Visit CyberThreat 2024 to hone your cybersecurity skills Sponsored Post Get together with the European cybersecurity community at a two-day conference in London this December Sponsored Post
Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds 'You can build this in a few days – even as a very naïve developer' Cybersecurity Month04 Oct 2024 | 49
Big names among thousands infected by payment-card-stealing CosmicSting crooks Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says Cybersecurity Month04 Oct 2024 | 5
Average North American CISO pay now $565K, mainly thanks to one weird trick Best way to boost your package is to leave, or pretend to Cybersecurity Month03 Oct 2024 | 10
Two British-Nigerian men sentenced over multimillion-dollar business email scam Fraudsters targeted local government, colleges, and construction firms in Texas and North Carolina Cybersecurity Month03 Oct 2024 | 11
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant Exclusive Crooks 'like a sysadmin, with a malicious slant' Cybersecurity Month03 Oct 2024 |
Brits hate how big tech handles their data, but can't be bothered to do much about it Managing the endless stream of cookie banners leaves little energy for anything else Cybersecurity Month03 Oct 2024 | 31
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking With 14 serious security flaws found, what a gift for spies and crooks Cybersecurity Month02 Oct 2024 | 19
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing Poor use of PHP include() strikes again Cybersecurity Month02 Oct 2024 | 4
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline Cybersecurity Month02 Oct 2024 | 8
'Patch yesterday': Zimbra mail servers under siege through RCE vuln Attacks began the day after public disclosure Cybersecurity Month02 Oct 2024 | 5
The fix for BGP's weaknesses has big, scary, issues of its own, boffins find Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works Security02 Oct 2024 | 8
Euro cops arrest 4 including suspected LockBit dev chilling on holiday And what looks like proof stolen data was never deleted even after ransom paid Cybersecurity Month01 Oct 2024 | 15
Evil Corp's deep ties with Russia and NATO member attacks exposed Ransomware criminals believed to have taken orders from intel services Cyber-crime01 Oct 2024 | 7
NCA unmasks man it suspects is both 'Evil Corp kingpin' and LockBit affiliate Aleksandr Ryzhenkov alleged to have extorted around $100M from victims, built 60 LockBit attacks Cybersecurity Month01 Oct 2024 |
Australian e-tailer digiDirect customers' info allegedly stolen and dumped online Full names, contact details, and company info – all the fixings for a phishing holiday Cybersecurity Month01 Oct 2024 |
Rackspace internal monitoring web servers hit by zero-day Exclusive Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Cybersecurity Month30 Sep 2024 | 11
Ransomware forces hospital to turn away ambulances Only level-one trauma unit in 400 miles crippled Cybersecurity Month30 Sep 2024 | 19
T-Mobile US to cough up $31.5M after that long string of security SNAFUs At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue' CSO30 Sep 2024 | 4
If you're holding important data, Iran is probably trying spearphish it It's election year for more than 50 countries and the Islamic Republic threatens a bunch of them Cyber-crime30 Sep 2024 | 6
Cisco is abandoning the LoRaWAN space, and there's no lifeboat for IoT customers Support stretches to end of 2029, no more maintenance beyond 2026
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking With 14 serious security flaws found, what a gift for spies and crooks
Bank of America app glitch zeroes out people's balances Updated Unidentified tech issues now resolved
Cloudflare beats patent troll so badly it basically gives up Networking giant pockets $225K, foe promises to stop suing and abandons IP
Mega supermarket spots stock discrepancy of tens of millions amid ERP system migration Exclusive Britain's Asda admits tech divorce from ex-owner Walmart is still overrunning
Average North American CISO pay now $565K, mainly thanks to one weird trick Best way to boost your package is to leave, or pretend to
Saying goodbye to the tech dreams Microsoft abandoned with Windows 11 24H2 Is that a Mixed Reality headset, or just a complicated paperweight? Oh and farewell WordPad
