Security News • The Register

Security

EU lawmakers finalize cyber security rules that panicked open source devs

Infosec in brief PLUS: Montana TikTok ban ruled unconstitutional; Dollar Tree employee data stolen; critical vulnerabilities

Security04 Dec 2023 | 3

New Relic's cyber-something revealed as attack on staging systems, some users

Ongoing investigation found evidence of stolen employee creds and social engineering

Cyber-crime04 Dec 2023 | 1

Scores of US credit unions offline after ransomware infects backend cloud outfit

Supply chain attacks: The gift that keeps on giving

Cyber-crime02 Dec 2023 | 16

Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks

Two CVEs can be abused to steal sensitive info or execute code

Patches01 Dec 2023 | 2

UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

Exploits bypass most secure boot solutions from the biggest chip vendors

Research01 Dec 2023 | 23

US readies prison cell for another Russian Trickbot developer

Hunt continues for the other elusive high-ranking members

Cyber-crime01 Dec 2023 | 3

Regulator says stranger entered hospital, treated a patient, took a document ... then vanished

Scottish health group to tweak security checks, access authorization to avoid a repeat

Security01 Dec 2023 | 91

Interpol makes first border arrest using Biometric Hub to ID suspect

Global database of faces and fingerprints proves its worth

Cyber-crime01 Dec 2023 | 7

Today's 'China is misbehaving online' allegations come from Google, Meta

Zuck boots propagandists, Big G finds surge of action directed at Taiwan

Cyber-crime01 Dec 2023 | 10

Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes

Plus: 3 critical CVEs in Zyxel NAS devices

Security30 Nov 2023 | 2

Admin of $19M marketplace that sold social security numbers gets 8 years in jail

24 million Americans thought to have had their personal data stolen and sold for pennies

Cyber-crime30 Nov 2023 | 12

Black Basta ransomware operation nets over $100M from victims in less than two years

Assumed Conti offshoot averages 7 figures for each successful attack but may have issues with, er, 'closing deals'

Cyber-crime30 Nov 2023 | 3

Locking down Industrial Control Systems

SANS unveils online hub with valuable tools and information for cybersecurity professionals defending ICS

Weak session keys let snoops take a byte out of your Bluetooth traffic

BLUFFS spying flaw present in iPhones, ThinkPad, plenty of chipsets

Research30 Nov 2023 | 12

US lawmakers have Chinese LiDAR on their threat-detection radar

Amid fears Beijing could harvest spatial data, letter suggests Huawei-style bans may be needed

Security30 Nov 2023 | 13

Rogue ex-Motorola techie admits cyberattack on former employer, passport fraud

Pro tip: Don't use your new work email to phish your old firm

Cyber-crime30 Nov 2023 | 5

Uncle Sam probes cyberattack on Pennsylvania water system by suspected Iranian crew

CISA calls for stronger IT defenses as Texas district also hit by ransomware crew

Cyber-crime29 Nov 2023 | 8

Okta data breach dilemma dwarfs earlier estimates

All customer support users told their info was accessed after analysis oversight

Security29 Nov 2023 | 14

British Library begins contacting customers as Rhysida leaks data dump

CRM databases were accessed and library users are advised to change passwords

Cyber-crime29 Nov 2023 | 5

UK government rings the death knell for SIM farms

Acts under the guise of protecting the public from fraud, yet history suggests Home Office has other motives

Security29 Nov 2023 | 77

Popular

'Return to Office' declared dead

Remote work is here to stay despite in-person mandates, this economist says

Law secretly drafted by ChatGPT makes it onto the books

'Unfortunately or fortunately, this is going to be a trend'

Elon is the bakery owner swearing in the street about Yelp critics canceling him

Kettle First he was speed-running moderation, now internet advertising. Welcome to the party, pal

UK competition watchdog wins appeal – investigation into Apple will go on

iPhone maker tried to legally kill mobile browser, gaming probe by CMA

China's first undersea datacenter sinks – as planned

Asia In Brief PLUS: India's landmark digital law delayed; Singaporean banks de-digitize some accounts; AUKUS to unleash AI

EU lawmakers finalize cyber security rules that panicked open source devs

Infosec in brief PLUS: Montana TikTok ban ruled unconstitutional; Dollar Tree employee data stolen; critical vulnerabilities

Sysadmin's favorite collection of infallible utilities failed … foully

who, me? Unnecessary 'maintenance' turned into a fragging foul-up

Creating a single AI-generated image needs as much power as charging your smartphone

AI in brief PLUS: Microsoft to invest £2.5B in UK datacenters to power AI, and more

New Relic's cyber-something revealed as attack on staging systems, some users

Ongoing investigation found evidence of stolen employee creds and social engineering

Linus Torvalds flags holiday-mode changes to next kernel merge window

Penguin emperor ponders whether kernel contributors will code across the festive season, or humbug it

MORE
STORIES

Brit borough council apologizes for telling website users to disable HTTPS

Planning portal back online with a more secure connection

Security29 Nov 2023 | 53

Japan's space agency suffers cyber attack, points finger at Active Directory

JAXA is having a tough time in cyberspace and outer space, the latter thanks to an electrical glitch

Cyber-crime29 Nov 2023 | 4

Plex gives fans a privacy complex after sharing viewing habits with friends by default

Updated Grandma is watching what?!

