Microsoft trumps Google for 2021-22 bug bounty payouts
Another $13.7m handed out to researchers, but then again it does have an awful lot of attack surfaces
Security12 Aug 2022 |
Security
Intel ups protection against physical chip attacks in Alder Lake
Black Hat Repurposes logic originally used for spotting variations in voltage, timing in older circuits to help performance
Security12 Aug 2022 | 3
Emergency services call-handling provider: Ransomware forced it to pull servers offline
Advanced's infrastructure still down and out, recovery to take weeks or more
Security12 Aug 2022 | 11
FAANGs failing on keeping user data safe from bug hunters
Black Hat Time to call in the legal team
Security12 Aug 2022 | 3
Higher risks and premiums are creating critical gap in cyber insurance
Black Hat Most organizations don’t have the financial resources necessary to address ransomware and other cyberattacks, BlackBerry says
Security11 Aug 2022 | 2
Security needs to learn from the aviation biz to avoid crashing
Black Hat video 'Until someone has to go to jail for doing it wrong the teeth are not going to be the same'
Security11 Aug 2022 | 45
Russian invasion has dangerously destabilized cyber security norms
Black Hat The inside scoop on the Ukrainian IT army, and what could happen next
Security11 Aug 2022 | 21
AWS and Splunk partner for faster cyberattack response
Black Hat OCSF initiative will give enterprise security teams an open standard for moving and analyzing threat data
Security11 Aug 2022 |
Ex-CIA security boss predicts coming crackdown on spyware
Black Hat video Plus, spoiler alert: ransomware is gonna get a lot worse
Security11 Aug 2022 | 1
Sonatype spots another PyPI package behaving badly
Identity of a real person was used to lend credence to a package that dropped cryptominer in memory
Cyber-crime11 Aug 2022 |
Keeping the enemy at the gate
Stop ransomware with Zero Trust security networks in place
Webinar
Don't be surprised if your organization suffers multiple cyberattacks
Black Hat Failing to fix flaws, a crowded threat group scene, RaaS, and dependencies among crooks are fueling the trend
Security11 Aug 2022 | 4
Making the cloud a safer place with SANS
Get advice from experts on how to nail cloud native security in a multi-cloud world
Sponsored Post
Cisco admits corporate network compromised by gang with links to Lapsus$
Voice-phished their way in, but Switchzilla claims no damage done
Security11 Aug 2022 | 7
Meta privacy red team lead: Does your business know its privacy adversaries?
Black Hat Ethical hackers, but for privacy programs
Security11 Aug 2022 | 4
Boffins rate npm and PyPI package security and it's not good
Guess what? Open source security still has gaps
Security11 Aug 2022 | 15
Ex-CISA chief Krebs calls for US to get serious on security
Black Hat Black Hat kicks off with call for single infosec agency with real clout and less confused crossover
Security10 Aug 2022 | 10
As Black Hat kicks off, the US government is getting the message on hiring security talent
Black Hat Katie Moussouris tells it like it is
Security10 Aug 2022 | 10
Maui ransomware linked to North Korean group Andariel
Attack origins point to April 2021 first strike on Japanese target
Security10 Aug 2022 | 1
Google's bug bounty boss: Finding and patching vulns? 'Totally useless'
Disclosing exploits, however, will earn you $100k
Security10 Aug 2022 | 13
Popular
General Motors charging mandatory $1,500 fee for three years of optional car features
Don't want the services? You'll still have to pay for them, activated or not
DoE digs up molten salt nuclear reactor tech, taps Los Alamos to lead the way back
The collaborative effort pits supercomputers against the agency's corrosive reactor research
Rescuezilla 2.4 is here: Grab it before you need it
A fork of Redo Rescue that outdoes the original – and beats Clonezilla too
Google tells Apple to 'fix text messaging' in bid to promote RCS protocol
iMessage talks to Android users via outdated SMS/MMS, ad giant complains
Russian invasion has dangerously destabilized cyber security norms
Black Hat The inside scoop on the Ukrainian IT army, and what could happen next
Facebook hands over chats to cops in post-Roe abortion case
'If your business model depends on more aggressive surveillance, maybe you need a new business model'
Economic uncertainty can't stop cloud growth
You may have had your fill of chips – but AWS, GCP, and Azure are still hungry, analyst tells El Reg
Cisco admits corporate network compromised by gang with links to Lapsus$
