North Korea's fake IT worker scam hauled in at least $88 million over six years DoJ thinks it's found the folks that ran it, and some of the 'IT warriors' sent out to fleece employers Cyber-crime13 Dec 2024 |
Apache issues patches for critical Struts 2 RCE bug More details released after devs allowed weeks to apply fixes Patches12 Dec 2024 |
Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push Holiday cheer comes in the form of three arrests and 27 shuttered domains Cyber-crime12 Dec 2024 | 4
British Army zaps drones out of the sky with laser trucks High-energy weapon proves its mettle in testing Public Sector12 Dec 2024 | 99
Firefox ditches Do Not Track because nobody was listening anyway Few websites actually respect the option, says Mozilla Software12 Dec 2024 | 59
Citrix goes shopping in Europe and returns with gifts for security-conscious customers Acquires two companies that help those on the nice list keep naughty list types at bay Virtualization12 Dec 2024 |
Blocking Chinese spies from intercepting calls? There ought to be a law Sen. Wyden blasts FCC's 'failure' amid Salt Typhoon hacks Security11 Dec 2024 | 12
Krispy Kreme Doughnut Corporation admits to hole in security Belly-busting biz says it's been hit by cowardly custards Security11 Dec 2024 | 28
Three more vulns spotted in Ivanti CSA, all critical, one 10/10 Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker Patches11 Dec 2024 | 2
US names Chinese national it alleges was behind 2020 attack on Sophos firewalls Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware Cyber-crime11 Dec 2024 | 4
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins Patch Tuesday Twas the night before Christmas, and all through the house, patching was done with the click of a mouse Security10 Dec 2024 | 23
US military grounds entire Osprey tiltrotor fleet over safety concerns Boeing-Bell V-22 can't outfly its checkered past, it seems Public Sector10 Dec 2024 | 81
AMD secure VM tech undone by DRAM meddling Boffins devise BadRAM attack to pilfer secrets from SEV-SNP encrypted memory Systems10 Dec 2024 | 9
Fully patched Cleo products under renewed 'zero-day-ish' mass attack Thousands of servers targeted while customers wait for patches Research10 Dec 2024 |
Heart surgery device maker's security bypassed, data encrypted and stolen Sounds like th-aorta get this sorted quickly Cyber-crime10 Dec 2024 | 20
Bitfinex heist gets the Netflix treatment after 'cringey couple' sentenced Streamer's trademark dramatic style takes on Bitcoin Bonnie and Clyde Cyber-crime10 Dec 2024 | 6
WhatsApp finally fixes View Once flaw that allowed theft of supposedly vanishing pics And it only took four months, tut Security10 Dec 2024 | 21
Police arrest suspect in murder of UnitedHealthcare CEO, with grainy pics the only tech involved McDonald's worker called it in, cops swooped, found 'gun, suppressor, manifesto' Security10 Dec 2024 | 116
China's Salt Typhoon recorded top American officials' calls, says White House No word yet on who was snooped on. Any bets? CSO09 Dec 2024 | 23
Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket Exclusive ShinyHunters-linked heist thought to have been ongoing since March Research09 Dec 2024 | 9
Firefox ditches Do Not Track because nobody was listening anyway Few websites actually respect the option, says Mozilla
British Army zaps drones out of the sky with laser trucks High-energy weapon proves its mettle in testing
Microsoft hijacks keyboard shortcut to bring Copilot to your attention AI assistant goes native – sort of – for Windows Insiders
Krispy Kreme Doughnut Corporation admits to hole in security Belly-busting biz says it's been hit by cowardly custards
Indian police demand Starlink identify alleged drug smugglers Elon Musk's satellite internet service asked to explain who used its service to navigate to remote islands
Three more vulns spotted in Ivanti CSA, all critical, one 10/10 Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker
US names Chinese national it alleges was behind 2020 attack on Sophos firewalls Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware
Cruise robotaxis parked forever, as GM decides it can't compete and wants to cut costs Pictures The Register stumbles upon the place self-driving cabs appear to be rusting away into history
Linux 6.12 is the new long term supported kernel Mid-November release will be maintained for 'several years'
