Google says replacing C/C++ in firmware with Rust is easy Not so much when trying to convert coding veterans Software06 Sep 2024 | 164
Security boom is over, with over a third of CISOs reporting flat or falling budgets Good news? Security is still getting a growing part of IT budget CSO05 Sep 2024 | 1
Ex-senior New York State staffer charged in cash-for-favors scandal with China Bagging two posh properties, three luxury cars on a govt salary a bit of a giveaway – allegedly Public Sector04 Sep 2024 | 6
31.5M invoices, contracts, patient consent forms, and more exposed to the internet Exclusive Unprotected database with 12 years of biz records yanked offline CSO26 Aug 2024 | 28
SolarWinds left critical hardcoded credentials in its Web Help Desk product Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway CSO22 Aug 2024 | 18
This uni thought it would be a good idea to do a phishing test with a fake Ebola scare Needless to say, it backfired in a big way CSO22 Aug 2024 | 118
Delta: CrowdStrike's offer to help in Falcon meltdown was too little, too late Airline unimpressed with 'unhelpful and untimely' phone call from CEO, Falcon maker says claims untrue CxO08 Aug 2024 | 32
US 'laptop farm' man accused of outsourcing his IT jobs to North Korea to fund weapons programs American and Brit firms thought they were employing a Westerner, but not so, it's alleged CSO08 Aug 2024 | 19
Report: Tech misconceptions plague the IT world Just snapping the webcam shutter closed won't keep a user safe online Personal Tech08 Aug 2024 | 74
Microsoft punches back at Delta Air Lines and its legal threats SatNad himself offered CrowdStrike recovery help, Redmond says, before suggesting airline's IT is in a mess CxO07 Aug 2024 | 39
That cyber-heist of 2.9B personal records? There's a class-action lawsuit looming for that Updated Background check biz accused of negligence Cyber-crime05 Aug 2024 | 11
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets Malware logs users' keystrokes, pilfers credentials, exfiltrates data Research05 Aug 2024 | 15
DARPA suggests turning old C code automatically into Rust – using AI, of course Who wants to make a TRACTOR pull request? Research03 Aug 2024 | 146
Too late now for canary test updates, says pension fund suing CrowdStrike That horse has not just bolted, it's trampled all over kernel space CSO01 Aug 2024 | 114
Firefox's Mozilla follows Google in losing trust in Entrust's TLS certificates Compliance failures and unsatisfactory responses mount from the long-time certificate authority CSO01 Aug 2024 | 15
Ransomware infection cuts off blood supply to 250+ hospitals Scumbags go for the jugular Cyber-crime31 Jul 2024 | 39
More than 83K certs from nearly 7K DigiCert customers must be swapped out now Small stay of execution in 'exceptional circumstances' promised – amid legal action to pause digital bonfire CSO31 Jul 2024 | 18
Chrome adopts app-bound encryption to stymie cookie-stealing malware Windows users now get macOS-grade secret security CSO31 Jul 2024 | 4
'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage A playbook full of strategies and someone fumbles the implementation CSO31 Jul 2024 | 18
UK Electoral Commission slapped for basic cybersecurity fails It took 13 months to notice 40 million voters' data was compromised CSO31 Jul 2024 | 25
1.7M potentially pwned after payment services provider takes a year to notice break-in Criminals with plenty of time on their hands may now have credit card details
Malaysia's plan to block overseas DNS dies after a day Minister orders regulator to slow down following immediate backlash
We're in the brute force phase of AI – once it ends, demand for GPUs will too Gartner thinks generative AI is right for only five percent of workloads
Russia's top-secret military unit reportedly plots undersea cable 'sabotage' US alarmed by heightened Kremlin naval activity worldwide
Python script saw students booted off the mainframe for sending one insult too many Who, Me? Come and see the violence inherent in the system!
