Tencent admits to poisoned QR code attack on QQ chat platform Could it be Beijing was right about games being bad for China? Security28 Jun 2022 | 4
Carnival Cruises torpedoed by US states, agrees to pay $6m after waves of cyberattacks Now those are some phishing boats Cyber-crime28 Jun 2022 | 7
India extends deadline for compliance with infosec logging rules by 90 days Helpfully announced extension on deadline day CSO28 Jun 2022 | 2
OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw Though severity up for debate, and limited chips affected, broken tests hold back previous patch from distribution Patches27 Jun 2022 | 3
LGBTQ+ folks warned of dating app extortion scams Uncle Sam tells of crooks exploiting Pride Month Cyber-crime27 Jun 2022 | 2
Contractor loses entire Japanese city's personal data in USB fail In brief Also, Chrome add-ons are great for fingerprinting, and hacked hot tubs splurge details CSO27 Jun 2022 | 14
Beijing probes security at academic journal database It's easy to see why – the question is, why now? Security27 Jun 2022 | 5
Singapore promises 'brutal and unrelentingly hard' action on dodgy crypto players But welcomes fast cross-border payments in central bank digital currencies Cyber-crime27 Jun 2022 | 2
We're now truly in the era of ransomware as pure extortion without the encryption Feature Why screw around with cryptography and keys when just stealing the info is good enough Research25 Jun 2022 | 20
More than $100m in cryptocurrency stolen from blockchain biz 'A humbling and unfortunate reminder' that monsters lurk under bridges Cyber-crime24 Jun 2022 | 33
Google: How we tackled this iPhone, Android spyware Watching people's every move and collecting their info – not on our watch, says web ads giant Research24 Jun 2022 | 24
Beijing-backed attackers use ransomware as a decoy while they conduct espionage They're not lying when they say 'We stole your data' – the lie is about which data they lifted Cyber-crime24 Jun 2022 | 2
NSO claims 'more than 5' EU states use Pegasus spyware And it's like, what ... 12, 13,000 total targets a year max, exec says Security24 Jun 2022 | 41
$6b mega contract electronics vendor Sanmina jumps into zero trust Company was an early adopter of Google Cloud, which led to a search for a new security architecture CSO23 Jun 2022 | 1
Halfords suffers a puncture in the customer details department I like driving in my car, hope my data's not gone far Security23 Jun 2022 | 57
Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ Use it sensibly instead – which means turning on the useful bits Microsoft doesn't enable by default Security23 Jun 2022 | 18
Europol arrests nine suspected of stealing 'several million' euros via phishing Victims lured into handing over online banking logins, police say Cyber-crime23 Jun 2022 | 7
Mega's unbreakable encryption proves to be anything but Boffins devise five attacks to expose private files Research22 Jun 2022 | 39
Cisco warns of security holes in its security appliances Bugs potentially useful for rogue insiders, admin account hijackers Patches22 Jun 2022 | 11
Israeli air raid sirens triggered in possible cyberattack Source remains unclear, plenty suspect Iran Cyber-crime22 Jun 2022 | 2
Misguided call for a 7-Zip boycott brings attention to FOSS archiving tools Analysis It's good to highlight some alternatives, but security issues are overblown
Behold this drone-dropping rifle with two-mile range Confuses rather than destroys unmanned aerials to better bring back intel, says Ukrainian designer
You need to RTFM, but feel free to use your brain too Who, Me? But I was only following the procedures!
Singapore promises 'brutal and unrelentingly hard' action on dodgy crypto players But welcomes fast cross-border payments in central bank digital currencies
Software-defined silicon is coming for telecom kit later this year Interview Startup EdgeQ believes pay-for-what-you-use model will make 5G transition more cost-effective
Intel is running rings around AMD and Arm at the edge Analysis What will it take to loosen the x86 giant's edge stranglehold?
