Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes clearances Illegitimi non carborundum? Nice password, Mr Ex-CISA CSO17 Apr 2025 |
Whistleblower describes DOGE IT dept rampage at America's labor watchdog Ignored infosec rules, exfiltrated data … then the mysterious login attempts from a Russian IP address began – claim CSO17 Apr 2025 | 29
Signalgate chats vanish from CIA chief phone Extraordinary rendition of data, or just dropped it out of a helicopter? CSO16 Apr 2025 | 17
Identifying the cyber risks that matter Partner content From noise to clarity: Why CISOs are shifting to adversarial exposure validation Partner content
CVE program gets last-minute funding from CISA – and maybe a new home Uncertainty is the new certainty CSO16 Apr 2025 | 22
Guess what happens when ransomware fiends find 'insurance' 'policy' in your files It involves a number close to three or six depending on the pickle you're in Cyber-crime16 Apr 2025 | 20
Uncle Sam kills funding for CVE program. Yes, that CVE program Updated Because vulnerability management has nothing to do with national security, right? CSO16 Apr 2025 | 177
All right, you can have one: DOGE access to Treasury IT OK'd judge Login green-lit for lone staffer if he’s trained, papered up, won’t pull an Elez Public Sector15 Apr 2025 | 18
New SSL/TLS certs to each live no longer than 47 days by 2029 IT admins, get ready to grumble CSO14 Apr 2025 | 119
Hacktivism resurges – but don't be fooled, it's often state-backed goons in masks Feature Military units, government nerds appear to join the fray, with physical infra in sights CSO13 Apr 2025 | 7
LLMs can't stop making up software dependencies and sabotaging everything Hallucinated package names fuel 'slopsquatting' AI + ML12 Apr 2025 | 93
Infosec experts fear China could retaliate against tariffs with a Typhoon attack World War Fee Scammers are already cashing in with fake invoices for import costs CSO10 Apr 2025 | 31
Trump kills clearances for infosec's SentinelOne, ex-CISA boss Chris Krebs Updated Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories Public Sector10 Apr 2025 | 113
Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz Cloud Next How Chocolate Factory hopes to double down on enterprise-sec CSO09 Apr 2025 | 7
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug Patch Tuesday A novel way to encourage upgrades? Microsoft would never stoop so low Patches08 Apr 2025 | 14
As CISA braces for more cuts, threat intel sharing takes a hit Analysis How will 'gutting' civilian defense agency make American cybersecurity great again? Public Sector08 Apr 2025 | 11
Oracle says its cloud was in fact compromised Reliability, honesty, accuracy. And then there's this lot PaaS + IaaS08 Apr 2025 | 37
That massive GitHub supply chain attack? It all started with a stolen SpotBugs token But this mystery isn't over yet, Unit 42 opines Devops07 Apr 2025 | 7
UK's attempt to keep details of Apple 'backdoor' case secret… denied Last month's secret hearing comes to light CSO07 Apr 2025 | 121
Signalgate: Pentagon watchdog probes Defense Sec Hegseth Classification compliance? Records retention requirements? How quaint Public Sector04 Apr 2025 | 108
Uncle Sam kills funding for CVE program. Yes, that CVE program Updated Because vulnerability management has nothing to do with national security, right?
4chan, the 'internet’s litter box,' appears to have been pillaged by rival forum Source code, moderator info, IP addresses, more allegedly swiped and leaked
CVE program gets last-minute funding from CISA – and maybe a new home Uncertainty is the new certainty
Trump derails Chinese H20 GPU sales, forcing Nvidia to eat $5.5B this quarter World War Fee So much for Jensen's million-dollar dinner at Mar-a-Lago
AWS claims 50% of Azure workloads would jump ship if licensing costs allowed Bezos' biz and Google tell regulator higher cost of running Windows Server in their clouds isn't fair
Team Trump readies national security card to justify taxing Americans for foreign chips World War Fee There's a new tariff in town
White House confirms 245% tariff on some Chinese imports not a typo World War Fee Just make it 420.69 and be done with it, Mr President
Guess what happens when ransomware fiends find 'insurance' 'policy' in your files It involves a number close to three or six depending on the pickle you're in
Pentagon needs China's rare earths, Beijing just put them behind a permit wall. Oops World war fee Trump’s tremendous trade tussle triggers troubling twist, theoretically
Microsoft hits Ctrl-Z after Teams trips over file sharing Maybe don't push to production without properly testing first?
