Don't be like these 900+ websites and expose millions of passwords via Firebase Warning: Poorly configured Google Cloud databases spill billing info, plaintext credentials CSO18 Mar 2024 | 5
Meta sues ex infra VP for allegedly stealing top-secret datacenter blueprints Exec accused of using own work PC to swipe confidential AI and staffing docs for stealth cloud startup PaaS + IaaS12 Mar 2024 | 4
Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes Plus: CISA pulls plug on couple of systems feared compromised Cyber-crime08 Mar 2024 | 2
Securing open source software: Whose job is it, anyway? CISA announces more help, and calls on app makers to step up CSO08 Mar 2024 | 21
Chinese chap charged with stealing Google’s AI datacenter secrets Moonlighted for PRC companies after side-stepping Big G's security, allegedly On-Prem07 Mar 2024 | 13
FBI: Critical infrastructure suffers spike in ransomware attacks Jump in overall cybercrime reports, $60M-plus reportedly lost to extortionists alone, Feds reckon CSO06 Mar 2024 | 4
IP address X-posure now a feature on Musk's social media thing Just a little FYI Personal Tech05 Mar 2024 | 33
Sandvine put on America's export no-fly list after Egypt used network tech for spying Canadian network box maker floats in denial CSO27 Feb 2024 | 11
Security is hard because it has to be right all the time? Yeah, like everything else Systems Approach It takes only one bottleneck or single point of failure to ruin your week CSO25 Feb 2024 | 28
Google open sources file-identifying Magika AI for malware hunters and others Cool, but it's 2024 – needs more hype, hand wringing, and flashy staged demos to be proper ML CSO17 Feb 2024 | 10
Quest Diagnostics pays $5M after mixing patient medical data with hazardous waste Will cough up less than two days of annual profit in settlement – and California calls this a win CSO16 Feb 2024 | 12
IT suppliers hacked off with Uncle Sam's demands in aftermath of cyberattacks Plan says to hand over keys to networks – and report intrusions within eight hours of discovery Public Sector08 Feb 2024 | 36
Half of polled infosec pros say their degree was less than useful for real-world work The other half paid attention in class? CSO07 Feb 2024 | 18
Chinese Coathanger malware hung out to dry by Dutch defense department Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions CSO06 Feb 2024 | 13
Blackbaud settles with FTC after that IT breach exposed millions of people's info Cloud software slinger admits no guilt, promises better basic security hygiene Cyber-crime02 Feb 2024 | 6
Cloudflare sheds more light on Thanksgiving security breach in which tokens, source code accessed by suspected spies Atlassian systen compromised via October Okta intrusion CSO02 Feb 2024 | 14
Rise of deepfake threats means biometric security measures won't be enough Defenses need a rethink in face of increasing sophistication CSO01 Feb 2024 | 18
SolarWinds slams SEC lawsuit against it as 'unprecedented' victim blaming 18,000 customers, including the Pentagon and Microsoft, may have other thoughts CSO29 Jan 2024 | 16
Microsoft sheds some light on Russian email heist – and how to learn from Redmond's mistakes Step one, actually turn on MFA CSO27 Jan 2024 | 17
Wait, security courses aren't a requirement to graduate with a computer science degree? Comment And software makers seem to be OK with this, apparently CSO26 Jan 2024 | 64
How to run an LLM on your PC, not in the cloud, in less than 10 minutes Hands On Cut through the hype, keep your data private, find out what all the fuss is about
TrueNAS CORE 13 is the end of the FreeBSD version Debian-based TrueNAS SCALE is the future primary focus
Filipino police free hundreds of slaves toiling in romance scam operation 875 workers liberated after falling for promises of lucrative work, nine arrested
Yes, I did just crash that critical app. And you should thank me for having done so Who, Me? Quick thinking turned poor judgement into genius proactivity
In the rush to build AI apps, please, please don't leave security behind Feature Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more
Microsoft promises Copilot will be a 'moneymaker' in the long term Exec tells investors to 'temper' expectations as mission to convince customers of price tag continues
Infosec teams must be allowed to fail, argues Gartner But failing to recover from incidents is unforgivable because 'adrenalin does not scale'
