Tencent admits to poisoned QR code attack on QQ chat platform
Could it be Beijing was right about games being bad for China?
Security28 Jun 2022 | 4
Security
Carnival Cruises torpedoed by US states, agrees to pay $6m after waves of cyberattacks
Now those are some phishing boats
Cyber-crime28 Jun 2022 | 7
India extends deadline for compliance with infosec logging rules by 90 days
Helpfully announced extension on deadline day
CSO28 Jun 2022 | 2
OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw
Though severity up for debate, and limited chips affected, broken tests hold back previous patch from distribution
Patches27 Jun 2022 | 3
LGBTQ+ folks warned of dating app extortion scams
Uncle Sam tells of crooks exploiting Pride Month
Cyber-crime27 Jun 2022 | 2
Contractor loses entire Japanese city's personal data in USB fail
In brief Also, Chrome add-ons are great for fingerprinting, and hacked hot tubs splurge details
CSO27 Jun 2022 | 14
Beijing probes security at academic journal database
It's easy to see why – the question is, why now?
Security27 Jun 2022 | 5
Singapore promises 'brutal and unrelentingly hard' action on dodgy crypto players
But welcomes fast cross-border payments in central bank digital currencies
Cyber-crime27 Jun 2022 | 2
We're now truly in the era of ransomware as pure extortion without the encryption
Feature Why screw around with cryptography and keys when just stealing the info is good enough
Research25 Jun 2022 | 20
More than $100m in cryptocurrency stolen from blockchain biz
'A humbling and unfortunate reminder' that monsters lurk under bridges
Cyber-crime24 Jun 2022 | 33
Google: How we tackled this iPhone, Android spyware
Watching people's every move and collecting their info – not on our watch, says web ads giant
Research24 Jun 2022 | 24
Beijing-backed attackers use ransomware as a decoy while they conduct espionage
They're not lying when they say 'We stole your data' – the lie is about which data they lifted
Cyber-crime24 Jun 2022 | 2
NSO claims 'more than 5' EU states use Pegasus spyware
And it's like, what ... 12, 13,000 total targets a year max, exec says
Security24 Jun 2022 | 41
$6b mega contract electronics vendor Sanmina jumps into zero trust
Company was an early adopter of Google Cloud, which led to a search for a new security architecture
CSO23 Jun 2022 | 1
Halfords suffers a puncture in the customer details department
I like driving in my car, hope my data's not gone far
Security23 Jun 2022 | 57
Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ
Use it sensibly instead – which means turning on the useful bits Microsoft doesn't enable by default
Security23 Jun 2022 | 18
Europol arrests nine suspected of stealing 'several million' euros via phishing
Victims lured into handing over online banking logins, police say
Cyber-crime23 Jun 2022 | 7
Mega's unbreakable encryption proves to be anything but
Boffins devise five attacks to expose private files
Research22 Jun 2022 | 39
Cisco warns of security holes in its security appliances
Bugs potentially useful for rogue insiders, admin account hijackers
Patches22 Jun 2022 | 11
Israeli air raid sirens triggered in possible cyberattack
Source remains unclear, plenty suspect Iran
Cyber-crime22 Jun 2022 | 2
Popular
Misguided call for a 7-Zip boycott brings attention to FOSS archiving tools
Analysis It's good to highlight some alternatives, but security issues are overblown
Behold this drone-dropping rifle with two-mile range
Confuses rather than destroys unmanned aerials to better bring back intel, says Ukrainian designer
You need to RTFM, but feel free to use your brain too
Who, Me? But I was only following the procedures!
Singapore promises 'brutal and unrelentingly hard' action on dodgy crypto players
But welcomes fast cross-border payments in central bank digital currencies
Software-defined silicon is coming for telecom kit later this year
Interview Startup EdgeQ believes pay-for-what-you-use model will make 5G transition more cost-effective
Intel is running rings around AMD and Arm at the edge
Analysis What will it take to loosen the x86 giant's edge stranglehold?
