UK Home Office silent on alleged Apple backdoor order Blighty’s latest stab at encryption? A secret order to pry open iCloud, sources claim Security07 Feb 2025 | 127
UK industry leaders unleash hurricane-grade scale for cyberattacks Freshly minted organization aims to take the guesswork out of incident severity for insurers and policy holders Cyber-crime07 Feb 2025 | 6
Apple missed screenshot-snooping malware in code that made it into the App Store, Kaspersky claims OCR plugin great for extracting crypto-wallet secrets from galleries Cyber-crime07 Feb 2025 | 5
If Ransomware Inc was a company, its 2024 results would be a horror show 35% drop in payments across the year as your backups got better and law enforcement made a difference CSO07 Feb 2025 | 2
Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker Fourth time’s the harm? Personal Tech06 Feb 2025 | 5
Federal judge tightens DOGE leash over critical Treasury payment system access Updated Lawsuit: 'Scale of intrusion into individuals' privacy is massive and unprecedented' Public Sector06 Feb 2025 | 23
Dems want answers on national security risks posed by hiring freeze, DOGE probes Updated Are cybersecurity roles included? Are Elon's enforcers vetted? Inquiring minds want to know Security06 Feb 2025 | 32
Democrats demand to know WTF is up with that DOGE server on OPM's network Are you trying to make this easy for China and Russia? Public Sector06 Feb 2025 | 152
Robocallers who phoned the FCC pretending to be from the FCC land telco in trouble Don't laugh: The $4.5m fine proposed for carrier Telnyx shows how the Trump administration will run its comms regulator Networks06 Feb 2025 | 29
Mixing Rust and C in Linux likened to cancer by kernel maintainer Updated Some worry multiple languages will make it harder to maintain this open source uber-project, others disagree Software05 Feb 2025 | 118
DOGE latest: Citrix supremo has 'read-only' access to US Treasury payment system CEO of Cloud Software a 'special government employee' probing for Team Elon Public Sector05 Feb 2025 | 26
Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge International security squads all focus on stopping baddies busting in through routers, IoT kit etc Edge + IoT05 Feb 2025 | 4
US cranks up espionage charges against ex-Googler accused of trade secrets heist Mountain View clocked onto the scheme with days to spare AI + ML05 Feb 2025 | 12
Google: How to make any AMD Zen CPU always generate 4 as a random number Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least Patches04 Feb 2025 | 75
Poisoned Go programming language package lay undetected for 3 years Researcher says ecosystem's auto-caching is a net positive but presents exploitable quirks Security04 Feb 2025 | 9
Grubhub serves up security incident with a side of needing to change your password Contact info and partial payment details may be compromised Cyber-crime04 Feb 2025 |
US accuses Canadian math prodigy of $65M crypto scheme Suspect, still at large, said to back concept that 'code is law' Legal04 Feb 2025 | 24
Cyberattack on NHS causes hospitals to miss cancer care targets Healthcare chiefs say impact will persist for months Cyber-crime04 Feb 2025 | 12
Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' When cloud customers don't clean up after themselves, part 97 CSO04 Feb 2025 | 33
UK govt must learn fast and let failing projects die young Tackle longstanding issues around productivity, cyber resilience and public sector culture, advises spending watchdog Public Sector04 Feb 2025 | 11
'Maybe the problem is you' ... Linus Torvalds wades into Linux kernel Rust driver drama Open source project chief hits out at 'social media brigading'
I was told to make backups, not test them. Why does that make you look so worried? On Call Shabby admin invented 'transparent tape' – a terrible storage medium but a magic tool for unlocking IT budgets
UK Home Office silent on alleged Apple backdoor order Blighty’s latest stab at encryption? A secret order to pry open iCloud, sources claim
Microsoft 365 price rises are coming – pay up or opt out (if you can find the button) It's not auto-enrollment. It's just your current plan with extra Copilot for more money. Completely different
UK industry leaders unleash hurricane-grade scale for cyberattacks Freshly minted organization aims to take the guesswork out of incident severity for insurers and policy holders
Musk's move fast and break things mantra won't work in US.gov Opinion 248-year-old democracy is not a tech startup
Amazon, Google asked to explain why they were serving ads on sites hosting CSAM Updated And US government adverts at that, say senators