Qualcomm unveils Snapdragon 8s Gen 3 with Eye-of-Sauron camera Wherever you go, whatever you do, your phone is watching
ChatGPT side-channel attack has easy fix: Token obfuscation Infosec in brief Also: Roblox-themed infostealer on the prowl, telco insider pleads guilty to swapping SIMs, and some crit vulns
The last mile's at risk in our hostile environment. Let’s go the extra mile to fix it Opinion The web doesn’t work ‘cos the vandals used a candle
What Microsoft's latest email breach says about this IT security heavyweight Comment Senator Wyden tells The Reg this latest infosec lapse is 'inexcusable' CSO24 Jan 2024 | 45
JPMorgan exec claims bank repels '45 billion' cyberattack attempts per day Updated Assets boss also reckons she has more engineers than Amazon CSO18 Jan 2024 | 20
FBI: Beware of thieves building Androxgh0st botnets using stolen creds Infecting networks via years-old CVEs that should have been patched by now CSO17 Jan 2024 |
Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in Snoops had no fewer than five custom bits of malware to hand to backdoor networks CSO13 Jan 2024 | 4
Ransomware payment ban: Wrong idea at the wrong time Opinion Won't stop the chaos, may lead to attacks with more dire consequences CSO06 Jan 2024 | 130
After injecting cancer hospital with ransomware, crims threaten to swat patients Remember the good old days when ransomware crooks vowed not to infect medical centers? CSO05 Jan 2024 | 70
Sandworm's Kyivstar attack should serve as a reminder of the Kremlin crew's 'global reach' 'Almost everything' wiped in the telecom attack, says Ukraine's top cyber spy CSO05 Jan 2024 | 13
Three Chinese balloons float near Taiwanese airbase Also: Remember that balloon over the US last February? It might have used a US internet provider CSO04 Jan 2024 | 15
A tale of 2 casino ransomware attacks: One paid out, one did not Feature What can be learned from MGM's and Caesars' infosec moves CSO28 Dec 2023 | 64
Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure? Interview Katie Moussouris, who pioneered Redmond's program, says folks are focusing on the wrong thing CSO22 Nov 2023 | 9
SonicWall swallows Solutions Granted amid cybersecurity demand surge CEO Bob VanKirk makes near-20-year partnership official, teases big things coming to EMEA CSO17 Nov 2023 | 1
How much to clean up a ransomware infection? For Rackspace, about $11M And that's not counting the incoming lawsuits. Thank goodness for insurance, eh? CSO16 Nov 2023 | 7
Clorox CISO flushes self after multimillion-dollar cyberattack Plus: Ransomware crooks file SEC complaint against victim CSO16 Nov 2023 | 23
NCSC says cyber-readiness of UK’s critical infrastructure isn’t up to scratch And the world's getting more and more dangerous CSO14 Nov 2023 | 16
HTTP/2 'Rapid Reset' zero-day exploited in biggest DDoS deluge seen yet Botnet storm drowned last record with 398 million requests per second CSO10 Oct 2023 | 13
Red Cross lays down hacktivism law as Ukraine war rages on Rules apply to cyber vigilantes and their home nations, but experts cast doubt over potential benefits CSO04 Oct 2023 | 4
Chinese snoops stole 60K State Department emails in that Microsoft email heist No classified systems involved apparently, but internal diplomatic notes, travel details, staff SSNs, etc CSO28 Sep 2023 | 4
Good news for Key Group ransomware victims: Free decryptor out now That's what we call a static shock CSO31 Aug 2023 | 5
Barracuda gateway attacks: How Chinese snoops keep a grip on victims' networks Backdoors detailed, plus CISA releases more IOCs for IT depts to check CSO30 Aug 2023 |
University cuts itself off from internet after mystery security snafu Updated Halls of learning are stuck offline, but go Wolverines! CSO29 Aug 2023 | 21
Malware loader lowdown: The big 3 responsible for 80% of attacks so far this year Top of the list to trip sensors CSO28 Aug 2023 | 6
Russia's Cozy Bear is back and hitting Microsoft Teams to phish top targets Plus: Tenable CEO blasts Redmond's bug disclosure habits CSO03 Aug 2023 | 8
What would sustainable security even look like? Opinion Clue: Nothing like what’s on offer today CSO31 Jul 2023 | 40
Florida man accused of hoarding America's secrets faces fresh charges Mar-a-Lago IT director told 'the boss wanted the server deleted' CSO29 Jul 2023 | 147
Millions of people's data stolen because web devs forget to check access perms IDORs of the storm CSO29 Jul 2023 | 40
