Security News • The Register

Security

San Francisco police use driverless cars for surveillance

In brief Plus: Tech giants commit $30m to open-source security, miscreants breach DEA portal, and US signs cybercrime treaty

Cyber-crime16 May 2022 | 1

Shopping for malware: $260 gets you a password stealer. $90 for a crypto-miner...

We take a look at low, low subscription prices – not that we want to give anyone any ideas

Research14 May 2022 | 6

Ukrainian crook jailed in US for selling thousands of stolen login credentials

Touting info on 6,700 compromised systems will get you four years behind bars

Cyber-crime13 May 2022 | 5

Another ex-eBay exec admits cyberstalking web souk critics

David Harville is seventh to cop to harassment campaign

Cyber-crime13 May 2022 | 8

Software patching must work like car safety recalls, says US cyber boss

Black Hat Asia Adds infosec regulation coming to more industries but with a light touch, more collaboration

CSO13 May 2022 | 26

Most organizations hit by ransomware would pay up if hit again

Nine out of ten organizations would do it all over again, keeping attackers in business

Research13 May 2022 | 34

'Peacetime in cyberspace is a chaotic environment' says senior US advisor

Black Hat Asia The internet is now the first battleground of any new war – before the shooting starts

Cyber-crime13 May 2022 | 1

Iran-linked Cobalt Mirage extracts money, info from US orgs – report

Khamenei, can you just not? Not right now, fam

Research13 May 2022 | 3

Researchers find 134 flaws in the way Word, PDFs, handle scripts

Black Hat Asia ‘Cooperative mutation’ spots problems that checking code alone will miss

Security13 May 2022 | 27

To predict the targets of Chinese malware, look at the target of Chinese laws

Black Hat Asia Around the time Beijing banned online gambling, RATs started targeting operators, say Taiwanese researchers

Security13 May 2022 | 3

Anatomy of a campaign to inject JavaScript into compromised WordPress sites

Reverse-engineered code redirects visitors to dodgy corners of the internet

Research13 May 2022 | 8

If you've got Intel inside, you probably need to get these security patches inside, too

So. Many. BIOS. Bugs

Patches12 May 2022 | 9

Ransomware the final nail in coffin for small university

Lincoln College shuttering after 157 years, ransomware attack from Iran final straw

Security12 May 2022 | 43

APT gang 'Sidewinder' goes on two-year attack spree across Asia

Black Hat Asia Launches almost 1,000 raids, plenty with upgraded malware

Security12 May 2022 |

It's time to kick China off social media, says tech governance expert

Black Hat Asia 'Mischief abroad' is the Middle Kingdom's goal – without the possibility of using Chinese sites to fight back

Security12 May 2022 | 27

Europe proposes tackling child abuse by killing privacy, strong encryption

If we're gonna go through this again, can we just literally go back in time?

Security12 May 2022 | 129

Ukraine war a sorting hat for cyber-governance loyalties: Black Hat founder Jeff Moss

Black Hat Asia Private orgs that flex with Russian bans may do more harm – to themselves – than good

Security12 May 2022 | 18

Five Eyes turn spotlight on MSPs: Potential weak links in IT supply-chain security

We can think of one thing the S stands for in some unfortunate cases

CSO11 May 2022 | 8

Fresh ransomware samples indicate REvil is back

Secureworks' investigation only the latest evidence Kaseya and JBS attackers are on the move again

Security11 May 2022 | 1

Yahoo Japan strives for universal passwordless authentication

30! million! users! already! moved! to! TXT! and/or! FIDO! Attacks! and! support! requests! both! down!

Security11 May 2022 | 13

Popular

How ICE became a $2.8b domestic surveillance agency

Your US tax dollars at work

Bosses using AI to hire candidates risk discriminating against disabled applicants

US publishes technical guide to help organizations avoid violating Americans with Disabilities Act

Demand for PC and smartphone chips drops 'like a rock' says CEO of China’s top chipmaker

Markets outside China are doing better, but at home vendors have huge component stockpiles

Ad-tech firms grab email addresses from forms before they're even submitted

Researchers find widespread harvesting of info without consent

Colocation consolidation: Analysts look at what's driving the feeding frenzy

Analysis Sometimes a half-sized shipping container at the base of a cell tower is all you need

D-Wave deploys first US-based Advantage quantum system

For those that want to keep their data in the homeland

Arm CPU ran on electricity generated by algae for over six months

AA-battery-sized biological photovoltaic cell touted as ideal for IoT applications

China's Kylin Linux targets second RISC-V platform

Is state-approved Ubuntu distro how the Middle Kingdom will replace PCs with home-grown kit?