Contractor loses entire Japanese city's personal data in USB fail
In brief Also, Chrome add-ons are great for fingerprinting, and hacked hot tubs splurge details
Cloudflare's outage was human error. There's a way to make tech divinely forgive
Opinion Don't push me 'cos I'm close to the edge. And the edge is safer if you can take a step back
IBM settles age discrimination case that sought top execs' emails
Just days after being ordered to provide messages, Big Blue opts out of public trial
Zendesk sold to private investors two weeks after saying it would stay public
Private offer 34 percent above share price is just the thing to change minds
STORIES
DARPA study challenges assumptions about distributed ledger (and Bitcoin) security
Blockchain not as decentralised as many assume, finds Pentagon sponsored research
Security22 Jun 2022 | 11
Yodel becomes the latest victim of a cyber 'incident'
British parcel delivery firm 'working around the clock' to get systems back and running
Security22 Jun 2022 | 37
Okta says Lapsus$ incident was actually a brilliant zero trust demonstration
Once former supplier Sitel coughed up its logs, it became apparent the attacker was hemmed in
Security22 Jun 2022 | 4
Info on 1.5m people stolen from US bank in cyberattack
Time to rethink that cybersecurity strategy?
Cyber-crime21 Jun 2022 | 24
Don’t react, prevent
The art of cyber warfare needs more than just defence
Webinar
1Password's Insights tool to help admins monitor users' security practices
Find the clown who chose 'password' as a password and make things right
Security21 Jun 2022 | 5
A great day for non-robots: iOS 16 will bypass CAPTCHAs
A bot says what? Apple relies on IETF standards to remove annoyance, citing privacy and accessibility
Security21 Jun 2022 | 29
How refactoring code in Safari's WebKit resurrected 'zombie' security bug
Fixed in 2013, reinstated in 2016, exploited in the wild this year
Research21 Jun 2022 | 14
CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
Updated Nearly 60 holes found affecting 'more than 30,000' machines worldwide
Research21 Jun 2022 | 23
Voicemail phishing emails steal Microsoft credentials
As always, check that O365 login page is actually O365
CSO21 Jun 2022 | 19
Capital One: Convicted techie got in via 'misconfigured' AWS buckets
Updated Assistant US attorney: 'She wanted data, she wanted money, and she wanted to brag'
Security20 Jun 2022 | 35
There are 24.6 billion pairs of credentials for sale on dark web
In brief Plus: Citrix ASM has some really bad bugs, and more
Security20 Jun 2022 | 3
You don’t need another hero … you need an automated incident response process
Head here to find out how to get one
Webinar
Indian government issues confidential infosec guidance to staff – who leak it
Bans VPNs, Dropbox, and more
Security20 Jun 2022 | 13
DeadBolt ransomware takes another shot at QNAP storage
Keep boxes updated and protected to avoid a NAS-ty shock
Cyber-crime18 Jun 2022 | 14
Inverse Finance stung for $1.2 million via flash loan attack
Just cryptocurrency things
Cyber-crime17 Jun 2022 | 31
Abortion rights: US senators seek ban on sale of health location data
With Supreme Court set to overturn Roe v Wade, privacy is key
Research17 Jun 2022 | 31
International operation takes down Russian RSOCKS botnet
$200 a day buys you 90,000 victims
Cyber-crime17 Jun 2022 | 4
Microsoft Defender goes cross-platform for the masses
Redmond's security brand extended to multiple devices without stomping on other solutions
Security17 Jun 2022 | 16
Cookie consent crumbles under fresh UK data law proposals
Campaigners fear erosion of rights as narrowing of law proposed as well as political control over independent watchdog
Security17 Jun 2022 | 120
Password recovery from beyond the grave
On Call Does your disaster recovery plan include a mysterious missive at a funeral?
