Security
BadgerDAO DeFi defunded as hackers apparently nab millions in crypto tokens
Badger, badger, badger, coin theft, coin theft!
02 Dec 22:58 | 1
Security
Security
New UK product security law won't be undercut by rogue traders upping and vanishing, government boasts
El Reg asks about phoenixing – but will answer convince world+dog?
02 Dec 09:15 | 31
Security
European Cybercrime Centre confident it's kicked credit card crims – again
Poised to reveal similar haul to 2020's €40M loss prevention total
02 Dec 08:21 | 4
Updated
Three key ransomware actors changed jobs on October 18 – the same day REvil went dark
Underground industry grows in complexity and sophistication, says Santander Group researcher
02 Dec 05:58 | 3
Paid Feature
Rewriting your disaster recovery plan might just save your company…and could transform it
Just be sure it actually works
01 Dec 21:00 |
Security
Singapore and UK ink digital trade agreements at Future Tech Forum in London
Such memorandums of understanding are all the rage
01 Dec 14:30 |
Security
Pension cold-calling financial services biz cops largest ever fine from UK data watchdog
EB Associates facing £140k penalty for 107,000 illegal calls
01 Dec 13:50 | 41
Security
UK watchdog's punishment for Blackbaud, Easyjet, other big privacy lawbreakers was slap on the wrist in private
Is this what they call light-touch regulation?
01 Dec 07:28 | 21
Security
UK intel chief says MI6 must outsource innovation – and James Bond's in-house 'Q' is nonsense
China is on the march, Russia loves to destabilise, no intelligence agency can stop 'em without help
01 Dec 03:56 | 37
Security
It's the flu season – FluBot, that is: Surge of info-stealing Android malware detected
And a bunch of bank-account-raiding trojans also identified
30 Nov 20:11 | 5
Security
Visiting a booby-trapped webpage could give attackers code execution privileges on HP network printers
Patches available for 150 affected products
30 Nov 15:59 | 23
Video
Leaked footage shows British F-35B falling off HMS Queen Elizabeth and pilot's death-defying ejection
Parachute snagged on ship's bows
30 Nov 14:55 | 153
Security
Lloyd's of London suggests insurers should not cover 'retaliatory cyber operations' between nation states
And they might attribute cyber attacks if governments won't
30 Nov 14:02 | 20
Paid Post
Winter is coming … with a blizzard of live and virtual SANS Institute events
Or a long, hot summer of cybersec training, depending where you are
30 Nov 07:30 |
Security
Panasonic admits intruders were inside its servers for months
Spotted the crack after it ended – still not sure what was lost
30 Nov 04:27 | 10
Security
Wind turbine maker Vestas confirms recent security incident was ransomware
10 days after attack 'almost all systems' up and running, refuses to say if ransom was paid
29 Nov 14:29 | 10
Security
Australia will force social networks to identify trolls, so they can be sued for defamation
At the same time, will overrule court decision that traditional publishers are liable for comments on social media
29 Nov 01:15 | 54
Security
EU needs more cybersecurity graduates, says ENISA infosec agency – pointing at growing list of master's degree courses
Skills gap needs filling somehow
26 Nov 16:37 | 6
Security
Privacy Sandbox saga continues: UK watchdog extracts more commitments from Google over ad tech
Roll up, roll up. Come and be the CMA-approved trustee to keep an eye on the Chocolate Factory's antics
26 Nov 13:33 | 11
Security
Government-favoured child safety app warned it could violate the UK's Investigatory Powers Act with message-scanning tech
Redesigned SafeToNet feature highlights tech law mess
26 Nov 12:23 | 63
Popular
Snapdragon Tech Summit
Qualcomm takes a swipe at Apple's build-not-buy culture (because it wants to sell stuff to Apple)
Suggests collaboration with OS suppliers is the best way to innovate, ignoring that Google just designed its own silicon for Pixel 6
Software
What a cluster fsck: New scheduling code plus Intel's Alder Lake CPU mix equals a slower Linux kernel 5.16
Can we just postpone these changes to next year?
