China's Salt Typhoon recorded top American officials' calls, says White House No word yet on who was snooped on. Any bets? CSO09 Dec 2024 | 23
OpenWrt orders router firmware updates after supply chain attack scare A couple of bugs lead to a potentially bad time CSO09 Dec 2024 | 9
Microsoft dangles $10K for hackers to hijack LLM email service Outsmart an AI, win a little Christmas cash CSO09 Dec 2024 | 12
Salt Typhoon forces FCC's hand on making telcos secure their networks Proposal pushes stricter infosec safeguards after Chinese state baddies expose vulns Security06 Dec 2024 | 4
Solana blockchain's popular web3.js npm package backdoored to steal keys, funds Damage likely limited to those running bots with private PKI access Cyber-crime05 Dec 2024 | 7
T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career' Interview Security chief talks to El Reg as Feds urge everyone to use encrypted chat CSO05 Dec 2024 | 54
Microsoft says premature patch could make Windows Recall forget how to work Installed the final non-security preview update of 2024? Best not hop onto the Dev Channel CSO04 Dec 2024 | 25
T-Mobile US takes a victory lap after stopping cyberattacks: 'Other providers may be seeing different outcomes' Funny what putting more effort and resources into IT security can do CSO27 Nov 2024 | 9
Security? We've heard of it: How Microsoft plans to better defend Windows Ignite Did we say CrowdStrike? We meant, er, The July Incident... CSO25 Nov 2024 | 27
Trump taps border hawk to head DHS. Will Noem's 'enthusiasm' extend to digital domain? Analysis Meanwhile, CISA chief Jen Easterly will step down prior to inauguration Public Sector23 Nov 2024 | 51
1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole Updated PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more CSO22 Nov 2024 | 22
Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator Meet Liminal Panda, which prowls telecom networks in South Asia and Africa CSO20 Nov 2024 | 32
D-Link tells users to trash old VPN routers over bug too dangerous to identify Vendor offers 20% discount on new model, but not patches CSO20 Nov 2024 | 59
Data is the new uranium – incredibly powerful and amazingly dangerous Column CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value CSO20 Nov 2024 | 46
Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit Yank access to management interface, stat CSO15 Nov 2024 | 28
Five Eyes infosec agencies list 2023's most exploited software flaws Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns CSO14 Nov 2024 | 28
ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue Plus: CISA's ScubaGear dives deep to fix M365 misconfigs CSO14 Nov 2024 | 3
Air National Guardsman gets 15 years after splashing classified docs on Discord 22-year-old talked of 'culling the weak minded' – hmm! Cyber-crime13 Nov 2024 | 93
HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code 'Once again, we've lost a little more faith in the internet,' researcher says CSO12 Nov 2024 | 3
The story behind the Health Infrastructure Security and Accountability Act Health care breaches lead to legislation Partner Content
Heart surgery device maker's security bypassed, data encrypted and stolen Sounds like th-aorta get this sorted quickly
South Korean web giant Naver creates its own Linux distro 'Navix' follows OpenELA rules, comes with ten years support, and is already used in production at scale
Open source maintainers are drowning in junk bug reports written by AI Python security developer-in-residence decries use of bots that 'cannot understand code'
US military grounds entire Osprey tiltrotor fleet over safety concerns Boeing-Bell V-22 can't outfly its checkered past, it seems
Judge hands WP Engine a win in legal fight with Automattic Updated Mullenweg and co ordered to restore WP Engine's access to wordpress.org and stop touching WordPress installations
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins Patch Tuesday Twas the night before Christmas, and all through the house, patching was done with the click of a mouse
AMD secure VM tech undone by DRAM meddling Boffins devise BadRAM attack to pilfer secrets from SEV-SNP encrypted memory
With Gelsinger gone, to fab or not to fab is the $7B question Analysis Whoever takes over has some tough decisions to make