Latest in WordPress war: Automattic says it wanted 8% cut of WP Engine revenue Final update Trademark royalties is one way to force support of open source, we guess
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant Exclusive Crooks 'like a sysadmin, with a malicious slant'
Remote ID verification tech is often biased, bungling, and no good on its own Only 2 out of 5 tested products were equitable across demographics Public Sector30 Sep 2024 | 10
Cloud threats have execs the most freaked out because they're not prepared Ransomware? More like 'we don't care' for everyone but CISOs Research30 Sep 2024 | 3
AI code helpers just can't stop inventing package names LLMs are helpful, but don't use them for anything important AI + ML30 Sep 2024 | 65
Forget the Kia Boyz: Crooks could hijack your car with just a smartphone Infosec In Brief Plus: UK man charged with compromising firms for stock secrets; ransomware actor foils self; and more Security30 Sep 2024 | 17
Binance claims it helped to bust Chinese crypto scam app in India ASIA IN BRIEF Plus: SpaceX plans Vietnam investment; Yahoo! Japan content moderation secrets; LG offloads Chinese display factory; and more Cyber-crime30 Sep 2024 | 5
Red team hacker on how she 'breaks into buildings and pretends to be the bad guy' Interview Alethe Denis exposes tricks that made you fall for that return-to-office survey Cybersecurity Month29 Sep 2024 | 66
Feds charge 3 Iranians with 'hack-and-leak' of Trump 2024 campaign Snoops allegedly camped out in inboxes well into September Cyber-crime27 Sep 2024 | 12
Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more OSes27 Sep 2024 | 119
Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda Research27 Sep 2024 | 6
Patch now: Critical Nvidia bug allows container escape, complete host takeover 33% of cloud environments using the toolkit impacted, we're told Patches26 Sep 2024 | 16
HPE patches three critical security holes in Aruba PAPI More 9.8 bugs? Ay, papi! Patches26 Sep 2024 | 1
That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices Final update No patches yet, can be mitigated, requires user interaction Security26 Sep 2024 | 103
Victims lose $70K to one single wallet-draining app on Google's Play Store Attackers got 10K people to download 'trusted' web3 brand cheat before Mountain View intervened Cyber-crime26 Sep 2024 | 22
Public Wi-Fi operator investigating cyberattack at UK's busiest train stations Updated See it, say it… not sorted just yet as network access remains offline Cyber-crime26 Sep 2024 | 62
UK government's bank data sharing plan slammed as 'financial snoopers' charter' Access to account info needed to tackle benefit fraud, latest bill claims Security26 Sep 2024 | 139
WordPress.org denies service to WP Engine, potentially putting sites at risk Updated That escalated quickly Software26 Sep 2024 | 58
China's Salt Typhoon cyber spies are deep inside US ISPs Updated Expecting a longer storm season this year? Networks25 Sep 2024 | 4
RansomHub genius tries to put the squeeze on Delaware Libraries Extorting underfunded public services for $1M isn't a good look Cyber-crime25 Sep 2024 | 5
China claims Taiwan, not civilians, behind web vandalism Taipei laughs it off – and so does Beijing, which says political slurs hit sites nobody reads anyway Cyber-crime25 Sep 2024 | 2
CrowdStrike apologizes to Congress for 'perfect storm' that caused global IT outage Argues worse could happen if it loses kernel access Security25 Sep 2024 | 29
Who’s watching you the closest online? Google, duh Four Chocolate Factory trackers cracked the Top 25 in all regions Security24 Sep 2024 | 15
Russia's digital warfare on Ukraine shows no signs of slowing: Malware hits surge Severe incidents may be down, but Putin had to throw one in for good measure Cyber-crime24 Sep 2024 | 9
10 nasty software bugs put thousands of fuel storage tanks at risk of cyberattacks Thousands of devices remain vulnerable, US most exposed to the threat Security24 Sep 2024 | 18
How to spot a North Korean agent before they get comfy inside payroll Mandiant publishes cheat sheet for weeding out fraudulent IT staff Cyber-crime24 Sep 2024 | 19
Some US Kaspersky customers find their security software replaced by 'UltraAV' Back story to replacement for banned security app isn't enormously reassuring Security24 Sep 2024 | 38
Telegram will now hand over IP addresses, phone numbers of suspects to cops Maybe a spell in a French cell changed Durov's mind Personal Tech23 Sep 2024 | 36