Google Gemini 2.0 Flash comes out with real-time conversation, image analysis Chocolate Factory's latest multimodal model aims to power more trusted AI agents
OpenWrt orders router firmware updates after supply chain attack scare A couple of bugs lead to a potentially bad time CSO09 Dec 2024 | 9
Microsoft dangles $10K for hackers to hijack LLM email service Outsmart an AI, win a little Christmas cash CSO09 Dec 2024 | 12
Blue Yonder ransomware termites claim credit Infosec in brief Also: Mystery US firm compromised by Chinese hackers for months; Safe links that aren't; Polish spy boss arrested, and more Security09 Dec 2024 | 3
How Chinese insiders are stealing data scooped up by President Xi's national surveillance system Feature 'It's a double-edged sword,' security researchers tell The Reg Public Sector08 Dec 2024 | 52
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+ Updated Microsoft's OS sure loves throwing your creds at remote systems Patches06 Dec 2024 | 13
Facing sale or ban, TikTok tossed under national security bus by appeals court Video slinger looks to Supremes for salvation, though anything could happen under Trump Personal Tech06 Dec 2024 | 43
Salt Typhoon forces FCC's hand on making telcos secure their networks Proposal pushes stricter infosec safeguards after Chinese state baddies expose vulns Security06 Dec 2024 | 4
Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware Threatened with life in prison, Kyiv charity worker gives middle finger to state spies Security06 Dec 2024 | 62
Protect your clouds Get best practice advice on how to safeguard your cloud infrastructure from SANS Sponsored Post
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files updated Still unpatched 100+ days later, watchTowr says Cyber-crime06 Dec 2024 | 4
Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' Redmond threat intel maven talks explains this persistent pain to The Reg Security06 Dec 2024 | 16
Solana blockchain's popular web3.js npm package backdoored to steal keys, funds Damage likely limited to those running bots with private PKI access Cyber-crime05 Dec 2024 | 7
British hospitals hit by cyberattacks still battling to get systems back online Updated Children's hospital and cardiac unit say criminals broke in via shared 'digital gateway service' Cyber-crime05 Dec 2024 | 21
BT Group confirms attackers tried to break into Conferencing division Sensitive data allegedly stolen from US subsidiary following Black Basta post Cyber-crime05 Dec 2024 | 8
Shape the future of UK cyber security Support the industry by sponsoring the UK Cyber Team Competition Partner Content
Ransomware hangover, Putin grudge blamed for vodka maker's bankruptcy Stoli Group on the rocks in the US Security05 Dec 2024 | 35
T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career' Interview Security chief talks to El Reg as Feds urge everyone to use encrypted chat CSO05 Dec 2024 | 54
Cops arrest suspected admin of German-language crime bazaar Drugs, botnets, forged docs, and more generated fortune for platform sellers Cyber-crime04 Dec 2024 | 23
Microsoft says premature patch could make Windows Recall forget how to work Installed the final non-security preview update of 2024? Best not hop onto the Dev Channel CSO04 Dec 2024 | 25
Eurocops take down 'secure' criminal chat system known as Matrix Updated They took the red pill Cyber-crime04 Dec 2024 | 45
FTC scolds two data brokers for allegedly selling your location to the meter 'Where we go is who we are' totally isn't a creepy ad slogan at all Personal Tech04 Dec 2024 | 22
Perfect 10 directory traversal vuln hits SailPoint's IAM solution Updated 20-year-old info disclosure class bug still pervades security software Patches03 Dec 2024 | 6
Major energy contractor reports 'limited' access to IT after ransomware locks files ENGlobal customers include the Pentagon as well as major oil and gas producers Security03 Dec 2024 | 11
Severity of the risk facing the UK is widely underestimated, NCSC annual review warns National cyber emergencies increased threefold this year Cyber-crime03 Dec 2024 | 18
Russia gives life sentence to Hydra dark web kingpin after seizing a ton of drugs No exaggeration – literally a ton. Plus, 15 co-conspirators also put behind bars Cyber-crime03 Dec 2024 | 27
Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online Yet another result of the MOVEit mess Cyber-crime03 Dec 2024 | 3