Upgrading Linux with Rust looks like a new challenge. It's one of our oldest Opinion From the crooked timber of humanity, no straight thing was ever built. Not even a kernel
OneFileLinux: A tiny recovery distro that fits snugly in your EFI system partition The kind of thing the big names should be doing instead of working with proprietary vendors
Huawei debuts triple-folding Mate XT smartphone Asia In Brief Plus: 550MW more DCs for India; Australia poised to use decryption powers; Indonesia creates cyber warfare unit
MI6 and CIA using generative AI to combat tech-driven threat actors Spook bosses use first-ever joint article to bemoan how Russia and China use tech to mess with the world
Thanks, Edward Snowden: You propelled China to quantum networking leadership Beijing aimed research at immediate needs – like blocking leaks – while the US sought abstract knowledge
DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder For the want of an underscore CSO31 Jul 2024 | 27
Delta Air Lines dials up Microsoft's legal nemesis over CrowdStrike losses Oh, Boies, here we go again CSO30 Jul 2024 | 17
Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others They DKIM here, they DKIM there Research30 Jul 2024 | 33
Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update Happy Sysadmin Day CSO29 Jul 2024 | 13
CrowdStrike update blunder may cost world billions – and insurance ain't covering it all We offer this formula instead: RND(100.0)*(10^9) CSO26 Jul 2024 | 60
FYI: Data from deleted GitHub repos may not actually be deleted And the forking Microsoft-owned code warehouse doesn't see this as much of a problem CSO25 Jul 2024 | 49
Kaspersky says Uncle Sam snubbed proposal to open up its code for third-party review Exclusive Those national security threat claims? 'No evidence,' VP tells The Reg CSO25 Jul 2024 | 56
Patch management still seemingly abysmal because no one wants the job Comment Are your security and ops teams fighting to pass the buck? Malware Month25 Jul 2024 | 29
How a cheap barcode scanner helped fix CrowdStrike'd Windows PCs in a flash This one weird trick saved countless hours and stress – no, really OSes25 Jul 2024 | 89
The months and days before and after CrowdStrike's fatal Friday Analysis 'In the short term, they're going to have to do a lot of groveling' CSO25 Jul 2024 | 46
How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code Analysis Maybe next time some staged rollouts? A bit of QA too? CSO23 Jul 2024 | 119
CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear Kettle Our vultures gather to review this very freaky Friday CSO19 Jul 2024 | 75
Judge mostly drags SEC's lawsuit against SolarWinds into the recycling bin Russia-invaded software biz 'grateful for the support we have received' CSO18 Jul 2024 | 3
Kaspersky culls staff, closes doors in US amid Biden's ban After all we've done for you, America, sniffs antivirus lab CSO15 Jul 2024 | 25
Three words to send a chill down your spine: Snowflake. Intrusion. Alert Kettle And can AI save us from the scourge of malware? In theory, why not, but in practice ... Color us skeptical CSO13 Jul 2024 | 7
Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack 15K dealerships take estimated $600M+ hit Malware Month12 Jul 2024 | 16
You had a year to patch this Veeam flaw – and now it's going to hurt some more LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware Patches11 Jul 2024 | 4
ViperSoftX variant spotted abusing .NET runtime to disguise data theft Freeware AutoIt also used to hide entire PowerShell environments in scripts Malware Month10 Jul 2024 | 3
RADIUS networking protocol blasted into submission through MD5-based flaw If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed Research10 Jul 2024 | 11
Affirm fears customer info pilfered during ransomware raid at Evolve Bank Number of partners acknowledging data theft continues to rise Malware Month02 Jul 2024 | 2
Juniper Networks flings out emergency patches for perfect 10 router vuln Get 'em while they're hot Patches01 Jul 2024 | 6
CISA director: US is 'not afraid' to shout about Big Tech's security failings Jen Easterly hopes CSRB's Microsoft report won't impede future private sector collaboration CSO01 Jul 2024 | 12
TeamViewer says Russia broke into its corp IT network Updated Same APT29 crew that hit Microsoft and SolarWinds. How close were we to a mega backdoor situation? CSO28 Jun 2024 | 25
Polyfill.io owner punches back at 'malicious defamation' amid domain shutdown Updated No supply-chain attacks to see over here! Research28 Jun 2024 | 28
TeamViewer can't bring itself to say someone broke into its network – but it happened Updated Claims customer data, prod environment not affected as NCC sounds alarm Cyber-crime28 Jun 2024 | 25