'Cybersecurity issue' takes MoneyGram offline for three days – and counting Still no ‘R’ word, but smells like ransomware from here Cyber-crime23 Sep 2024 | 6
Necro malware continues to haunt side-loaders of dodgy Android mods Updated 11M devices exposed to trojan, Kaspersky says Cyber-crime23 Sep 2024 | 2
US proposes ban on Chinese, Russian connected car tech over security fears No room for your spy mobiles on our streets Software23 Sep 2024 | 28
So how's Microsoft's Secure Future Initiative going? 34,000 engineers pledged to the cause, but no word on exec pay Security23 Sep 2024 | 6
UPS supplier's password policy flip-flops from unlimited, to 32, then 64 characters That 'third party' person sure is responsible for a lot of IT blunders, eh? Security23 Sep 2024 | 38
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town No malware crew linked to this latest red-teaming tool yet Research23 Sep 2024 |
Apple's latest macOS release is breaking security software, network connections Infosec In Brief PLUS: Payer of $75M ransom reportedly identified; Craigslist founder becomes security philanthropist, and more Security23 Sep 2024 | 22
US indicts two over socially engineered $230M+ crypto heist Just one victim milked of nearly a quarter of a billion bucks Cyber-crime20 Sep 2024 | 26
Ivanti patches exploited admin command execution flaw Fears over chained attacks affecting EOL product Patches20 Sep 2024 | 8
Cybercrooks strut away with haute couture Harvey Nichols data Nothing high-end about the sparsely detailed, poorly publicized breach Cyber-crime20 Sep 2024 | 10
CISA boss: Makers of insecure software must stop enabling today's cyber villains Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret' Software20 Sep 2024 | 93
Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims Boasts 'appear to be credible' experts tell El Reg Cyber-crime19 Sep 2024 | 7
No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom Says Lina Khan in latest push to rein in Meta, Google, Amazon and pals Personal Tech19 Sep 2024 | 26
Iran's cyber-goons emailed stolen Trump info to Team Biden – which ignored them To be fair, Joe was probably taking a nap Cyber-crime19 Sep 2024 | 50
1 in 10 orgs dumping their security vendors after CrowdStrike outage Many left reeling from July's IT meltdown, but not to worry, it was all unavoidable Security19 Sep 2024 | 8
Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations Updated Better check your widgets, people Research19 Sep 2024 | 7
UK activists targeted with Pegasus spyware ask police to charge NSO Group 4 file complaint with London's Met, alleging malware maker helped autocratic states violate their privacy Security19 Sep 2024 | 13
Tor insists its network is safe after German cops convict CSAM dark-web admin Outdated software blamed for cracks in the armor Cyber-crime19 Sep 2024 | 25
FBI boss says China 'burned down' 260,000-device botnet when confronted by Feds Plus: Wray tells how bureau helps certain victims negotiate with ransomware crooks Cyber-crime18 Sep 2024 | 22
Deja blues... LockBit boasts once again of ransoming IRS-authorized eFile.com Add 'ransomware' to the list of certainties in life? Cyber-crime18 Sep 2024 | 1
Putin really wants Trump back in the White House US govt, Microsoft report on Kremlin trolls' latest antics to Make America Grate Again Research18 Sep 2024 | 268
Lebanon now hit with deadly walkie-talkie blasts as Israel declares ‘new phase’ of war Updated Second wave of exploding gear kills at least 14 today Security18 Sep 2024 | 184
Chinese spies spent months inside aerospace engineering firm's network via legacy IT Exclusive Getting sloppy, Xi CSO18 Sep 2024 | 32
Cops across the world arrest 51 in orchestrated takedown of Ghost crime platform Italian mafia mobsters and Irish crime families scuppered by international cops Cyber-crime18 Sep 2024 | 18
Despite Russia warnings, Western critical infrastructure remains unprepared Feature 'Lives will be lost' as Moscow ramps up offensive cyber military units Cyber-crime18 Sep 2024 | 29
Australian Police conducted supply chain attack on criminal collaborationware Sting led to cuffing of alleged operator behind Ghost – an app for drug trafficking, money laundering, and violence-as-a-service Cyber-crime18 Sep 2024 | 9
WhatsApp still working on making View Once chats actually disappear for all Updated So far it's more like View Forever Patches18 Sep 2024 | 16
VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation Bug reports made in China Virtualization17 Sep 2024 | 1
Google Cloud Document AI flaw (still) allows data theft despite bounty payout Updated Chocolate Factory downgrades risk, citing the need for attacker access Security17 Sep 2024 |
Lebanon: At least nine dead, thousands hurt after Hezbollah pagers explode Eight-year-old among those slain, Israel blamed, Iran's Lebanese ambassador wounded, it's said Security17 Sep 2024 | 183
Rhysida ransomware gang ships off Port of Seattle data for $6M Auction acts as payback after authority publicly refuses to pay up Cyber-crime17 Sep 2024 | 2
Secure your organization Ransomware resilience in a multi-cloud world: attend this exclusive event in Boston, MA Sponsored Event
Predator spyware kingpins added to US sanctions list Designations come as new infrastructure spins up in Africa Security17 Sep 2024 | 2
China claims Starlink signals can reveal stealth aircraft – and what that really means If this really was that useful, they wouldn't be telling us Security17 Sep 2024 | 98
Chinese national accused by Feds of spear-phishing for NASA, military source code May have reeled in blueprints related to weapons development Cyber-crime17 Sep 2024 | 6
Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day Analysis The C in these CVEs stands for Confusing Security17 Sep 2024 | 8
The empire of C++ strikes back with Safe C++ blueprint You pipsqueaks want memory safety? We'll show you memory safety! We'll borrow that borrow checker Applications16 Sep 2024 | 112
Snowflake slams 'more MFA' button again – months after Ticketmaster, Santander breaches Now it's the default for all new accounts Security16 Sep 2024 | 2
Germany’s CDU still struggling to restore data months after June cyberattack Putting a spanner in work for plans of opposition party to launch a comeback during next year's elections Cyber-crime16 Sep 2024 | 1
Prison just got rougher as band of heinously violent cybercrims sentenced to lengthy stints Orchestrators of abductions, torture, crypto thefts, and more get their comeuppance Cyber-crime16 Sep 2024 | 20
China’s quantum* crypto tech may be unhackable, but it's hardly a secret Opinion * Quite Unlikely A New Technology’s Useful, Man Security16 Sep 2024 | 52
23andMe settles class-action breach lawsuit for $30 million Infosec In Brief Also: Apple to end NSO Group lawsuit; Malicious Python dev job offers; Dark web kingpins busted; and more Security16 Sep 2024 | 20
Feeld dating app's security too open-minded as private data swings into public view No love for months-long wait to fix this, either Research13 Sep 2024 | 7
Cambodian senator sanctioned by US over alleged forced labor cyber-scam camps Do not go on holiday to the O Smach Resort Cyber-crime13 Sep 2024 | 8
Australia’s government spent the week boxing Big Tech With social media age limits, anti-scam laws, privacy tweaks, and misinformation rules Elon Musk labelled 'fascist' Public Sector13 Sep 2024 | 41
Feds pull plug on domains linked to import of Chinese gun conversion devices Illegal goods allegedly shipped to the US labeled as toys or jewels Cyber-crime13 Sep 2024 | 30
Fortinet admits miscreant got hold of customer data in the cloud That would explain this 440GB leak, then Cyber-crime13 Sep 2024 | 5
'Hadooken' Linux malware targets Oracle WebLogic servers Nastyware seeks creds, mines crypto, and plants ransomware that isnt deployed - for now? Security13 Sep 2024 | 3
I stole 20 GB of data from Capgemini – and now I'm leaking it, says cybercrook Updated Allegedly pilfered database has source code, private keys, staff info, T-Mobile VM logs, more Cyber-crime12 Sep 2024 | 20
Mastercard splurges $2.65B on another big cyber purchase – Recorded Future Oh, turns out there are some things money can buy Security12 Sep 2024 | 4
Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing SaaS seller sets severity to 'critical' Patches12 Sep 2024 | 4
Google Chrome gets a mind of its own for some security fixes Browser becomes more proactive about trimming unneeded permissions and deceptive notifications Security12 Sep 2024 | 11
Transport for London confirms 5,000 users' bank data exposed, pulls large chunks of IT infra offline NCA confirms arrest of 17-year-old 'on suspicion of Computer Misuse Act offences' – now bailed Cyber-crime12 Sep 2024 | 66