September 16, 1992, was not a good day to be overly enthusiastic about your job

Who, Me? If I get in early and work hard, everyone will notice, right?

Toshiba says it's talking to 10 suitors about possible sale

Hires external advisors to bolster decision making capacity and hints it could consider multiple buyout plans

MORE
STORIES

Microsoft closes Windows LSA hole under active attack

Plus many more flaws. And Adobe, Android, SAP join the bug-squashing frenzy

Patches11 May 2022 | 7

Email domain for NPM lib with 6m downloads a week grabbed by expert to make a point

Special report Campaign to coax GitHub-owned outfit to improve security starts showing results

CSO10 May 2022 | 44

US, Europe formally blame Russia for data wiper attacks against Ukraine, Viasat

Thank goodness someone cleared that one up

CSO10 May 2022 | 9

Malware goes regional as attackers change tactics

SEO techniques employed to increase visibility of poisoned documents claims Netskope

Security10 May 2022 | 1

Industry pushes back against India's data security breach reporting requirements

Filling in a form at 4am improves infosec or privacy how, exactly?

CSO10 May 2022 | 13

Biden signs cybercrime tracking bill into law

All part of a larger push by the Feds to improve cybersecurity reporting

Cyber-crime09 May 2022 | 8

It costs just $7 to rent DCRat to backdoor your network

Budget-friendly tool breaks the you-get-what-you-pay-for rule

Research09 May 2022 | 9

US offers $15m reward for information about Conti ransomware gang

The State Department notice comes in wake of the cybercrims’ attack on Costa Rican government

Security09 May 2022 | 1

Ransomware plows through farm machinery giant AGCO

John Deere rival says it may be days or 'potentially longer' before some production facilities are back in action

Security09 May 2022 | 17

Microsoft Security Experts: Humans and automation to fight off cyber threats

"We live this fight ourselves everyday," Microsoft says of enterprise attacks

Security09 May 2022 | 9

Colonial Pipeline faces nearly $1m fine one year after ransomware attack

In Brief Plus: Unpatched DNS bug puts IoT devices at risk, SolarWinds hackers set up new digs, and a CEO faces hard time for massive mining fraud

Security09 May 2022 | 7

China wants its youth to stop giving livestreamers money

Internet regulator puts a few practices in place – including viewing curfews and bans on tips

Security09 May 2022 | 29

India's ongoing outrage over Pegasus malware tells a bigger story about privacy law problems

Analysis Stalled law satisfies few and has even been identifed as likely to damage growth

Security08 May 2022 | 16

False-flag cyberattacks a red line for nation-states, says Mandiant boss

NSA director says he doesn't know of a 'big one' that was successful

CSO07 May 2022 | 27

Cryptocurrency laundromat Blender shredded by US Treasury in sanctions first

Helping North Korea? Uncle Sam would like a word

Cyber-crime06 May 2022 | 30

Walking away from ransomware unscathed. Can you? Really?

Hear how from Wendi Whitmore and more at Rubrik’s FORWARD conference

Bank for International Settlements calls for reform of data governance

Wants Big Tech to butt out, and return control to individuals

Security06 May 2022 | 10

F5, Cisco admins: Stop what you're doing and check if you need to install these patches

Updated BIG-IP iControl authentication bypass, NFV VM escape, and more

Patches06 May 2022 | 6

FBI: Cyber-scams cost victims $6.9b-plus worldwide in 2021

Another banner year for criminals. For everyone else, not so much

Cyber-crime05 May 2022 | 8

Microsoft, Apple, Google accelerate push to eliminate passwords

Analysis Passphrases PIP'd, FIDO and W3C projects promoted

CSO05 May 2022 | 76

Google chases sovereignty market with EU Workspace Data product

Woos European firms who don't want their data caught in the US Cloud Act dragnet

Security05 May 2022 |

Phishing operation hits NHS email accounts to harvest Microsoft credentials

You've won $2m! Now just send me a small fee

Security05 May 2022 | 44

Biden orders new quantum push to ensure encryption isn't cracked by rivals

Domestic action and international collaboration to make sure you-know-who – OK, China – doesn't get ahead of the game

Security05 May 2022 | 10

Beijing-backed gang looted IP around the world for years, claims Cybereason

Infosec outfit says group avoided detection by hiding payloads in undocumented Windows logs

Security05 May 2022 | 13

GitHub to require two factor authentication for code contributors by late 2023

Code locker has figured out it's a giant honeypot for miscreants planning supply chain attacks

Security05 May 2022 | 17

US Cyber Command shored up nine nations' defenses last year

'Hunt forward' operations push US capabilities across borders

Security04 May 2022 | 15

Communication around Heroku security incident dubbed 'train wreck'

Users claim lack of transparency following compromise of Github tokens

Security04 May 2022 | 5

Putin threatens supply chains with counter-sanction order

‘Certain organizations’ to be named in ten days and denied access to Russian resources

Security04 May 2022 | 77

Cyber-spies target Microsoft Exchange to steal M&A info

If a network snoop probes like a Kremlin agent, exploits like a Kremlin agent, it might be...