Contractor loses entire Japanese city's personal data in USB fail In brief Also, Chrome add-ons are great for fingerprinting, and hacked hot tubs splurge details
Cloudflare's outage was human error. There's a way to make tech divinely forgive Opinion Don't push me 'cos I'm close to the edge. And the edge is safer if you can take a step back
IBM settles age discrimination case that sought top execs' emails Just days after being ordered to provide messages, Big Blue opts out of public trial
Zendesk sold to private investors two weeks after saying it would stay public Private offer 34 percent above share price is just the thing to change minds
DARPA study challenges assumptions about distributed ledger (and Bitcoin) security Blockchain not as decentralised as many assume, finds Pentagon sponsored research Security22 Jun 2022 | 11
Yodel becomes the latest victim of a cyber 'incident' British parcel delivery firm 'working around the clock' to get systems back and running Security22 Jun 2022 | 37
Okta says Lapsus$ incident was actually a brilliant zero trust demonstration Once former supplier Sitel coughed up its logs, it became apparent the attacker was hemmed in Security22 Jun 2022 | 4
Info on 1.5m people stolen from US bank in cyberattack Time to rethink that cybersecurity strategy? Cyber-crime21 Jun 2022 | 24
1Password's Insights tool to help admins monitor users' security practices Find the clown who chose 'password' as a password and make things right Security21 Jun 2022 | 5
A great day for non-robots: iOS 16 will bypass CAPTCHAs A bot says what? Apple relies on IETF standards to remove annoyance, citing privacy and accessibility Security21 Jun 2022 | 29
How refactoring code in Safari's WebKit resurrected 'zombie' security bug Fixed in 2013, reinstated in 2016, exploited in the wild this year Research21 Jun 2022 | 14
CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure Updated Nearly 60 holes found affecting 'more than 30,000' machines worldwide Research21 Jun 2022 | 23
Voicemail phishing emails steal Microsoft credentials As always, check that O365 login page is actually O365 CSO21 Jun 2022 | 19
Capital One: Convicted techie got in via 'misconfigured' AWS buckets Updated Assistant US attorney: 'She wanted data, she wanted money, and she wanted to brag' Security20 Jun 2022 | 35
There are 24.6 billion pairs of credentials for sale on dark web In brief Plus: Citrix ASM has some really bad bugs, and more Security20 Jun 2022 | 3
You don’t need another hero … you need an automated incident response process Head here to find out how to get one Webinar
Indian government issues confidential infosec guidance to staff – who leak it Bans VPNs, Dropbox, and more Security20 Jun 2022 | 13
DeadBolt ransomware takes another shot at QNAP storage Keep boxes updated and protected to avoid a NAS-ty shock Cyber-crime18 Jun 2022 | 14
Inverse Finance stung for $1.2 million via flash loan attack Just cryptocurrency things Cyber-crime17 Jun 2022 | 31
Abortion rights: US senators seek ban on sale of health location data With Supreme Court set to overturn Roe v Wade, privacy is key Research17 Jun 2022 | 31
International operation takes down Russian RSOCKS botnet $200 a day buys you 90,000 victims Cyber-crime17 Jun 2022 | 4
Microsoft Defender goes cross-platform for the masses Redmond's security brand extended to multiple devices without stomping on other solutions Security17 Jun 2022 | 16
Cookie consent crumbles under fresh UK data law proposals Campaigners fear erosion of rights as narrowing of law proposed as well as political control over independent watchdog Security17 Jun 2022 | 120
Password recovery from beyond the grave On Call Does your disaster recovery plan include a mysterious missive at a funeral? Security17 Jun 2022 | 120
Interpol anti-fraud operation busts call centers behind business email scams 1,770 premises raided, 2,000 arrested, $50m seized Security17 Jun 2022 | 25
RSAC branded a 'super spreader event' as attendees share COVID-19 test results RSA Conference That, and Black Hat, are about to reveal risk assessment skills of our cyber-risk experts CSO16 Jun 2022 | 26
Elasticsearch server with no password or encryption leaks a million records POS and online ordering vendor StoreHub offered free Asian info takeaways Security16 Jun 2022 | 22
Heineken says there’s no free beer, warns of phishing scam WhatsApp messages possibly the worst Father's Day present in the world Security15 Jun 2022 | 27
