AI chatbot startup founder, lawyer wife accused of ripping off investors in $60M fraud GameOn? It's looking more like game over for that biz Cyber-crime24 Jan 2025 |
Don't want your Kubernetes Windows nodes hijacked? Patch this hole now SYSTEM-level command injection via API parameter *chef's kiss* Patches24 Jan 2025 | 2
North Korean dev who renamed himself 'Bane' accused of IT worker fraud caper 5 indicted as FBI warns North Korea dials up aggression, plus Russian devs allegedly get in on the act Cyber-crime24 Jan 2025 | 1
China and friends claim success in push to stamp out tech support cyber-scam slave camps Paint a target on Myanmar, pledge more info-sharing to get the job done Cyber-crime24 Jan 2025 | 9
Court rules FISA Section 702 surveillance of US resident was unconstitutional 'Public interest alone does not justify warrantless querying' says judge Security24 Jan 2025 | 18
One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers But we mean, you've had nearly four years to patch Patches23 Jan 2025 | 4
Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management No in-the-wild exploits … yet Patches23 Jan 2025 |
SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix Big organizations and governments are main users of these gateways Patches23 Jan 2025 | 6
Meta's pay-or-consent model under fire from EU consumer group Company 'strongly disagrees' with law infringement allegations Personal Tech23 Jan 2025 | 27
FortiGate config leaks: Victims' email addresses published online Experts warn not to take leaks lightly as years-long compromises could remain undetected Cyber-crime23 Jan 2025 | 6
Who is DDoSing you? Rivals, probably, or cheesed-off users Plus: 'Largest-ever' duff traffic tsunami clocks in at 5.6 Tbps Networks23 Jan 2025 | 6
Biz tax rises, inflation and high interest. Why fewer UK tech firms started in 2024 And the government thinks that AI and taking shackles off big tech will help? God help Britain Channel23 Jan 2025 | 26
Asus lets processor security fix slip out early, AMD confirms patch in progress Answers on a postcard to what 'Microcode Signature Verification Vulnerability' might mean Patches23 Jan 2025 | 11
Oracle emits 603 patches, names one it wants you to worry about soon Old flaws that keep causing trouble haunt Big Red Patches23 Jan 2025 |
Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards And: America 'has never been less secure,' retired rear admiral tells Congress Security22 Jan 2025 | 86
Supply chain attack hits Chrome extensions, could expose millions Threat actor exploited phishing and OAuth abuse to inject malicious code Cyber-crime22 Jan 2025 | 5
Give users confidence in your digital infrastructure Why Digital Trust and crypto-agility are essential to authentication and data security Sponsored Post
Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch Update addresses boot failures on multi-node systems Patches22 Jan 2025 | 6
Silk Road's Dread Pirate Roberts walks free as Trump pardons dark web kingpin Ross Ulbricht's family are now appealing for donations to support his reintegration into society Legal22 Jan 2025 | 117
Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch Feature Everyone agrees defense matters. How to do it is up for debate CSO22 Jan 2025 | 18
Why is Big Tech hellbent on making AI opt-out? Opinion As Microsoft, Apple, and Google switch the tech on by default, what happened to asking for permission first?