AWS unveils cloud security IR service for a mere $7K a month Re:Invent Tap into the infinite scalability... of pricing Security03 Dec 2024 | 5
Russia arrests one of its own – a cybercrime suspect on FBI's most wanted list The latest in an unusual change of fortune for group once protected by the Kremlin Cyber-crime02 Dec 2024 | 58
Telco security is a dumpster fire and everyone's getting burned Opinion The politics of cybersecurity are too important to be left to the politicians Security02 Dec 2024 | 63
Interpol nabs thousands, seizes millions in global cybercrime-busting op Infosec in brief Also, script kiddies still a threat, Tornado Cash is back, UK firms lose billions to avoidable attacks, and more Security01 Dec 2024 | 8
RansomHub claims to net data hat-trick against Bologna FC Crooks say they have stolen sensitive files on managers and players Cyber-crime30 Nov 2024 | 2
Zabbix urges upgrades after critical SQL injection bug disclosure US agencies blasted 'unforgivable' SQLi flaws earlier this year Patches29 Nov 2024 | 7
Ransom gang claims attack on NHS Alder Hey Children's Hospital Second alleged intrusion on English NHS org systems this week Cyber-crime29 Nov 2024 | 21
Fighting cybercrime with actionable knowledge A reason to celebrate SANS and its 35 years of cyber security training Sponsored Post
NHS major 'cyber incident' forces hospitals to use pen and paper Systems are isolated and pulled offline, while scheduled procedures are canceled Cyber-crime28 Nov 2024 | 56
The only thing worse than being fired is scammers fooling you into thinking you're fired Scumbags play on victims' worst fears in phishing campaign referencing UK Employment Tribunal Cyber-crime28 Nov 2024 | 50
Salt Typhoon's surge extends far beyond US telcos Plus, a brand-new backdoor, GhostSpider, is linked to the cyber spy crew's operations Security27 Nov 2024 | 7
T-Mobile US takes a victory lap after stopping cyberattacks: 'Other providers may be seeing different outcomes' Funny what putting more effort and resources into IT security can do CSO27 Nov 2024 | 9
Bolster resilience against 2025 cyber threats Watch this webinar to learn why cybersecurity leaders can trust the MITRE ATT&CK Evaluations Partner Content
Data broker leaves 600K+ sensitive files exposed online Exclusive Researcher spotted open database before criminals … we hope Research27 Nov 2024 | 22
First-ever UEFI bootkit for Linux in the works, experts say Bootkitty doesn’t bite… yet Research27 Nov 2024 | 14
The workplace has become a surveillance state Cracked Labs report explores the use of motion sensors and wireless networking kit to monitor offices CxO27 Nov 2024 | 70
CrowdStrike still doesn't know how much its Falcon flame-out will cost Thinks customers may have forgiven it after revenue hits a record Security27 Nov 2024 | 19
Telco engineer who spied on US employer for Beijing gets four years in the clink Provides insight to how China gets inside US systems, perhaps at Verizon and Infosys Cyber-crime27 Nov 2024 | 15
Man accused of hilariously bad opsec as alleged cybercrime spree detailed Complaint claims he trespassed, gave himself discounts, and sorted CCTV access… Cyber-crime26 Nov 2024 | 24
US senators propose law to require bare minimum security standards In case anyone forgot about Change Healthcare Security26 Nov 2024 | 15
Bing Wallpaper app, now in Windows Store, accused of cookie shenanigans Microsoft free tool snooping on users? Surely not! Security26 Nov 2024 | 47
Another 'major cyber incident' at a UK hospital, outpatients asked to stay away Third time this year an NHS unit's IT systems have come under attack Cyber-crime26 Nov 2024 | 53
QNAP and Veritas dump 30-plus vulns over the weekend Updated Just what you want to find when you start a new week Patches26 Nov 2024 | 2
Britain Putin up stronger AI defences to counter growing cyber threats 'Be in no doubt: the UK and others in this room are watching Russia' Security26 Nov 2024 | 26
Supply chain management vendor Blue Yonder succumbs to ransomware And it looks like major UK retailers that rely on it are feeling the pinch Cyber-crime26 Nov 2024 | 9
Security? We've heard of it: How Microsoft plans to better defend Windows Ignite Did we say CrowdStrike? We meant, er, The July Incident... CSO25 Nov 2024 | 27
China has utterly pwned 'thousands and thousands' of devices at US telcos Senate Intelligence Committee chair says his 'hair is on fire' as execs front the White House Cyber-crime25 Nov 2024 | 51
