CSO News • The Register

CSO

Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure?

Interview Katie Moussouris, who pioneered Redmond's program, says folks are focusing on the wrong thing

CSO22 Nov 2023 | 9

SonicWall swallows Solutions Granted amid cybersecurity demand surge

CEO Bob VanKirk makes near-20-year partnership official, teases big things coming to EMEA

CSO17 Nov 2023 | 1

How much to clean up a ransomware infection? For Rackspace, about $11M

And that's not counting the incoming lawsuits. Thank goodness for insurance, eh?

CSO16 Nov 2023 | 7

Clorox CISO flushes self after multimillion-dollar cyberattack

Plus: Ransomware crooks file SEC complaint against victim

CSO16 Nov 2023 | 23

NCSC says cyber-readiness of UK’s critical infrastructure isn’t up to scratch

And the world's getting more and more dangerous

CSO14 Nov 2023 | 16

HTTP/2 'Rapid Reset' zero-day exploited in biggest DDoS deluge seen yet

Botnet storm drowned last record with 398 million requests per second

CSO10 Oct 2023 | 13

Red Cross lays down hacktivism law as Ukraine war rages on

Rules apply to cyber vigilantes and their home nations, but experts cast doubt over potential benefits

CSO04 Oct 2023 | 4

Chinese snoops stole 60K State Department emails in that Microsoft email heist

No classified systems involved apparently, but internal diplomatic notes, travel details, staff SSNs, etc

CSO28 Sep 2023 | 4

Good news for Key Group ransomware victims: Free decryptor out now

That's what we call a static shock

CSO31 Aug 2023 | 5

Barracuda gateway attacks: How Chinese snoops keep a grip on victims' networks

Backdoors detailed, plus CISA releases more IOCs for IT depts to check

CSO30 Aug 2023 |

University cuts itself off from internet after mystery security snafu

Updated Halls of learning are stuck offline, but go Wolverines!

CSO29 Aug 2023 | 21

Malware loader lowdown: The big 3 responsible for 80% of attacks so far this year

Top of the list to trip sensors

CSO28 Aug 2023 | 6

Russia's Cozy Bear is back and hitting Microsoft Teams to phish top targets

Plus: Tenable CEO blasts Redmond's bug disclosure habits

CSO03 Aug 2023 | 8

What would sustainable security even look like?

Opinion Clue: Nothing like what’s on offer today

CSO31 Jul 2023 | 40

Florida man accused of hoarding America's secrets faces fresh charges

Mar-a-Lago IT director told 'the boss wanted the server deleted'

CSO29 Jul 2023 | 147

Millions of people's data stolen because web devs forget to check access perms

IDORs of the storm

CSO29 Jul 2023 | 40

Crooks pwned your servers? You've got four days to tell us, SEC tells public companies

Cripes, they actually sound serious

CSO26 Jul 2023 | 29

AMD Zenbleed chip bug leaks secrets fast and easy

Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can

CSO24 Jul 2023 | 64

Stolen Microsoft key may have opened up a lot more than US govt email inboxes

How does the Azure giant come back from this?

CSO21 Jul 2023 | 56

VirusTotal: We're sorry someone fat-fingered and exposed 5,600 users

File under PEBCAK

CSO21 Jul 2023 | 19

Popular

No new top boss at NSA until it answers questions about buying up location, browsing data

Senator Ron Wyden puts his foot down – for as long as he can

Scores of US credit unions offline after ransomware infects backend cloud outfit

Supply chain attacks: The gift that keeps on giving

Bank boss hated IT, loved the beach, was clueless about ports and politeness

On Call At the dawn of the dialup age, making a connection could be complicated

UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

Exploits bypass most secure boot solutions from the biggest chip vendors

Watchdog claims retaliation from military after questioning cushy federal IT contracts

Special report IT-AAC had a hand in scrutinizing JEDI, now faces probe for challenging $300M+ single-source deals

Boffins find asking ChatGPT to repeat key words can expose its training data

This one weird trick will blow the large language model's artificial mind

Small but mighty, 9Front's 'Humanbiologics' is here for the truly curious

Programmers developing what is essentially UNIX 2.0 are still busy bunnies

Regulator says stranger entered hospital, treated a patient, took a document ... then vanished

Scottish health group to tweak security checks, access authorization to avoid a repeat

America's ambitious Artemis III likely to miss 2025 Moon landing date, auditors sigh

'SpaceX has made limited progress maturing the technologies needed'

Potential sat-bothering cannibal coronal mass ejection slams into Earth's atmo tonight