Apple sued for using dangerous 'forever chemicals' in Watch bands Markets smartwatches as health helpers even as they expose some owners to PFAS
FortiGate config leaks: Victims' email addresses published online Experts warn not to take leaks lightly as years-long compromises could remain undetected
Intel pitches modular PC designs to make repairs less painful x86 behemoth calls the approach 'innovative' - DIY builders may disagree
VMware users gripe over 3-year commitment to renew licenses Chips and software giant Broadcom says it's 'flexible and open' on licensing terms, but customers disagree
Tool touted as 'first AI software engineer' is bad at its job, testers claim Nailed just 15% of assigned tasks
OpenZFS 2.3 is here, with RAID expansion and faster dedup Coming soon to April's TrueNAS SCALE release, dubbed 'Fangtooth'
Musk torches $500B Stargate AI plan, Altman strikes back Updated OpenAI boss tell world's richest man money is there to fund infrastructure project
Asus lets processor security fix slip out early, AMD confirms patch in progress Answers on a postcard to what 'Microcode Signature Verification Vulnerability' might mean
Court rules FISA Section 702 surveillance of US resident was unconstitutional 'Public interest alone does not justify warrantless querying' says judge
Ransomware scum make it personal for Reg readers by impersonating tech support That invitation to a Teams call on which IT promises to mop up a spamstorm may not be what it seems CSO22 Jan 2025 | 18
PowerSchool theft latest: Decades of Canadian student records, data from 40-plus US states feared stolen Updated Lawsuits pile up after database accessed by miscreants Cyber-crime22 Jan 2025 | 28
Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day Seven days after disclosure and little action taken, data shows Patches21 Jan 2025 | 3
HPE probes IntelBroker's bold data theft boasts Incident response protocols engaged following claims of source code burglary Cyber-crime21 Jan 2025 |
Banks must keep ahead of risks and reap AI rewards AI has transformed banking across APAC. But is this transformation secure? Partner Content
Hackers game out infowar against China with the US Navy Taipei invites infosec bods to come and play on its home turf Public Sector20 Jan 2025 | 5
How to leave the submarine cable cutters all at sea – go Swedish Opinion Clear rules and guaranteed consequences concentrate the mind wonderfully. Just ask a Russian Networks20 Jan 2025 | 110
Ransomware attack forces Brit high school to shut doors Students have work to complete at home in the meantime Cyber-crime20 Jan 2025 | 102
Sage Copilot grounded briefly to fix AI misbehavior 'Minor issue' with showing accounting customers 'unrelated business information' required repairs AI + ML20 Jan 2025 | 23
Datacus extractus: Harry Potter publisher breached without resorting to magic Infosec in brief PLUS: Allstate sued for allegedly tracking drivers; Dutch DDoS; More fake jobs from Pyongyang; and more Security20 Jan 2025 | 7
When food delivery apps reached Indonesia, everyone put on weight Asia In Brief PLUS: Salt Typhoon and IT worker scammers sanctioned; Alibaba Cloud’s K8s go global; Amazon acquires Indian BNPL company Software20 Jan 2025 | 5
Donald Trump proposes US govt acquire half of TikTok, which thanks him and restores service The same Florida Man who wanted to ban the app in the first place Public Sector20 Jan 2025 | 124
OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries The S in LLM stands for Security AI + ML19 Jan 2025 | 31
FCC to telcos: By law you must secure your networks from foreign spies. Get on it Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping CSO17 Jan 2025 | 29
Biden signs sweeping cybersecurity order, just in time for Trump to gut it Analysis Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive Public Sector17 Jan 2025 | 39
Fortinet: FortiGate config leaks are genuine but misleading Competition hots up with Ivanti over who can have the worst start to a year Cyber-crime17 Jan 2025 | 5
Clock ticking for TikTok as US Supreme Court upholds ban Updated With Biden reportedly planning to skirt enforcement and kick the can to Trump, this saga might still not be over Security17 Jan 2025 | 47
Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day Turns out tool does both file transfers and security fixes fast Patches17 Jan 2025 | 19
Medusa ransomware group claims attack on UK's Gateshead Council Pastes allegedly stolen documents on leak site with £600K demand Cyber-crime17 Jan 2025 | 13
Microsoft eggheads say AI can never be made secure – after testing Redmond's own products If you want a picture of the future, imagine your infosec team stamping on software forever AI + ML17 Jan 2025 | 84
Just as your LLM once again goes off the rails, Cisco, Nvidia are at the door smiling Some of you have apparently already botched chatbots or allowed ‘shadow AI’ to creep in AI + ML17 Jan 2025 | 11