Crooks pwned your servers? You've got four days to tell us, SEC tells public companies Cripes, they actually sound serious CSO26 Jul 2023 | 29
AMD Zenbleed chip bug leaks secrets fast and easy Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can CSO24 Jul 2023 | 64
Stolen Microsoft key may have opened up a lot more than US govt email inboxes How does the Azure giant come back from this? CSO21 Jul 2023 | 56
VirusTotal: We're sorry someone fat-fingered and exposed 5,600 users File under PEBCAK CSO21 Jul 2023 | 19
Chinese balloon that US shot down was 'crammed' with American hardware Blasted from the sky in February, device never transmitted photos, videos, or radar data it collected, officials say CSO29 Jun 2023 | 75
Ex-FBI employee jailed for taking classified material home Infosec in brief Also: a PII harvest at Dole's server farm, military members mailed mystery smartwatches, and this week's critical vulns CSO26 Jun 2023 | 55
JP Morgan accidentally deletes evidence in multi-million record retention screwup Fined $4m for Who-Me-esque mess, for which it blames unnamed archiving vendor's retention settings CSO26 Jun 2023 | 56
UK cyberspies warn ransomware crews targeting law firms Nation states will use you to get to your friends, says NCSC CSO23 Jun 2023 | 8
To kill BlackLotus malware, patching is a good start, but... ...that alone 'could provide a false sense of security,' NSA warns in this handy free guide for orgs CSO22 Jun 2023 | 4
FTC accuses DNA testing company of lying about dumping samples 1Health must strengthen protections for genetic information as part of settlement CSO21 Jun 2023 | 4
US government hit by Russia's Clop in MOVEit mass attack CISA chief tells us exploitation 'largely opportunistic', not on same level of SolarWinds CSO15 Jun 2023 | 7
Chinese spies blamed for data-harvesting raids on Barracuda email gateways Snoops 'aggressively targeted' specific govt, academic accounts CSO15 Jun 2023 | 2
LockBit victims in the US alone paid over $90m in ransoms since 2020 As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections CSO14 Jun 2023 | 2
Clop ransomware crew sets June extortion deadline for MOVEit victims Plus: The Feds weigh in with advice, details CSO07 Jun 2023 | 2
US govt now bans TikTok from contractors' work gear BYODALAINGTI (as long as it's not got TikTok installed) CSO06 Jun 2023 | 11
SEC drops 42 cases after staff bungle data protection Corporate watchdog fouled its info-separation regime, let the wrong people read sensitive docs CSO06 Jun 2023 | 2
Microsoft stashes nearly half a billion in case LinkedIn data drama hits Irish regulators sniffing around Facebook-for-suits subsidiary have threatened fine CSO02 Jun 2023 | 12
90+ orgs tell Slack to stop slacking when it comes to full encryption Protests planned for Wednesday in San Francisco and Denver CSO30 May 2023 | 8
Microsoft decides it will be the one to choose which secure login method you use Certificate-based authentication comes first and phones last CSO18 May 2023 | 55
'Strictly limit' remote desktop – unless you like catching BianLian ransomware Do it or don't. We're not cops. But the FBI are, and they have this to say CSO17 May 2023 | 33
Don't panic. Google offering scary .zip and .mov domains is not the end of the world Comment Did we forget about .pl, .sh and oh yeah, .com ? CSO17 May 2023 | 80
No more macros? No problem, say miscreants, we'll adapt Microsoft blocking 'net scripts sparked 'monumental shift' in attacks CSO15 May 2023 | 10
Sonatype axes 14 percent of staff, reminds them not to talk to the press Exclusive Workers slam 'horrendous' handling of layoffs that left even 'engineering managers in the dark' CSO10 May 2023 | 41
Modern Auth comes to on-prem Exchange Server gear Guess this'll have to do while we wait for *checks notes* ES 2025 CSO08 May 2023 | 2
Dump these insecure phone adapters because we're not fixing them, says Cisco Security hole ranks 9.8 out of 10 in severity, 0 out of 10 in patch availability CSO05 May 2023 | 90
Insurers can't use 'act of war' excuse to avoid Merck's $1.4B NotPetya payout 'The get-out-of-jail-free card option has been removed' as one expert put it CSO03 May 2023 | 37
Microsoft is busy rewriting core Windows code in memory-safe Rust Now that's a C change we can back CSO27 Apr 2023 | 115
That 3CX supply chain attack keeps getting worse: Other vendors hit In Brief Also, Finland sentences CEO of breach company to prison (kind of), and this week's laundry list of critical vulns CSO24 Apr 2023 | 9