Security28 Nov 2023 | 47

Helping companies defend what attackers want most - their data

Varonis introduces Athena AI to transform data security and incident response

Partner Content

Europol shutters ransomware operation with kingpin arrests

A few low-level stragglers remain on the loose, but biggest fish have been hooked

Cyber-crime28 Nov 2023 | 4

A bird’s eye view of your global attack surface

Get to know your external attack surface before the cyber criminals map it first

India's CERT given exemption from Right To Information requests

Activists worry investigations may stay secret, and then there's those odd incident reporting requirements

Security28 Nov 2023 | 4

'Serial cybercriminal and scammer' jailed for 8 years, told to pay back $1.2M

Crook did everything from SIM swaps to fake verified badge scams

Cyber-crime28 Nov 2023 | 3

Trio of major holes in ownCloud expose admin passwords, allow unauthenticated file mods

Mitigations require mix of updating libraries and manual customer action

Patches27 Nov 2023 | 8

Leader of pro-Russia DDoS crew Killnet 'unmasked' by Russian state media

Infosec in Brief Also: NXP China attack, Australia can't deliver on ransom payment ban (yet), and Justin Sun's very bad month

Security27 Nov 2023 | 11

Education is the foundation of modern cyber defence

How to enhance employee career development and retain skilled staff with SANS cyber training

Ransomware-hit British Library: Too open for business, or not open enough?

Opinion Unique institutions need unique security. Instead, they're fobbed off with the same old, same old

Cyber-crime27 Nov 2023 | 25

Crypto crasher Do Kwon's extradition approved, but destination is unclear

Hey Google, are the jails nicer in South Korea or the US?

Cyber-crime27 Nov 2023 | 4

Beijing fosters foreign influencers to spread its propaganda

They get access to both China's internet and global platforms, and cash in on both

Security27 Nov 2023 | 16

OpenCart owner turns air blue after researcher discloses serious vuln

Web storefront maker fixed the flaw, but not before blasting infoseccer

Patches24 Nov 2023 | 48

BlackCat claims it is behind Fidelity National Financial ransomware shakedown

One of US's largest underwriters forced to shut down a number of key systems

Cyber-crime23 Nov 2023 | 1

Industry piles in on North Korea for sustained rampage on software supply chains

Kim’s cyber cronies becoming more active, sophisticated in attempts to pwn global orgs

Security23 Nov 2023 | 18

Attack on direct debit provider London & Zurich leaves customers with 6-figure backlogs

Customers complain of poor comms during huge outage that’s sparked payroll fears

Cyber-crime23 Nov 2023 | 15

Stop social engineering at the IT help desk

How Secure Service Desk thwarts social engineering attacks and secures user verification

Mirai malware infects routers and cameras for new botnet

Akamai sounds the alarm – won't name the manufacturers yet

Cyber-crime23 Nov 2023 | 1

New Relic warns customers it's experienced a cyber … something

Users told to hold tight and await instructions as investigation continues

Security23 Nov 2023 | 6

North Korea makes finding a gig even harder by attacking candidates and employers

That GitHub repo an interviewer wants you to work on could be malware

Cyber-crime23 Nov 2023 | 6

How to give Windows Hello the finger and login as someone on their stolen laptop

Not that we're encouraging anyone to defeat this fingerprint authentication

Research22 Nov 2023 | 90

US nuke reactor lab hit by 'gay furry hackers' demanding cat-human mutants

Staff records swiped, leaked by gang who probably read one too many comics, sorry, graphic novels

Cyber-crime22 Nov 2023 | 99

US cybercops take on 'pig butchering' org, return $9M in scammed crypto

Crims drain wallets of marks after letting them in on 'awesome crypto scheme secret'

Security22 Nov 2023 |

Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure?