GM parks claims that driver location data was given to insurers, pushing up premiums We'll defo ask for permission next time, automaker tells FTC Personal Tech17 Jan 2025 | 40
Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts updated FSB cyberspies venture into a new app for espionage, Microsoft says Security16 Jan 2025 | 4
Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M That's in addition to the $4.5M fine paid to three state AGs last year Cyber-crime16 Jan 2025 | 1
Raspberry Pi hands out prizes to all in the RP2350 Hacking Challenge Power-induced glitches, lasers, and electromagnetic fields are all tools of the trade Security16 Jan 2025 | 18
Infoseccer: Private security biz let guard down, exposed 120K+ files Assist Security’s client list includes fashion icons, critical infrastructure orgs Security16 Jan 2025 | 14
GoDaddy slapped with wet lettuce for years of lax security and 'several major breaches' Watchdog alleged it had no SIEM or MFA, orders rapid adoption of basic infosec tools CSO15 Jan 2025 | 12
DJI loosens flight restrictions, decides to trust operators to follow FAA rules Right after one of its drones crashed into an aircraft fighting California wildfires? Great timing Security15 Jan 2025 | 17
China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says We are only seeing 'the tip of the iceberg,' Easterly warns Security15 Jan 2025 | 11
Even modest makeup can thwart facial recognition You may not need to go full Juggalo for the sake of privacy AI + ML15 Jan 2025 | 47
Windows Patch Tuesday hits snag with Citrix software, workarounds published Microsoft starts 2025 as it hopefully doesn't mean to go on Patches15 Jan 2025 | 8
Crypto klepto North Korea stole $659M over just 5 heists last year US, Japan, South Korea vow to intensify counter efforts Cyber-crime15 Jan 2025 | 12
Microsoft fixes under-attack privilege-escalation holes in Hyper-V Patch Tuesday Plus: Excel hell, angst for Adobe fans, and life's too Snort for Cisco Patches15 Jan 2025 | 7
FBI wipes Chinese PlugX malware from thousands of Windows PCs in America Hey, Xi: Zài jiàn! Cyber-crime14 Jan 2025 | 31
Snyk appears to deploy 'malicious' packages targeting Cursor for unknown reason Updated Packages removed, vendor said to have apologized to AI code editor as onlookers say it could have been a test Security14 Jan 2025 | 1
It's not just Big Tech: The UK's Online Safety Act applies across the board Analysis That niche forum running for 20 years – get ready, there's work to do Security14 Jan 2025 | 150
UK floats ransomware payout ban for public sector Stronger proposals may also see private sector applying for a payment 'license' Cyber-crime14 Jan 2025 | 25
Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used Updated Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg Networks14 Jan 2025 | 25
Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug This is what happens when you publish PoCs immediately, hm? Patches13 Jan 2025 | 1
Microsoft sues 'foreign-based' cyber-crooks, seizes sites used to abuse AI Scumbags stole API keys, then started a hacking-as-a-service biz, it is claimed Security13 Jan 2025 | 4
Azure, Microsoft 365 MFA outage locks out users across regions It's fixed, mostly, after Europeans had a manic Monday Security13 Jan 2025 | 10
NATO's newest member comes out swinging following latest Baltic Sea cable attack 'Sweden has changed,' PM warns as trio of warships join defense efforts Networks13 Jan 2025 | 52
Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days 'Codefinger' crims on the hunt for compromised keys Research13 Jan 2025 | 5
Nominet probes network intrusion linked to Ivanti zero-day exploit Unauthorized activity detected, but no backdoors found Security13 Jan 2025 | 6
Europe coughs up €400 to punter after breaking its own GDPR data protection rules Infosec in brief PLUS: Data broker leak reveals extent of info trading; Hot new ransomware gang might be all AI, no bark; and more Security13 Jan 2025 | 15
Chinese cyber-spies peek over shoulder of officials probing real-estate deals near American military bases Gee, wonder why Beijing is so keen on the – checks notes – Committee on Foreign Investment in the US Cyber-crime10 Jan 2025 | 7
Drug addiction treatment service admits attackers stole sensitive patient data Details of afflictions and care plastered online Cyber-crime10 Jan 2025 | 8
Devs sent into security panic by 'feature that was helpful … until it wasn't' On Call Screenshot showed it wasn't a possible attack – unless you qualify everything Google does as a threat SaaS10 Jan 2025 | 79
Look for the label: White House rolls out 'Cyber Trust Mark' for smart devices Beware the IoT that doesn’t get a security tag Security09 Jan 2025 | 38
Zero-day exploits plague Ivanti Connect Secure appliances for second year running Factory resets and apply patches is the advice amid fortnight delay for other appliances Patches09 Jan 2025 | 2
