If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir CSO15 Feb 2025 | 22
SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew Networks14 Feb 2025 | 7
More victims of China's Salt Typhoon crew emerge: Telcos just now hit via Cisco bugs Networks in US and beyond compromised by Beijing's super-snoops pulling off priv-esc attacks Networks13 Feb 2025 | 5
Mysterious Palo Alto firewall reboots? You're not alone Limited-edition hotfix to get wider release before end of month Networks13 Feb 2025 | 6
Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff CSO13 Feb 2025 | 70
Sophos sheds 6% of staff after swallowing Secureworks De-dupes some roles, hints others aren't needed as the infosec scene shifts CSO13 Feb 2025 | 6
Trump’s cyber chief pick has little experience in The Cyber GOP lawyer Sean Cairncross will be learning on the fly, as we also say hi to new intelligence boss Tulsi Gabbard Public Sector12 Feb 2025 | 53
Probe finds US Coast Guard has left maritime cybersecurity adrift Numerous systemic vulnerabilities could scuttle $5.4T industry Public Sector11 Feb 2025 | 13
Yup, AMD's Elba and Giglio definitely sound like they work corporate security Which is why Cisco is adding these Pensando DPUs to more switches Networks11 Feb 2025 | 3
I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice Remote position, webcam not working, then glitchy AI face ... Red alert! CSO11 Feb 2025 | 81
If Ransomware Inc was a company, its 2024 results would be a horror show 35% drop in payments across the year as your backups got better and law enforcement made a difference CSO07 Feb 2025 | 2
Federal judge tightens DOGE leash over critical Treasury payment system access Final update Lawsuit: 'Scale of intrusion into individuals' privacy is massive and unprecedented' Public Sector06 Feb 2025 | 28
Democrats demand to know WTF is up with that DOGE server on OPM's network Are you trying to make this easy for China and Russia? Public Sector06 Feb 2025 | 153
Mixing Rust and C in Linux likened to cancer by kernel maintainer Updated Some worry multiple languages will make it harder to maintain this open source uber-project, others disagree Software05 Feb 2025 | 127
Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' When cloud customers don't clean up after themselves, part 97 CSO04 Feb 2025 | 33
What does it mean to build in security from the ground up? Systems Approach As if secure design is the only bullet point in a list of software engineering best practices CSO02 Feb 2025 | 12
Another banner year for ransomware gangs despite takedowns by the cops And it doesn't take a crystal ball to predict the future Cyber-crime31 Jan 2025 | 6
Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek Oh someone's in DeepShi... CSO30 Jan 2025 | 71
North Koreans clone open source projects to plant backdoors, steal credentials Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? Devops29 Jan 2025 | 2
Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet And now you won't stop calling me, I'm kinda busy CSO29 Jan 2025 | 4
After clash over Rust in Linux, now Asahi lead quits distro, slams Linus' kernel leadership I fought the Torv and ... the Torv won
Why do younger coders struggle to break through the FOSS graybeard barrier? FOSDEM 2025 The hurdles are higher than you might imagine
Critical PostgreSQL bug tied to zero-day attack on US Treasury High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further
Watchdog ponders why Apple doesn't apply its strict app tracking rules to itself Germany's Federal Cartel Office voices concerns iPhone maker may be breaking competition law
Lawyers face judge's wrath after AI cites made-up cases in fiery hoverboard lawsuit Talk about court red-handed
Techie cleaned up criminally bad tech support that was probably also an actual crime On Call Outsourcing is not supposed to involve taking clients' hardware out of their building to your house
Chinese spies suspected of 'moonlighting' as tawdry ransomware crooks Some employees steal sticky notes, others 'borrow' malicious code
SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew
Our world faces 'unprecedented' spike in electricity demand And it's not just datacenters driving the need for 3,500 TWh of new energy generation by 2027
