US healthcare org admits up to 400,000 people's personal info was snatched It waited till just before Columbus Day weekend to make mandated filing, but don't worry, we saw it Cybersecurity Month14 Oct 2024 | 2
CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame Usual three-week window to address significant risks to federal agencies applies Cybersecurity Month10 Oct 2024 |
Ransomware gang Trinity joins pile of scumbags targeting healthcare As if hospitals and clinics didn't have enough to worry about Cybersecurity Month09 Oct 2024 | 6
Average North American CISO pay now $565K, mainly thanks to one weird trick Best way to boost your package is to leave, or pretend to Cybersecurity Month03 Oct 2024 | 12
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant Exclusive Crooks 'like a sysadmin, with a malicious slant' Cybersecurity Month03 Oct 2024 | 3
Brits hate how big tech handles their data, but can't be bothered to do much about it Managing the endless stream of cookie banners leaves little energy for anything else Cybersecurity Month03 Oct 2024 | 38
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking With 14 serious security flaws found, what a gift for spies and crooks Cybersecurity Month02 Oct 2024 | 21
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing Poor use of PHP include() strikes again Cybersecurity Month02 Oct 2024 | 4
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline Cybersecurity Month02 Oct 2024 | 8
Rackspace internal monitoring web servers hit by zero-day Exclusive Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Cybersecurity Month30 Sep 2024 | 10
T-Mobile US to cough up $31.5M after that long string of security SNAFUs At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue' CSO30 Sep 2024 | 4
Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more OSes27 Sep 2024 | 119
China's Salt Typhoon cyber spies are deep inside US ISPs Updated Expecting a longer storm season this year? Networks25 Sep 2024 | 4
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town No malware crew linked to this latest red-teaming tool yet Research23 Sep 2024 |
CISA boss: Makers of insecure software must stop enabling today's cyber villains Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret' Software20 Sep 2024 | 93
Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims Boasts 'appear to be credible' experts tell El Reg Cyber-crime19 Sep 2024 | 7
Chinese spies spent months inside aerospace engineering firm's network via legacy IT Exclusive Getting sloppy, Xi CSO18 Sep 2024 | 32
VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation Bug reports made in China Virtualization17 Sep 2024 | 1
I stole 20 GB of data from Capgemini – and now I'm leaking it, says cybercrook Updated Allegedly pilfered database has source code, private keys, staff info, T-Mobile VM logs, more Cyber-crime12 Sep 2024 | 20
Google says replacing C/C++ in firmware with Rust is easy Not so much when trying to convert coding veterans Software06 Sep 2024 | 175
WordPress saga escalates as WP Engine plugin forcibly forked and legal letters fly WP Engine seems to be excluded from sponsoring events, too
Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between Reading, writing, and cyber mayhem, amirite?
Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption With an off-the-shelf D-Wave machine, but only against very short keys
Compression? What's that? And why is the network congested and the PCs frozen? Who, Me? The only thing worse than a Reply All storm is a Send All storm
Indonesia orders Apple, Google to take down Chinese bargain app Temu Plus: Infosys stops sending job offer emails; Singtel outage; Australia to require ransomware payment reveals
Smart homes may be a bright idea, just not for the dim bulbs who live in 'em Opinion How many Reg hacks does it take to change a light fitting...?