Security pros baited with fake Windows LDAP exploit traps Tricky attackers trying yet again to deceive the good guys on home territory Cyber-crime09 Jan 2025 | 7
Japanese police claim China ran five-year cyberattack campaign targeting local orgs ‘MirrorFace’ group found ways to run malware in the Windows sandbox, which may be worrying Security09 Jan 2025 | 6
Database tables of student, teacher info stolen from PowerSchool in cyberattack Class act: Cloud biz only serves 60M-plus folks globally, no biggie Cyber-crime09 Jan 2025 | 23
I tried hard, but didn't fix all of cybersecurity, admits outgoing US National Cyber Director In colossal surprise, ONCD boss Harry Coker says more work is needed CSO08 Jan 2025 | 12
Mitel 0-day, 5-year-old Oracle RCE bug under active exploit 3 CVEs added to CISA's catalog Security08 Jan 2025 | 4
DNA sequencers found running ancient BIOS, posing risk to clinical research Updated Devices on six-year-old firmware vulnerable to takeover and destruction Research08 Jan 2025 | 24
UN's aviation agency confirms attack on recruitment database Various data points compromised but no risk to flight security Cyber-crime08 Jan 2025 | 4
Crims backdoored the backdoors they supplied to other miscreants. Then the domains lapsed Here's what $20 gets you these days Research08 Jan 2025 | 13
Akamai to quit its CDN in China, seemingly not due to trouble from Beijing Security and cloud compute have so much more upside than the boring business of shifting bits Security08 Jan 2025 | 4
FCC boss urges speedy spectrum auction to fund 'Rip'n'Replace' of Chinese kit Telcos would effectively fund grants paid to protect national security Networks08 Jan 2025 | 15
Turbulence at UN aviation agency as probe into potential data theft begins Crime forum-dweller claims to have leaked 42,000 documents packed with personal info Cyber-crime07 Jan 2025 |
DEF CON's hacker-in-chief faces fortune in medical bills after paralyzing neck injury Marc Rogers is 'lucky to be alive' Security07 Jan 2025 | 73
US adds web and gaming giant Tencent to list of Chinese military companies This could be the start of a saga to rival TikTok’s troubles, and embroil Tesla and Microsoft Security07 Jan 2025 | 13
Charter, Consolidated, Windstream reportedly join China's Salt Typhoon victim list Slow drip of compromised telecom networks continues Cyber-crime06 Jan 2025 | 4
FireScam infostealer poses as Telegram Premium app to surveil Android devices updated Once installed, it helps itself to your data like it's a free buffet Research06 Jan 2025 | 5
MediaTek rings in the new year with a parade of chipset vulns Manufacturers should have had ample time to apply the fixes Security06 Jan 2025 | 5
After China's Salt Typhoon, the reconstruction starts now Opinion If 40 years of faulty building gets blown down, don’t rebuild with the rubble Cyber-crime06 Jan 2025 | 41
Taiwan reportedly claims China-linked ship damaged one of its submarine cables More evidence of Beijing’s liking for gray zone warfare, or a murky claim with odd African entanglements? Security06 Jan 2025 | 13
Telemetry data from 800K VW Group EVs exposed online Infosec in Brief PLUS: DoJ bans data sale to enemy nations; Do Kwon extradited to US; Tenable CEO passes away; and more Security06 Jan 2025 | 45
Encryption backdoor debate 'done and dusted,' former White House tech advisor says interview When the FBI urges E2EE, you know it's serious business Cyber-crime04 Jan 2025 | 72
Atos denies Space Bears' ransomware claims – with a 'but' updated Points finger at third-party infrastructure being breached Cyber-crime04 Jan 2025 | 3
CAPTCHAs now run Doom – on nightmare mode As if the bot defense measure wasn't obnoxious enough Offbeat03 Jan 2025 | 42
Boffins carve up C so code can be converted to Rust Mini-C is a subset of C that can be automatically turned to Rust without much fuss Software03 Jan 2025 | 117
Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid OFAC, Office of the Treasury Secretary feared hit in data-snarfing swoop CSO02 Jan 2025 | 3
Apple offers to settle 'snooping Siri' lawsuit for an utterly incredible $95M Even the sound of a zip could be enough to start the recordings, according to claims Security02 Jan 2025 | 40
Eight things that should not have happened last year, but did Opinion 2024's Tech Fail Roll Of Dishonor Bootnotes01 Jan 2025 | 112
US Army soldier who allegedly stole Trump's AT&T call logs arrested Brings the arrest count related to the Snowflake hacks to 3 Cyber-crime01 Jan 2025 | 16
US Treasury Department outs the blast radius of BeyondTrust's key leak Data pilfered as miscreants roamed affected workstations Cyber-crime31 Dec 2024 | 16
China's cyber intrusions took a sinister turn in 2024 From targeted espionage to pre-positioning - not that they are mutually exclusive Security31 Dec 2024 | 9
More telcos confirm China Salt Typhoon security breaches as White House weighs in Intrusions allowed Beijing to 'geolocate millions of individuals, record phone calls at will' Cyber-crime30 Dec 2024 | 36