Re:Invent
AWS unveils Graviton3 Arm chips and more. But the real story is the slide from IaaS to packaged solutions
CEO Adam Selipsky takes the stage in Vegas – and may be on a collision course with customers
Servers
Cisco tells UCS owners they may have a screw loose – in the server chassis
Power supplies are screwed up because they're not all screwed in
Software
On the first day of Christmas, my true love gave to me... a coding puzzle and it's a doozy
2021 Advent of Code prepares for launch
On-Prem
Google sued for firing staff who claim they tried to follow 'Don't be evil' motto
Civil complaint dovetails with ongoing litigation over alleged union busting
Security
UK intel chief says MI6 must outsource innovation – and James Bond's in-house 'Q' is nonsense
China is on the march, Russia loves to destabilise, no intelligence agency can stop 'em without help
Science
We've seen things you people wouldn't believe. Mega-comets lurking in solar systems, spewing carbon monoxide
Comet BB is not only largest of its type that we know of, it was likely active billions of miles from the Sun
Personal Tech
Samsung wheels out new silicon that turns cars into 5G-fuelled entertainment hubs
Nice wheels! Thanks, it's got eight Cortex-A76 cores, a 5G modem and 32GB of RAM
OSes
Microsoft: What's that? A patch for make-me-admin vuln? Sorry – can't hear you. Have a new jumper instead
Redmond fiddles with Paint while Windows burns
STORIES
Paid Post
If you want to see off next year’s cyber-threats, the time to prepare is … now
Fast forward into 2022 with Sophos’ Cybersecurity Summit 2021
26 Nov 07:25 |
Security
Microsoft Defender for Endpoint laid low. Not by malware, but by another buggy Windows patch
Only affects Windows Server Core, so that's alright then
25 Nov 18:01 | 11
Advertorial
It’s about the survival of the fittest – CISOs must be brave enough to throw away their security playbook, or suffer the consequences
The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them.
25 Nov 17:00 |
Security
UK.gov emits draft IoT and smartphone security law for Parliamentary scrutiny
Mandatory vuln reporting, hefty fines for non-compliance
25 Nov 09:30 | 53
Security
Google advises passwords are good, spear phishing is bad, and free clouds get attacked
Ad giant's first stab at providing the 'world's premier security advisory' starts with the obvious
25 Nov 06:59 | 11
Updated
Huawei's AppGallery riddled with malware-infected games
Cynos.7 trojan found its way into 9.3 million downloads
25 Nov 04:58 | 19
Security
US bans Chinese firms – including one linked to HPE’s China JV – for feeding tech to Beijing's military
Other additions to Entity List are accused of helping Pakistan, North Korea make nukes, missiles
25 Nov 01:11 | 33
Security
Max Schrems hits Irish Data Protection Commissioner with corruption complaint
Watchdog argues 'fairness' in process should keep some documents confidential
24 Nov 15:05 | 17
Security
Apple's Pegasus lawsuit a 'declaration of war' against offensive software developers, says Kaspersky director
Regional exec says Apple wants offensive researchers out of the field because they are harmful to the reputation of the company
24 Nov 13:12 | 75
Security
How a malicious Android app could covertly turn the DSP in your MediaTek-powered phone into an eavesdropping bug
Millions of devices potentially vulnerable, we're told
24 Nov 11:00 | 22
Advertorial
Yes, ransomware is your number one security nightmare. But here’s how to sleep easy
Here’s a clue … it involves encryption
24 Nov 07:30 |
Security
China trying to export its Great Firewall and governance model
Beware of Communists bearing internet governance proposals, says Australian Strategic Policy Institute
24 Nov 02:56 | 29
Security
Apple sues 'amoral 21st century mercenaries' NSO for infecting iPhones with Pegasus spyware
iGiant pledges any damages plus $10m to anti-cybersurveillance groups
23 Nov 20:58 | 84
Security