Google blocked 1,000-plus pro-China fake news websites from its search results Beijing's propaganda buddies aren't just using social media Security25 Nov 2024 | 14
Imagine a land in which Big Tech can't send you down online rabbit holes or use algorithms to overcharge you China is trying to become that land, with a government crackdown on the things that make the internet no fun Security25 Nov 2024 | 69
Russian spies may have moved in next door to target your network Infosec in brief Plus: Microsoft seizes phishing domains; Helldown finds new targets; Illegal streaming with Jupyter, and more Security25 Nov 2024 | 22
Volunteer DEF CON hackers dive into America's leaky water infrastructure Six sites targeted for security clean-up, just 49,994 to go Security24 Nov 2024 | 13
Trump taps border hawk to head DHS. Will Noem's 'enthusiasm' extend to digital domain? Analysis Meanwhile, CISA chief Jen Easterly will step down prior to inauguration Public Sector23 Nov 2024 | 51
Andrew Tate's site ransacked, subscriber data stolen He'll just have to take this one on the chin Cyber-crime22 Nov 2024 | 106
1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole Updated PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more CSO22 Nov 2024 | 22
SafePay ransomware gang claims Microlise attack that disrupted prison van tracking Fledgling band of crooks says it stole 1.2 TB of data Cyber-crime22 Nov 2024 | 3
Helpline for Yakuza victims fears it leaked their personal info Organized crime types tend not to be kind to those who go against them, so this is nasty Security22 Nov 2024 | 21
Here's what happens if you don't layer network security – or remove unused web shells TL;DR: Attackers will break in and pwn you, as a US government red team demonstrated Security22 Nov 2024 | 4
DARPA-backed voting system for soldiers abroad savaged VotingWorks, developer of the system, disputes critics' claims Security21 Nov 2024 | 5
Chinese ship casts shadow over Baltic subsea cable snipfest Danish military confirms it is monitoring as Swedish police investigate. Cloudflare says impact was 'minimal' Networks21 Nov 2024 | 47
'Alarming' security bugs lay low in Linux's needrestart utility for 10 years Update now: Qualys says flaws give root to local users, 'easily exploitable', default in Ubuntu Server Research21 Nov 2024 | 15
Now Online Safety Act is law, UK has 'priorities' – but still won't explain 'spy clause' Draft doc struggles to describe how theoretically encryption-busting powers might be used Cyber-crime21 Nov 2024 | 59
Put your usernames and passwords in your will, advises Japan's government Digital end of life planning saves your loved ones from a little extra anguish Software21 Nov 2024 | 77
Five Scattered Spider suspects indicted for phishing spree and crypto heists DoJ also shutters allleged crimeware and credit card mart PopeyeTools Cyber-crime21 Nov 2024 | 3
Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator Meet Liminal Panda, which prowls telecom networks in South Asia and Africa CSO20 Nov 2024 | 32
Mega US healthcare payments network restores system 9 months after ransomware attack Change Healthcare’s $2 billion recovery is still a work in progress Cyber-crime20 Nov 2024 | 5
Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed OSS-Fuzz is making a strong argument for LLMs in security research AI + ML20 Nov 2024 | 9
D-Link tells users to trash old VPN routers over bug too dangerous to identify Vendor offers 20% discount on new model, but not patches CSO20 Nov 2024 | 59
Data is the new uranium – incredibly powerful and amazingly dangerous Column CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value CSO20 Nov 2024 | 46
Healthcare org Equinox notifies 21K patients and staff of data theft Ransomware scum LockBit claims it did the dirty deed Cyber-crime20 Nov 2024 | 1
China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer No word on when or if the issue will be fixed Security19 Nov 2024 | 2
Russian suspected Phobos ransomware admin extradited to US over $16M extortion This malware is FREE for EVERY crook ($300 decryption keys sold separately) Cyber-crime19 Nov 2024 | 5
America's drinking water systems have a hard-to-swallow cybersecurity problem More than 100M rely on gear rife with vulnerabilities, says EPA OIG Public Sector19 Nov 2024 | 20