Microsoft pushes for more women in cybersecurity Redmond tops industry average, still got a way to go CSO21 Apr 2023 | 14
Russian snoops just love invading unpatched Cisco gear, America and UK warn Spying on foreign targets? That's our job! CSO18 Apr 2023 | 7
Compatibility mess breaks not one but two Windows password tools Windows LAPS and legacy LAPS don't play nicely under certain conditions, Microsoft says CSO14 Apr 2023 | 6
While Twitter wants to sell its verification, Microsoft will do it for free on LinkedIn Redmond expands a digital ID process for its platform as Musk seeks cash for blue check marks CSO14 Apr 2023 | 23
US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster It's not all doom and gloom because ML also amplifies defensive efforts, probably CSO12 Apr 2023 | 15
Azure admins warned to disable shared key access as backdoor attack detailed The default is that sharing is caring as Redmond admits: 'These permissions could be abused' CSO11 Apr 2023 | 10
CISA unleashes Untitled Goose Tool to honk at danger in Microsoft's cloud Not a headline we expected to write today CSO24 Mar 2023 | 11
Critical infrastructure gear is full of flaws, but hey, at least it's certified Security researchers find bugs, big and small, in every industrial box probed CSO23 Mar 2023 | 20
You just gonna take that AWS? Let Microsoft school your users on cloud security? And Google Cloud is next CSO21 Mar 2023 | 3
UK refreshes national security plan to stop more of China's secret-stealing cyber-tricks A threat that needs two orgs to tackle it: the 'Integrated Security Fund' and the 'National Protective Security Authority' CSO14 Mar 2023 | 43
What happens if you 'cover up' a ransomware infection? For Blackbaud, a $3m charge File under cost of doing business CSO10 Mar 2023 | 9
CI/CD: Necessary for modern software development, yet it carries a lot of risk SCSW With great speed comes great insecurity CSO02 Mar 2023 | 10
Feeling VEXed by software supply chain security? You’re not alone SCSW Chainguard CEO explains how to secure code given crims know to poison it at the source CSO28 Feb 2023 |
Google destroyed evidence for antitrust battle, Feds complain rm -rf'ing staff chat logs can't go unpunished, says Uncle Sam CSO24 Feb 2023 | 33
European Commission bans TikTok from staff gadgets Cyber Europe cyber worried about cyber threats, doesn't cyber use the other C word (China) CSO24 Feb 2023 | 23
Trust, not tech, is holding back a safer internet Opinion Excuse me, citizen, did you packet this data yourself? CSO06 Feb 2023 | 60
Months after NSA disclosed Microsoft cert bug, datacenters remain unpatched You know when we all said quit using MD5? We really meant it CSO26 Jan 2023 | 3
Miscreants sure do love ransacking cloud networks, more so than before Thanks for putting all your data in one basket CSO20 Jan 2023 | 9
Microsoft locks door to default guest authentication in Windows Pro Bringing OS version into sync with Enterprise and Education editions CSO17 Jan 2023 | 24
NASA infosec again falls short of required US government standard Good thing space agency doesn’t have any state secrets … oh, hang on CSO21 Dec 2022 | 13
On the 12th day of the Rackspace email disaster, it did not give to me … Updated … a working Exchange inbox tree CSO14 Dec 2022 | 66
Malicious Microsoft-signed Windows drivers wielded in cyberattacks Handy tools to kill off security protections get Redmond's stamp of approval CSO14 Dec 2022 | 14
This ransomware gang is a right Royal pain in the AES for healthcare orgs Nothing like your medical files being taken hostage for millions of dollars CSO09 Dec 2022 | 8
REvil-hit Medibank to pull plug on IT, shore up defenses If safety regulations are written in blood, what are security policies written in? Sweat and cursing? CSO08 Dec 2022 | 1
Guess the most common password. Hint: We just told you In brief Also, Another red team tool at risk of turning to the darkside, and Meta catches the US military behaving badly CSO25 Nov 2022 | 108
Europe calls for joint cyber defense to ward off Russia EC veep: 'Cyber is the new domain in warfare' CSO11 Nov 2022 | 9
Ritz cracker giant settles bust-up with insurer over $100m+ NotPetya cleanup Deal could 'upend the entire cyber-insurance ecosystem and make it almost impossible to get meaningful cyber coverage' CSO02 Nov 2022 | 55