And where folks are likely to see a light show

MORE
STORIES

Chinese balloon that US shot down was 'crammed' with American hardware

Blasted from the sky in February, device never transmitted photos, videos, or radar data it collected, officials say

CSO29 Jun 2023 | 75

Ex-FBI employee jailed for taking classified material home

Infosec in brief Also: a PII harvest at Dole's server farm, military members mailed mystery smartwatches, and this week's critical vulns

CSO26 Jun 2023 | 55

JP Morgan accidentally deletes evidence in multi-million record retention screwup

Fined $4m for Who-Me-esque mess, for which it blames unnamed archiving vendor's retention settings

CSO26 Jun 2023 | 56

UK cyberspies warn ransomware crews targeting law firms

Nation states will use you to get to your friends, says NCSC

CSO23 Jun 2023 | 8

To kill BlackLotus malware, patching is a good start, but...

...that alone 'could provide a false sense of security,' NSA warns in this handy free guide for orgs

CSO22 Jun 2023 | 4

FTC accuses DNA testing company of lying about dumping samples

1Health must strengthen protections for genetic information as part of settlement

CSO21 Jun 2023 | 4

US government hit by Russia's Clop in MOVEit mass attack

CISA chief tells us exploitation 'largely opportunistic', not on same level of SolarWinds

CSO15 Jun 2023 | 7

Chinese spies blamed for data-harvesting raids on Barracuda email gateways

Snoops 'aggressively targeted' specific govt, academic accounts

CSO15 Jun 2023 | 2

LockBit victims in the US alone paid over $90m in ransoms since 2020

As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections

CSO14 Jun 2023 | 2

Clop ransomware crew sets June extortion deadline for MOVEit victims

Plus: The Feds weigh in with advice, details

CSO07 Jun 2023 | 2

US govt now bans TikTok from contractors' work gear

BYODALAINGTI (as long as it's not got TikTok installed)

CSO06 Jun 2023 | 11

SEC drops 42 cases after staff bungle data protection

Corporate watchdog fouled its info-separation regime, let the wrong people read sensitive docs

CSO06 Jun 2023 | 2

Microsoft stashes nearly half a billion in case LinkedIn data drama hits

Irish regulators sniffing around Facebook-for-suits subsidiary have threatened fine

CSO02 Jun 2023 | 12

90+ orgs tell Slack to stop slacking when it comes to full encryption

Protests planned for Wednesday in San Francisco and Denver

CSO30 May 2023 | 8

Microsoft decides it will be the one to choose which secure login method you use

Certificate-based authentication comes first and phones last

CSO18 May 2023 | 55

'Strictly limit' remote desktop – unless you like catching BianLian ransomware

Do it or don't. We're not cops. But the FBI are, and they have this to say

CSO17 May 2023 | 33

Don't panic. Google offering scary .zip and .mov domains is not the end of the world

Comment Did we forget about .pl, .sh and oh yeah, .com ?

CSO17 May 2023 | 80

No more macros? No problem, say miscreants, we'll adapt

Microsoft blocking 'net scripts sparked 'monumental shift' in attacks

CSO15 May 2023 | 10

Sonatype axes 14 percent of staff, reminds them not to talk to the press

Exclusive Workers slam 'horrendous' handling of layoffs that left even 'engineering managers in the dark'

CSO10 May 2023 | 41

Modern Auth comes to on-prem Exchange Server gear

Guess this'll have to do while we wait for *checks notes* ES 2025

CSO08 May 2023 | 2

Dump these insecure phone adapters because we're not fixing them, says Cisco

Security hole ranks 9.8 out of 10 in severity, 0 out of 10 in patch availability

CSO05 May 2023 | 90

Insurers can't use 'act of war' excuse to avoid Merck's $1.4B NotPetya payout

'The get-out-of-jail-free card option has been removed' as one expert put it

CSO03 May 2023 | 37

Microsoft is busy rewriting core Windows code in memory-safe Rust

Now that's a C change we can back

CSO27 Apr 2023 | 115

That 3CX supply chain attack keeps getting worse: Other vendors hit

In Brief Also, Finland sentences CEO of breach company to prison (kind of), and this week's laundry list of critical vulns

CSO24 Apr 2023 | 9

Microsoft pushes for more women in cybersecurity

Redmond tops industry average, still got a way to go

CSO21 Apr 2023 | 14

Russian snoops just love invading unpatched Cisco gear, America and UK warn

Spying on foreign targets? That's our job!

