US and UK govts warn: Russia scanning for your unpatched vulnerabilities in brief Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more Security12 Oct 2024 |
INC ransomware rebrands to Lynx – same code, new name, still up to no good Researchers point to evidence that scumbags visited the strategy boutique Cybersecurity Month11 Oct 2024 | 1
US lawmakers seek answers on alleged Salt Typhoon breach of telecom giants Cyberspies abusing a backdoor? Groundbreaking Cyber-crime11 Oct 2024 | 2
RAC duo busted for stealing and selling crash victims' data Roadside assistance biz praised for deploying security monitoring software and reporting workers to cops Security11 Oct 2024 | 15
Keir Starmer hands ex-Darktrace boss investment minister gig What's harder? Convincing people to invest in a beleaguered security business or a tiny island everybody hates? Public Sector11 Oct 2024 | 40
FBI created a cryptocurrency so it could watch it being abused It worked – alleged pump and dump schemers arrested in UK, US and Portugal this week Cybersecurity Month11 Oct 2024 | 23
Healthcare attacks spread beyond US – just ask India's Star Health Acknowledges bulk customer data leak weeks after Telegram channels dangled it online Cyber-crime11 Oct 2024 | 1
Crooks stole personal info of 77k Fidelity Investments customers But hey, no worries, the firm claims no evidence of data misuse Cyber-crime10 Oct 2024 | 2
Fore-get about privacy, golf tech biz leaves 32M data records on the fairway Researcher spots 110 TB of sensitive info sitting in unprotected database Cybersecurity Month10 Oct 2024 | 23
CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame Usual three-week window to address significant risks to federal agencies applies Cybersecurity Month10 Oct 2024 |
Mozilla patches critical Firefox vuln that attackers are already exploiting Firefixed: It's maintenance time for low-complexity, high-impact security flaw Cybersecurity Month10 Oct 2024 | 21
How to enable secure use of AI Let the SANS AI Toolkit promote secure and responsible use of AI tools in the workplace Sponsored Post
How should CISOs respond to the rise of GenAI? Apply comprehensive security with access control, secure coding, infrastructure protection and AI governance Partner Content
Dutch cops reveal takedown of 'world's largest dark web market' Two arrested after allegedly trying to make off with their ill-gotten gains Cybersecurity Month10 Oct 2024 | 15
Internet Archive user info stolen in cyberattack, succumbs to DDoS 31M folks' usernames, email addresses, salted-encrypted passwords now out there Cybersecurity Month10 Oct 2024 | 22
Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware USB sticks help, but it's unclear how tools that suck malware from them are delivered Cybersecurity Month09 Oct 2024 | 21
Smart TVs are spying on everyone Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change Cybersecurity Month09 Oct 2024 | 112
Marriott settles for a piddly $52M after series of breaches affecting millions Intruders stayed for free on the network between 2014 and 2020 Cyber-crime09 Oct 2024 | 9
National Public Data files for bankruptcy, admits 'hundreds of millions' potentially affected One-man-band faces a mountain of lawsuits but has few assets Cyber-crime09 Oct 2024 | 63
Mozilla patches critical Firefox vuln that attackers are already exploiting Firefixed: It's maintenance time for low-complexity, high-impact security flaw
Techie took five minutes to fix problem Adobe and Microsoft couldn't solve in two weeks On Call This is why every admin loves to hate Windows
FBI created a cryptocurrency so it could watch it being abused It worked – alleged pump and dump schemers arrested in UK, US and Portugal this week
Microsoft admits Outlook crashes, says impact 'mitigated' Users just need to 'refresh/restart' their sessions
Arrow Lake splashdown: Intel pins hopes on replacement for Raptors New silicon, new architecture, and loads of new motherboards rise to support it, but will power be anchored down?