Cyber-crime04 May 2022 | 5

SEC nearly doubles cryptocurrency cop roles in special cyber unit

Policing digital assets sounds more Mission Impossible than NCIS

Cyber-crime03 May 2022 | 7

Zero trust is more than just vendors and products – it requires process

Dell Technologies World IT orgs need to adapt their procedures to make it all work, says Dell

Security03 May 2022 | 3

Microsoft's standalone Defender for Business hits GA

Security suite for the orgs unwilling to stump up for a Microsoft 365 Business Premium subscription

Security03 May 2022 | 3

Critical vulnerabilities found in 'millions of Aruba and Avaya switches'

Airports, hospitals, hotels, and more need to deploy patches for hijack bugs

Patches03 May 2022 | 31

Privacy pathology: It's time for the users to gather a little data – evidence

Opinion If Sherlock was alive today, he’d pack a Pi next to pistol and pipe

Security03 May 2022 | 30

Google starts testing fenced frames to guard its Privacy Sandbox

Oh, serve me ads, lots of ads, under clouded eyes above, just fence me in

Security03 May 2022 | 7

Security is a pain for American Dental Association: Ransomware infection feared

In brief Plus: Another university hit with malware, and more

Research02 May 2022 | 5

SSE kicks the ‘A’ out of SASE

Analysis Security Service Edge separates cloud-delivered defenses from SD-WAN as debate rages

Security02 May 2022 | 3

Dell brings data recovery tools to Apex and the cloud

Dell shows off full stack of cyber recovery SaaS, partners with Snowflake for data analytics

Security02 May 2022 |

Spanish PM, defense minister latest Pegasus spyware victims

Latest Spanish officials to detect Pegasus spyware on mobile devices

Security02 May 2022 | 22

Facebook's Meta, tracking code, and the student financial aid website

Also: Oculus virtual reality apps fail to detail info collection

Research30 Apr 2022 | 15

Data-wiper malware strains surge as Ukraine battles ongoing invasion

Besides files being erased, another thing being deleted: Any sense this is a coincidence

Research29 Apr 2022 | 11

Microsoft Edge's 'Secure Network' sounds a lot like a built-in VPN

Only works with signed-in users, but could lure more into using the browser

Security29 Apr 2022 | 30

Don’t expect to get your data back from the Onyx ransomware group

The cybercriminals trash files larger than 2MB, forever losing them to the void

Security29 Apr 2022 | 13

Interpol: We can't arrest our way out of cybercrime

Especially when gangs are better funded than local police

Cyber-crime29 Apr 2022 | 11

India gives local techies 60 days to hit 6-hour deadline for infosec incident reporting

Customer data collection and retention requirements also increased, including for crypto operators

Security29 Apr 2022 | 3

Sina Weibo, China's Twitter analog, reveals users' locations and IP addresses

Sssshhhh! Nobody tell Elon Musk

Security29 Apr 2022 | 9

Bumblebee malware loader emerges as Conti's BazarLoader fades

At least three threat groups are using the loader in malicious email campaigns

Research29 Apr 2022 | 3

Cloudflare stomps huge DDoS attack on crypto platform

At 15.3 million requests per second, the assault was the largest HTTPS blitz on record lasting 15 seconds

Security28 Apr 2022 | 15

Money or your business: Ensure your ransomware defense strategy beats off disruptions, extortions

Multi-layered protection from Huawei curbs ransomware attacks

Sponsored Feature

Five Eyes nations reveal 2021's fifteen most-exploited flaws

Malicious cyber actors go after 2021's biggest misses, spend less time on the classics

Security28 Apr 2022 | 10

Microsoft points at Linux and shouts: Look, look! Privilege-escalation flaws here, too!

Will Redmond start code-naming Windows make-me-admin bugs?

Patches27 Apr 2022 | 110

Looking for the latest insight to ensure cyber security in the long term? It’s right here

Because digital transformation means transforming security first

Feds offer big rewards for info on suspected Russian Sandworm intel officers

A different type of bug bounty

Cyber-crime27 Apr 2022 | 4

China turns cyber-espionage eyes to Russia as Ukraine invasion grinds on

State-sponsored Bronze President group launches cyber-espionage malware campaign against notional ally

Security27 Apr 2022 | 18

Chinese drone-maker DJI suspends ops in Russia, Ukraine

First Middle Kingdom company to take a stance says it doesn't want anyone weaponizing its flying machines

Security27 Apr 2022 | 12

Should security teams be giving service with a smile?