CSO18 Apr 2023 | 7

Compatibility mess breaks not one but two Windows password tools

Windows LAPS and legacy LAPS don't play nicely under certain conditions, Microsoft says

CSO14 Apr 2023 | 6

While Twitter wants to sell its verification, Microsoft will do it for free on LinkedIn

Redmond expands a digital ID process for its platform as Musk seeks cash for blue check marks

CSO14 Apr 2023 | 23

US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster

It's not all doom and gloom because ML also amplifies defensive efforts, probably

CSO12 Apr 2023 | 15

Azure admins warned to disable shared key access as backdoor attack detailed

The default is that sharing is caring as Redmond admits: 'These permissions could be abused'

CSO11 Apr 2023 | 10

CISA unleashes Untitled Goose Tool to honk at danger in Microsoft's cloud

Not a headline we expected to write today

CSO24 Mar 2023 | 11

Critical infrastructure gear is full of flaws, but hey, at least it's certified

Security researchers find bugs, big and small, in every industrial box probed

CSO23 Mar 2023 | 20

You just gonna take that AWS? Let Microsoft school your users on cloud security?

And Google Cloud is next

CSO21 Mar 2023 | 3

UK refreshes national security plan to stop more of China's secret-stealing cyber-tricks

A threat that needs two orgs to tackle it: the 'Integrated Security Fund' and the 'National Protective Security Authority'

CSO14 Mar 2023 | 43

What happens if you 'cover up' a ransomware infection? For Blackbaud, a $3m charge

File under cost of doing business

CSO10 Mar 2023 | 9

CI/CD: Necessary for modern software development, yet it carries a lot of risk

SCSW With great speed comes great insecurity

CSO02 Mar 2023 | 10

Feeling VEXed by software supply chain security? You’re not alone

SCSW Chainguard CEO explains how to secure code given crims know to poison it at the source

CSO28 Feb 2023 |

Google destroyed evidence for antitrust battle, Feds complain

rm -rf'ing staff chat logs can't go unpunished, says Uncle Sam

CSO24 Feb 2023 | 33

European Commission bans TikTok from staff gadgets

Cyber Europe cyber worried about cyber threats, doesn't cyber use the other C word (China)

CSO24 Feb 2023 | 23

Trust, not tech, is holding back a safer internet

Opinion Excuse me, citizen, did you packet this data yourself?

CSO06 Feb 2023 | 60

Months after NSA disclosed Microsoft cert bug, datacenters remain unpatched

You know when we all said quit using MD5? We really meant it

CSO26 Jan 2023 | 3

Miscreants sure do love ransacking cloud networks, more so than before

Thanks for putting all your data in one basket

CSO20 Jan 2023 | 9

Microsoft locks door to default guest authentication in Windows Pro

Bringing OS version into sync with Enterprise and Education editions

CSO17 Jan 2023 | 24

NASA infosec again falls short of required US government standard

Good thing space agency doesn’t have any state secrets … oh, hang on

CSO21 Dec 2022 | 13

On the 12th day of the Rackspace email disaster, it did not give to me …

Updated … a working Exchange inbox tree

CSO14 Dec 2022 | 66

Malicious Microsoft-signed Windows drivers wielded in cyberattacks

Handy tools to kill off security protections get Redmond's stamp of approval

CSO14 Dec 2022 | 14

This ransomware gang is a right Royal pain in the AES for healthcare orgs

Nothing like your medical files being taken hostage for millions of dollars

CSO09 Dec 2022 | 8

REvil-hit Medibank to pull plug on IT, shore up defenses

If safety regulations are written in blood, what are security policies written in? Sweat and cursing?

CSO08 Dec 2022 | 1

Guess the most common password. Hint: We just told you

In brief Also, Another red team tool at risk of turning to the darkside, and Meta catches the US military behaving badly

CSO25 Nov 2022 | 108

Europe calls for joint cyber defense to ward off Russia

EC veep: 'Cyber is the new domain in warfare'

CSO11 Nov 2022 | 9

Ritz cracker giant settles bust-up with insurer over $100m+ NotPetya cleanup

Deal could 'upend the entire cyber-insurance ecosystem and make it almost impossible to get meaningful cyber coverage'

CSO02 Nov 2022 | 55

Education tech giant gets an F for security after sensitive info on 40 million users stolen

Chegg it out: Four blunders in four years

CSO31 Oct 2022 | 6

Biden now wants to toughen up chemical sector's cybersecurity

Control panels facing the internet? Data stolen? You gotta keep an ion this stuff

CSO27 Oct 2022 | 6

If someone tries ransacking your Windows network, it's a bit easier now to grok in Microsoft 365 Defender

Blinking, beeping, and flashing lights, blinking and beeping and flashing...