Creators demand tech giants fess up and pay for all that AI training data But 'original sin' has already been committed, shrugs industry
NASA solar mission data recovering after server room flood fiasco Spacecraft weather solar storms, but ground processing laid low by water
Does DOGE have what it takes to actually tackle billions in US govt IT spending? Comment Tesla’s DIY ERP legend meets the messy reality of entrenched federal contracts
Google patches odd Android kernel security bug amid signs of targeted exploitation Also, Netgear fixes critical router, access point vulnerabilities Patches04 Feb 2025 | 5
Why digital resilience is critical to banks Going beyond the traditional “Prevent, Detect, and Respond” framework and taking a proactive approach Partner Content
TSA’s airport facial-recog tech faces audit probe Senators ask, Homeland Security watchdog answers: Is it worth the money? Security03 Feb 2025 | 21
2 officers bailed as anti-corruption unit probes data payouts to N Irish cops Investigating compensation to police whose sensitive info was leaked in 2023 Security03 Feb 2025 | 19
Privacy Commissioner warns the ‘John Smiths’ of the world can acquire ‘digital doppelgangers’ Australian government staff mixed medical info for folk who share names and birthdays Public Sector03 Feb 2025 | 44
Medical monitoring machines spotted stealing patient data, users warned to pull the plug ASAP Infosec in brief PLUS: MGM settles breach suits; AWS doesn't trust you with security defaults; A new .NET backdoor; and more Security03 Feb 2025 | 9
What does it mean to build in security from the ground up? Systems Approach As if secure design is the only bullet point in a list of software engineering best practices CSO02 Feb 2025 | 12
Gilmore Girls fans nabbed as Eurocops dismantle two major cybercrime forums Nulled and Cracked had a Lorelai-cal rise - until Operation Talent stepped in Security02 Feb 2025 | 2
Another banner year for ransomware gangs despite takedowns by the cops And it doesn't take a crystal ball to predict the future Cyber-crime31 Jan 2025 | 6
Google to Iran: Yes, we see you using Gemini for phishing and scripting. We're onto you And you, China, Russia, North Korea ... Guardrails block malware generation Security31 Jan 2025 | 13
Data resilience and data portability Why organizations should protect everything, everywhere, all at once Sponsored Feature
VMware plugs steal-my-credentials holes in Cloud Foundation Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom's virtualization giant Patches30 Jan 2025 |
Trump admin's purge of US cyber advisory boards was 'foolish,' says ex-Navy admiral interview ‘No one was kicked off the NTSB in the middle of investigating a crash’ Security30 Jan 2025 | 114
Ransomware attack at New York blood services provider – donors turned away during shortage crisis 400 hospitals and med centers across 15 states rely on its products Cyber-crime30 Jan 2025 | 13
Canvassing apps used by UK political parties riddled with privacy, security issues Neither Labour, Conservatives, nor the Lib Dems offered a retort to rights org's report Research30 Jan 2025 | 21
WFH with privacy? 85% of Brit bosses snoop on staff Employers remain blissfully unaware/wilfully ignorant of the impact of surveillance on staff Security30 Jan 2025 | 80
Wacom says crooks probably swiped customer credit cards from its online checkout Digital canvas slinger indicates dot-com was skimmed for over a month Cyber-crime30 Jan 2025 | 3
Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek Oh someone's in DeepShi... CSO30 Jan 2025 | 71
North Koreans clone open source projects to plant backdoors, steal credentials Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? Devops29 Jan 2025 | 2
Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet And now you won't stop calling me, I'm kinda busy CSO29 Jan 2025 | 4
Transform your approach to data security Watch this webinar on-demand and learn how to safeguard your organisation’s future Webinar
'Bro delete the chat': Feel the panic shortly before cops bust major online fraud ring Mastermind begs colluders to bury evidence later used to imprison him Cyber-crime29 Jan 2025 | 21
Spending watchdog blasts UK govt over sloth-like progress to shore up IT defenses Think government cybersecurity is bad? Guess again. It’s alarmingly so Public Sector29 Jan 2025 | 13
The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster Lawsuit challenges effort to create federal-wide centralized inbox expected to be used for mass firings CSO29 Jan 2025 | 57
SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon It's another cousin of Spectre, here to read your email, browsing history, and more Research29 Jan 2025 | 15
Baguette bandits strike again with ransomware and a side of mockery Big-game hunting to the extreme Cyber-crime28 Jan 2025 | 6
Protecting AWS environments from cyberthreats The shared responsibility model: why securing AWS workloads is essential Partner Content
Security pros more confident about fending off ransomware, despite being battered by attacks Data leak, shmata leak. It will all work out, right? Cyber-crime28 Jan 2025 | 4
Apple plugs security hole in its iThings that's already been exploited in iOS Cupertino kicks off the year with a zero-day Patches28 Jan 2025 | 15
US freezes foreign aid, halting cybersecurity defense and policy funds for allies Updated Uncle Sam will 'no longer blindly dole out money,' State Dept says Public Sector27 Jan 2025 | 86
DeepSeek limits new accounts amid cyberattack Updated Chinese AI startup grapples with consequences of sudden popularity Cyber-crime27 Jan 2025 | 43
Google takes action after coder reports 'most sophisticated attack I've ever seen' Latest trope is tricky enough to fool even the technical crowd… almost Cyber-crime27 Jan 2025 | 32
Sweden seizes cargo ship after another undersea cable hit in suspected sabotage NATO increasing patrols in the Baltic as region awaits navy drones Networks27 Jan 2025 | 64
CDNs: Great for speeding up the internet, bad for location privacy Infosec in brief Also, Subaru web portal spills user deets, Tornado Cash sanctions overturned, a Stark ransomware attack, and more Security27 Jan 2025 | 5
British Museum says ex-contractor 'shut down' IT systems, wreaked havoc Former freelancer cuffed a week after being dismissed by UK's top visitor attraction Security27 Jan 2025 | 62
Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet Who could be so interested in chips, manufacturing, and more, in the US, UK, Europe, Russia... Networks25 Jan 2025 | 76
UK telco TalkTalk confirms probe into alleged data grab underway Spinner says crim's claims 'very significantly overstated' Security25 Jan 2025 | 33
AI chatbot startup founder, lawyer wife accused of ripping off investors in $60M fraud GameOn? It's looking more like game over for that biz Cyber-crime24 Jan 2025 | 30
Don't want your Kubernetes Windows nodes hijacked? Patch this hole now SYSTEM-level command injection via API parameter *chef's kiss* Patches24 Jan 2025 | 4
North Korean dev who renamed himself 'Bane' accused of IT worker fraud caper 5 indicted as FBI warns North Korea dials up aggression, plus Russian devs allegedly get in on the act Cyber-crime24 Jan 2025 | 2
China and friends claim success in push to stamp out tech support cyber-scam slave camps Paint a target on Myanmar, pledge more info-sharing to get the job done Cyber-crime24 Jan 2025 | 12
Court rules FISA Section 702 surveillance of US resident was unconstitutional 'Public interest alone does not justify warrantless querying' says judge Security24 Jan 2025 | 19
One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers But we mean, you've had nearly four years to patch Patches23 Jan 2025 | 4
Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management No in-the-wild exploits … yet Patches23 Jan 2025 |
SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix Big organizations and governments are main users of these gateways Patches23 Jan 2025 | 10
Meta's pay-or-consent model under fire from EU consumer group Company 'strongly disagrees' with law infringement allegations Personal Tech23 Jan 2025 | 31
FortiGate config leaks: Victims' email addresses published online Experts warn not to take SNAFU lightly as years-long compromises could remain undetected Cyber-crime23 Jan 2025 | 8
Who is DDoSing you? Rivals, probably, or cheesed-off users Plus: 'Largest-ever' duff traffic tsunami clocks in at 5.6 Tbps Networks23 Jan 2025 | 7
Biz tax rises, inflation and high interest. Why fewer UK tech firms started in 2024 And the government thinks that AI and taking shackles off big tech will help? God help Britain Channel23 Jan 2025 | 32
Asus lets processor security fix slip out early, AMD confirms patch in progress Updated Answers on a postcard to what 'Microcode Signature Verification Vulnerability' might mean Patches23 Jan 2025 | 11
Oracle emits 603 patches, names one it wants you to worry about soon Old flaws that keep causing trouble haunt Big Red Patches23 Jan 2025 |
Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards And: America 'has never been less secure,' retired rear admiral tells Congress Security22 Jan 2025 | 94