Microsoft blamed for million-plus patient record theft at US hospital giant Updated Probe: Worker at speech-recog outfit Nuance wasn't locked out after firing CSO26 Jun 2024 | 20
If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately Scripts turn sus after mysterious CDN swallows domain CSO25 Jun 2024 | 61
Fiend touts stolen Neiman Marcus customer info for $150K Flash clobber chain fashionably late to Snowflake fiasco party Cyber-crime25 Jun 2024 | 3
Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server About a thousand vulnerable instances still exposed online, we're told Patches24 Jun 2024 | 9
Change Healthcare finally spills the tea on what medical data was stolen by cyber-crew 'Substantial proportion' of America to get a little note from next month Cyber-crime21 Jun 2024 | 9
Uncle Sam sanctions Kaspersky's top bosses – but not Mr K himself Here's America's list of the supposedly dirty dozen CSO21 Jun 2024 | 17
Crooks get their hands on 500K+ radiology patients' records in cyber-attack Two ransomware gangs bragged of massive theft of personal info and medical files Cyber-crime20 Jun 2024 | 4
Biden bans Kaspersky: No more sales, updates in US Blockade begins July 20 on national security grounds as antivirus slinger vows to fight back CSO20 Jun 2024 | 111
That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise Control-C, Control-V, Enter ... Hell Research19 Jun 2024 | 18
Dark-web kingpin puts 'stolen' internal AMD databases, source code up for sale Updated Chip designer really gonna need to channel some Zen right now Cyber-crime18 Jun 2024 |
Shoddy infosec costs PwC spinoff and NMA $11.3M in settlement with Uncle Sam Updated Pen-testing tools didn't work – and personal info of folks hit by pandemic started appearing in search engines CSO17 Jun 2024 | 2
AWS is pushing ahead with MFA for privileged accounts. What that means for you ... The clock is ticking – why not try a passkey? CSO17 Jun 2024 | 17
Microsoft answered Congress' questions on security. Now the White House needs to act Feature Business as usual needs a real change Public Sector15 Jun 2024 | 45
Meta won't train AI on Euro posts after all, as watchdogs put their paws down Facebook parent calls step forward for privacy a 'step backwards' AI + ML14 Jun 2024 | 41
Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended 'It's not our job to find the culprits – That's what we're paying you for' lawmaker scolds Brad Smith CSO14 Jun 2024 | 57
Oracle Ads have had it: $2B operation shuts down after dwindling to $300M Analysis In this slightly more private era, your data ain't as profitable as it once was Personal Tech13 Jun 2024 | 25
Ransomware crew may have exploited Windows make-me-admin bug as a zero-day Symantec suggests Black Basta crew beat Microsoft to the patch Malware Month12 Jun 2024 | 2
White House report dishes deets on all 11 major government breaches from 2023 The MOVEit breach and ransomware weren’t kind to the Feds last year CSO12 Jun 2024 | 1
Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows Patch Tuesday Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack CSO12 Jun 2024 | 7
Akira: Perhaps the next big thing in ransomware, says Tidal threat intelligence chief Interview Scott Small tells us gang's 'intent and capability' should get the attention of CSOs Malware Month09 Jun 2024 | 3
Uber ex-CSO Joe Sullivan: We need security leaders running to work, not giving up Interview Lessons learned from the infosec chief convicted and punished for covering up theft of data from taxi app maker CSO08 Jun 2024 | 33
FCC takes some action against notorious BGP How's your RPKI-based security plan coming along? Feds want to know Networks07 Jun 2024 | 9
Microsoft Research chief scientist has no issue with Windows Recall As tool emerges to probe OS feature's SQLite-based store of user activities OSes06 Jun 2024 | 114
Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation Let customers interfere with other tenants? That's our cloud working by design, Redmond seems to say CSO05 Jun 2024 | 9
Command senior chief busted for secretly setting up Wi-Fi on US Navy combat ship In the Navy, no, you cannot have an unauthorized WLAN. In the Navy, no, that's not a good plan CSO04 Jun 2024 | 91
Pentagon 'doubling down' on Microsoft despite 'massive hack,' senators complain Meanwhile Mr Smith goes to Washington to testify before Congress Public Sector04 Jun 2024 | 5
Hudson Rock yanks report fingering Snowflake employee creds snafu for mega-leak Analysis Cloud storage giant lawyers up against infosec house Cyber-crime04 Jun 2024 | 18