Police arrest suspect in murder of UnitedHealthcare CEO, with grainy pics the only tech involved McDonald's worker called it in, cops swooped, found 'gun, suppressor, manifesto'
Reddit rolls out AI-powered 'Answers' search feature, redditors don't rejoice Many users unhappy with current state of search, want to know why this got priority
Bitwarden's FOSS halo slips as new SDK requirement locks down freedoms Arguments continue but change suggests it's not Free Software anymore Applications24 Oct 2024 | 16
US healthcare org admits up to 400,000 people's personal info was snatched It waited till just before Columbus Day weekend to make mandated filing, but don't worry, we saw it Cybersecurity Month14 Oct 2024 | 3
CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame Usual three-week window to address significant risks to federal agencies applies Cybersecurity Month10 Oct 2024 |
Ransomware gang Trinity joins pile of scumbags targeting healthcare As if hospitals and clinics didn't have enough to worry about Cybersecurity Month09 Oct 2024 | 6
Average North American CISO pay now $565K, mainly thanks to one weird trick Best way to boost your package is to leave, or pretend to Cybersecurity Month03 Oct 2024 | 12
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant Exclusive Crooks 'like a sysadmin, with a malicious slant' Cybersecurity Month03 Oct 2024 | 3
Brits hate how big tech handles their data, but can't be bothered to do much about it Managing the endless stream of cookie banners leaves little energy for anything else Cybersecurity Month03 Oct 2024 | 38
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking With 14 serious security flaws found, what a gift for spies and crooks Cybersecurity Month02 Oct 2024 | 21
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing Poor use of PHP include() strikes again Cybersecurity Month02 Oct 2024 | 4
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline Cybersecurity Month02 Oct 2024 | 8
Rackspace internal monitoring web servers hit by zero-day Exclusive Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Cybersecurity Month30 Sep 2024 | 10
T-Mobile US to cough up $31.5M after that long string of security SNAFUs At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue' CSO30 Sep 2024 | 4
Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more OSes27 Sep 2024 | 122
China's Salt Typhoon cyber spies are deep inside US ISPs Updated Expecting a longer storm season this year? Networks25 Sep 2024 | 4
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town No malware crew linked to this latest red-teaming tool yet Research23 Sep 2024 |
CISA boss: Makers of insecure software must stop enabling today's cyber villains Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret' Software20 Sep 2024 | 93
Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims Boasts 'appear to be credible' experts tell El Reg Cyber-crime19 Sep 2024 | 7
Chinese spies spent months inside aerospace engineering firm's network via legacy IT Exclusive Getting sloppy, Xi CSO18 Sep 2024 | 32
VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation Bug reports made in China Virtualization17 Sep 2024 | 1
I stole 20 GB of data from Capgemini – and now I'm leaking it, says cybercrook Updated Allegedly pilfered database has source code, private keys, staff info, T-Mobile VM logs, more Cyber-crime12 Sep 2024 | 20
Google says replacing C/C++ in firmware with Rust is easy Not so much when trying to convert coding veterans Software06 Sep 2024 | 175
Security boom is over, with over a third of CISOs reporting flat or falling budgets Good news? Security is still getting a growing part of IT budget CSO05 Sep 2024 | 1
Ex-senior New York State staffer charged in cash-for-favors scandal with China Bagging two posh properties, three luxury cars on a govt salary a bit of a giveaway – allegedly Public Sector04 Sep 2024 | 6
31.5M invoices, contracts, patient consent forms, and more exposed to the internet Exclusive Unprotected database with 12 years of biz records yanked offline CSO26 Aug 2024 | 28
SolarWinds left critical hardcoded credentials in its Web Help Desk product Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway CSO22 Aug 2024 | 18
This uni thought it would be a good idea to do a phishing test with a fake Ebola scare Needless to say, it backfired in a big way CSO22 Aug 2024 | 118
