Conti: Russian-backed rulers of Costa Rican hacktocracy?
In brief Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors
Security21 May 2022 | 3
Security
China-linked Twisted Panda caught spying on Russian defense R&D
Because Beijing isn't above covert ops to accomplish its five-year goals
Security20 May 2022 | 12
Microsoft patches the patch that broke Windows authentication
May 10 update addressed serious vulns but also had problems of its own
Security20 May 2022 | 12
Microsoft Bing censors politically sensitive Chinese terms
Updated Research claims it fails to autofill certain names in Han characters, Microsoft says it's technical error
Research20 May 2022 | 15
Protecting data now as the quantum era approaches
Analysis Startup QuSecure is the latest vendor to jump into the field with its as-a-service offering
Security20 May 2022 | 2
Canada bans Huawei and ZTE from 5G networks, citing national security risks
Ban on shopping from September, rip and replace order with 2024 deadline
Security20 May 2022 | 17
India slightly softens infosec incident reporting and data retention rules
But also makes it plain that offshore entities must comply
Security20 May 2022 |
US won’t prosecute ‘good faith’ security researchers under CFAA
Well, that clears things up? Maybe not.
Security20 May 2022 | 35
US recovers a record $15m from the 3ve ad-fraud crew
Swiss banks cough up around half of the proceeds of crime
Security19 May 2022 | 11
Iran, China-linked gangs join Putin's disinformation war online
They're using the invasion 'to take aim at the usual adversaries,' Mandiant told The Reg
Security19 May 2022 | 11
Hot glare of the spotlight doesn’t slow BlackByte ransomware gang
Crew's raids continue worldwide, Talos team warns
Research19 May 2022 | 4
The cyber threat isn’t going anywhere, but the fight back starts in London
CyberThreat 22 returns this September
Sponsored Post
Your snoozing iOS 15 iPhone may actually be sleeping with one antenna open
No, you're not really gonna be hacked. But you may be surprised
Research19 May 2022 | 39
Patch your VMware gear now – or yank it out, Uncle Sam tells federal agencies
Critical authentication bypass revealed, older flaws under active attack
CSO19 May 2022 | 6
Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
Analysis Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D
Research18 May 2022 | 3
How these crooks backdoor online shops and siphon victims' credit card info
FBI and co blow lid off latest PHP tampering scam
Cyber-crime18 May 2022 | 4
Your data's auctioned off up to 987 times a day, NGO reports
Irish Council on Civil Liberties said this is first time the scope of real-time bidding is being measured
Security18 May 2022 | 28
Microsoft warns partners to revoke unused authorizations that drive your software
June debut of zero trust GDAP tool should make it harder for crims to attack through MSPs and resellers
Security18 May 2022 | 6
State of internet crime in Q1 2022: Bot traffic on the rise, and more
According to this cybersecurity outfit that wants your business, anyway
Cyber-crime18 May 2022 | 6
Monero-mining botnet targets Windows, Linux web servers
Sysrv-K malware infects unpatched tin, Microsoft warns
Cyber-crime18 May 2022 | 10
Popular
Export bans prompt Russia to use Chinese x86 CPU replacement
With few options, Russia will look to half-fast chips from Chinese maker
US fears China may have ten exascale systems by 2025
China refuses to share benchmarks, US sharpens focus on developing optimized software
Start your engines: Windows 11 ready for broad deployment
If you're on Windows 10, and meet requirements, it's ready to rumble... and 22H2 is waiting in the wings
Seriously, you do not want to make that cable your earth
On Call Network? What's that when it's at home?
Intel plans immersion lab to chill its power-hungry chips
AI chips are sucking down 600W+ and the solution could be to drown them.
Microsoft patches the patch that broke Windows authentication
May 10 update addressed serious vulns but also had problems of its own
Bing! Microsoft tests search box in the middle of Windows 11 desktop
Attempt to be interactive meets cries of 'Someone dumped a text box right in the center of my desktop!'
US won’t prosecute ‘good faith’ security researchers under CFAA
Well, that clears things up? Maybe not.