NIST turns to IT consultants to clear National Vulnerability Database backlog Aims to get CVE logjam cleared by the end of FY 24 CSO03 Jun 2024 | 5
US senator claims UnitedHealth's CEO, board appointed 'unqualified' CISO Similar cases have resulted in serious sanctions, and they were on a far smaller scale CSO31 May 2024 | 26
OpenAI is very smug after thwarting five ineffective AI covert influence ops That said, use of generative ML to sway public opinion may not always be weak sauce AI + ML30 May 2024 | 11
IBM spin-off Kyndryl accused of discriminating on basis of age, race, disability Exclusive Five current and former employees file formal charges with US employment watchdog CSO30 May 2024 | 18
2.8M US folks learn their personal info was swiped months ago in Sav-Rx IT heist Theft happened in October, only now are details coming to light Cyber-crime28 May 2024 | 8
How's Uncle Sam getting on with Biden's AI exec order? Pretty good, we're told Interview Former Pentagon deputy CIO Rob Carey tells us guardrails should steer Feds away from bad ML Public Sector27 May 2024 | 7
Three-year-old Apache Flink flaw under active attack We know IT admins have busy schedules but c'mon Patches24 May 2024 | 11
70% of CISOs worry their org is at risk of a material cyber attack Wait, why do you want this job again? CSO23 May 2024 | 7
Go after UnitedHealth, not us, 100+ medical groups urge Uncle Sam Why should we get its paperwork? CSO22 May 2024 | 8
Confused by the SEC's IT security breach reporting rules? Read this 'Clarification' weighs in on material vs voluntary disclosures CSO22 May 2024 | 2
Telegram CEO calls out rival Signal, claiming it has ties to US government Drama between two of the leading secure messaging services Applications14 May 2024 | 25
AI red-teaming tools helped X-Force break into a major tech manufacturer 'in 8 hours' RSAC Hint: It's the 'the largest' maker of a key computer component Spotlight on RSA13 May 2024 | 7
Ransomware negotiator weighs in on the extortion payment debate with El Reg Interview As gang tactics get nastier while attacks hit all-time highs Cyber-crime12 May 2024 | 43
Critical infrastructure security will stay poor until everyone pulls together Interview Claroty CEO Yaniv Vardi tells us what's needed to defend vital networks Public Sector11 May 2024 | 12
Ex-White House election threat hunter weighs in on what to expect in November Interview Spoiler alert: We're gonna talk about AI Public Sector09 May 2024 | 36
Ten years since the first corp ransomware, Mikko Hyppönen sees no end in sight Interview On the plus side, infosec's a good bet for a long, stable career Malware Month08 May 2024 | 24
From infosec to skunks, RSA Conference SVP spills the tea Interview Keynotes, physical security, playlists … the buck stops with Linda Gray Martin Spotlight on RSA08 May 2024 |
UnitedHealth's 'egregious negligence' led to Change Healthcare ransomware infection Interview 'I'm blown away by the fact that they weren't using MFA' Spotlight on RSA08 May 2024 | 25
CISA says 'no more' to decades-old directory traversal bugs Recent attacks on healthcare thrust infosec agency into alert mode CSO06 May 2024 | 13
It may take decade to shore up software supply chain security, says infosec CEO interview Sure, we're waking to the risk, but we gotta get outta bed, warns Endor Labs founder Varun Badhwar CSO03 May 2024 | 27
Qantas app glitch sees boarding passes fly to other accounts Issue now resolved and isn't thought to be the work of criminals CSO01 May 2024 | 8
UnitedHealth CEO: 'Decision to pay ransom was mine' Updated Congress to hear how Citrix MFA snafu led to massive data theft, $870M+ loss Malware Month30 Apr 2024 | 28
London Drugs closes all of its pharmacies following 'cybersecurity incident' Updated Canadian stores shuttered 'until further notice' CSO29 Apr 2024 | 20
UK lays down fresh legislation banning crummy default device passwords New laws mean vendors need to make clear how long you'll get updates too CSO29 Apr 2024 | 77
Kaiser Permanente handed over 13.4M people's data to Microsoft, Google, others Ouch! CSO26 Apr 2024 | 8
Management company settles for $18.4M after nuclear weapons plant staff fudged their timesheets The firm 'fessed up to staff misconduct and avoided criminal liability CSO24 Apr 2024 | 10
Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers Updated Source blames BlackSuit infection – as separately ISP Frontier confirms cyberattack Cyber-crime18 Apr 2024 | 9
Kremlin's Sandworm blamed for cyberattacks on US, European water utilities Water tank overflowed during one system malfunction, says Mandiant Research17 Apr 2024 | 10