Don't open that 'copyright infringement' email attachment – it's an infostealer Curiosity gives crims access to wallets and passwords Research07 Nov 2024 | 18
Cybercrooks are targeting Bengal cat lovers in Australia for some reason In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos Research06 Nov 2024 | 14
Criminals open DocuSign's Envelope API to make BEC special delivery Why? Because that's where the money is Research05 Nov 2024 | 4
Ongoing typosquatting campaign impersonates hundreds of popular npm packages Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials Research05 Nov 2024 | 11
Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed You snooze, you lose, er, win AI + ML05 Nov 2024 | 19
Gang gobbles 15K credentials from cloud and email providers' garbage Git configs Emeraldwhale looked sharp – until it made a common S3 bucket mistake Research31 Oct 2024 | 2
AWS Cloud Development Kit flaw exposed accounts to full takeover Remember Bucket Monopoly? Yeah, it gets worse Cybersecurity Month24 Oct 2024 | 13
Perfctl malware strikes again as crypto-crooks target Docker Remote API servers Attacks on unprotected servers reach 'critical level' Cybersecurity Month24 Oct 2024 | 1
Millions of Android and iOS users at risk from hardcoded creds in popular apps Azure Blob Storage, AWS, and Twilio keys all up for grabs Cybersecurity Month23 Oct 2024 | 17
WeChat devs introduced security flaws when they modded TLS, say researchers No attacks possible, but enough issues to cause concern Cybersecurity Month17 Oct 2024 | 15
WhatsApp may expose the OS you use to run it – which could expose you to crooks Updated Meta knows messaging service creates persistent user IDs that have different qualities on each device Research16 Oct 2024 | 16
Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption With an off-the-shelf D-Wave machine, but only against very short keys Cybersecurity Month14 Oct 2024 | 23
INC ransomware rebrands to Lynx – same code, new name, still up to no good Researchers point to evidence that scumbags visited the strategy boutique Cybersecurity Month11 Oct 2024 | 10
Smart TVs are spying on everyone Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change Cybersecurity Month09 Oct 2024 | 127
Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds 'You can build this in a few days – even as a very naïve developer' Cybersecurity Month04 Oct 2024 | 115
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant Exclusive Crooks 'like a sysadmin, with a malicious slant' Cybersecurity Month03 Oct 2024 | 3
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline Cybersecurity Month02 Oct 2024 | 8
The fix for BGP's weaknesses has big, scary, issues of its own, boffins find Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works Security02 Oct 2024 | 9
Cloud threats have execs the most freaked out because they're not prepared Ransomware? More like 'we don't care' for everyone but CISOs Research30 Sep 2024 | 3
Red team hacker on how she 'breaks into buildings and pretends to be the bad guy' Interview Alethe Denis exposes tricks that made you fall for that return-to-office survey Cybersecurity Month29 Sep 2024 | 68
The US government wants developers to stop using C and C++ Opinion Does anyone want to tell Linus Torvalds? No? I didn't think so
Tech support world record? 8.5 seconds from seeing to fixing On Call Your very fastest resolution, delivered in a flash – even in The Time Before Google
Microsoft still not said anything about unexpected Windows Server 2025 installs Affected business calls situation 'mindbogglingly dangerous' as sysadmins reminded to check backup and restore strategies
Europe's largest local authority slammed for 'poorest' ERP rollout ever Government-appointed commissioners say Birmingham severely lacked Oracle skills during disastrous implementation
Don't open that 'copyright infringement' email attachment – it's an infostealer Curiosity gives crims access to wallets and passwords
Top 10 billionaires make nearly $64B in post-Trump election stock surge 9 out of 10 are techies, but Zuckerberg lost money
The Register takes AMD's Ryzen 9800X3D for a spin Review Zen 5 3D V-cache is here at last, and priced at $479 – one for the gamers or multi-purpose desktop chip for all?
Robots crush career opportunities for low-skilled workers They also boost support for populist politicians, study finds
SpaceX plans next Starship flight just days from now Hands up who wants to see the 'chopsticks' catch the Super Heavy again?
Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda Research27 Sep 2024 | 6
Russia's digital warfare on Ukraine shows no signs of slowing: Malware hits surge Severe incidents may be down, but Putin had to throw one in for good measure Cyber-crime24 Sep 2024 | 9
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town No malware crew linked to this latest red-teaming tool yet Research23 Sep 2024 |
No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom Says Lina Khan in latest push to rein in Meta, Google, Amazon and pals Personal Tech19 Sep 2024 | 26
Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations Updated Better check your widgets, people Research19 Sep 2024 | 7
Tor insists its network is safe after German cops convict CSAM dark-web admin Outdated software blamed for cracks in the armor Cyber-crime19 Sep 2024 | 25
Putin really wants Trump back in the White House US govt, Microsoft report on Kremlin trolls' latest antics to Make America Grate Again Research18 Sep 2024 | 268
Chinese spies spent months inside aerospace engineering firm's network via legacy IT Exclusive Getting sloppy, Xi CSO18 Sep 2024 | 32
Feeld dating app's security too open-minded as private data swings into public view No love for months-long wait to fix this, either Research13 Sep 2024 | 7
Mind your header! There's nothing refreshing about phishers' latest tactic It could lead to a costly BEC situation Research12 Sep 2024 | 2
If HDMI screen rips aren't good enough for you pirates, DeCENC is another way to beat web video DRM Academically interesting technique for poking holes in paywalled tech specs Research12 Sep 2024 | 36
How $20 and a lapsed domain allowed security pros to undermine internet integrity What happens at Black Hat… Research11 Sep 2024 | 19
Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials Research04 Sep 2024 |
Novel attack on Windows spotted in phishing campaign run from and targeting China Resources hosted at Tencent Cloud involved in Cobalt Strike campaign Research02 Sep 2024 | 3
Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers Updated Infosec hounds say they spotted vulnerability during routine travel in the US Research30 Aug 2024 | 28
31.5M invoices, contracts, patient consent forms, and more exposed to the internet Exclusive Unprotected database with 12 years of biz records yanked offline CSO26 Aug 2024 | 28
110K domains targeted in 'sophisticated' AWS cloud extortion campaign Updated If you needed yet another reminder of what happens when security basics go awry Research21 Aug 2024 | 4
Digital wallets can allow purchases with stolen credit cards Researchers find it's possible to downgrade authentication checks, and shabby token refresh policies Research20 Aug 2024 | 36
Multiple flaws in Microsoft macOS apps unpatched despite potential risks Windows giant tells Cisco Talos it isn't fixing them Research19 Aug 2024 | 21
Google raps Iran's APT42 for raining down spear-phishing attacks US politicians and Israeli officials among the top targets for the IRGC’s cyber unit Research15 Aug 2024 | 1
China-linked cyber-spies infect Russian govt, IT sector No, no, go ahead, don't let us stop you, Xi Research15 Aug 2024 | 17
Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls Because apps talking like pirates and creating ASCII art never gets old AI + ML13 Aug 2024 | 17
Raptor Lake microcode limits Intel chips to a mere 1.55 volts to prevent CPU destruction Is that a lot? Depends on the context. GHz, no. Voltage, yes Personal Tech09 Aug 2024 | 28
It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0 Can't reach someone's private server on localhost from outside? No problem Research09 Aug 2024 | 39
Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware Black Hat Why run your own evil infrastructure when Big Tech offers robust tools hosted at trusted URLs? Black Hat and DEF CON08 Aug 2024 | 2
Faulty instructions in Alibaba's T-Head C910 RISC-V CPUs blow away all security Black Hat Let's get physical, physical ... I don't wanna hear your MMU talk Black Hat and DEF CON07 Aug 2024 | 48
Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net A simple HTML change and the warning is gone! Research07 Aug 2024 | 13
SharpRhino malware targets IT admins – Hunters International gang suspected Fake Angry IP Scanner will make you furious - or maybe remind you of how the Hive gang went about its banal business Security07 Aug 2024 |