Supply chain attack hits Chrome extensions, could expose millions Threat actor exploited phishing and OAuth abuse to inject malicious code Cyber-crime22 Jan 2025 | 6
Give users confidence in your digital infrastructure Why Digital Trust and crypto-agility are essential to authentication and data security Sponsored Post
Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch Update addresses boot failures on multi-node systems Patches22 Jan 2025 | 6
Silk Road's Dread Pirate Roberts walks free as Trump pardons dark web kingpin Ross Ulbricht's family are now appealing for donations to support his reintegration into society Legal22 Jan 2025 | 136
Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch Feature Everyone agrees defense matters. How to do it is up for debate CSO22 Jan 2025 | 20
Ransomware scum make it personal for Reg readers by impersonating tech support That invitation to a Teams call on which IT promises to mop up a spamstorm may not be what it seems CSO22 Jan 2025 | 18
PowerSchool theft latest: Decades of Canadian student records, data from 40-plus US states feared stolen Updated Lawsuits pile up after database accessed by miscreants Cyber-crime22 Jan 2025 | 31
Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day Seven days after disclosure and little action taken, data shows Patches21 Jan 2025 | 3
HPE probes IntelBroker's bold data theft boasts Incident response protocols engaged following claims of source code burglary Cyber-crime21 Jan 2025 |
Banks must keep ahead of risks and reap AI rewards AI has transformed banking across APAC. But is this transformation secure? Partner Content
Hackers game out infowar against China with the US Navy Taipei invites infosec bods to come and play on its home turf Public Sector20 Jan 2025 | 5
How to leave the submarine cable cutters all at sea – go Swedish Opinion Clear rules and guaranteed consequences concentrate the mind wonderfully. Just ask a Russian Networks20 Jan 2025 | 111
Ransomware attack forces Brit high school to shut doors Students have work to complete at home in the meantime Cyber-crime20 Jan 2025 | 103
Sage Copilot grounded briefly to fix AI misbehavior 'Minor issue' with showing accounting customers 'unrelated business information' required repairs AI + ML20 Jan 2025 | 23
Datacus extractus: Harry Potter publisher breached without resorting to magic Infosec in brief PLUS: Allstate sued for allegedly tracking drivers; Dutch DDoS; More fake jobs from Pyongyang; and more Security20 Jan 2025 | 7
When food delivery apps reached Indonesia, everyone put on weight Asia In Brief PLUS: Salt Typhoon and IT worker scammers sanctioned; Alibaba Cloud’s K8s go global; Amazon acquires Indian BNPL company Software20 Jan 2025 | 5
Donald Trump proposes US govt acquire half of TikTok, which thanks him and restores service The same Florida Man who wanted to ban the app in the first place Public Sector20 Jan 2025 | 124
OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries The S in LLM stands for Security AI + ML19 Jan 2025 | 31
FCC to telcos: By law you must secure your networks from foreign spies. Get on it Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping CSO17 Jan 2025 | 29
Biden signs sweeping cybersecurity order, just in time for Trump to gut it Analysis Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive Public Sector17 Jan 2025 | 40
Fortinet: FortiGate config leaks are genuine but misleading Competition hots up with Ivanti over who can have the worst start to a year Cyber-crime17 Jan 2025 | 5
Clock ticking for TikTok as US Supreme Court upholds ban Updated With Biden reportedly planning to skirt enforcement and kick the can to Trump, this saga might still not be over Security17 Jan 2025 | 47
Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day Turns out tool does both file transfers and security fixes fast Patches17 Jan 2025 | 21
Medusa ransomware group claims attack on UK's Gateshead Council Pastes allegedly stolen documents on leak site with £600K demand Cyber-crime17 Jan 2025 | 13
Microsoft eggheads say AI can never be made secure – after testing Redmond's own products If you want a picture of the future, imagine your infosec team stamping on software forever AI + ML17 Jan 2025 | 85
Just as your LLM once again goes off the rails, Cisco, Nvidia are at the door smiling Some of you have apparently already botched chatbots or allowed ‘shadow AI’ to creep in AI + ML17 Jan 2025 | 11
GM parks claims that driver location data was given to insurers, pushing up premiums We'll defo ask for permission next time, automaker tells FTC Personal Tech17 Jan 2025 | 40