Voice-phished their way in, but Switchzilla claims no damage done
Four charged with tricking Qualcomm into buying $150m startup
Updated Technically the chip giant already owned the tech due to real inventor’s contract, according to DoJ
As Black Hat kicks off, the US government is getting the message on hiring security talent
Black Hat Katie Moussouris tells it like it is
STORIES
Cloudflare: Someone tried to pull the Twilio phishing tactic on us too
Attack was foiled by content delivery network's hardware security keys
Security10 Aug 2022 | 10
Businesses should dump Windows for the Linux desktop
Opinion It makes perfect sense for enterprises as well as enthusiasts. Just ask GitLab
Security10 Aug 2022 | 238
Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Oh, and that critical VMware auth bypass vuln? Miscreants found it, too
Security09 Aug 2022 | 7
APIC fail: Intel 'Sunny Cove' chips with SGX spill secrets
AMD Zen chips, meanwhile, are vulnerable to side-channel data scrying
Security09 Aug 2022 | 1
Malicious deepfakes used in attacks up 13% from last year, VMware finds
Plus: Crooks swimming around your network, looking for a way in, says Incident Response Threat Report
Security09 Aug 2022 |
Microsoft's fix for 'data damage' risk hits PC performance
'AES-based operations might be two times slower' without latest updates
Security09 Aug 2022 | 23
Chinese scammers target kids with promise of extra gaming hours
Cyberspace regulator's fraud report finds all is not well behind the Great Firewall
Cyber-crime09 Aug 2022 | 5
China-linked spies used six backdoors to steal info from defense, industrial enterprise orgs
We're 'highly likely' to see similar attacks, Kaspersky warned
Security09 Aug 2022 | 6
US treasury whips up sanctions for crypto mixer Tornado Cash
Being the money launderer for North Korea’s Lazarus Group comes at a price
Cyber-crime08 Aug 2022 | 20
Twilio customer data exposed after its staffers got phished
Comms giant says several other firms targeted in 'sophisticated attack'
Cyber-crime08 Aug 2022 | 13
Microsoft tightens Edge security for less visited websites
We're pretty sure that doesn't mean it's safe to click on sketchy popups
Security08 Aug 2022 | 13
Slack leaked hashed passwords from its servers for years
Users who created shared invitation links for their workspace had login details slip out among encrypted traffic
Security08 Aug 2022 | 11
Dark Utilities C2 service draws thousands of cyber criminals
Nascent platform provides miscreants an easier and cheaper way to launch remote access, DDoS, and other attacks
Security08 Aug 2022 | 1
DuckDuckGo says Hell, Hell, No to those Microsoft trackers after web revolt
In brief Plus: That Twitter privacy leak, scammers send Ubers for victims, critical flaw in Cisco gear, and more
Security06 Aug 2022 | 38
Hi, I'll be your ransomware negotiator today – but don't tell the crooks that
Interview What it's like bargaining with criminals ... and advising clients suffering their worst day yet
CSO06 Aug 2022 | 41
Nomad to crypto thieves: Please give us back 90%, keep 10% as a reward. Deal?
The Feds may see things differently
Cyber-crime05 Aug 2022 | 17
Warning! Critical flaws found in US Emergency Alert System
DEF CON may be about to blow lid off security hole
Patches05 Aug 2022 | 14
Critical flaws found in four Cisco SMB router ranges – for the second time this year
At least Switchzilla thinks they're salvageable, unlike the boxes it ordered binned back in June
Security05 Aug 2022 | 14
Bloke robbed of $800,000 in cryptocurrency by fake wallet app wants payback from Google
I got played via the Play store
Cyber-crime04 Aug 2022 | 57
Taiwanese military reports DDoS in wake of Pelosi visit
Controversial visit to Taiwan continues to reverberate through cyberspace, the real world, and the semiconductor industry
Security04 Aug 2022 | 36
India scraps data protection law in favor of better law coming … sometime
Tech giants and digital rights groups didn't like it, but at least it was a law
Security04 Aug 2022 | 5
Student crashes Cloudflare beta party, redirects email, bags a bug bounty
Simple to exploit, enough to pocket $3,000
Research04 Aug 2022 | 8
UK Parliament bins its TikTok account over China surveillance fears
Plan to educate the children turned out to be a 'won't someone think of the children?' moment
Security04 Aug 2022 | 42
Solana, Phantom blame Slope after millions in crypto-coins stolen from 8,000 wallets
SOL holders literally S.O.L.
