CISA boss: Makers of insecure software are the real cyber villains Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret' Software20 Sep 2024 | 5
Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims Boasts 'appear to be credible' experts tell El Reg Cyber-crime19 Sep 2024 |
No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom Says Lina Khan in latest push to rein in Meta, Google, Amazon and pals Personal Tech19 Sep 2024 | 8
Iran's cyber-goons emailed stolen Trump info to Team Biden – which ignored them To be fair, Joe was probably taking a nap Cyber-crime19 Sep 2024 | 19
1 in 10 orgs dumping their security vendors after CrowdStrike outage Many left reeling from July's IT meltdown, but not to worry, it was all unavoidable Security19 Sep 2024 | 6
Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations Better check your widgets, people Research19 Sep 2024 | 4
UK activists targeted with Pegasus spyware ask police to charge NSO Group 4 file complaint with London's Met, alleging malware maker helped autocratic states violate their privacy Security19 Sep 2024 | 9
Tor insists its network is safe after German cops convict CSAM dark-web admin Outdated software blamed for cracks in the armor Cyber-crime19 Sep 2024 | 23
FBI boss says China 'burned down' 260,000-device botnet when confronted by Feds Plus: Wray tells how bureau helps certain victims negotiate with ransomware crooks Cyber-crime18 Sep 2024 | 18
Deja blues... LockBit boasts once again of ransoming IRS-authorized eFile.com Add 'ransomware' to the list of certainties in life? Cyber-crime18 Sep 2024 | 1
Putin really wants Trump back in the White House US govt, Microsoft report on Kremlin trolls' latest antics to Make America Grate Again Research18 Sep 2024 | 160
Lebanon now hit with deadly walkie-talkie blasts as Israel declares ‘new phase’ of war Second wave of exploding gear kills at least 14 today Security18 Sep 2024 | 165
Chinese spies spent months inside aerospace engineering firm's network via legacy IT Exclusive Getting sloppy, Xi CSO18 Sep 2024 | 29
Cops across the world arrest 51 in orchestrated takedown of Ghost crime platform Italian mafia mobsters and Irish crime families scuppered by international cops Cyber-crime18 Sep 2024 | 16
Despite Russia warnings, Western critical infrastructure remains unprepared Feature 'Lives will be lost' as Moscow ramps up offensive cyber military units Cyber-crime18 Sep 2024 | 28
Australian Police conducted supply chain attack on criminal collaborationware Sting led to cuffing of alleged operator behind Ghost – an app for drug trafficking, money laundering, and violence-as-a-service Cyber-crime18 Sep 2024 | 9
WhatsApp still working on making View Once chats actually disappear for all Updated So far it's more like View Forever Patches18 Sep 2024 | 12
VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation Bug reports made in China Virtualization17 Sep 2024 | 1
Google Cloud Document AI flaw (still) allows data theft despite bounty payout Updated Chocolate Factory downgrades risk, citing the need for attacker access Security17 Sep 2024 |
Lebanon: At least nine dead, thousands hurt after Hezbollah pagers explode Eight-year-old among those slain, Israel blamed, Iran's Lebanese ambassador wounded, it's said Security17 Sep 2024 | 183
IBM quietly axing thousands of jobs, source says We did warn you, Big Blue tells The Reg, as Cisco also cuts staff as promised
Open source maintainers underpaid, swamped by security, going gray AI-coded contributions? Most would rather skip the bot's work
FBI boss says China 'burned down' 260,000-device botnet when confronted by Feds Plus: Wray tells how bureau helps certain victims negotiate with ransomware crooks
Chinese spies spent months inside aerospace engineering firm's network via legacy IT Exclusive Getting sloppy, Xi
Torvalds weighs in on 'nasty' Rust vs C for Linux debate This is like vi vs Emacs with 'religious overtones,’ project chief laughs
Lebanon now hit with deadly walkie-talkie blasts as Israel declares ‘new phase’ of war Second wave of exploding gear kills at least 14 today
Despite Russia warnings, Western critical infrastructure remains unprepared Feature 'Lives will be lost' as Moscow ramps up offensive cyber military units
Cops across the world arrest 51 in orchestrated takedown of Ghost crime platform Italian mafia mobsters and Irish crime families scuppered by international cops