AMD pumps Epyc core count to 192, clocks up to 5 GHz with Turin debut Just not on the same chip, of course
The .io domain isn't going anywhere anytime soon amid treaty UK-Mauritius handshake holds but Chagos Islands shift could eventually phase out the ccTLD
Dutch cops reveal takedown of 'world's largest dark web market' Two arrested after allegedly trying to make off with their ill-gotten gains
Version 7.6 – the 'OpenBSD of Theseus' – released Ideal for black-clad ultra-minimalist types. You probably wouldn't like it
Microsoft cleans up hot mess of Patch Tuesday preview Go forth and install your important security fixes Cybersecurity Month09 Oct 2024 | 5
Ransomware gang Trinity joins pile of scumbags targeting healthcare As if hospitals and clinics didn't have enough to worry about Cybersecurity Month09 Oct 2024 | 6
Microsoft issues 117 patches – some for flaws already under attack Patch Tuesday Plus: SAP re-patches a failed patch for critical-rated flaw Cybersecurity Month08 Oct 2024 | 5
Qualcomm urges device makers to push patches after 'targeted' exploitation Given Amnesty's involvement, it's a safe bet spyware is in play Patches08 Oct 2024 |
Using iPhone Mirroring at work? You might have just overshared to your boss What does IT glimpse but a dating app on your wee little screen Software08 Oct 2024 | 26
Happy birthday, Putin – you've been pwned Pro-Ukraine hackers claim credit for Russian state broadcasting shutdown Security08 Oct 2024 | 74
Google brings better bricking to Androids, to curtail crims Improved security features teased in May now appearing around the world Cybersecurity Month08 Oct 2024 | 23
Feds reach for sliver of crypto-cash nicked by North Korea's notorious Lazarus Group A couple million will do for a start … but Kim's crews are suspected of stealing much more Cybersecurity Month08 Oct 2024 | 2
American Water rinsed in cyber attack, turns off app Updated It's still safe to drink, top provider tells us Cybersecurity Month07 Oct 2024 | 12
Cops love facial recognition, and withholding info on its use from the courts Withholding exculpatory evidence from suspects isn't a great look when the tech is already questionable Security07 Oct 2024 | 21
Chinese cyberspies reportedly breached Verizon, AT&T, Lumen Salt Typhoon may have accessed court-ordered wiretaps and US internet traffic Security07 Oct 2024 | 6
Embattled users worn down by privacy options? Let them eat code Opinion Struggle ye not with cookies, lest ye become a cookie monster Security07 Oct 2024 | 66
Ryanair faces GDPR turbulence over customer ID checks Irish data watchdog opens probe after 'numerous complaints' Security05 Oct 2024 | 69
UK's Sellafield nuke waste processing plant fined £333K for infosec blunders Radioactive hazards and cyber failings ... what could possibly go wrong? Cybersecurity Month05 Oct 2024 | 21
About a quarter million Comcast subscribers had their data stolen from debt collector Cable giant says ransomware involved, FBCS keeps schtum Cybersecurity Month04 Oct 2024 | 6
Visit CyberThreat 2024 to hone your cybersecurity skills Get together with the European cybersecurity community at a two-day conference in London this December Sponsored Post
Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds 'You can build this in a few days – even as a very naïve developer' Cybersecurity Month04 Oct 2024 | 113
Big brands among thousands infected by payment-card-stealing CosmicSting crooks Updated Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says Cybersecurity Month04 Oct 2024 | 6
Average North American CISO pay now $565K, mainly thanks to one weird trick Best way to boost your package is to leave, or pretend to Cybersecurity Month03 Oct 2024 | 12
Two British-Nigerian men sentenced over multimillion-dollar business email scam Fraudsters targeted local government, colleges, and construction firms in Texas and North Carolina Cybersecurity Month03 Oct 2024 | 13
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant Exclusive Crooks 'like a sysadmin, with a malicious slant' Cybersecurity Month03 Oct 2024 | 3
Brits hate how big tech handles their data, but can't be bothered to do much about it Managing the endless stream of cookie banners leaves little energy for anything else Cybersecurity Month03 Oct 2024 | 37
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking With 14 serious security flaws found, what a gift for spies and crooks Cybersecurity Month02 Oct 2024 | 21