Cyber-crime04 Aug 2022 | 35
Microsoft widens enterprise access to its threat intelligence pool
Organizations can be more proactive in tracking threats, finding holes in their protection
Security03 Aug 2022 |
Ex-T-Mobile US store owner phished staff, raked in $25m from unlocking phones
That's just the tip of the iceberg – and now he faces potentially years in the clink
Cyber-crime03 Aug 2022 | 15
Sonatype shines light on typosquatting ransomware threat in PyPI
It's all fun and games until somebody gets their files encrypted
Security03 Aug 2022 | 7
You can’t choose when you’ll be hit by ransomware, but you can choose how you prepare
Without a road to recovery, you’re just going to be roadkill
Sponsored Feature
NortonLifeLock and Avast $8.6b deal gets provisional yes from UK regulator
Plus: Even market authorities can't seem to keep up with Microsoft's Defender branding
Security03 Aug 2022 | 6
Post-quantum crypto cracked in an hour with one core of an ancient Xeon
NIST's nifty new algorithm looks like it's in trouble
Research03 Aug 2022 | 82
Nancy Pelosi ties Chinese cyber-attacks to need for Taiwan visit
And as if to confirm the link, a DDoS takes out Taiwan's presidential website ahead of senior politico's arrival
Security03 Aug 2022 | 113
VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws
Meanwhile, a security update for rsync
Patches03 Aug 2022 | 1
How a crypto bridge bug led to a $200m 'decentralized crowd looting'
Flash mob exploits Nomad's validation code blunder
Security02 Aug 2022 | 24
Robinhood's crypto unit hit with $30m fine over security, anti-crime misses
Updated And just lays off about a quarter of staff
CSO02 Aug 2022 | 4
How cybercrims embrace messaging apps to spread malware, communicate
Underground forums are so last year. Telegram, Discord offer better privacy, functionality to criminals, says Intel 471
Security02 Aug 2022 | 5
Bot army risk as 3,000+ apps found spilling Twitter API keys
Please stop leaving credentials where miscreants can find them
Security02 Aug 2022 | 18
Miscreants aim to cause Discord discord with malicious npm packages
LofyLife campaign comes amid GitHub security lockdown
Research02 Aug 2022 | 2
Charges filed over $300m 'textbook pyramid and Ponzi scheme' crypto startup
Financial watchdog accuses 11 of playing role in alleged scam
Cyber-crime02 Aug 2022 | 17
Defence against the dark arts of ransomware
Locking in safeguards against incursion with Rubrik Zero Trust Security
Webinar
Akamai: We stopped record DDoS attack in Europe
A 'sophisticated, global botnet' held an Eastern European biz under siege over 30 days
Cyber-crime01 Aug 2022 | 12
Spyware developer charged by Australian Police after 14,500 sales
Asia In Brief PLUS: India open to space tourism; China/Indonesia infosec pact; Paytm denies breach; Infosys dodges government again; and more
Security01 Aug 2022 | 2
Tim Hortons offers free coffee and donut to settle data privacy invasion claims
In brief Also, malicious VBA macros are out and container files are in, Robin Banks helps criminals rob banks, and more
Security30 Jul 2022 | 36
This is what to expect when a managed service provider gets popped
MSP should just stand for My Server's Pwned!
Cyber-crime30 Jul 2022 | 11
Feds put $10m bounty on Putin pal accused of bankrolling US election troll farm
Just in time for the midterms
Cyber-crime29 Jul 2022 | 54
Decentralized IPFS networks forming the 'hotbed of phishing'
P2P file system makes it more difficult to detect and take down malicious content
Security29 Jul 2022 | 23
BreachForums booms on the back of billion-record Chinese data leak
Plenty of recent users appear to be from China, and hoping for more leaks of local data
Security29 Jul 2022 |
Businesses confess: We pass cyberattack costs onto customers
Cover an average of $4.4 million per raid ourselves? No chance, mate
Security29 Jul 2022 | 21
US court system suffered 'incredibly significant attack' – sealed files at risk
Effects still being felt today across US government
Security29 Jul 2022 | 15
JPMorgan, UBS among trio accused of shoddy ID theft protection
SEC extracts pocket change from bankers, wags finger, sends them on their way
Cyber-crime28 Jul 2022 | 2
Suspected radiation alert saboteurs cuffed by cops after sensors disabled
You might say the police were in their element
Security28 Jul 2022 | 22
Google brings Street View back to India following 2016 ban
This time local companies provide the images and there's no mention of national security worries
Security28 Jul 2022 | 10
FileWave fixes bugs that left 1,000+ orgs open to ransomware, data theft