For flux sake: CISA, annexable allies warn of hot DNS threat Shape shifting technique described as menace to national security CSO03 Apr 2025 | 5
Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years Simple denial-of-service blunder turned out to be remote unauth code exec disaster Cyber-crime03 Apr 2025 | 3
Why is someone mass-scanning Juniper and Palo Alto Networks products? Updated Espionage? Botnets? Trying to exploit a zero-day? Networks03 Apr 2025 | 11
Heterogeneous stacks, ransomware, and ITaaS: A DR nightmare Comment Recovery's never been harder in today's tangled, outsourced infrastructure Disaster Recovery Week03 Apr 2025 | 6
Raw Deel: Corporate spy admits role in espionage at HR software biz Rippling Double-oh-sh... CSO02 Apr 2025 | 10
Crimelords at Hunters International tell lackeys ransomware too 'risky' Bosses say theft now the name of the game with a shift in tactics, apparent branding Cyber-crime02 Apr 2025 | 6
For healthcare orgs, DR means making sure docs can save lives during ransomware infections Organizational, technological resilience combined defeat the disease that is cybercrime Disaster Recovery Week02 Apr 2025 | 6
Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed 1990s incident response in 2025 PaaS + IaaS31 Mar 2025 | 8
China’s FamousSparrow flies back into action, breaches US org after years off the radar Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET Networks27 Mar 2025 | 2
Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat Updated So F-18 launch times, weapons, drone support aren't classified now ... who knew? CSO26 Mar 2025 | 265
US defense contractor cops to sloppy security, settles after infosec lead blows whistle MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade CSO26 Mar 2025 | 11
There are 10,000 reasons to doubt Oracle Cloud's security breach denial Customers come forward claiming info was swiped from prod Cyber-crime25 Mar 2025 | 43
FCC on the prowl for Huawei and other blocked Chinese makers in America Be vewy vewy quiet, I'm hunting rackets Networks24 Mar 2025 | 8
As nation-state hacking becomes 'more in your face,' are supply chains secure? Interview Ex-US Air Force officer says companies shouldn't wait for govt mandates CSO24 Mar 2025 | 10
Oracle Cloud says it's not true someone broke into its login servers and stole data Despite evidence to the contrary as alleged pilfered info goes on sale Cyber-crime23 Mar 2025 | 28
Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US Interview Plus AI in the infosec world, why CISA should know its place, and more CSO23 Mar 2025 | 43
Show top LLMs some code and they'll merrily add in the bugs they saw in training One more time, with feeling ... Garbage in, garbage out AI + ML19 Mar 2025 | 33
CISA fires, now rehires and immediately benches security crew on full pay DOGE efficiency in action Public Sector18 Mar 2025 | 51
UK wants dirt on data brokers before criminals get there first Govt yearns to learn mistakes of serially breached record holders so it can, er, liberalize data sharing regs CSO18 Mar 2025 | 12
Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up Don't laugh. This kind of warning shows crims are getting desperate Cyber-crime18 Mar 2025 | 13
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild' Updated One PUT request, one poisoned session file, and the server’s yours CSO18 Mar 2025 | 8
Court filing: DOGE aide broke Treasury policy by emailing unencrypted database More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit CSO17 Mar 2025 | 129
Dems ask federal agencies for reassurance DOGE isn't feeding data into AI willy-nilly Pouring sensitive info into unapproved, unaccountable, unsafe models would be a 'severe' cybersecurity fail AI + ML13 Mar 2025 | 33
Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand Feds warn gang still rampant and now cracked 300+ victims around the world Cyber-crime13 Mar 2025 | 4
UK must pay cyber pros more than its Prime Minister, top civil servant says Leaders call for fewer contractors and more top talent installed across government CSO12 Mar 2025 | 72
CISA pen-tester says 100-strong red team binned after DOGE canceled contract Updated Election infosec advisory center also shuttered Public Sector12 Mar 2025 | 163
Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands CSO10 Mar 2025 | 10