If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir
Spending watchdog blasts UK govt over sloth-like progress to shore up IT defenses Think government cybersecurity is bad? Guess again. It’s alarmingly so Public Sector29 Jan 2025 | 13
The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster Lawsuit challenges effort to create federal-wide centralized inbox expected to be used for mass firings CSO29 Jan 2025 | 57
US freezes foreign aid, halting cybersecurity defense and policy funds for allies Updated Uncle Sam will 'no longer blindly dole out money,' State Dept says Public Sector27 Jan 2025 | 86
Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet Who could be so interested in chips, manufacturing, and more, in the US, UK, Europe, Russia... Networks25 Jan 2025 | 78
Who is DDoSing you? Rivals, probably, or cheesed-off users Plus: 'Largest-ever' duff traffic tsunami clocks in at 5.6 Tbps Networks23 Jan 2025 | 7
Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch Feature Everyone agrees defense matters. How to do it is up for debate CSO22 Jan 2025 | 20
Ransomware scum make it personal for Reg readers by impersonating tech support That invitation to a Teams call on which IT promises to mop up a spamstorm may not be what it seems CSO22 Jan 2025 | 18
Sage Copilot grounded briefly to fix AI misbehavior 'Minor issue' with showing accounting customers 'unrelated business information' required repairs AI + ML20 Jan 2025 | 23
OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries The S in LLM stands for Security AI + ML19 Jan 2025 | 31
FCC to telcos: By law you must secure your networks from foreign spies. Get on it Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping CSO17 Jan 2025 | 29
Biden signs sweeping cybersecurity order, just in time for Trump to gut it Analysis Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive Public Sector17 Jan 2025 | 40
Just as your LLM once again goes off the rails, Cisco, Nvidia are at the door smiling Some of you have apparently already botched chatbots or allowed ‘shadow AI’ to creep in AI + ML17 Jan 2025 | 11
GoDaddy slapped with wet lettuce for years of lax security and 'several major breaches' Watchdog alleged it had no SIEM or MFA, orders rapid adoption of basic infosec tools CSO15 Jan 2025 | 13
China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says We are only seeing 'the tip of the iceberg,' Easterly warns Security15 Jan 2025 | 11
Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used Updated Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg Networks14 Jan 2025 | 26
Database tables of student, teacher info stolen from PowerSchool in cyberattack Class act: Cloud biz only serves 60M-plus folks globally, no biggie Cyber-crime09 Jan 2025 | 23
I tried hard, but didn't fix all of cybersecurity, admits outgoing US National Cyber Director In colossal surprise, ONCD boss Harry Coker says more work is needed CSO08 Jan 2025 | 12
Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid OFAC, Office of the Treasury Secretary feared hit in data-snarfing swoop CSO02 Jan 2025 | 3
Trump administration wants to go on cyber offensive against China The US has never attacked Chinese critical infrastructure before, right? Cyber-crime16 Dec 2024 | 25
China's Salt Typhoon recorded top American officials' calls, says White House No word yet on who was snooped on. Any bets? CSO09 Dec 2024 | 24
OpenWrt orders router firmware updates after supply chain attack scare A couple of bugs lead to a potentially bad time CSO09 Dec 2024 | 9
Microsoft dangles $10K for hackers to hijack LLM email service Outsmart an AI, win a little Christmas cash CSO09 Dec 2024 | 12
Salt Typhoon forces FCC's hand on making telcos secure their networks Proposal pushes stricter infosec safeguards after Chinese state baddies expose vulns Security06 Dec 2024 | 4
Solana blockchain's popular web3.js npm package backdoored to steal keys, funds Damage likely limited to those running bots with private PKI access Cyber-crime05 Dec 2024 | 7
T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career' Interview Security chief talks to El Reg as Feds urge everyone to use encrypted chat CSO05 Dec 2024 | 54
Microsoft says premature patch could make Windows Recall forget how to work Installed the final non-security preview update of 2024? Best not hop onto the Dev Channel CSO04 Dec 2024 | 25