CSO26 Oct 2022 | 6

FTC slaps down Drizly CEO after 2.4m user records stolen from 'careless' booze app biz

Analysis At least this'll give some ammo to CISOs dying for stronger IT defenses

CSO26 Oct 2022 | 10

Oops, web trackers may have leaked 3 million patients' info

Scream with us: Aaaaaa-AAH

CSO20 Oct 2022 | 35

Cost of a health insurance security breach? NY watchdogs say it's $4.5m

Hundreds of thousands of people's sensitive info poorly protected

CSO19 Oct 2022 | 1

Millennials, Gen Z actually suck at workplace security

OK, boomer – how do I turn off cookies?

CSO19 Oct 2022 | 76

So, the US, China, and Russia walk into an infosec conference

Suffice to say things got a little awkward

CSO19 Oct 2022 | 3

Microsoft: Watch out for password spray attacks – especially you, Basic Auth

Exchange Online users should have authentication policies in place

CSO04 Oct 2022 | 7

Moody's turns up the heat on 'riskiest' sectors for cyberattacks

$22 trillion of global rated debt has 'high' or 'very high' cyber-risk exposure

CSO03 Oct 2022 | 1

Covert malware targets VMware shops for hypervisor-level espionage

Mandiant tracks back operators, finds ties to China

CSO29 Sep 2022 | 3

Microsoft to kill off old access rules in Exchange Online

Awoooogah – this is your one-year warning to switch over, enterprises

CSO28 Sep 2022 | 13

Ukraine fears 'massive' Russian cyberattacks on power, infrastructure

Will those be before or after the nuke strikes Putin keeps banging on about?

CSO27 Sep 2022 | 13

Uber explains how it was pwned this month, points finger at Lapsus$ gang

From annoying MFA alerts to 'several internal systems' infiltrated

CSO19 Sep 2022 | 26

Indonesia accuses Google of abusing monopoly

Asia In Brief PLUS: Qualys CEO says APAC has infosec advantages; Singapore's Sea ebbs in Americas; Toshiba's tepid takeover update; and more

CSO19 Sep 2022 | 4

Nearly one in two industry pros scaled back open source use over security fears

Log4j being the main driver, this data science poll claims

Security14 Sep 2022 | 17

Twitter whistleblower Zatko disses bird site as dysfunctional data dump

Mudge tells senators his former bosses are 'terrified' of the French, US regulators are toothless

CSO14 Sep 2022 | 38

Musk seeks yet another excuse to get out of Twitter buyout: This time it's Mudge's severance check

If at first you don't succeed...

CSO13 Sep 2022 | 54

Dump these small-biz routers, says Cisco, because we won't patch their flawed VPN

Nothing like an authentication bypass for your private IPSec network

CSO08 Sep 2022 | 56

Nadine Dorries promotes 'Brexit rewards' of proposed UK data protection law

Culture secretary talks up pre-Commons reading as UK waits to hear who new leader will be

CSO05 Sep 2022 | 163

77% of security leaders fear we’re in perpetual cyberwar from now on

In brief Also, Charming Kittens from Iran scrape email inboxes, France could fine Google again, and more

CSO27 Aug 2022 | 32

Twilio, Cloudflare just two of 135 orgs targeted by Oktapus phishing campaign

Updated This, this is more like what we mean by a sophisticated cyberattack

CSO25 Aug 2022 | 6

Shout-out to whoever went to Black Hat and had North Korean malware on their PC

I am the one who NOCs

CSO25 Aug 2022 | 25

Block sued after ex-staffer siphons customer data

'Don't be such a Square' hits different these days

CSO24 Aug 2022 | 8

VMware confirms Carbon Black causes BSODs, boot loops on Windows

Well, you can't be attacked if your PC won't start

CSO24 Aug 2022 | 11

Lloyd's to exclude certain nation-state attacks from cyber insurance policies

Updated Kim Jong-un has entered the chat

CSO24 Aug 2022 | 55

Twitter savaged by former security boss Mudge in whistleblower complaint

Loose access to production systems, out of date software, and more claimed

CSO23 Aug 2022 | 36

Smartphone gyroscopes threaten air-gapped systems, researcher finds

Network interface card LEDs are a risk too by blinking in Morse code

CSO23 Aug 2022 | 54

The truth about that draft law banning Uncle Sam buying insecure software

There's always a get-out clause

CSO19 Aug 2022 | 43

The Register Biting the hand that feeds IT

About Us

Our Websites

Your Privacy

Situation Publishing

Copyright. All rights reserved © 1998–2023