Putin really wants Trump back in the White House US govt, Microsoft report on Kremlin trolls' latest antics to Make America Grate Again
Tor insists its network is safe after German cops convict CSAM dark-web admin Outdated software blamed for cracks in the armor
Rhysida ransomware gang ships off Port of Seattle data for $6M Auction acts as payback after authority publicly refuses to pay up Cyber-crime17 Sep 2024 | 2
Secure your organization Ransomware resilience in a multi-cloud world: attend this exclusive event in Boston, MA Sponsored Event
Predator spyware kingpins added to US sanctions list Designations come as new infrastructure spins up in Africa Security17 Sep 2024 | 2
China claims Starlink signals can reveal stealth aircraft – and what that really means If this really was that useful, they wouldn't be telling us Security17 Sep 2024 | 78
Chinese national accused by Feds of spear-phishing for NASA, military source code May have reeled in blueprints related to weapons development Cyber-crime17 Sep 2024 | 6
Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day Analysis The C in these CVEs stands for Confusing Security17 Sep 2024 | 8
The empire of C++ strikes back with Safe C++ blueprint You pipsqueaks want memory safety? We'll show you memory safety! We'll borrow that borrow checker Applications16 Sep 2024 | 108
Snowflake slams 'more MFA' button again – months after Ticketmaster, Santander breaches Now it's the default for all new accounts Security16 Sep 2024 | 2
Germany’s CDU still struggling to restore data months after June cyberattack Putting a spanner in work for plans of opposition party to launch a comeback during next year's elections Cyber-crime16 Sep 2024 | 1
Prison just got rougher as band of heinously violent cybercrims sentenced to lengthy stints Orchestrators of abductions, torture, crypto thefts, and more get their comeuppance Cyber-crime16 Sep 2024 | 19
China’s quantum* crypto tech may be unhackable, but it's hardly a secret Opinion * Quite Unlikely A New Technology’s Useful, Man Security16 Sep 2024 | 52
23andMe settles class-action breach lawsuit for $30 million Infosec In Brief Also: Apple to end NSO Group lawsuit; Malicious Python dev job offers; Dark web kingpins busted; and more Security16 Sep 2024 | 20
Feeld dating app's security too open-minded as private data swings into public view No love for months-long wait to fix this, either Research13 Sep 2024 | 7
Cambodian senator sanctioned by US over alleged forced labor cyber-scam camps Do not go on holiday to the O Smach Resort Cyber-crime13 Sep 2024 | 8
Australia’s government spent the week boxing Big Tech With social media age limits, anti-scam laws, privacy tweaks, and misinformation rules Elon Musk labelled 'fascist' Public Sector13 Sep 2024 | 41
Feds pull plug on domains linked to import of Chinese gun conversion devices Illegal goods allegedly shipped to the US labeled as toys or jewels Cyber-crime13 Sep 2024 | 30
Fortinet admits miscreant got hold of customer data in the cloud That would explain this 440GB leak, then Cyber-crime13 Sep 2024 | 5
'Hadooken' Linux malware targets Oracle WebLogic servers Nastyware seeks creds, mines crypto, and plants ransomware that isnt deployed - for now? Security13 Sep 2024 | 3
I stole 20 GB of data from Capgemini – and now I'm leaking it, says cybercrook Updated Allegedly pilfered database has source code, private keys, staff info, T-Mobile VM logs, more Cyber-crime12 Sep 2024 | 20
Mastercard splurges $2.65B on another big cyber purchase – Recorded Future Oh, turns out there are some things money can buy Security12 Sep 2024 | 4
Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing SaaS seller sets severity to 'critical' Patches12 Sep 2024 | 4
Google Chrome gets a mind of its own for some security fixes Browser becomes more proactive about trimming unneeded permissions and deceptive notifications Security12 Sep 2024 | 11
Transport for London confirms 5,000 users' bank data exposed, pulls large chunks of IT infra offline NCA confirms arrest of 17-year-old 'on suspicion of Computer Misuse Act offences' – now bailed Cyber-crime12 Sep 2024 | 65
EU kicks off an inquiry into Google's AI model Privacy regulator taking a closer look at data privacy and PaLM 2 Security12 Sep 2024 | 8
About that Windows Installer 'make me admin' security hole. Here's how it's exploited What kind of OS can be hijacked by clicking a link at just the right time? Microsoft's Patches12 Sep 2024 | 23