Iran, China-linked gangs join Putin's disinformation war online
They're using the invasion 'to take aim at the usual adversaries,' Mandiant told The Reg
Lenovo halves its ThinkPad workstation range
Two becomes one as ThinkPad P16 stands alone and HX replaces mobile Xeon
STORIES
FBI warns of North Korean cyberspies posing as foreign IT workers
Looking for tech talent? Kim Jong-un's friendly freelancers, at your service
CSO17 May 2022 | 10
Pentester pops open Tesla Model 3 using low-cost Bluetooth module
Anything that uses proximity-based BLE is vulnerable, claim researchers
Research17 May 2022 | 49
Google assuring open-source code to secure software supply chains
Java and Python packages are the first on the list
Security17 May 2022 | 3
Facebook rated least safe e-commerce option in government rankings
Singapore's safety scheme measures scam-combatting capability
Cyber-crime17 May 2022 | 2
Europe moves closer to stricter cybersecurity standards, reporting regs
More types of biz fall under expanded rules – and fines for those who fall short
CSO17 May 2022 | 9
Venezuelan cardiologist charged with 'designing and selling ransomware'
If his surgery was as bad as his opsec, this chap has caused a lot of trouble, allegedly
Cyber-crime17 May 2022 | 11
China reveals its top five sources of online fraud
'Brushing' tops the list, as quantity of forbidden content continue to rise
Cyber-crime17 May 2022 | 15
US brings first-of-its-kind criminal charges of Bitcoin-based sanctions-busting
Citizen allegedly moved $10m-plus in BTC into banned nation
Cyber-crime16 May 2022 | 5
Hackers are after your data. So why are you making it so easy for them?
Here’s how to tailor a security suite that suits you
Webinar
San Francisco police use driverless cars for surveillance
In brief Plus: Tech giants commit $30m to open-source security, miscreants breach DEA portal, and US signs cybercrime treaty
Cyber-crime16 May 2022 | 18
Shopping for malware: $260 gets you a password stealer. $90 for a crypto-miner...
We take a look at low, low subscription prices – not that we want to give anyone any ideas
Research14 May 2022 | 6
Ukrainian crook jailed in US for selling thousands of stolen login credentials
Touting info on 6,700 compromised systems will get you four years behind bars
Cyber-crime13 May 2022 | 5
Another ex-eBay exec admits cyberstalking web souk critics
David Harville is seventh to cop to harassment campaign
Cyber-crime13 May 2022 | 10
Software patching must work like car safety recalls, says US cyber boss
Black Hat Asia Adds infosec regulation coming to more industries but with a light touch, more collaboration
CSO13 May 2022 | 30
Most organizations hit by ransomware would pay up if hit again
Nine out of ten organizations would do it all over again, keeping attackers in business
Research13 May 2022 | 34
'Peacetime in cyberspace is a chaotic environment' says senior US advisor
Black Hat Asia The internet is now the first battleground of any new war – before the shooting starts
Cyber-crime13 May 2022 | 2
Iran-linked Cobalt Mirage extracts money, info from US orgs – report
Khamenei, can you just not? Not right now, fam
Research13 May 2022 | 3
Researchers find 134 flaws in the way Word, PDFs, handle scripts
Black Hat Asia ‘Cooperative mutation’ spots problems that checking code alone will miss
Security13 May 2022 | 27
To predict the targets of Chinese malware, look at the target of Chinese laws
Black Hat Asia Around the time Beijing banned online gambling, RATs started targeting operators, say Taiwanese researchers
Security13 May 2022 | 3
Anatomy of a campaign to inject JavaScript into compromised WordPress sites
Reverse-engineered code redirects visitors to dodgy corners of the internet
Research13 May 2022 | 8
If you've got Intel inside, you probably need to get these security patches inside, too
So. Many. BIOS. Bugs
Patches12 May 2022 | 9
Ransomware the final nail in coffin for small university
Lincoln College shuttering after 157 years, ransomware attack from Iran final straw
Security12 May 2022 | 46
APT gang 'Sidewinder' goes on two-year attack spree across Asia
Black Hat Asia Launches almost 1,000 raids, plenty with upgraded malware
Security12 May 2022 |
It's time to kick China off social media, says tech governance expert
Black Hat Asia 'Mischief abroad' is the Middle Kingdom's goal – without the possibility of using Chinese sites to fight back
Security12 May 2022 | 36
Europe proposes tackling child abuse by killing privacy, strong encryption
If we're gonna go through this again, can we just literally go back in time?
Security12 May 2022 | 130
Ukraine war a sorting hat for cyber-governance loyalties: Black Hat founder Jeff Moss
Black Hat Asia Private orgs that flex with Russian bans may do more harm – to themselves – than good
Security12 May 2022 | 19
Five Eyes turn spotlight on MSPs: Potential weak links in IT supply-chain security
We can think of one thing the S stands for in some unfortunate cases
CSO11 May 2022 | 8
Fresh ransomware samples indicate REvil is back
Secureworks' investigation only the latest evidence Kaseya and JBS attackers are on the move again
Security11 May 2022 | 1
Yahoo Japan strives for universal passwordless authentication
30! million! users! already! moved! to! TXT! and/or! FIDO! Attacks! and! support! requests! both! down!