How NOT to f-up your security incident response Feature Experts say that the way you handle things after the criminals break in can make things better or much, much worse CSO10 Mar 2025 | 15
The NHS security culture problem is a crisis years in the making Analysis Insiders say board members must be held accountable and drive positive change from the top down CSO10 Mar 2025 | 29
Strap in, get ready for more Rust drivers in Linux kernel Likening memory safety bugs to smallpox may not soothe sensitive C coders OSes10 Mar 2025 | 70
Developer sabotaged ex-employer with kill switch activated when he was let go IsDavisLuEnabledInActiveDirectory? Not any more. IsDavisLuGuilty? Yes. IsDavisLuFacingJail? Also yes Bootnotes08 Mar 2025 | 79
Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox Cyber-crime06 Mar 2025 | 4
Ex-NSA grandee says Trump's staff cuts will 'devastate' America's national security Video Would 'destroy a pipeline of top talent essential for hunting' Chinese spies in US networks, Congress told Public Sector05 Mar 2025 | 57
China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets Updated They're good at zero-day exploits, too Public Sector05 Mar 2025 | 17
VMware splats guest-to-hypervisor escape bugs already exploited in wild The heap overflow zero-day in the memory unsafe code by Miss Creant Virtualization04 Mar 2025 | 8
It's bad enough we have to turn on cams for meetings, now the person staring at you may be an AI deepfake Says the biz trying to sell us stuff to catch that, admittedly AI + ML04 Mar 2025 | 18
So … Russia no longer a cyber threat to America? Comment Mixed messages from Pentagon, CISA as Trump gets pally with Putin and Kremlin strikes US critical networks Public Sector04 Mar 2025 | 218
Cybersecurity not the hiring-'em-like-hotcakes role it once was Analysis Ghost positions, HR AI no help – biz should talk to infosec staff and create 'realistic' job outline, say experts CSO03 Mar 2025 | 15
C++ creator calls for help to defend programming language from 'serious attacks' Bjarne Stroustrup wants standards body to respond to memory-safety push as Rust monsters lurk at the door Software02 Mar 2025 | 213
Incoming deputy boss of Homeland Security says America's top cyber-agency needs to be reined in Plus: New figurehead of DOGE emerges and they aren't called Elon Public Sector26 Feb 2025 | 37
Drug-screening biz DISA took a year to disclose security breach affecting millions If there's something nasty on your employment record, extortion scum could come calling Cyber-crime26 Feb 2025 | 5
Xi know what you did last summer: China was all up in Republicans' email, says book Of course, Microsoft is in the mix, isn't it Cyber-crime25 Feb 2025 | 29
How nice that state-of-the-art LLMs reveal their reasoning ... for miscreants to exploit Analysis Blueprints shared for jail-breaking models that expose their chain-of-thought process AI + ML25 Feb 2025 | 30
Google binning SMS MFA at last and replacing it with QR codes Everyone knew texted OTPs were a dud back in 2016 CSO25 Feb 2025 | 105
Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable Final update Nobody wants memory bugs. Penguinistas continue debate on how to squish 'em OSes21 Feb 2025 | 178
Trump’s DoD CISO pick previously faced security clearance suspension Hey, at least Katie Arrington brings a solid resume Public Sector19 Feb 2025 | 13
Time to make C the COBOL of this century Opinion Lions juggling chainsaws are fun to watch, but you wouldn't want them trimming your trees CSO18 Feb 2025 | 222
If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir CSO15 Feb 2025 | 27
SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN updated Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew Networks14 Feb 2025 | 9
More victims of China's Salt Typhoon crew emerge: Telcos just now hit via Cisco bugs Networks in US and beyond compromised by Beijing's super-snoops pulling off priv-esc attacks Networks13 Feb 2025 | 5
Mysterious Palo Alto firewall reboots? You're not alone Limited-edition hotfix to get wider release before end of month Networks13 Feb 2025 | 6
Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff CSO13 Feb 2025 | 75
Sophos sheds 6% of staff after swallowing Secureworks De-dupes some roles, hints others aren't needed as the infosec scene shifts CSO13 Feb 2025 | 7
Trump’s cyber chief pick has little experience in The Cyber GOP lawyer Sean Cairncross will be learning on the fly, as we also say hi to new intelligence boss Tulsi Gabbard Public Sector12 Feb 2025 | 54