Delta: CrowdStrike's offer to help in Falcon meltdown was too little, too late Airline unimpressed with 'unhelpful and untimely' phone call from CEO, Falcon maker says claims untrue CxO08 Aug 2024 | 32
US 'laptop farm' man accused of outsourcing his IT jobs to North Korea to fund weapons programs American and Brit firms thought they were employing a Westerner, but not so, it's alleged CSO08 Aug 2024 | 19
Report: Tech misconceptions plague the IT world Just snapping the webcam shutter closed won't keep a user safe online Personal Tech08 Aug 2024 | 74
Microsoft punches back at Delta Air Lines and its legal threats SatNad himself offered CrowdStrike recovery help, Redmond says, before suggesting airline's IT is in a mess CxO07 Aug 2024 | 39
That cyber-heist of 2.9B personal records? There's a class-action lawsuit looming for that Updated Background check biz accused of negligence Cyber-crime05 Aug 2024 | 11
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets Malware logs users' keystrokes, pilfers credentials, exfiltrates data Research05 Aug 2024 | 15
DARPA suggests turning old C code automatically into Rust – using AI, of course Who wants to make a TRACTOR pull request? Research03 Aug 2024 | 146
Too late now for canary test updates, says pension fund suing CrowdStrike That horse has not just bolted, it's trampled all over kernel space CSO01 Aug 2024 | 114
Firefox's Mozilla follows Google in losing trust in Entrust's TLS certificates Compliance failures and unsatisfactory responses mount from the long-time certificate authority CSO01 Aug 2024 | 16
Ransomware infection cuts off blood supply to 250+ hospitals Scumbags go for the jugular Cyber-crime31 Jul 2024 | 39
More than 83K certs from nearly 7K DigiCert customers must be swapped out now Small stay of execution in 'exceptional circumstances' promised – amid legal action to pause digital bonfire CSO31 Jul 2024 | 18
Chrome adopts app-bound encryption to stymie cookie-stealing malware Windows users now get macOS-grade secret security CSO31 Jul 2024 | 4
'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage A playbook full of strategies and someone fumbles the implementation CSO31 Jul 2024 | 18
UK Electoral Commission slapped for basic cybersecurity fails It took 13 months to notice 40 million voters' data was compromised CSO31 Jul 2024 | 25
DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder For the want of an underscore CSO31 Jul 2024 | 27
Delta Air Lines dials up Microsoft's legal nemesis over CrowdStrike losses Oh, Boies, here we go again CSO30 Jul 2024 | 17
Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others They DKIM here, they DKIM there Research30 Jul 2024 | 33
Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update Happy Sysadmin Day CSO29 Jul 2024 | 13
CrowdStrike update blunder may cost world billions – and insurance ain't covering it all We offer this formula instead: RND(100.0)*(10^9) CSO26 Jul 2024 | 60
FYI: Data from deleted GitHub repos may not actually be deleted And the forking Microsoft-owned code warehouse doesn't see this as much of a problem CSO25 Jul 2024 | 49
Kaspersky says Uncle Sam snubbed proposal to open up its code for third-party review Exclusive Those national security threat claims? 'No evidence,' VP tells The Reg CSO25 Jul 2024 | 56
Patch management still seemingly abysmal because no one wants the job Comment Are your security and ops teams fighting to pass the buck? Malware Month25 Jul 2024 | 29
How a cheap barcode scanner helped fix CrowdStrike'd Windows PCs in a flash This one weird trick saved countless hours and stress – no, really OSes25 Jul 2024 | 89
The months and days before and after CrowdStrike's fatal Friday Analysis 'In the short term, they're going to have to do a lot of groveling' CSO25 Jul 2024 | 46
How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code Analysis Maybe next time some staged rollouts? A bit of QA too? CSO23 Jul 2024 | 119
CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear Kettle Our vultures gather to review this very freaky Friday CSO19 Jul 2024 | 75
Judge mostly drags SEC's lawsuit against SolarWinds into the recycling bin Russia-invaded software biz 'grateful for the support we have received' CSO18 Jul 2024 | 3
Kaspersky culls staff, closes doors in US amid Biden's ban After all we've done for you, America, sniffs antivirus lab CSO15 Jul 2024 | 25
