’t let miscreants poison the wells Security06 Mar 2023 | 8
DoppelPaymer ransomware suspects cuffed, alleged ringleaders escape Millions extorted from victims, one attack left hospital patient dead Cyber-crime06 Mar 2023 | 4
Where are the women in cyber security? On the dark side, study suggests In Brief Also, Royal ransomware metastasizes to other critical sectors, and this week's critical vulnerabilities Security06 Mar 2023 | 44
Secret Service, ICE break the law over and over with fake cell tower spying Investigations 'at risk' from sloppy surveillance uncovered by audit probe Security04 Mar 2023 | 28
Snap CISO: I rate software supply chain risk 9.9 out of 10 SCSW 'Understanding your inventory is absolutely No. 1' he tells The Reg Security04 Mar 2023 | 8
FTC: BetterHelp pushed users to share mental health info then gave it to Facebook Feds propose $7.8M payment and ban on revealing 'sensitive' data to settle complaint Security03 Mar 2023 | 22
Frankenstein malware stitched together from code of others disguised as PyPI package Crime-as-a-service vendors mix and match components as needed by client Research03 Mar 2023 | 3
Warning on SolarWinds-like supply-chain attacks: 'They're just getting bigger' SCSW Industry hasn't 'improved much at all' Mandiant's Eric Scales tells us Cyber-crime03 Mar 2023 | 22
German Digital Affairs Committee hearing heaps scorn on Chat Control Proposal to break encryption to scan messages for abuse material challenged as illegal and unworkable Security03 Mar 2023 | 22