Mind your header! There's nothing refreshing about phishers' latest tactic It could lead to a costly BEC situation Research12 Sep 2024 | 2
If HDMI screen rips aren't good enough for you pirates, DeCENC is another way to beat web video DRM Academically interesting technique for poking holes in paywalled tech specs Research12 Sep 2024 | 35
Pokémon GO was an intelligence tool, claims Belarus military official Augmented reality meets warped reality Personal Tech12 Sep 2024 | 36
Healthcare giant to pay $65M settlement after crooks stole and leaked nude patient pics Would paying a ransom – or better security – have been cheaper and safer? Security12 Sep 2024 | 22
Cyber crooks shut down UK, US schools, thousands of kids affected No class: Black Suit ransomware gang boasts of 200GB haul from one raid Cyber-crime11 Sep 2024 | 45
Major sales and ops overhaul leads to much more activity ... for Meow ransomware gang You hate to see it Cyber-crime11 Sep 2024 | 1
Hunters International cyber-gang extorts Chinese mega-bank's London HQ Allegedly swiped more than 5.2M files and threatens to publish the lot Cyber-crime11 Sep 2024 | 7
So you paid a ransom demand … and now the decryptor doesn't work A really big oh sh*t moment, for sure Cyber-crime11 Sep 2024 | 69
How $20 and a lapsed domain allowed security pros to undermine internet integrity What happens at Black Hat… Research11 Sep 2024 | 19
Mind the talent gap: Infosec vacancies abound, but hiring is flat ISC2 argues security training needs to steer toward what hiring managers want Security11 Sep 2024 | 8
India to train 5,000 'Cyber Commandos' Minister reckons dedicated cops necessary to protect digital transactions Security11 Sep 2024 | 3
Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack Patch Tuesday CISA wants you to leap on Citrix, Ivanti issues. Adobe, Intel, SAP vie for priority Patches11 Sep 2024 | 24
Crypto scams rake in $5.6B a year for cyberscum lowlifes, FBI says Elderly people report the greatest losses Cyber-crime10 Sep 2024 | 7
Thanks, Edward Snowden: You propelled China to quantum networking leadership Beijing aimed research at immediate needs – like blocking leaks – while the US sought abstract knowledge Networks10 Sep 2024 | 52
WhatsApp's 'View Once' could be 'View Whenever' due to a flaw Video It promised vanishing messages, but now 'it's privacy theater' Security09 Sep 2024 | 8
Russia's top-secret military unit reportedly plots undersea cable 'sabotage' US alarmed by heightened Kremlin naval activity worldwide Security09 Sep 2024 | 40
Avis alerts nearly 300K car renters that crooks stole their info Updated 'Insider wrongdoing' to blame for security breach Cyber-crime09 Sep 2024 | 13
1.7M potentially pwned after payment services provider takes a year to notice break-in Criminals with plenty of time on their hands may now have credit card details Cyber-crime09 Sep 2024 | 17
Kremlin-linked COLDRIVER crooks take pro-democracy NGOs for phishy ride The latest of many attempts to stifle perceived threats to Putin's regime Security09 Sep 2024 | 9
Predator spyware updated with dangerous new features, also now harder to track Infosec in brief Plus: Trump family X accounts hijacked to promote crypto scam; Fog ransomware spreads; Hijacked PyPI packages; and more Security09 Sep 2024 | 10
Despite cyberattacks, water security standards remain a pipe dream Feature White House floats round two of regulations Cyber-crime07 Sep 2024 | 19
Google says replacing C/C++ in firmware with Rust is easy Not so much when trying to convert coding veterans Software06 Sep 2024 | 165
Cisco merch shoppers stung in Magecart attack The 'security issue' was caused by a 9.8-rated Magento flaw Adobe patched back in June Security06 Sep 2024 | 7
To patch this server, we need to get someone drunk On Call When maintenance windows are hard to open, a little lubrication helps Patches06 Sep 2024 | 116
Homeland security hopes to scuttle maritime cyber-threats with port infosec testbed Supply chains, 13M jobs and $649B a year at risk, so Uncle Sam is fighting back - with a request for info Public Sector05 Sep 2024 | 6
White House’s new fix for cyber job gaps: Serve the nation in infosec Now do your patriotic duty and fill one of those 500k open roles, please? Security05 Sep 2024 | 21
Uncle Sam charges Russian GRU cyber-spies behind 'WhisperGate intrusions' Feds post $10M bounty for each of the six's whereabouts Cyber-crime05 Sep 2024 | 7
Cisco's Smart Licensing Utility flaws suggest it's pretty dumb on security Two critical holes including hardcoded admin credential Security05 Sep 2024 | 9