Three words to send a chill down your spine: Snowflake. Intrusion. Alert Kettle And can AI save us from the scourge of malware? In theory, why not, but in practice ... Color us skeptical CSO13 Jul 2024 | 7
Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack 15K dealerships take estimated $600M+ hit Malware Month12 Jul 2024 | 16
You had a year to patch this Veeam flaw – and now it's going to hurt some more LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware Patches11 Jul 2024 | 4
ViperSoftX variant spotted abusing .NET runtime to disguise data theft Freeware AutoIt also used to hide entire PowerShell environments in scripts Malware Month10 Jul 2024 | 3
RADIUS networking protocol blasted into submission through MD5-based flaw If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed Research10 Jul 2024 | 11
Affirm fears customer info pilfered during ransomware raid at Evolve Bank Number of partners acknowledging data theft continues to rise Malware Month02 Jul 2024 | 2
Juniper Networks flings out emergency patches for perfect 10 router vuln Get 'em while they're hot Patches01 Jul 2024 | 6
CISA director: US is 'not afraid' to shout about Big Tech's security failings Jen Easterly hopes CSRB's Microsoft report won't impede future private sector collaboration CSO01 Jul 2024 | 12
TeamViewer says Russia broke into its corp IT network Updated Same APT29 crew that hit Microsoft and SolarWinds. How close were we to a mega backdoor situation? CSO28 Jun 2024 | 25
Polyfill.io owner punches back at 'malicious defamation' amid domain shutdown Updated No supply-chain attacks to see over here! Research28 Jun 2024 | 28
TeamViewer can't bring itself to say someone broke into its network – but it happened Updated Claims customer data, prod environment not affected as NCC sounds alarm Cyber-crime28 Jun 2024 | 25
Microsoft blamed for million-plus patient record theft at US hospital giant Updated Probe: Worker at speech-recog outfit Nuance wasn't locked out after firing CSO26 Jun 2024 | 20
If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately Scripts turn sus after mysterious CDN swallows domain CSO25 Jun 2024 | 61
Fiend touts stolen Neiman Marcus customer info for $150K Flash clobber chain fashionably late to Snowflake fiasco party Cyber-crime25 Jun 2024 | 3
Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server About a thousand vulnerable instances still exposed online, we're told Patches24 Jun 2024 | 9
Change Healthcare finally spills the tea on what medical data was stolen by cyber-crew 'Substantial proportion' of America to get a little note from next month Cyber-crime21 Jun 2024 | 9
Uncle Sam sanctions Kaspersky's top bosses – but not Mr K himself Here's America's list of the supposedly dirty dozen CSO21 Jun 2024 | 17
Crooks get their hands on 500K+ radiology patients' records in cyber-attack Two ransomware gangs bragged of massive theft of personal info and medical files Cyber-crime20 Jun 2024 | 4
Biden bans Kaspersky: No more sales, updates in US Blockade begins July 20 on national security grounds as antivirus slinger vows to fight back CSO20 Jun 2024 | 111
That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise Control-C, Control-V, Enter ... Hell Research19 Jun 2024 | 18
Dark-web kingpin puts 'stolen' internal AMD databases, source code up for sale Updated Chip designer really gonna need to channel some Zen right now Cyber-crime18 Jun 2024 |
Shoddy infosec costs PwC spinoff and NMA $11.3M in settlement with Uncle Sam Updated Pen-testing tools didn't work – and personal info of folks hit by pandemic started appearing in search engines CSO17 Jun 2024 | 2
AWS is pushing ahead with MFA for privileged accounts. What that means for you ... The clock is ticking – why not try a passkey? CSO17 Jun 2024 | 17
Microsoft answered Congress' questions on security. Now the White House needs to act Feature Business as usual needs a real change Public Sector15 Jun 2024 | 45
Meta won't train AI on Euro posts after all, as watchdogs put their paws down Facebook parent calls step forward for privacy a 'step backwards' AI + ML14 Jun 2024 | 41
Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended 'It's not our job to find the culprits – That's what we're paying you for' lawmaker scolds Brad Smith CSO14 Jun 2024 | 57