Zero-day proof-of-concept exploit lands for Windows make-me-admin vulnerability
InstallerFileTakeOver code pops up on GitHub
23 Nov 20:21 | 9
Poll
Crypto for cryptographers! Infosec types revolt against use of ancient abbreviation by Bitcoin and NFT devotees
Complaints abound that yoof use it to mean 'digital currency'
23 Nov 18:45 | 85
Security
Alleged Brit SIM-swapper will kill himself if extradited to US for trial, London court told
'Exceptional' case involves 100 BTC payoff, judge told
23 Nov 16:10 | 71
Security
UK Ministry of Justice secures HVAC systems 'protected' by passwordless Wi-Fi after Register tipoff
There's a default admin password online too
23 Nov 10:15 | 35
In brief
Infosec bods: After more than a year, Sky gets round to squashing hijacking bug in 6m home broadband routers
Plus: DNS cache poisoning again, cops probe property conveyancing group's IT outage, Azure hole addressed, and more
23 Nov 07:31 | 15
Security
Indian bank smacks down allegation it exposed 180 million customers' accounts
Infosec firm says it found unpatched software, Bank admits Exchange may not have been in the best shape
23 Nov 01:58 | 1
Security
SSL keys, sFTP passwords and more exposed after someone broke into GoDaddy Managed WordPress using 'compromised password'
Yikes: Up to 1.2 million customers affected
22 Nov 20:37 | 21
Security
Ecommerce platforms (cough, Magento) need patching before Black Friday, warns UK's National Cyber Security Centre
You're your own security team, remember?
22 Nov 17:14 | 1
Security
Turbine maker Vestas Wind Systems admits to cyber incident, refuses to confirm if ransomware is at play
Company data compromised but not systems containing customer or supplier information
22 Nov 14:10 | 11
Opinion
Nigeria's central bank digital currency is 'same Naira, more possibilities' – if you count government snooping
Privacy challenges and rushed implementation should make this cash alternative much less attractive
22 Nov 11:00 | 3
Who, Me?
A tiny typo in an automated email to thousands of customers turns out to be a big problem for legal
Unexpected consequences of the SQL Slammer worm
22 Nov 08:30 | 156
Security
After four bans, TikTok finally passes the Pakistan challenge
Video app promises not to let naughty content cross the border, and to ban those who try
22 Nov 04:59 | 5
Updated
Amazon India execs questioned after sellers allegedly use site to smuggle marijuana
Ganja believe it? Seller claimed to sell 'Stevia leaves', but shifted a tonne of wacky 'baccy before being busted
22 Nov 03:58 | 23
Paid Feature
Defending critical infrastructure: The status quo isn’t working
AI can help thwart attacks before they affect operations
19 Nov 07:30 |
Security
Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure
Boffins measure the black hole of dubious certs and find it troubling
19 Nov 04:00 | 99
Security
Canadian teen nabbed in $36.5M crypto heist – possibly the biggest haul yet by a single individual
Plus, US gov to sell off $56M of Bitcoin – the largest single sum recovered so far from a cryptocurrency fraud
18 Nov 23:04 | 13
Security
Boffins find way to use a standard smartphone to find hidden spy cams
Smartphones now have lasers so we're gonna use them to find voyeurs
18 Nov 22:43 | 60
Security
Thousands of Firefox users accidentally commit login cookies on GitHub
GitHub: 'Credentials exposed by our users are not in scope'
18 Nov 20:04 | 27
Webinar
What’s the biggest threat to your best-laid plans? Events, dear boy. Events
Learn how to build a resilient disaster response plan
18 Nov 14:00 |
Security
Singaporean regulator punishes biggest-ever data breach: Almost 5.9 million hotel customers' info exposed
RedDoorz.com left red-faced after leaving AWS access key in an APK
18 Nov 04:01 | 4
Paid Post
Cybercriminals are looking forward to 2022, so you need to plan your response now
Rapid7's 2022 Planning webinars are here to help
17 Nov 18:00 |
Security
UK government publishes guidance on security rules for tech takeovers