T-Mobile US takes a victory lap after stopping cyberattacks: 'Other providers may be seeing different outcomes' Funny what putting more effort and resources into IT security can do CSO27 Nov 2024 | 9
Security? We've heard of it: How Microsoft plans to better defend Windows Ignite Did we say CrowdStrike? We meant, er, The July Incident... CSO25 Nov 2024 | 28
Trump taps border hawk to head DHS. Will Noem's 'enthusiasm' extend to digital domain? Analysis Meanwhile, CISA chief Jen Easterly will step down prior to inauguration Public Sector23 Nov 2024 | 43
1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole Updated PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more CSO22 Nov 2024 | 22
Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator Meet Liminal Panda, which prowls telecom networks in South Asia and Africa CSO20 Nov 2024 | 32
D-Link tells users to trash old VPN routers over bug too dangerous to identify Vendor offers 20% discount on new model, but not patches CSO20 Nov 2024 | 59
Data is the new uranium – incredibly powerful and amazingly dangerous Column CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value CSO20 Nov 2024 | 56
Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit Yank access to management interface, stat CSO15 Nov 2024 | 28
Five Eyes infosec agencies list 2023's most exploited software flaws Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns CSO14 Nov 2024 | 28
ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue Plus: CISA's ScubaGear dives deep to fix M365 misconfigs CSO14 Nov 2024 | 3
Air National Guardsman gets 15 years after splashing classified docs on Discord 22-year-old talked of 'culling the weak minded' – hmm! Cyber-crime13 Nov 2024 | 93
HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code 'Once again, we've lost a little more faith in the internet,' researcher says CSO12 Nov 2024 | 3
Bitwarden's FOSS halo slips as new SDK requirement locks down freedoms Arguments continue but change suggests it's not Free Software anymore Applications24 Oct 2024 | 16
US healthcare org admits up to 400,000 people's personal info was snatched It waited till just before Columbus Day weekend to make mandated filing, but don't worry, we saw it Cybersecurity Month14 Oct 2024 | 3
CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame Usual three-week window to address significant risks to federal agencies applies Cybersecurity Month10 Oct 2024 |
Ransomware gang Trinity joins pile of scumbags targeting healthcare As if hospitals and clinics didn't have enough to worry about Cybersecurity Month09 Oct 2024 | 6
Average North American CISO pay now $565K, mainly thanks to one weird trick Best way to boost your package is to leave, or pretend to Cybersecurity Month03 Oct 2024 | 12
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant Exclusive Crooks 'like a sysadmin, with a malicious slant' Cybersecurity Month03 Oct 2024 | 3
Brits hate how big tech handles their data, but can't be bothered to do much about it Managing the endless stream of cookie banners leaves little energy for anything else Cybersecurity Month03 Oct 2024 | 38
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking With 14 serious security flaws found, what a gift for spies and crooks Cybersecurity Month02 Oct 2024 | 21
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing Poor use of PHP include() strikes again Cybersecurity Month02 Oct 2024 | 4
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline Cybersecurity Month02 Oct 2024 | 8
Rackspace internal monitoring web servers hit by zero-day Exclusive Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Cybersecurity Month30 Sep 2024 | 10
T-Mobile US to cough up $31.5M after that long string of security SNAFUs At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue' CSO30 Sep 2024 | 4
Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more OSes27 Sep 2024 | 122
China's Salt Typhoon cyber spies are deep inside US ISPs Updated Expecting a longer storm season this year? Networks25 Sep 2024 | 4
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town No malware crew linked to this latest red-teaming tool yet Research23 Sep 2024 |