Interview Katie Moussouris, who pioneered Redmond's program, says folks are focusing on the wrong thing

CSO22 Nov 2023 | 9

UK's cookie crumble: Data watchdog serves up tougher recipe for consent banners

30 days to get compliant with tracking rules or face enforcement action

Security22 Nov 2023 | 45

Binance and CEO admit financial crimes, billions coughed up to US govt

Chief quits, pays own penalty after helping crooks launder cash, aiding sanctions evaders

Cyber-crime22 Nov 2023 | 37

Sumo Logic wrestles with security breach, pins down customer data

Compromised AWS account led to fears that user info could have been exposed to cybercriminals

Cyber-crime21 Nov 2023 |

Third-party data breach affecting Canadian government could involve data from 1999

Any govt staffers who used relocation services over past 24 years could be at risk

Cyber-crime21 Nov 2023 | 5

Maintaining a state of readiness to deal with cyber attacks

Continuous training can help improve EMEA organisations’ ability to fend off the cyber criminals in 2024

MOVEit victim count latest: 2.6K+ orgs hit, 77M+ people's data stolen

Real-life impact of buggy software laid bare – plus: Avast tries to profit from being caught up in attacks

Cyber-crime20 Nov 2023 | 13

Former infosec COO pleads guilty to attacking hospitals to drum up business

Admits to taking phones used for 'code blue' emergencies offline and more

Cyber-crime20 Nov 2023 | 13

Rhysida ransomware gang: We attacked the British Library

Crims post passport scans and internal forms up for 'auction' to prove it

Cyber-crime20 Nov 2023 | 29

Your password hygiene remains atrocious, says NordPass

Infosec in brief ALSO: FCC cracks down on SIM-swap scams, old ZeroLogon targeted by new ransomware, and critical vulnerabilities

Security20 Nov 2023 | 57

LockBit redraws negotiation tactics after affiliates fail to squeeze victims

Cybercrime group worried over dwindling payments ... didn't they tell them to Always Be Closing?

Cyber-crime17 Nov 2023 | 32

SonicWall swallows Solutions Granted amid cybersecurity demand surge

CEO Bob VanKirk makes near-20-year partnership official, teases big things coming to EMEA

CSO17 Nov 2023 | 1

Samsung UK discloses year-long breach, leaked customer data

Updated Chaebol already the subject of suits for a pair of past indiscretions

Security17 Nov 2023 | 4

Look out, Scattered Spider. FBI pumps 'significant' resources into snaring data-theft crew

Absence of arrests doesn't mean nothing's happening, cyber-cops insist

Cyber-crime17 Nov 2023 | 4

How much to clean up a ransomware infection? For Rackspace, about $11M

And that's not counting the incoming lawsuits. Thank goodness for insurance, eh?

CSO16 Nov 2023 | 7

Windows Server 2022 update gave ESXi host VMs the blue screen blues

Wild idea: Maybe Microsoft could introduce a Quality Copilot to stop pushing broken patches

Patches16 Nov 2023 | 17

BlackCat plays with malvertising traps to lure corporate victims

Updated Ads for Slack and Cisco AnyConnect actually downloaded Nitrogen malware

Research16 Nov 2023 | 1

Royal Mail’s recovery from ransomware attack will cost business at least $12M

First time hard figure given on recovery costs for January incident

Cyber-crime16 Nov 2023 | 6

Hundreds of websites cloned to run ads for Chinese football gambling outfits

Linked to org that UK authorities found once failed its anti-money-laundering obligations

Security16 Nov 2023 | 1

Clorox CISO flushes self after multimillion-dollar cyberattack

Plus: Ransomware crooks file SEC complaint against victim

CSO16 Nov 2023 | 23

Google Workspace weaknesses allow plaintext password theft

Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here

Research15 Nov 2023 | 2

FBI Director: FISA Section 702 warrant requirement a 'de facto ban'

War of words escalates as deadline draws near

Security15 Nov 2023 | 56

How cyber training can help you beat the bad guys

No matter what stage your security career is at, SANS has resources that will add to your knowledge

Ransomware more efficient than ever, and baddies are still after your logs

Trying times for incident responders who battle fastest-ever ransomware blitz as attackers keep scrubbing evidence clean

Research15 Nov 2023 | 3

Another month, another bunch of fixes for Microsoft security bugs exploited in the wild

Patch Tuesday Plus: VMware closes critical hole, Adobe fixes a whopping 76 flaws

Patches15 Nov 2023 | 17

Russian national pleads guilty to building now-dismantled IPStorm proxy botnet

23K nodes earned operator more than $500K – and now perhaps jail time

Cyber-crime14 Nov 2023 | 1

AMD SEV OMG: Trusted execution in VMs undone by bad hypervisors' cache meddling

Let's do the CacheWarp again

Research14 Nov 2023 | 7

Intel emits patch to squash chip bug that lets any guest VM crash host servers

Sapphire Rapids, Alder Lake, Raptor Lake chip families treated for 'Redundant Prefix'

Patches14 Nov 2023 | 1

Ransomware royale: US confirms Royal, BlackSuit are linked

Royal alone scored $275M in past year as FBI, other agencies hot on merging trail

Cyber-crime14 Nov 2023 | 1

Novel backdoor persists even after critical Confluence vulnerability is patched

Got a Confluence server? Listen up. Malware said to have wide-ranging capabilities