Internet-connected MDM instances, each with an 'unrestricted number' of managed devices, were vulnerable
Security27 Jul 2022 | 5
We're likely only seeing 'the tip of the iceberg' of Pegasus spyware use against the US
House intel chair raises snoop tool concerns as Google and others call for greater crack down
Security27 Jul 2022 | 19
US puts $10 million bounty on North Korean cyber-crews
Kim will be shaking in his shoes
Security27 Jul 2022 | 7
Apple network traffic takes mysterious detour through Russia
Land of Putin capable of attacking routes in cyberspace as well as real world
Security27 Jul 2022 | 30
AWS ups security for Elastic Block Store, Kubernetes service
Stretching its security software a bit further
Security27 Jul 2022 |
Knotweed Euro cyber mercenaries attacking private sector, says Microsoft
Reports seeing 'offensive actor' flinging SubZero malware
Security27 Jul 2022 | 4
Time from vulnerability disclosures to exploits is shrinking
Palo Alto Networks Unit 42 incident response team warns of patch speedups
Security27 Jul 2022 |
Weak data protection helped China attack US Federal Reserve, report says
Details of adversarial tradecraft detailed, includes many email accounts
Cyber-crime27 Jul 2022 | 2
IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe
Big Blue says it helped developed the algos, so knows what it's doing
Security27 Jul 2022 | 10
Vietnamese attacker circumvents Facebook security with ‘DUCKTAIL’ malware
Session cookies and 2FA subversion allow takeover of biz and ad accounts, lead to unauthorized ad buys
Research27 Jul 2022 | 8
Charter told to pay $7.3b in damages after cable installer murders grandmother
Broadband giant says it will appeal jury verdict in negligence case
Cyber-crime27 Jul 2022 | 83
Crypto exchange Kraken reportedly hunted by the Feds for alleged sanctions busting
Plus: Coinbase said to face SEC wrath, blockchain scam CEO admits using victims' millions to fund Hawaiian condo
Cyber-crime26 Jul 2022 | 10
Culture shock: Ransomware gang sacks arts orgs' email lists
Don't worry, the crooks totally deleted the data and promised not to use it for evil
Cyber-crime26 Jul 2022 | 4
Luca Stealer malware spreads rapidly after code handily appears on GitHub
Cool, another Rust project ... Oh
Security26 Jul 2022 | 3
With ransomware, the road to recovery starts well before you’re attacked
Learn how to orchestrate your survival strategy here
Webinar
Ransomware less popular this year, but malware up: SonicWall cyber threat report
Be ready for a rebound, and protect yourself with patching and segmentation
Security26 Jul 2022 | 1
Cyber security training to fit your summer plans
A flexible approach to cyber security training and certification from SANS & GIAC
Sponsored Post
LockBit ransomware gang claims it ransacked Italy’s tax agency
Miscreants boast of 78GB haul, officials say everything's fine
Security26 Jul 2022 | 7
Node.js prototype pollution is bad for your app environment
Boffins find common code constructs that may be exploitable to achieve remote code execution
Research25 Jul 2022 | 5
T-Mobile US to cough up $550m after info stolen on 77m customers
Oops, did the Un-carrier under-count by 29m punters?
CSO25 Jul 2022 | 8
Twitter launches probe after miscreants claim to have swiped 5.4m users' details
And yes, Musk is back in the headlines, denying another affair
Cyber-crime25 Jul 2022 | 7
Cyber-mercenaries for hire represent shifting criminal business model
Emerging threat group offers a broad range of attack services
Security25 Jul 2022 | 9
DoJ approves Google's acquisition of Mandiant
In Brief Plus: Ukrainian fake news and Uber admits covering up data breach
Security25 Jul 2022 | 2
Infosec not your job but your responsibility? How to be smarter than the average bear
Opinion Many of last week's security stories tell the same tale
Security25 Jul 2022 | 20
Realizing your software has a vulnerability is bad. Realizing you’ve shipped it to thousands of customers…
How bad can it be? Find out with this webinar
Webinar
My Big Coin founder is – you guessed it – a $6m crypto-fraudster
Con man blew victims' cash on antiques, artwork, other riches
Cyber-crime22 Jul 2022 | 54
Microsoft closes off two avenues of attack: Office macros, RDP brute-forcing
Blockade against VBA scripts in downloaded files is back on by default
CSO22 Jul 2022 | 15
Don't dive head first into that crypto pool, FBI warns
Liquidity scams cost victims more than $70m, agents say
Cyber-crime22 Jul 2022 | 18
At the edge, nobody can hear your IoT devices scream …
Red Hat’s approach to locking down remote industrial networks and data processing facilities
Sponsored Feature