Our Vectra Masked CISO series tackles some of the biggest issues in security and how to overcome them

Study: How Amazon uses Echo smart speaker conversations to target ads

Updated Web giant milks advertisers with data harvested from digital assistant

Research27 Apr 2022 | 167

Who is exploiting VMware right now? Probably Iran's Rocket Kitten, to name one

We hope you've patched that 9.8/10 severity bug

Research26 Apr 2022 | 5

Coca-Cola probes pro-Kremlin gang's claims of 161GB data theft

Life tastes not so good right now

Cyber-crime26 Apr 2022 | 18

USA's plan to decouple its tech with China lacks a strategy – report

The Schmidt hits the fan

Security26 Apr 2022 | 17

DDoS attacks at an all-time-high in Q1 2022, says Kaspersky

More attacks and more targeted attacks than ever before. What could have happened to cause that uptick?

Security26 Apr 2022 | 2

Microsoft fixes Point of Sale bug that delayed Windows 11 startup for 40 minutes

You thought hunting for discount vouchers took a while? That's nothing compared to Windows booting on a till

Security26 Apr 2022 | 40

India inks tech pact with EU – only the US has the same deal

Meanwhile, UK and India finally explain Cyber Security Partnership agreed to in May 2021

Cyber-crime26 Apr 2022 | 8

Crooks steal NFTs worth '$3m' in Bored Ape Yacht Club heist

Worth doing a lot of heavy lifting there, we know

Cyber-crime26 Apr 2022 | 59

Intuit sued over alleged cryptocurrency thefts via Mailchimp intrusion

Financial software giant slammed for 'poor security practices'

Cyber-crime25 Apr 2022 | 13

Homeland Security bug bounty program uncovers 122 holes in its systems

Thinking of another word for this US govt department's name

CSO25 Apr 2022 | 4

Flaw could have granted criminals control over Ever Surf crypto wallets

Check Point uncovers web vulnerability that could have led to cryptocurrency theft

Security25 Apr 2022 | 1

FBI: BlackCat ransomware scratched 60-plus orgs

In brief Plus: Cisco Umbrella flaw patched, lid blown off TeamTNT, and ICS security folks join JCDC party

Security25 Apr 2022 | 1

Now Mandiant says 2021 was a record year for exploited zero-day security bugs

Now that's a race condition

Research23 Apr 2022 | 4

US DOJ probes Google's $5.4b Mandiant acquisition

Not a social network or an instant-chat app used by tens of millions, so scrutiny it is, then

Security22 Apr 2022 | 5

Hive ransomware affiliate zeros in on Exchange servers

Threat actor exploited known vulnerabilities in the Microsoft software to compromise multiple systems

Cyber-crime22 Apr 2022 | 4

REvil resurrected? Ransomware crew appears to be back. Keyword: Appears

Months after arrests, gang – or someone mimicking them – now active

Cyber-crime22 Apr 2022 | 9

YouTube terminates account for Hong Kong's presumed next head of government

Google cites US sanctions while Beijing and John Lee Ka-chiu are miffed

Security21 Apr 2022 | 34

Emotet reestablishes itself at the top of the malware world

Botnet infrastructure shut down last year, now central to a fast-spreading email scam, researchers say

Security21 Apr 2022 | 5

Five Eyes nations fear wave of Russian attacks against critical infrastructure

If this is surprising to operators, we are doomed

Cyber-crime21 Apr 2022 | 25

AWS's Log4j patches blew holes in its own security

Remote code exec is so 2014. Have this container escape and privilege escalation, instead

Patches20 Apr 2022 | 10

Oracle already wins 'crypto bug of the year' with Java digital signature bypass

Whole new meaning for zero consequences

Security20 Apr 2022 | 47

Russian-linked Shuckworm crew ramps up Ukraine attacks

Cyber-espionage gang using multiple variants of its custom backdoor to ensure persistence, Symantec warns

Security20 Apr 2022 | 4

Criminals adopting new methods to bypass improved defenses, says Zscaler

PhaaS, SMiShing, and remote work drive increase in phishing attacks

Research20 Apr 2022 | 5

US warns North Korean Lazarus gang rising against cryptocurrency outfits

Malware-laced recruitment emails are more Kim job ill than Kim Jong-un

Security20 Apr 2022 | 5

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Security Scorecard

Biting the hand that feeds IT © 1998–2022

Do not sell my personal information Cookies Privacy Ts&Cs