Cyber-crime14 Nov 2023 | 1

Bug hunters on your marks: TETRA radio encryption algorithms to enter public domain

Emergency comms standard had five nasty flaws but will be opened to academic research

Security14 Nov 2023 | 10

NCSC says cyber-readiness of UK’s critical infrastructure isn’t up to scratch

And the world's getting more and more dangerous

CSO14 Nov 2023 | 16

Beijing reportedly asked Hikvision to identify fasting students in Muslim-majority province

University managment app also tracked library activity, holidays, and much more

Security14 Nov 2023 | 27

Passive SSH server private key compromise is real ... for some vulnerable gear

OpenSSL, LibreSSL, OpenSSH users, don't worry – you can sit this one out

Research14 Nov 2023 | 12

Google sues scammers peddling fake malware-riddled Bard chatbot download

Updated Plus: Chocolate Factory launches second lawsuit against false DMCA takedowns

Cyber-crime14 Nov 2023 | 13

Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks

Zyxel zero days and nation-state actors (maybe) had a hand in the sector’s worst cybersecurity event on record

Cyber-crime13 Nov 2023 | 38

Introducing the tech that keeps the lights on

Opinion Genuinely new ideas are rare in IT – this superhero is ready to make a real difference

Security13 Nov 2023 | 21

Royal Mail cybersecurity still a bit of a mess, infosec bods claim

Infosec in brief Also: Most Mainers are MOVEit victims, NY radiology firm fined for not updating kit, and some critical vulnerabilities

Security13 Nov 2023 | 8

Australia declares 'nationally significant cyber incident' after port attack

Asia in brief PLUS: Citrix quits China; Cambodia deports Japanese scammers; Chinese tech CEO disappears; and more

Security13 Nov 2023 | 3

Impatient LockBit says it's leaked 50GB of stolen Boeing files after ransom fails to land

Aerospace titan pores over data to see if dump is legit

Cyber-crime10 Nov 2023 | 29

Poloniex crypto-exchange offers 5% cut to thieves if they return that $120M they nicked

White hat bounty looks more like a beg bounty

Cyber-crime10 Nov 2023 | 18

Strangely enough, no one wants to buy a ransomware group that has cops' attention

Ransomed.vc shuts after 20% discount fails to entice bids

Cyber-crime10 Nov 2023 | 5

China's top bank ICBC hit by ransomware, derailing global trades

CitrixBleed patch has been available for around a month

Security10 Nov 2023 | 7

Downfall fallout: Intel knew AVX chips were insecure and did nothing, lawsuit claims

Billions of data-leaking processors sold despite warnings and patch just made them slower, punters complain

Research09 Nov 2023 | 27

SolarWinds says SEC sucks: Watchdog 'lacks competence' to regulate cybersecurity

IT software slinger publishes fierce response to lawsuit brought last month

Cyber-crime09 Nov 2023 | 17

MOVEit cybercriminals unearth fresh zero-day to exploit on-prem SysAid hosts

Second novel zero-day exploited by Lace Tempest this year offers notable demonstration of skill, especially for a ransomware affiliate

Cyber-crime09 Nov 2023 |

Russia's Sandworm – not just missile strikes – to blame for Ukrainian power blackouts

Online attack coincided with major military action, Mandiant says

Security09 Nov 2023 | 38

What to do with a cloud intrusion toolkit in 2023? Slap a chat assistant on it, duh

Don't worry, this half-baked Python script is for educational purposes onl-hahaha

Cyber-crime09 Nov 2023 | 3

Microsoft, Meta detail plans to fight election disinformation in 2024

Strategies differ, though both have gaps that could hurt efficacy

Security08 Nov 2023 | 10

Atlassian cranks up the threat meter to max for Confluence authorization flaw

Attackers secure admin rights after vendor said they could only steal data

Cyber-crime08 Nov 2023 | 10

Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach

It's the latest in a string of unusual wallet-draining attacks that began in April

Cyber-crime08 Nov 2023 | 14

Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections

EFF warns incoming rules may return web 'to the dark ages of 2011'

Security08 Nov 2023 | 121

Microsoft likens MFA to 1960s seatbelts, buckles admins in yet keeps eject button

Admins have 90 days to opt out before MFA is deployed automatically

Security07 Nov 2023 | 29

Fresh find shines new light on North Korea’s latest macOS malware

Months of work reveals how this tricky malware family targets... the financial services sector

Research07 Nov 2023 | 4

Woman jailed after RentaHitman.com assassin turned out to be – surprise – FBI

18 months in the slammer no laughing matter, but the rest... maybe

Cyber-crime07 Nov 2023 | 112

The Register Biting the hand that feeds IT

About Us

Our Websites

Your Privacy

Situation Publishing

Copyright. All rights reserved © 1998–2023