Georgia's voter portal gets a crash course in client versus backend input validation Trying to cancel a citizen's registration would be caught by humans no matter what the page said, officials say Research07 Aug 2024 | 36
Bad apps bypass Windows security alerts for six years using newly unveiled trick Windows SmartScreen and Smart App Control both have weaknesses of which to be wary Research06 Aug 2024 | 16
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets Malware logs users' keystrokes, pilfers credentials, exfiltrates data Research05 Aug 2024 | 15
DARPA suggests turning old C code automatically into Rust – using AI, of course Who wants to make a TRACTOR pull request? Research03 Aug 2024 | 146
Russia takes aim at Sitting Ducks domains, bags 30,000+ Eight-year-old domain hijacking technique still claiming victims Research31 Jul 2024 |
Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others They DKIM here, they DKIM there Research30 Jul 2024 | 33
Meta's AI safety system defeated by the space bar 'Ignore previous instructions' thwarts Prompt-Guard model if you just add some good ol' ASCII code 32 AI + ML29 Jul 2024 | 57
Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank May even have targeted other malware gangs, and infosec researchers Cyber-crime26 Jul 2024 | 9
Beware of fake CrowdStrike domains pumping out Lumma infostealing malware PSA: Only accept updates via official channels ... ironically enough Malware Month25 Jul 2024 | 3
FYI: Data from deleted GitHub repos may not actually be deleted And the forking Microsoft-owned code warehouse doesn't see this as much of a problem CSO25 Jul 2024 | 49
Oops. Apple relied on bad code while flaming Google Chrome's Topics ad tech Yes, you can be fingerprinted and tracked via Privacy Sandbox – tho the risk isn't as high as feared Personal Tech24 Jul 2024 | 8
Forget security – Google's reCAPTCHA v2 is exploiting users for profit Updated Web puzzles don't protect against bots, but humans have spent 819 million unpaid hours solving them Security24 Jul 2024 | 73
How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code Analysis Maybe next time some staged rollouts? A bit of QA too? CSO23 Jul 2024 | 119
Russia’s FIN7 is peddling its EDR-nerfing malware to ransomware gangs Major vendors' products scuppered by novel techniques Research18 Jul 2024 | 5
Release the hounds! Securing datacenters may soon need sniffer dogs Nothing else can detect attackers with implants designed to foil physical security Security18 Jul 2024 | 35
Ransomware continues to pile on costs for critical infrastructure victims Millions more spent without any improvement in recovery times Malware Month17 Jul 2024 | 5
FBI gains access to Trump rally shooter's phone Hasn't said how it did it, but has form cracking devices Research16 Jul 2024 | 115
RADIUS networking protocol blasted into submission through MD5-based flaw If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed Research10 Jul 2024 | 11
Latest Ghostscript vulnerability haunts experts as the next big breach enabler There's also chatter about whether medium severity scare is actually code red nightmare Research05 Jul 2024 | 25
Traeger security bugs bad news for grillers with neighborly beef Never risk it when it comes to brisket – make sure those updates are applied Research03 Jul 2024 | 20
CISA looked at C/C++ projects and found a lot of C/C++ code. Wanna redo any of it in Rust? So, so many lines of memory-unsafe routines in crucial open source, and unsafe dependencies Research28 Jun 2024 | 81
'Skeleton Key' attack unlocks the worst of AI, says Microsoft Simple jailbreak prompt can bypass safety guardrails on major models AI + ML28 Jun 2024 | 115
Polyfill.io owner punches back at 'malicious defamation' amid domain shutdown Updated No supply-chain attacks to see over here! Research28 Jun 2024 | 28
If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately Scripts turn sus after mysterious CDN swallows domain CSO25 Jun 2024 | 61
'Mirai-like' botnet observed attacking EOL Zyxel NAS devices Seems like as good a time as any to upgrade older hardware Research24 Jun 2024 | 3
Risk of installing dodgy extensions from Chrome store way worse than Google's letting on, study suggests All depends on how you count it – Chocolate Factory claims 1% fail rate Research23 Jun 2024 | 34
Phoenix UEFI flaw puts long list of Intel chips in hot seat Researchers discuss it in same breath as BlackLotus and MosaicRegressor Research21 Jun 2024 | 21