Security11 May 2022 | 13
Microsoft closes Windows LSA hole under active attack
Plus many more flaws. And Adobe, Android, SAP join the bug-squashing frenzy
Patches11 May 2022 | 7
Email domain for NPM lib with 6m downloads a week grabbed by expert to make a point
Special report Campaign to coax GitHub-owned outfit to improve security starts showing results
CSO10 May 2022 | 46
US, Europe formally blame Russia for data wiper attacks against Ukraine, Viasat
Thank goodness someone cleared that one up
CSO10 May 2022 | 9
Malware goes regional as attackers change tactics
SEO techniques employed to increase visibility of poisoned documents claims Netskope
Security10 May 2022 | 1
Industry pushes back against India's data security breach reporting requirements
Filling in a form at 4am improves infosec or privacy how, exactly?
CSO10 May 2022 | 13
Biden signs cybercrime tracking bill into law
All part of a larger push by the Feds to improve cybersecurity reporting
Cyber-crime09 May 2022 | 8
It costs just $7 to rent DCRat to backdoor your network
Budget-friendly tool breaks the you-get-what-you-pay-for rule
Research09 May 2022 | 9
US offers $15m reward for information about Conti ransomware gang
The State Department notice comes in wake of the cybercrims’ attack on Costa Rican government
Security09 May 2022 | 1
Ransomware plows through farm machinery giant AGCO
John Deere rival says it may be days or 'potentially longer' before some production facilities are back in action
Security09 May 2022 | 17
Microsoft Security Experts: Humans and automation to fight off cyber threats
"We live this fight ourselves everyday," Microsoft says of enterprise attacks
Security09 May 2022 | 9
Colonial Pipeline faces nearly $1m fine one year after ransomware attack
In Brief Plus: Unpatched DNS bug puts IoT devices at risk, SolarWinds hackers set up new digs, and a CEO faces hard time for massive mining fraud
Security09 May 2022 | 8
China wants its youth to stop giving livestreamers money
Internet regulator puts a few practices in place – including viewing curfews and bans on tips
Security09 May 2022 | 29
India's ongoing outrage over Pegasus malware tells a bigger story about privacy law problems
Analysis Stalled law satisfies few and has even been identifed as likely to damage growth
Security08 May 2022 | 16
False-flag cyberattacks a red line for nation-states, says Mandiant boss
NSA director says he doesn't know of a 'big one' that was successful
CSO07 May 2022 | 27
Cryptocurrency laundromat Blender shredded by US Treasury in sanctions first
Helping North Korea? Uncle Sam would like a word
Cyber-crime06 May 2022 | 31
Walking away from ransomware unscathed. Can you? Really?
Hear how from Wendi Whitmore and more at Rubrik’s FORWARD conference
Sponsored Post
Bank for International Settlements calls for reform of data governance
Wants Big Tech to butt out, and return control to individuals
Security06 May 2022 | 10
F5, Cisco admins: Stop what you're doing and check if you need to install these patches
Updated BIG-IP iControl authentication bypass, NFV VM escape, and more
Patches06 May 2022 | 6
FBI: Cyber-scams cost victims $6.9b-plus worldwide in 2021
Another banner year for criminals. For everyone else, not so much
Cyber-crime05 May 2022 | 8
Microsoft, Apple, Google accelerate push to eliminate passwords
Analysis Passphrases PIP'd, FIDO and W3C projects promoted
CSO05 May 2022 | 76
Google chases sovereignty market with EU Workspace Data product
Woos European firms who don't want their data caught in the US Cloud Act dragnet
Security05 May 2022 |
Phishing operation hits NHS email accounts to harvest Microsoft credentials
You've won $2m! Now just send me a small fee
Security05 May 2022 | 44
Biden orders new quantum push to ensure encryption isn't cracked by rivals
Domestic action and international collaboration to make sure you-know-who – OK, China – doesn't get ahead of the game
Security05 May 2022 | 10
Beijing-backed gang looted IP around the world for years, claims Cybereason
Infosec outfit says group avoided detection by hiding payloads in undocumented Windows logs
Security05 May 2022 | 13
GitHub to require two factor authentication for code contributors by late 2023
Code locker has figured out it's a giant honeypot for miscreants planning supply chain attacks
Security05 May 2022 | 17
US Cyber Command shored up nine nations' defenses last year
'Hunt forward' operations push US capabilities across borders
Security04 May 2022 | 15
Communication around Heroku security incident dubbed 'train wreck'
Users claim lack of transparency following compromise of Github tokens
Security04 May 2022 | 5
Putin threatens supply chains with counter-sanction order
‘Certain organizations’ to be named in ten days and denied access to Russian resources
Security04 May 2022 | 77
Cyber-spies target Microsoft Exchange to steal M&A info
If a network snoop probes like a Kremlin agent, exploits like a Kremlin agent, it might be...