National Security and Investment Act 2021 give ministers power to halt M&As
17 Nov 11:46 | 21
Security
You wanna use GCHQ offshoot NCSC's threat intel feeds? Why not, say bosses
Annual review boasts of fending off health org attacks
17 Nov 11:15 | 8
Security
South Korean privacy watchdog apologises for violating privacy while mediating privacy lawsuit
You had one job …
17 Nov 05:15 | 4
Security
The inside story of ransomware repeatedly masquerading as a popular JS library for Roblox gamers
Ongoing typosquatting attacks target kids as Discord drags its feet
16 Nov 21:46 | 12
Security
Lock up your Office macros: Emotet botnet back from the dead with Trickbot links
Nice to have nearly a year off from that malspam threat, but now it's returned
16 Nov 19:57 | 4
Security
GitHub fixes authorisation vulnerability in the NPM JavaScript package registry
Flaw allowed 'an attacker to publish new versions of any npm package'
16 Nov 17:33 | 4
Security
Mozilla sprinkles Firefox Relay with Premium fairy dust
You want more than five email aliases? Sure, but it'll cost you
16 Nov 16:22 | 1
Security
Not only MSPs: All cloudy firms are in line for UK security law crackdown
Now's a good time to read up on Cyber Essentials Plus
16 Nov 15:15 | 15
Security
Intel's recent Atom, Celeron, Pentium chips can be lulled into a debug mode, potentially revealing system secrets
Testing times for Chipzilla as it emits patches to protect PCs, equipment
16 Nov 08:29 | 11
Paid feature
If cybercriminals can’t see data because it’s encrypted, they have nothing to steal
This is a no-brainer, says Thales
16 Nov 07:30 |
Security
China Telecom's US arm sues in last-ditch bid to retain license
Company claims it poses no threat, yet regs want China influence out
16 Nov 06:15 | 9
Security
Chinese Communist Party official expelled for mining cryptocurrency
Middle Kingdom floats fresh data security rules, too, with eight-hour privacy breach notification requirement
16 Nov 00:49 | 10
Security
When the world ends, all that will be left are cockroaches and new Rowhammer attacks: RAM defenses broken again
Blacksmith is latest hammer horror
15 Nov 21:46 | 18
Security
America, when you're done hitting us with the ban hammer, see these on-prem Zoom vulns, says Positive
Now would be a good idea to check you're up-to-date
15 Nov 20:27 | 10
Webinar
Email encryption should be a no-brainer, not a brain melter
Warm up your email security smarts with this online broadcast
15 Nov 18:00 |
Security
There's something to be said for delayed gratification when Windows 11 is this full of bugs
Also: Emergency patch for Windows Server after Patch Tuesday broke single sign-on for some users
15 Nov 13:15 | 57
Security
FBI spams thousands with fake infosec advice after 'software misconfiguration'
Looks like feuding hackers wanted to expose Feds' failings as a public service. We want to believe
15 Nov 02:30 | 9
Black Hat Europe
ChaosDB: Infosec bods could pull anyone's plaintext Azure Cosmos DB keys at will from Microsoft admin tools
And they had a wildcard cert too. Still feeling secure?
12 Nov 19:19 | 11
Security
AMD reveals an Epyc 50 flaws – 23 of them rated high severity. Intel has 25 bugs, too
Think of an attack – DoS, arbitrary code execution, memory corruption – and one of these vulns allows it
12 Nov 06:02 | 22
Security
There's no Huawei back now: Biden signs law that forbids US buyers acquiring kit on naughty list
FCC Commissioner said the act closes the 'Huawei loophole'
12 Nov 04:26 | 29
Security
Philippines gov takes down passport application website amid privacy leak fears
Google searches reportedly produce applicants' personal information
11 Nov 23:52 | 1
Security
Dutch newspaper accuses US spy agencies of orchestrating 2016 Booking.com breach
Journalists' book claims company was targeted for Middle Eastern data
11 Nov 20:07 | 10
Webinar
If even tech leaders struggle with email encryption, are we all doomed?