Security17 Jun 2022 | 120
Interpol anti-fraud operation busts call centers behind business email scams
1,770 premises raided, 2,000 arrested, $50m seized
Security17 Jun 2022 | 25
RSAC branded a 'super spreader event' as attendees share COVID-19 test results
RSA Conference That, and Black Hat, are about to reveal risk assessment skills of our cyber-risk experts
CSO16 Jun 2022 | 26
Elasticsearch server with no password or encryption leaks a million records
POS and online ordering vendor StoreHub offered free Asian info takeaways
Security16 Jun 2022 | 22
Heineken says there’s no free beer, warns of phishing scam
WhatsApp messages possibly the worst Father's Day present in the world
Security15 Jun 2022 | 27
Microsoft continues cyber security spending spree with Miburo buy
Brains to be added to the Customer Security and Trust in defense against 'foreign adversaries'
Security15 Jun 2022 | 2
Malaysia-linked DragonForce hacktivists attack Indian targets
Just what we needed: a threat to rival Anonymous
Research15 Jun 2022 | 5
Unpatched Exchange server, stolen RDP logins... How miscreants get BlackCat ransomware on your network
Microsoft details this ransomware-as-a-service
Research15 Jun 2022 | 1
Microsoft fixes under-attack Windows zero-day Follina
Patch Tuesday Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs
Patches15 Jun 2022 | 4
Former US state agency CIO, IT exec plead guilty to bribery and extortion scheme
Pair's multimillion-dollar contract caper unraveled
CSO15 Jun 2022 | 5
Cloudflare says it thwarted record-breaking HTTPS DDoS flood
26m requests a second? Not legit traffic, not even Bill Gates doing $1m giveaways could manage that
CSO14 Jun 2022 | 2
Man gets two years in prison for selling 200,000 DDoS hits
Over 2,000 customers with malice on their minds
Security14 Jun 2022 | 3
Azure issues not adequately fixed for months, complain bug hunters
Updated Redmond kicks off Patch Tuesday with a months-old flaw fix
Security14 Jun 2022 | 6
UK health privacy watchdog still in talks over who is accessing country's COVID data store
Over a year after discussions began, National Data Guardian continues to pursue transparency in health data use
Security14 Jun 2022 | 6
Inside the RSAC expo: Buzzword bingo and the bear in the room
RSA Conference We mingle with the vendors so you don't have to
CSO14 Jun 2022 | 2
Chinese-sponsored gang Gallium upgrades to sneaky PingPull RAT
Broadens targets from telecoms to finance and government orgs
Research14 Jun 2022 | 2
HelloXD ransomware bulked up with better encryption, nastier payload
Russian-based group doubles the extortion by exfiltrating the corporate data before encrypting it.
Security13 Jun 2022 | 5
OMIGOD: Cloud providers still using secret middleware
RSA Conference in brief All the news you may have missed from RSA this week
Security11 Jun 2022 | 18
World Economic Forum wants a global map of online crime
RSA Conference Will cyber crimes shrug off Atlas Initiative? Objectively, yes
Cyber-crime10 Jun 2022 | 7
Threat and risk specialists signal post-COVID conference season is back on
RSA Conference Well, we'll see in a week or so
Security10 Jun 2022 | 2
Symbiote Linux malware spotted – and infections are 'very hard to detect'
Performing live forensics on hijacked machine may not turn anything up, warn researchers
Research10 Jun 2022 | 21
Apple M1 chip contains hardware vulnerability that bypasses memory defense
MIT CSAIL boffins devise PACMAN attack to let existing exploits avoid pointer authentication
Research10 Jun 2022 | 9
Emotet malware gang re-emerges with Chrome-based credit card heistware
Crimeware groups are re-inventing themselves
Research10 Jun 2022 | 5
Chinese 'Aoqin Dragon' gang runs undetected ten-year espionage spree
Researcher spots it targeting Asian government and telco targets, probably with Beijing's approval
Research10 Jun 2022 | 12
Hardware flaws give Bluetooth chipsets unique fingerprints that can be tracked
While this poses a privacy and security threat, an attacker's ability to exploit it may come down to luck
Research10 Jun 2022 | 6
Russia, China warn US its cyber support of Ukraine has consequences
Countries that accept US infosec help told they could pay a price too
Security10 Jun 2022 | 17
What keeps Mandiant Intelligence EVP Sandra Joyce up at night? The coming storm
RSA Conference The next wave of security maturity is measuring effectiveness, she told The Register
Security09 Jun 2022 | 4
Cloud services proving handy for cybercriminals, SANS Institute warns
RSA Conference Flying horses, gonna pwn me away...