That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise Control-C, Control-V, Enter ... Hell Research19 Jun 2024 | 18
CHERI Alliance formed to promote memory security tech ... but where's Arm? Updated Academic-industry project takes next step as key promoter chip designer licks its wounds Research18 Jun 2024 | 3
Uncle Sam ends financial support to orgs hurt by Change Healthcare attack Billions of dollars made available but worst appears to be over Research18 Jun 2024 | 3
Arm security defense shattered by speculative execution 95% of the time 'TikTag' security folks find anti-exploit mechanism rather fragile Research18 Jun 2024 | 27
Stanford Internet Observatory wilts under legal pressure during election year Because who needs disinformation research at times like these Research14 Jun 2024 | 85
Cybercrooks get cozy with BoxedApp to dodge detection Some of the biggest names in the game are hopping on the trend Research04 Jun 2024 | 2
Researchers warn robot cars can be crashed with tinfoil and paint daubed on cardboard Use Baidu's platform to show how the fusion of Lidar, radar, and cameras can be fooled by stuff from your kids' craft box Research03 Jun 2024 | 34
Pretty much all the headaches at MSPs stem from cybersecurity More cybercrime means more problems as understaffed teams stretched to the limit Research30 May 2024 | 14
How Apple Wi-Fi Positioning System can be abused to track people around the globe In-depth SpaceX is smart on this, Cupertino and GL.iNet not so much Networks23 May 2024 | 78
'China-aligned' spyware slingers operating since 2018 unmasked at last Unfading Sea Haze adept at staying under the radar Research23 May 2024 | 1
Uncle Sam to inject $50M into auto-patcher for hospital IT Boffins, why not simply invent an algorithm that autonomously fixes flaws, thereby ending ransomware forever Public Sector22 May 2024 | 33
Critical Fluent Bit bug affects all major cloud providers, say researchers Crashes galore, plus especially crafty crims could use it for much worse Research21 May 2024 | 2
With ransomware whales becoming so dominant, would-be challengers ask 'what's the point?' Fewer rivals on the scene as big-gang success soars Research21 May 2024 | 3
Researchers call out QNAP for dragging its heels on patch development WatchTowr publishes report claiming vendor failed to issue fixes after four months Research20 May 2024 | 4
An attorney says she saw her library reading habits reflected in mobile ads. That's not supposed to happen Feature Follow us down this deep rabbit hole of privacy policy after privacy policy Personal Tech18 May 2024 | 140
AI red-teaming tools helped X-Force break into a major tech manufacturer 'in 8 hours' RSAC Hint: It's the 'the largest' maker of a key computer component Spotlight on RSA13 May 2024 | 7
GhostStripe attack haunts self-driving cars by making them ignore road signs Cameras tested are specced for Baidu's Apollo Research10 May 2024 | 51
Watch out for rogue DHCP servers decloaking your VPN connections Avoid traffic-redirecting snoops who have TunnelVision Spotlight on RSA07 May 2024 | 34
Brit security guard biz exposes 1.2M files via unprotected database Exclusive Thousands of ID cards plus CCTV snaps of suspects found online Research07 May 2024 | 25
Meta, Spotify break Apple's device fingerprinting rules – new claim Updated And the iOS titan doesn't seem that bothered with data leaking out Research07 May 2024 | 29
Governments issue alerts after 'sophisticated' state-backed actor found exploiting flaws in Cisco security boxes Don't get too comfortable: 'Line Dancer' malware may be targeting other vendors, too Security24 Apr 2024 | 11
If Britain is so bothered by China, why do these .gov.uk sites use Chinese ad brokers? Exclusive One wonders why are there adverts on public-sector portals at all Research24 Apr 2024 | 109
Old Windows print spooler bug is latest target of Russia's Fancy Bear gang Putin's pals use 'GooseEgg' malware to launch attacks you can defeat with patches or deletion Security23 Apr 2024 | 7
Researchers claim Windows Defender can be fooled into deleting databases BLACK HAT ASIA Two rounds of reports and patches may not have completely closed this hole Security22 Apr 2024 | 19
Kremlin's Sandworm blamed for cyberattacks on US, European water utilities Water tank overflowed during one system malfunction, says Mandiant Research17 Apr 2024 | 10