Trump campaign arms up with 'unhackable' phones after Iranian intrusion Florida man gets his hands on 'the best ever'
One-year countdown to 'biggest Ctrl-Alt-Delete in history' as Windows 10 approaches end of support Microsoft's hardware compatibility gamble still hasn't paid off
Thousands of Fortinet instances vulnerable to actively exploited flaw No excuses for not patching this nine-month-old issue
Security boom is over, with over a third of CISOs reporting flat or falling budgets Good news? Security is still getting a growing part of IT budget CSO05 Sep 2024 | 1
Ex-senior New York State staffer charged in cash-for-favors scandal with China Bagging two posh properties, three luxury cars on a govt salary a bit of a giveaway – allegedly Public Sector04 Sep 2024 | 6
31.5M invoices, contracts, patient consent forms, and more exposed to the internet Exclusive Unprotected database with 12 years of biz records yanked offline CSO26 Aug 2024 | 28
SolarWinds left critical hardcoded credentials in its Web Help Desk product Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway CSO22 Aug 2024 | 18
This uni thought it would be a good idea to do a phishing test with a fake Ebola scare Needless to say, it backfired in a big way CSO22 Aug 2024 | 118
Delta: CrowdStrike's offer to help in Falcon meltdown was too little, too late Airline unimpressed with 'unhelpful and untimely' phone call from CEO, Falcon maker says claims untrue CxO08 Aug 2024 | 32
US 'laptop farm' man accused of outsourcing his IT jobs to North Korea to fund weapons programs American and Brit firms thought they were employing a Westerner, but not so, it's alleged CSO08 Aug 2024 | 19
Report: Tech misconceptions plague the IT world Just snapping the webcam shutter closed won't keep a user safe online Personal Tech08 Aug 2024 | 74
Microsoft punches back at Delta Air Lines and its legal threats SatNad himself offered CrowdStrike recovery help, Redmond says, before suggesting airline's IT is in a mess CxO07 Aug 2024 | 39
That cyber-heist of 2.9B personal records? There's a class-action lawsuit looming for that Updated Background check biz accused of negligence Cyber-crime05 Aug 2024 | 11
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets Malware logs users' keystrokes, pilfers credentials, exfiltrates data Research05 Aug 2024 | 15
DARPA suggests turning old C code automatically into Rust – using AI, of course Who wants to make a TRACTOR pull request? Research03 Aug 2024 | 146
Too late now for canary test updates, says pension fund suing CrowdStrike That horse has not just bolted, it's trampled all over kernel space CSO01 Aug 2024 | 114
Firefox's Mozilla follows Google in losing trust in Entrust's TLS certificates Compliance failures and unsatisfactory responses mount from the long-time certificate authority CSO01 Aug 2024 | 16
Ransomware infection cuts off blood supply to 250+ hospitals Scumbags go for the jugular Cyber-crime31 Jul 2024 | 39
More than 83K certs from nearly 7K DigiCert customers must be swapped out now Small stay of execution in 'exceptional circumstances' promised – amid legal action to pause digital bonfire CSO31 Jul 2024 | 18
Chrome adopts app-bound encryption to stymie cookie-stealing malware Windows users now get macOS-grade secret security CSO31 Jul 2024 | 4
'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage A playbook full of strategies and someone fumbles the implementation CSO31 Jul 2024 | 18
UK Electoral Commission slapped for basic cybersecurity fails It took 13 months to notice 40 million voters' data was compromised CSO31 Jul 2024 | 25
DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder For the want of an underscore CSO31 Jul 2024 | 27
Delta Air Lines dials up Microsoft's legal nemesis over CrowdStrike losses Oh, Boies, here we go again CSO30 Jul 2024 | 17
Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others They DKIM here, they DKIM there Research30 Jul 2024 | 33
Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update Happy Sysadmin Day CSO29 Jul 2024 | 13
CrowdStrike update blunder may cost world billions – and insurance ain't covering it all We offer this formula instead: RND(100.0)*(10^9) CSO26 Jul 2024 | 60
FYI: Data from deleted GitHub repos may not actually be deleted And the forking Microsoft-owned code warehouse doesn't see this as much of a problem CSO25 Jul 2024 | 49
Kaspersky says Uncle Sam snubbed proposal to open up its code for third-party review Exclusive Those national security threat claims? 'No evidence,' VP tells The Reg CSO25 Jul 2024 | 56