Security09 Jun 2022 | 3
Facebook phishing campaign nets millions in IDs and cash
Hundreds of millions of stolen credentials and a cool $59 million
Cyber-crime09 Jun 2022 | 8
Symantec: More malware operators moving in to exploit Follina
Meanwhile Microsoft still hasn't patched the fatal flaw
Security09 Jun 2022 | 11
Five Eyes alliance’s top cop says techies are the future of law enforcement
Crims have weaponized tech and certain States let them launder the proceeds
Cyber-crime09 Jun 2022 | 15
Supply chain attacks will get worse: Microsoft Security Response Center boss
RSA Conference Do you know all of your software dependencies? Spoiler alert: hardly anybody is on top of it
Security09 Jun 2022 | 10
Now Windows Follina zero-day exploited to infect PCs with Qbot
Data-stealing malware also paired with Black Basta ransomware gang
Research09 Jun 2022 | 4
Google has more reasons why it doesn't like antitrust law that affects Google
It'll ruin Gmail, claims web ads giant
Security08 Jun 2022 | 13
Feds raid dark web market selling data on 24 million Americans
SSNDOB sold email addresses, passwords, credit card numbers, SSNs and more
Cyber-crime08 Jun 2022 | 9
Intel offers 'server on a card' reference design for network security
RSA Conference OEMs thrown a NetSec Accelerator that plugs into server PCIe slots
Security08 Jun 2022 | 2
Beijing-backed baddies target unpatched networking kit to attack telcos
NSA, FBI and CISA issue joint advisory that suggests China hardly has to work for this – flaws revealed in 2017 are among their entry points
Security08 Jun 2022 | 3
US cyber chiefs: Moving to Shields Down isn't gonna happen
RSA Conference Promises new alert notices but warn 'we can sometimes predict thunderstorms but not lightning strikes'
CSO08 Jun 2022 | 6
Ukraine's secret cyber-defense that blunts Russian attacks: Excellent backups
RSA Conference This is why Viasat attack – rated one of the biggest ever of its kind – had relatively little impact
Security08 Jun 2022 | 20
IBM buys Randori to address multicloud security messes
RSA Conference Big Blue joins the hot market for infosec investment
Security07 Jun 2022 | 3
Microsoft seizes 41 domains tied to 'Iranian phishing ring'
Windows giant gets court order to take over dot-coms and more
Cyber-crime07 Jun 2022 | 4
Cisco EVP: We need to lift everyone above the cybersecurity poverty line
RSA Conference Exclusive It's going to become a human-rights issue, Jeetu Patel tells The Register
CSO06 Jun 2022 | 9
Costa Rican government held up by ransomware … again
In brief Also US warns of voting machine flaws and Google pays out $100 million to Illinois
Security06 Jun 2022 | 9
Yandex CEO Arkady Volozh resigns after being added to EU sanctions list
Updated Russia's top tech CEO accused of material support to Moscow
Security06 Jun 2022 | 39
Feeling highly stressed about your job? You must be a CISO
'The attack surface has expanded exponentially' during the work-from-home pandemic, says one
CSO04 Jun 2022 | 22
Even Russia's Evil Corp now favors software-as-a-service
Albeit to avoid US sanctions hitting it in the wallet
Cyber-crime03 Jun 2022 | 7
To cut off all nearby phones with these Chinese chips, this is the bug to exploit
Android patches incoming for NAS-ty memory overwrite flaw
Research03 Jun 2022 | 28
Clipminer rakes in $1.7m in crypto hijacking scam
Crooks divert transactions to own wallets while running mining on the side
Research03 Jun 2022 | 2
Healthcare organizations face rising ransomware attacks – and are paying up
Via their insurance companies, natch
Research03 Jun 2022 | 10
Atlassian: Unpatched years-old flaw under attack right now to hijack Confluence
Updated One option: Take the thing offline until Friday patch applied
Patches03 Jun 2022 | 20
FBI, CISA: Don't get caught in Karakurt's extortion web
Is this gang some sort of Conti side hustle? The answer may be yes
CSO03 Jun 2022 | 7
Conti spotted working on exploits for Intel Management Engine flaws
Don't leave those firmware patches to last
Research02 Jun 2022 | 11
Dear Europe, here again are the reasons why scanning devices for unlawful files is not going to fly
Antivirus-but-for-pictures would trample rights, not even work as expected, say academics
Research02 Jun 2022 | 165
Super-spreader FluBot squashed by Europol
Your package is delayed. Click this innocent-looking link to reschedule
Research02 Jun 2022 | 5
ExpressVPN moves servers out of India to escape customer data retention law
Privacy service will keep working, just beyond the reach of India's government
Security02 Jun 2022 | 8
US ran offensive cyber ops to support Ukraine, says general
Public acknowledgement 'unusual', one cybersec exec tells us
Security02 Jun 2022 | 17
Watch out for phishing emails that inject spyware trio
You wait for one infection and then three come along at once
Research01 Jun 2022 | 13
Hospitals are for healing humans. But protecting and healing hospitals needs machines
AI technology is helping hospitals repel ransomware at machine speed
Sponsored Feature
What if ransomware evolved to hit IoT in the enterprise?
Proof-of-concept lab work demos potential future threat
Research01 Jun 2022 | 6
EnemyBot malware adds enterprise flaws to exploit arsenal
Fast-evolving botnet targets critical VMware, F5 BIG-IP bugs, we're told
Research01 Jun 2022 | 2