Quantum computing is coming – are you ready? Are you prepared for the day that quantum computing breaks today’s encryption? Sponsored Feature
Security boom is over, with over a third of CISOs reporting flat or falling budgets Good news? Security is still getting a growing part of IT budget CSO05 Sep 2024 | 1
The fingerpointing starts as cyber incident at London transport body continues Network admins take a ride on the Fright Bus Cyber-crime05 Sep 2024 | 48
Security biz Verkada to pay $3M penalty under deal that also enforces infosec upgrade Allowed access to 150K cameras, some in sensitive spots, but has been done for spamming Security05 Sep 2024 | 3
White House seizes 32 domains, issues criminal charges in massive election-meddling crackdown Russia has seemingly decided who it wants Putin the Oval Office Security05 Sep 2024 | 90
North Korean scammers plan wave of stealth attacks on crypto companies, FBI warns Feds warn of 'highly tailored, difficult-to-detect social engineering campaigns' Cyber-crime05 Sep 2024 | 8
Palo Alto takes a big $500M bite out of IBM QRadar Big Blue also shifts to Prisma SASE to secure its 250,000 workforce Security04 Sep 2024 | 2
Copilot for Microsoft 365 might boost productivity if you survive the compliance minefield Loads of governance issues to worry about, and the chance it might spout utter garbage AI + ML04 Sep 2024 | 25
Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data 93GB of info feared pilfered in Montana by heartless crooks Cyber-crime04 Sep 2024 | 20
Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials Research04 Sep 2024 |
Telegram apologizes to South Korea and takes down smutty deepfakes Unclear if this is a sign controversial service is cleaning up its act everywhere Public Sector04 Sep 2024 | 10
Ex-senior New York State staffer charged in cash-for-favors scandal with China Bagging two posh properties, three luxury cars on a govt salary a bit of a giveaway – allegedly Public Sector04 Sep 2024 | 6
White House thinks it's time to fix the insecure glue of the internet: Yup, BGP Better late than never Networks03 Sep 2024 | 26
UK trio pleads guilty to running $10M MFA bypass biz Updated Crew bragged they could help crooks raid victims' bank accounts Cyber-crime03 Sep 2024 | 14
Spamouflage trolls pretend to be American patriots on X, TikTok ahead of US presidential election No, Abbey is not really a "pure patriotic girl" Cyber-crime03 Sep 2024 | 36
Data watchdog fines Clearview AI $33M for 'illegal' data collection Selfie-scraper again claims European law does not apply to it AI + ML03 Sep 2024 | 14
Transport for London confirms cyberattack, assures us all is well Government body claims there is no evidence of customer data being compromised Cyber-crime03 Sep 2024 | 30
Application builders get ready Head down to Grey Matter ISV Partner Day to learn about the latest Microsoft technologies Sponsored Post
Telegram CEO was 'too free' on content moderation, says Russian minister CEO Pavel Durov charged in France, messaging platform insists it abides by EU laws Security02 Sep 2024 | 20
Novel attack on Windows spotted in phishing campaign run from and targeting China Resources hosted at Tencent Cloud involved in Cobalt Strike campaign Research02 Sep 2024 | 3
Check your IP cameras: There's a new Mirai botnet on the rise Infosec in brief Also, US offering $2.5M for Belarusian hacker, Backpage kingpins jailed, additional MOVEit victims, and more Security31 Aug 2024 | 22
RansomHub hits 210 victims in just 6 months The ransomware gang recruits high-profile affiliates from LockBit and ALPHV Cyber-crime30 Aug 2024 |
Green Berets storm building after compromising its Wi-Fi Relax, it's just a drill. This time at least Security30 Aug 2024 | 23
Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers Updated Infosec hounds say they spotted vulnerability during routine travel in the US Research30 Aug 2024 | 28
Iran hunts down double agents with fake recruiting sites, Mandiant reckons Farsi-language posts target possibly-pro-Israel individuals Security30 Aug 2024 | 2
US indicts duo over alleged Swatting spree that targeted elected officials Apparently made over 100 fake crime reports and bomb threats Cyber-crime29 Aug 2024 | 20
What a coincidence. Spyware makers, Russia's Cozy Bear seem to share same exploits Google researchers note similarities, can't find smoking-gun link Security29 Aug 2024 | 3