Microsoft continues cyber security spending spree with Miburo buy Brains to be added to the Customer Security and Trust in defense against 'foreign adversaries' Security15 Jun 2022 | 2
Malaysia-linked DragonForce hacktivists attack Indian targets Just what we needed: a threat to rival Anonymous Research15 Jun 2022 | 5
Unpatched Exchange server, stolen RDP logins... How miscreants get BlackCat ransomware on your network Microsoft details this ransomware-as-a-service Research15 Jun 2022 | 1
Microsoft fixes under-attack Windows zero-day Follina Patch Tuesday Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs Patches15 Jun 2022 | 4
Former US state agency CIO, IT exec plead guilty to bribery and extortion scheme Pair's multimillion-dollar contract caper unraveled CSO15 Jun 2022 | 5
Cloudflare says it thwarted record-breaking HTTPS DDoS flood 26m requests a second? Not legit traffic, not even Bill Gates doing $1m giveaways could manage that CSO14 Jun 2022 | 2
Man gets two years in prison for selling 200,000 DDoS hits Over 2,000 customers with malice on their minds Security14 Jun 2022 | 3
Azure issues not adequately fixed for months, complain bug hunters Updated Redmond kicks off Patch Tuesday with a months-old flaw fix Security14 Jun 2022 | 6
UK health privacy watchdog still in talks over who is accessing country's COVID data store Over a year after discussions began, National Data Guardian continues to pursue transparency in health data use Security14 Jun 2022 | 6
Inside the RSAC expo: Buzzword bingo and the bear in the room RSA Conference We mingle with the vendors so you don't have to CSO14 Jun 2022 | 2
Chinese-sponsored gang Gallium upgrades to sneaky PingPull RAT Broadens targets from telecoms to finance and government orgs Research14 Jun 2022 | 2
HelloXD ransomware bulked up with better encryption, nastier payload Russian-based group doubles the extortion by exfiltrating the corporate data before encrypting it. Security13 Jun 2022 | 5
OMIGOD: Cloud providers still using secret middleware RSA Conference in brief All the news you may have missed from RSA this week Security11 Jun 2022 | 18
World Economic Forum wants a global map of online crime RSA Conference Will cyber crimes shrug off Atlas Initiative? Objectively, yes Cyber-crime10 Jun 2022 | 7
Threat and risk specialists signal post-COVID conference season is back on RSA Conference Well, we'll see in a week or so Security10 Jun 2022 | 2
Symbiote Linux malware spotted – and infections are 'very hard to detect' Performing live forensics on hijacked machine may not turn anything up, warn researchers Research10 Jun 2022 | 21
Apple M1 chip contains hardware vulnerability that bypasses memory defense MIT CSAIL boffins devise PACMAN attack to let existing exploits avoid pointer authentication Research10 Jun 2022 | 9
Emotet malware gang re-emerges with Chrome-based credit card heistware Crimeware groups are re-inventing themselves Research10 Jun 2022 | 5
Chinese 'Aoqin Dragon' gang runs undetected ten-year espionage spree Researcher spots it targeting Asian government and telco targets, probably with Beijing's approval Research10 Jun 2022 | 12
Hardware flaws give Bluetooth chipsets unique fingerprints that can be tracked While this poses a privacy and security threat, an attacker's ability to exploit it may come down to luck Research10 Jun 2022 | 6
Russia, China warn US its cyber support of Ukraine has consequences Countries that accept US infosec help told they could pay a price too Security10 Jun 2022 | 17
What keeps Mandiant Intelligence EVP Sandra Joyce up at night? The coming storm RSA Conference The next wave of security maturity is measuring effectiveness, she told The Register Security09 Jun 2022 | 4
Cloud services proving handy for cybercriminals, SANS Institute warns RSA Conference Flying horses, gonna pwn me away... Security09 Jun 2022 | 3
Facebook phishing campaign nets millions in IDs and cash Hundreds of millions of stolen credentials and a cool $59 million Cyber-crime09 Jun 2022 | 8
Symantec: More malware operators moving in to exploit Follina Meanwhile Microsoft still hasn't patched the fatal flaw Security09 Jun 2022 | 11
Five Eyes alliance’s top cop says techies are the future of law enforcement Crims have weaponized tech and certain States let them launder the proceeds Cyber-crime09 Jun 2022 | 15
Supply chain attacks will get worse: Microsoft Security Response Center boss RSA Conference Do you know all of your software dependencies? Spoiler alert: hardly anybody is on top of it Security09 Jun 2022 | 10