Probe finds US Coast Guard has left maritime cybersecurity adrift Numerous systemic vulnerabilities could scuttle $5.4T industry Public Sector11 Feb 2025 | 13
Yup, AMD's Elba and Giglio definitely sound like they work corporate security Which is why Cisco is adding these Pensando DPUs to more switches Networks11 Feb 2025 | 3
I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice Remote position, webcam not working, then glitchy AI face ... Red alert! CSO11 Feb 2025 | 82
If Ransomware Inc was a company, its 2024 results would be a horror show 35% drop in payments across the year as your backups got better and law enforcement made a difference CSO07 Feb 2025 | 2
Federal judge tightens DOGE leash over critical Treasury payment system access Final update Lawsuit: 'Scale of intrusion into individuals' privacy is massive and unprecedented' Public Sector06 Feb 2025 | 28
Democrats demand to know WTF is up with that DOGE server on OPM's network Updated Are you trying to make this easy for China and Russia? Public Sector06 Feb 2025 | 153
Mixing Rust and C in Linux likened to cancer by kernel maintainer Updated Some worry multiple languages will make it harder to maintain this open source uber-project, others disagree Software05 Feb 2025 | 127
Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' When cloud customers don't clean up after themselves, part 97 CSO04 Feb 2025 | 33
What does it mean to build in security from the ground up? Systems Approach As if secure design is the only bullet point in a list of software engineering best practices CSO02 Feb 2025 | 12
Another banner year for ransomware gangs despite takedowns by the cops And it doesn't take a crystal ball to predict the future Cyber-crime31 Jan 2025 | 6
Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek Oh someone's in DeepShi... CSO30 Jan 2025 | 71
North Koreans clone open source projects to plant backdoors, steal credentials Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? Devops29 Jan 2025 | 2
Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet And now you won't stop calling me, I'm kinda busy CSO29 Jan 2025 | 4
Spending watchdog blasts UK govt over sloth-like progress to shore up IT defenses Think government cybersecurity is bad? Guess again. It’s alarmingly so Public Sector29 Jan 2025 | 13
The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster Lawsuit challenges effort to create federal-wide centralized inbox expected to be used for mass firings CSO29 Jan 2025 | 57
US freezes foreign aid, halting cybersecurity defense and policy funds for allies Updated Uncle Sam will 'no longer blindly dole out money,' State Dept says Public Sector27 Jan 2025 | 86
Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet Who could be so interested in chips, manufacturing, and more, in the US, UK, Europe, Russia... Networks25 Jan 2025 | 78
Who is DDoSing you? Rivals, probably, or cheesed-off users Plus: 'Largest-ever' duff traffic tsunami clocks in at 5.6 Tbps Networks23 Jan 2025 | 7
Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch Feature Everyone agrees defense matters. How to do it is up for debate CSO22 Jan 2025 | 20
Ransomware scum make it personal for Reg readers by impersonating tech support That invitation to a Teams call on which IT promises to mop up a spamstorm may not be what it seems CSO22 Jan 2025 | 18
Sage Copilot grounded briefly to fix AI misbehavior 'Minor issue' with showing accounting customers 'unrelated business information' required repairs AI + ML20 Jan 2025 | 23
OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries The S in LLM stands for Security AI + ML19 Jan 2025 | 31
FCC to telcos: By law you must secure your networks from foreign spies. Get on it Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping CSO17 Jan 2025 | 29
Biden signs sweeping cybersecurity order, just in time for Trump to gut it Analysis Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive Public Sector17 Jan 2025 | 40
Just as your LLM once again goes off the rails, Cisco, Nvidia are at the door smiling Some of you have apparently already botched chatbots or allowed ‘shadow AI’ to creep in Nvidia GTC17 Jan 2025 | 11
GoDaddy slapped with wet lettuce for years of lax security and 'several major breaches' Watchdog alleged it had no SIEM or MFA, orders rapid adoption of basic infosec tools CSO15 Jan 2025 | 13