Patch management still seemingly abysmal because no one wants the job Comment Are your security and ops teams fighting to pass the buck? Malware Month25 Jul 2024 | 29
How a cheap barcode scanner helped fix CrowdStrike'd Windows PCs in a flash This one weird trick saved countless hours and stress – no, really OSes25 Jul 2024 | 89
The months and days before and after CrowdStrike's fatal Friday Analysis 'In the short term, they're going to have to do a lot of groveling' CSO25 Jul 2024 | 46
How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code Analysis Maybe next time some staged rollouts? A bit of QA too? CSO23 Jul 2024 | 119
CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear Kettle Our vultures gather to review this very freaky Friday CSO19 Jul 2024 | 75
Judge mostly drags SEC's lawsuit against SolarWinds into the recycling bin Russia-invaded software biz 'grateful for the support we have received' CSO18 Jul 2024 | 3
Kaspersky culls staff, closes doors in US amid Biden's ban After all we've done for you, America, sniffs antivirus lab CSO15 Jul 2024 | 25
Three words to send a chill down your spine: Snowflake. Intrusion. Alert Kettle And can AI save us from the scourge of malware? In theory, why not, but in practice ... Color us skeptical CSO13 Jul 2024 | 7
Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack 15K dealerships take estimated $600M+ hit Malware Month12 Jul 2024 | 16
You had a year to patch this Veeam flaw – and now it's going to hurt some more LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware Patches11 Jul 2024 | 4
ViperSoftX variant spotted abusing .NET runtime to disguise data theft Freeware AutoIt also used to hide entire PowerShell environments in scripts Malware Month10 Jul 2024 | 3
RADIUS networking protocol blasted into submission through MD5-based flaw If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed Research10 Jul 2024 | 11
Affirm fears customer info pilfered during ransomware raid at Evolve Bank Number of partners acknowledging data theft continues to rise Malware Month02 Jul 2024 | 2
Juniper Networks flings out emergency patches for perfect 10 router vuln Get 'em while they're hot Patches01 Jul 2024 | 6
CISA director: US is 'not afraid' to shout about Big Tech's security failings Jen Easterly hopes CSRB's Microsoft report won't impede future private sector collaboration CSO01 Jul 2024 | 12
TeamViewer says Russia broke into its corp IT network Updated Same APT29 crew that hit Microsoft and SolarWinds. How close were we to a mega backdoor situation? CSO28 Jun 2024 | 25
Polyfill.io owner punches back at 'malicious defamation' amid domain shutdown Updated No supply-chain attacks to see over here! Research28 Jun 2024 | 28
TeamViewer can't bring itself to say someone broke into its network – but it happened Updated Claims customer data, prod environment not affected as NCC sounds alarm Cyber-crime28 Jun 2024 | 25
Microsoft blamed for million-plus patient record theft at US hospital giant Updated Probe: Worker at speech-recog outfit Nuance wasn't locked out after firing CSO26 Jun 2024 | 20
If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately Scripts turn sus after mysterious CDN swallows domain CSO25 Jun 2024 | 61
Fiend touts stolen Neiman Marcus customer info for $150K Flash clobber chain fashionably late to Snowflake fiasco party Cyber-crime25 Jun 2024 | 3
Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server About a thousand vulnerable instances still exposed online, we're told Patches24 Jun 2024 | 9
Change Healthcare finally spills the tea on what medical data was stolen by cyber-crew 'Substantial proportion' of America to get a little note from next month Cyber-crime21 Jun 2024 | 9
Uncle Sam sanctions Kaspersky's top bosses – but not Mr K himself Here's America's list of the supposedly dirty dozen CSO21 Jun 2024 | 17
Crooks get their hands on 500K+ radiology patients' records in cyber-attack Two ransomware gangs bragged of massive theft of personal info and medical files Cyber-crime20 Jun 2024 | 4
Biden bans Kaspersky: No more sales, updates in US Blockade begins July 20 on national security grounds as antivirus slinger vows to fight back CSO20 Jun 2024 | 111
That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise Control-C, Control-V, Enter ... Hell Research19 Jun 2024 | 18
Dark-web kingpin puts 'stolen' internal AMD databases, source code up for sale Updated Chip designer really gonna need to channel some Zen right now Cyber-crime18 Jun 2024 |