Cyber-crime04 May 2022 | 5
SEC nearly doubles cryptocurrency cop roles in special cyber unit
Policing digital assets sounds more Mission Impossible than NCIS
Cyber-crime03 May 2022 | 7
Zero trust is more than just vendors and products – it requires process
Dell Technologies World IT orgs need to adapt their procedures to make it all work, says Dell
Security03 May 2022 | 3
Microsoft's standalone Defender for Business hits GA
Security suite for the orgs unwilling to stump up for a Microsoft 365 Business Premium subscription
Security03 May 2022 | 3
Critical vulnerabilities found in 'millions of Aruba and Avaya switches'
Airports, hospitals, hotels, and more need to deploy patches for hijack bugs
Patches03 May 2022 | 31
Privacy pathology: It's time for the users to gather a little data – evidence
Opinion If Sherlock was alive today, he’d pack a Pi next to pistol and pipe
Security03 May 2022 | 30
Google starts testing fenced frames to guard its Privacy Sandbox
Oh, serve me ads, lots of ads, under clouded eyes above, just fence me in
Security03 May 2022 | 7
Security is a pain for American Dental Association: Ransomware infection feared
In brief Plus: Another university hit with malware, and more
Research02 May 2022 | 5
SSE kicks the ‘A’ out of SASE
Analysis Security Service Edge separates cloud-delivered defenses from SD-WAN as debate rages
Security02 May 2022 | 3
Dell brings data recovery tools to Apex and the cloud
Dell shows off full stack of cyber recovery SaaS, partners with Snowflake for data analytics
Security02 May 2022 |
Spanish PM, defense minister latest Pegasus spyware victims
Latest Spanish officials to detect Pegasus spyware on mobile devices
Security02 May 2022 | 22
Facebook's Meta, tracking code, and the student financial aid website
Also: Oculus virtual reality apps fail to detail info collection
Research30 Apr 2022 | 15
Data-wiper malware strains surge as Ukraine battles ongoing invasion
Besides files being erased, another thing being deleted: Any sense this is a coincidence
Research29 Apr 2022 | 11
Microsoft Edge's 'Secure Network' sounds a lot like a built-in VPN
Only works with signed-in users, but could lure more into using the browser
Security29 Apr 2022 | 30
Don’t expect to get your data back from the Onyx ransomware group
The cybercriminals trash files larger than 2MB, forever losing them to the void
Security29 Apr 2022 | 13
Interpol: We can't arrest our way out of cybercrime
Especially when gangs are better funded than local police
Cyber-crime29 Apr 2022 | 11
India gives local techies 60 days to hit 6-hour deadline for infosec incident reporting
Customer data collection and retention requirements also increased, including for crypto operators
Security29 Apr 2022 | 3
Sina Weibo, China's Twitter analog, reveals users' locations and IP addresses
Sssshhhh! Nobody tell Elon Musk
Security29 Apr 2022 | 9
Bumblebee malware loader emerges as Conti's BazarLoader fades
At least three threat groups are using the loader in malicious email campaigns
Research29 Apr 2022 | 3
Cloudflare stomps huge DDoS attack on crypto platform
At 15.3 million requests per second, the assault was the largest HTTPS blitz on record lasting 15 seconds
Security28 Apr 2022 | 15
Money or your business: Ensure your ransomware defense strategy beats off disruptions, extortions
Multi-layered protection from Huawei curbs ransomware attacks
Sponsored Feature
Five Eyes nations reveal 2021's fifteen most-exploited flaws
Malicious cyber actors go after 2021's biggest misses, spend less time on the classics
Security28 Apr 2022 | 10
Microsoft points at Linux and shouts: Look, look! Privilege-escalation flaws here, too!
Will Redmond start code-naming Windows make-me-admin bugs?
Patches27 Apr 2022 | 110