CISA boss: Makers of insecure software must stop enabling today's cyber villains Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret' Software20 Sep 2024 | 93
Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims Boasts 'appear to be credible' experts tell El Reg Cyber-crime19 Sep 2024 | 7
Chinese spies spent months inside aerospace engineering firm's network via legacy IT Exclusive Getting sloppy, Xi CSO18 Sep 2024 | 32
VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation Bug reports made in China Virtualization17 Sep 2024 | 1
I stole 20 GB of data from Capgemini – and now I'm leaking it, says cybercrook Updated Allegedly pilfered database has source code, private keys, staff info, T-Mobile VM logs, more Cyber-crime12 Sep 2024 | 20
Google says replacing C/C++ in firmware with Rust is easy Not so much when trying to convert coding veterans Software06 Sep 2024 | 175
Security boom is over, with over a third of CISOs reporting flat or falling budgets Good news? Security is still getting a growing part of IT budget CSO05 Sep 2024 | 1
Ex-senior New York State staffer charged in cash-for-favors scandal with China Bagging two posh properties, three luxury cars on a govt salary a bit of a giveaway – allegedly Public Sector04 Sep 2024 | 6
31.5M invoices, contracts, patient consent forms, and more exposed to the internet Exclusive Unprotected database with 12 years of biz records yanked offline CSO26 Aug 2024 | 28
SolarWinds left critical hardcoded credentials in its Web Help Desk product Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway CSO22 Aug 2024 | 18
This uni thought it would be a good idea to do a phishing test with a fake Ebola scare Needless to say, it backfired in a big way CSO22 Aug 2024 | 118
Delta: CrowdStrike's offer to help in Falcon meltdown was too little, too late Airline unimpressed with 'unhelpful and untimely' phone call from CEO, Falcon maker says claims untrue CxO08 Aug 2024 | 32
US 'laptop farm' man accused of outsourcing his IT jobs to North Korea to fund weapons programs American and Brit firms thought they were employing a Westerner, but not so, it's alleged CSO08 Aug 2024 | 19
Report: Tech misconceptions plague the IT world Just snapping the webcam shutter closed won't keep a user safe online Personal Tech08 Aug 2024 | 74
Microsoft punches back at Delta Air Lines and its legal threats SatNad himself offered CrowdStrike recovery help, Redmond says, before suggesting airline's IT is in a mess CxO07 Aug 2024 | 39
That cyber-heist of 2.9B personal records? There's a class-action lawsuit looming for that Updated Background check biz accused of negligence Cyber-crime05 Aug 2024 | 11
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets Malware logs users' keystrokes, pilfers credentials, exfiltrates data Research05 Aug 2024 | 15
DARPA suggests turning old C code automatically into Rust – using AI, of course Who wants to make a TRACTOR pull request? Research03 Aug 2024 | 146
Too late now for canary test updates, says pension fund suing CrowdStrike That horse has not just bolted, it's trampled all over kernel space CSO01 Aug 2024 | 114
Firefox's Mozilla follows Google in losing trust in Entrust's TLS certificates Compliance failures and unsatisfactory responses mount from the long-time certificate authority CSO01 Aug 2024 | 16
Ransomware infection cuts off blood supply to 250+ hospitals Scumbags go for the jugular Cyber-crime31 Jul 2024 | 39
More than 83K certs from nearly 7K DigiCert customers must be swapped out now Small stay of execution in 'exceptional circumstances' promised – amid legal action to pause digital bonfire CSO31 Jul 2024 | 18
Chrome adopts app-bound encryption to stymie cookie-stealing malware Windows users now get macOS-grade secret security CSO31 Jul 2024 | 4
'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage A playbook full of strategies and someone fumbles the implementation CSO31 Jul 2024 | 18
UK Electoral Commission slapped for basic cybersecurity fails It took 13 months to notice 40 million voters' data was compromised CSO31 Jul 2024 | 25
DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder For the want of an underscore CSO31 Jul 2024 | 27
Delta Air Lines dials up Microsoft's legal nemesis over CrowdStrike losses Oh, Boies, here we go again CSO30 Jul 2024 | 17