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing Poor use of PHP include() strikes again Cybersecurity Month02 Oct 2024 | 4
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline Cybersecurity Month02 Oct 2024 | 8
'Patch yesterday': Zimbra mail servers under siege through RCE vuln Attacks began the day after public disclosure Cybersecurity Month02 Oct 2024 | 5
The fix for BGP's weaknesses has big, scary, issues of its own, boffins find Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works Security02 Oct 2024 | 9
Euro cops arrest 4 including suspected LockBit dev chilling on holiday And what looks like proof stolen data was never deleted even after ransom paid Cybersecurity Month01 Oct 2024 | 15
Evil Corp's deep ties with Russia and NATO member attacks exposed Ransomware criminals believed to have taken orders from intel services Cyber-crime01 Oct 2024 | 8
NCA unmasks man it suspects is both 'Evil Corp kingpin' and LockBit affiliate Aleksandr Ryzhenkov alleged to have extorted around $100M from victims, built 60 LockBit attacks Cybersecurity Month01 Oct 2024 |
Australian e-tailer digiDirect customers' info allegedly stolen and dumped online Full names, contact details, and company info – all the fixings for a phishing holiday Cybersecurity Month01 Oct 2024 |
Rackspace internal monitoring web servers hit by zero-day Exclusive Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Cybersecurity Month30 Sep 2024 | 10
Ransomware forces hospital to turn away ambulances Only level-one trauma unit in 400 miles crippled Cybersecurity Month30 Sep 2024 | 19
T-Mobile US to cough up $31.5M after that long string of security SNAFUs At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue' CSO30 Sep 2024 | 4
If you're holding important data, Iran is probably trying spearphish it It's election year for more than 50 countries and the Islamic Republic threatens a bunch of them Cyber-crime30 Sep 2024 | 6
Remote ID verification tech is often biased, bungling, and no good on its own Only 2 out of 5 tested products were equitable across demographics Public Sector30 Sep 2024 | 10
Cloud threats have execs the most freaked out because they're not prepared Ransomware? More like 'we don't care' for everyone but CISOs Research30 Sep 2024 | 3
AI code helpers just can't stop inventing package names LLMs are helpful, but don't use them for anything important AI + ML30 Sep 2024 | 64
Forget the Kia Boyz: Crooks could hijack your car with just a smartphone Infosec In Brief Plus: UK man charged with compromising firms for stock secrets; ransomware actor foils self; and more Security30 Sep 2024 | 17
Binance claims it helped to bust Chinese crypto scam app in India ASIA IN BRIEF Plus: SpaceX plans Vietnam investment; Yahoo! Japan content moderation secrets; LG offloads Chinese display factory; and more Cyber-crime30 Sep 2024 | 5
Red team hacker on how she 'breaks into buildings and pretends to be the bad guy' Interview Alethe Denis exposes tricks that made you fall for that return-to-office survey Cybersecurity Month29 Sep 2024 | 67
Feds charge 3 Iranians with 'hack-and-leak' of Trump 2024 campaign Snoops allegedly camped out in inboxes well into September Cyber-crime27 Sep 2024 | 12
Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more OSes27 Sep 2024 | 119
Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda Research27 Sep 2024 | 6
Patch now: Critical Nvidia bug allows container escape, complete host takeover 33% of cloud environments using the toolkit impacted, we're told Patches26 Sep 2024 | 16
HPE patches three critical security holes in Aruba PAPI More 9.8 bugs? Ay, papi! Patches26 Sep 2024 | 1
That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices Final update No patches yet, can be mitigated, requires user interaction Security26 Sep 2024 | 103
Victims lose $70K to one single wallet-draining app on Google's Play Store Attackers got 10K people to download 'trusted' web3 brand cheat before Mountain View intervened Cyber-crime26 Sep 2024 | 22
Public Wi-Fi operator investigating cyberattack at UK's busiest train stations Updated See it, say it… not sorted just yet as network access remains offline Cyber-crime26 Sep 2024 | 62
UK government's bank data sharing plan slammed as 'financial snoopers' charter' Access to account info needed to tackle benefit fraud, latest bill claims Security26 Sep 2024 | 143
WordPress.org denies service to WP Engine, potentially putting sites at risk Updated That escalated quickly Software26 Sep 2024 | 58