And the answer is ... well, tune in next week and we'll reveal all
11 Nov 18:00 |
Updated
Palo Alto Networks patches 9.8 severity CVE in popular GlobalProtect product
Arbitrary code execution by unauthenticated attacker? Big oops
11 Nov 16:40 | 7
Security
Malicious Chrome extensions are bad. But what about nice ones that can be hijacked? This new tool spots them
DoubleX static analyzer is doubleplusgood
11 Nov 08:36 | 5
Paid feature
Ransomware: The ones that didn't get away (with it)
We're talking bad guys here, not the victims
11 Nov 06:45 |
Security
USA signs internet freedom and no-hack pact it's ignored since 2018
Joins 79 nations supporting Paris Call for Trust and Security in Cyberspace – China and Russia aren't on the list
11 Nov 05:31 | 22
Security
New Zealand spooks say satellite snooping is obsolete – better intel is found elsewhere
Kiwis are done with dishes, and the Five Eyes alliance is cool with it
11 Nov 04:16 | 18
Security
Boat biz breaches itself: Brittany Ferries 'fesses up to leaks caused by routine website update
Customers' passport data potentially exposed, says company, promises to carry out password testing
10 Nov 15:29 | 14
Security
Stor-a-File hit by ransomware after crooks target SolarWinds Serv-U FTP software
New research says it's Clop's favourite attack method du jour
10 Nov 12:28 | 14
Security
Former Broadcom engineer accused of pinching chip tech to share with new Chinese employer
We're guessing it wasn't Fiber Channel, but it would be weirdly cool if it was
10 Nov 05:56 | 14
Patch Tuesday
Let us give thanks that this November, Microsoft has given us just 55 security fixes, two of which are for actively exploited flaws
Light load has infosec bods wondering what awaits next month
09 Nov 21:07 | 16
Security
Shotgun targeting of malware attacks will be the defining infosec theme of 2022, reckons Sophos
And more badness going for Linux and virtualization, too
09 Nov 19:30 |
Paid Feature
The future of OT security in an IT-OT converged world
Securing ICS in the cloud requires 'fundamentally different' approach
09 Nov 11:30 |
Security
Indian securities depository exposed 44 million investors' personal info – twice
Didn't act until CERT stepped in and pointed out problems
09 Nov 04:58 | 1
Security
Investment app Robinhood: Extortionist tricked our support desk and made off with customer information
Robinhood, Robinhood, had a data leak. Robinhood, Robinhood, infosec was weak
09 Nov 01:50 | 27
Security
NSO fails once again to claim foreign sovereign immunity in WhatsApp spying lawsuit
US appeals court allows legal battle to resume, says it will be an 'easy case'
09 Nov 00:53 | 27
Security
Ukrainian cuffed, faces extradition to US for allegedly orchestrating Kaseya ransomware infection
American, European officials announce raft of arrests, indictments, sanctions, rewards
08 Nov 22:04 |
In brief
Will they try it for 30 days first? McAfee goes private again in $14bn cash deal
Plus: Uncle Sam gets tough on patching, NIST needs you, and more
08 Nov 20:59 | 3
Security
You'll never guess who's been exploiting the ManageEngine service to steal passwords
Webshells and backdoors come with Chinese instructions
08 Nov 16:15 | 17
Security
Angling (re)Direct: Criminals net website of Brit fishing tackle retailer, send users straight to smut site
We've signed everyone up for PornHub Premium, crow immature attackers
08 Nov 14:09 | 18
Security
Computer misuse crimes in UK surge to high not seen since 2017 even as prosecutions slump 20%
COVID didn't stop crooks, but law enforcement doesn't seem to have realised
08 Nov 07:31 | 9
Security
Reg reader returns Samsung TV after finding giant ads splattered everywhere
Even your telly is now a moneymaking gadget for someone else
05 Nov 20:10 | 203
Security
No day in court: US Foreign Intelligence Surveillance Court rulings will stay a secret
Eight years after Snowden, you'll never know how much they spy on you…
05 Nov 16:15 | 27
Security
Reward! Uncle Sam promises $10m for info about DarkSide ransomware gang chiefs
Plus: Interpol boasts of infosec companies' help nabbing Cl0p suspects
05 Nov 14:30 | 1
Security
Labour Party supplier ransomware attack: Who holds ex-members' data and on what legal basis?
'Anon firm lost your data, don't worry' just makes people more fearful
05 Nov 13:00 | 47