Shoddy infosec costs PwC spinoff and NMA $11.3M in settlement with Uncle Sam Updated Pen-testing tools didn't work – and personal info of folks hit by pandemic started appearing in search engines CSO17 Jun 2024 | 2
AWS is pushing ahead with MFA for privileged accounts. What that means for you ... The clock is ticking – why not try a passkey? CSO17 Jun 2024 | 17
Microsoft answered Congress' questions on security. Now the White House needs to act Feature Business as usual needs a real change Public Sector15 Jun 2024 | 45
Meta won't train AI on Euro posts after all, as watchdogs put their paws down Facebook parent calls step forward for privacy a 'step backwards' AI + ML14 Jun 2024 | 41
Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended 'It's not our job to find the culprits – That's what we're paying you for' lawmaker scolds Brad Smith CSO14 Jun 2024 | 57
Oracle Ads have had it: $2B operation shuts down after dwindling to $300M Analysis In this slightly more private era, your data ain't as profitable as it once was Personal Tech13 Jun 2024 | 25
Ransomware crew may have exploited Windows make-me-admin bug as a zero-day Symantec suggests Black Basta crew beat Microsoft to the patch Malware Month12 Jun 2024 | 2
White House report dishes deets on all 11 major government breaches from 2023 The MOVEit breach and ransomware weren’t kind to the Feds last year CSO12 Jun 2024 | 1
Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows Patch Tuesday Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack CSO12 Jun 2024 | 7
Akira: Perhaps the next big thing in ransomware, says Tidal threat intelligence chief Interview Scott Small tells us gang's 'intent and capability' should get the attention of CSOs Malware Month09 Jun 2024 | 3
Uber ex-CSO Joe Sullivan: We need security leaders running to work, not giving up Interview Lessons learned from the infosec chief convicted and punished for covering up theft of data from taxi app maker CSO08 Jun 2024 | 33
FCC takes some action against notorious BGP How's your RPKI-based security plan coming along? Feds want to know Networks07 Jun 2024 | 9
Microsoft Research chief scientist has no issue with Windows Recall As tool emerges to probe OS feature's SQLite-based store of user activities OSes06 Jun 2024 | 114
Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation Let customers interfere with other tenants? That's our cloud working by design, Redmond seems to say CSO05 Jun 2024 | 9
Command senior chief busted for secretly setting up Wi-Fi on US Navy combat ship In the Navy, no, you cannot have an unauthorized WLAN. In the Navy, no, that's not a good plan CSO04 Jun 2024 | 91
Pentagon 'doubling down' on Microsoft despite 'massive hack,' senators complain Meanwhile Mr Smith goes to Washington to testify before Congress Public Sector04 Jun 2024 | 5
Hudson Rock yanks report fingering Snowflake employee creds snafu for mega-leak Analysis Cloud storage giant lawyers up against infosec house Cyber-crime04 Jun 2024 | 18
NIST turns to IT consultants to clear National Vulnerability Database backlog Aims to get CVE logjam cleared by the end of FY 24 CSO03 Jun 2024 | 5
US senator claims UnitedHealth's CEO, board appointed 'unqualified' CISO Similar cases have resulted in serious sanctions, and they were on a far smaller scale CSO31 May 2024 | 26
OpenAI is very smug after thwarting five ineffective AI covert influence ops That said, use of generative ML to sway public opinion may not always be weak sauce AI + ML30 May 2024 | 11
IBM spin-off Kyndryl accused of discriminating on basis of age, race, disability Exclusive Five current and former employees file formal charges with US employment watchdog CSO30 May 2024 | 18
2.8M US folks learn their personal info was swiped months ago in Sav-Rx IT heist Theft happened in October, only now are details coming to light Cyber-crime28 May 2024 | 8
How's Uncle Sam getting on with Biden's AI exec order? Pretty good, we're told Interview Former Pentagon deputy CIO Rob Carey tells us guardrails should steer Feds away from bad ML Public Sector27 May 2024 | 7
Three-year-old Apache Flink flaw under active attack We know IT admins have busy schedules but c'mon Patches24 May 2024 | 11
70% of CISOs worry their org is at risk of a material cyber attack Wait, why do you want this job again? CSO23 May 2024 | 7
Go after UnitedHealth, not us, 100+ medical groups urge Uncle Sam Why should we get its paperwork? CSO22 May 2024 | 8