China's Salt Typhoon cyber spies are deep inside US ISPs Updated Expecting a longer storm season this year? Networks25 Sep 2024 | 4
RansomHub genius tries to put the squeeze on Delaware Libraries Extorting underfunded public services for $1M isn't a good look Cyber-crime25 Sep 2024 | 5
China claims Taiwan, not civilians, behind web vandalism Taipei laughs it off – and so does Beijing, which says political slurs hit sites nobody reads anyway Cyber-crime25 Sep 2024 | 2
CrowdStrike apologizes to Congress for 'perfect storm' that caused global IT outage Argues worse could happen if it loses kernel access Security25 Sep 2024 | 29
Who’s watching you the closest online? Google, duh Four Chocolate Factory trackers cracked the Top 25 in all regions Security24 Sep 2024 | 16
Russia's digital warfare on Ukraine shows no signs of slowing: Malware hits surge Severe incidents may be down, but Putin had to throw one in for good measure Cyber-crime24 Sep 2024 | 9
10 nasty software bugs put thousands of fuel storage tanks at risk of cyberattacks Thousands of devices remain vulnerable, US most exposed to the threat Security24 Sep 2024 | 18
How to spot a North Korean agent before they get comfy inside payroll Mandiant publishes cheat sheet for weeding out fraudulent IT staff Cyber-crime24 Sep 2024 | 19
Some US Kaspersky customers find their security software replaced by 'UltraAV' Back story to replacement for banned security app isn't enormously reassuring Security24 Sep 2024 | 38
Telegram will now hand over IP addresses, phone numbers of suspects to cops Maybe a spell in a French cell changed Durov's mind Personal Tech23 Sep 2024 | 36
'Cybersecurity issue' takes MoneyGram offline for three days – and counting Still no ‘R’ word, but smells like ransomware from here Cyber-crime23 Sep 2024 | 6
Necro malware continues to haunt side-loaders of dodgy Android mods Updated 11M devices exposed to trojan, Kaspersky says Cyber-crime23 Sep 2024 | 2
US proposes ban on Chinese, Russian connected car tech over security fears No room for your spy mobiles on our streets Software23 Sep 2024 | 28
So how's Microsoft's Secure Future Initiative going? 34,000 engineers pledged to the cause, but no word on exec pay Security23 Sep 2024 | 6
UPS supplier's password policy flip-flops from unlimited, to 32, then 64 characters That 'third party' person sure is responsible for a lot of IT blunders, eh? Security23 Sep 2024 | 38
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town No malware crew linked to this latest red-teaming tool yet Research23 Sep 2024 |
Apple's latest macOS release is breaking security software, network connections Infosec In Brief PLUS: Payer of $75M ransom reportedly identified; Craigslist founder becomes security philanthropist, and more Security23 Sep 2024 | 22
US indicts two over socially engineered $230M+ crypto heist Just one victim milked of nearly a quarter of a billion bucks Cyber-crime20 Sep 2024 | 26
Ivanti patches exploited admin command execution flaw Fears over chained attacks affecting EOL product Patches20 Sep 2024 | 8
Cybercrooks strut away with haute couture Harvey Nichols data Nothing high-end about the sparsely detailed, poorly publicized breach Cyber-crime20 Sep 2024 | 10
CISA boss: Makers of insecure software must stop enabling today's cyber villains Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret' Software20 Sep 2024 | 93
Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims Boasts 'appear to be credible' experts tell El Reg Cyber-crime19 Sep 2024 | 7
No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom Says Lina Khan in latest push to rein in Meta, Google, Amazon and pals Personal Tech19 Sep 2024 | 26
Iran's cyber-goons emailed stolen Trump info to Team Biden – which ignored them To be fair, Joe was probably taking a nap Cyber-crime19 Sep 2024 | 50
1 in 10 orgs dumping their security vendors after CrowdStrike outage Many left reeling from July's IT meltdown, but not to worry, it was all unavoidable Security19 Sep 2024 | 8
Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations Updated Better check your widgets, people Research19 Sep 2024 | 7
UK activists targeted with Pegasus spyware ask police to charge NSO Group 4 file complaint with London's Met, alleging malware maker helped autocratic states violate their privacy Security19 Sep 2024 | 13
Tor insists its network is safe after German cops convict CSAM dark-web admin Outdated software blamed for cracks in the armor Cyber-crime19 Sep 2024 | 25