Now Windows Follina zero-day exploited to infect PCs with Qbot Data-stealing malware also paired with Black Basta ransomware gang Research09 Jun 2022 | 4
Google has more reasons why it doesn't like antitrust law that affects Google It'll ruin Gmail, claims web ads giant Security08 Jun 2022 | 13
Feds raid dark web market selling data on 24 million Americans SSNDOB sold email addresses, passwords, credit card numbers, SSNs and more Cyber-crime08 Jun 2022 | 9
Intel offers 'server on a card' reference design for network security RSA Conference OEMs thrown a NetSec Accelerator that plugs into server PCIe slots Security08 Jun 2022 | 2
Beijing-backed baddies target unpatched networking kit to attack telcos NSA, FBI and CISA issue joint advisory that suggests China hardly has to work for this – flaws revealed in 2017 are among their entry points Security08 Jun 2022 | 3
US cyber chiefs: Moving to Shields Down isn't gonna happen RSA Conference Promises new alert notices but warn 'we can sometimes predict thunderstorms but not lightning strikes' CSO08 Jun 2022 | 6
Ukraine's secret cyber-defense that blunts Russian attacks: Excellent backups RSA Conference This is why Viasat attack – rated one of the biggest ever of its kind – had relatively little impact Security08 Jun 2022 | 20
IBM buys Randori to address multicloud security messes RSA Conference Big Blue joins the hot market for infosec investment Security07 Jun 2022 | 3
Microsoft seizes 41 domains tied to 'Iranian phishing ring' Windows giant gets court order to take over dot-coms and more Cyber-crime07 Jun 2022 | 4
Cisco EVP: We need to lift everyone above the cybersecurity poverty line RSA Conference Exclusive It's going to become a human-rights issue, Jeetu Patel tells The Register CSO06 Jun 2022 | 9
Costa Rican government held up by ransomware … again In brief Also US warns of voting machine flaws and Google pays out $100 million to Illinois Security06 Jun 2022 | 9
Yandex CEO Arkady Volozh resigns after being added to EU sanctions list Updated Russia's top tech CEO accused of material support to Moscow Security06 Jun 2022 | 39
Feeling highly stressed about your job? You must be a CISO 'The attack surface has expanded exponentially' during the work-from-home pandemic, says one CSO04 Jun 2022 | 22
Even Russia's Evil Corp now favors software-as-a-service Albeit to avoid US sanctions hitting it in the wallet Cyber-crime03 Jun 2022 | 7
To cut off all nearby phones with these Chinese chips, this is the bug to exploit Android patches incoming for NAS-ty memory overwrite flaw Research03 Jun 2022 | 28
Clipminer rakes in $1.7m in crypto hijacking scam Crooks divert transactions to own wallets while running mining on the side Research03 Jun 2022 | 2
Healthcare organizations face rising ransomware attacks – and are paying up Via their insurance companies, natch Research03 Jun 2022 | 10
Atlassian: Unpatched years-old flaw under attack right now to hijack Confluence Updated One option: Take the thing offline until Friday patch applied Patches03 Jun 2022 | 20
FBI, CISA: Don't get caught in Karakurt's extortion web Is this gang some sort of Conti side hustle? The answer may be yes CSO03 Jun 2022 | 7
Conti spotted working on exploits for Intel Management Engine flaws Don't leave those firmware patches to last Research02 Jun 2022 | 11
Dear Europe, here again are the reasons why scanning devices for unlawful files is not going to fly Antivirus-but-for-pictures would trample rights, not even work as expected, say academics Research02 Jun 2022 | 165
Super-spreader FluBot squashed by Europol Your package is delayed. Click this innocent-looking link to reschedule Research02 Jun 2022 | 5
ExpressVPN moves servers out of India to escape customer data retention law Privacy service will keep working, just beyond the reach of India's government Security02 Jun 2022 | 8
US ran offensive cyber ops to support Ukraine, says general Public acknowledgement 'unusual', one cybersec exec tells us Security02 Jun 2022 | 17
Watch out for phishing emails that inject spyware trio You wait for one infection and then three come along at once Research01 Jun 2022 | 13
Hospitals are for healing humans. But protecting and healing hospitals needs machines AI technology is helping hospitals repel ransomware at machine speed Sponsored Feature
What if ransomware evolved to hit IoT in the enterprise? Proof-of-concept lab work demos potential future threat Research01 Jun 2022 | 6
EnemyBot malware adds enterprise flaws to exploit arsenal Fast-evolving botnet targets critical VMware, F5 BIG-IP bugs, we're told Research01 Jun 2022 | 2