Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' Redmond threat intel maven talks explains this persistent pain to The Reg Security06 Dec 2024 | 11
Data broker leaves 600K+ sensitive files exposed online Exclusive Researcher spotted open database before criminals … we hope Research27 Nov 2024 | 22
First-ever UEFI bootkit for Linux in the works, experts say Bootkitty doesn’t bite… yet Research27 Nov 2024 | 11
The workplace has become a surveillance state Cracked Labs report explores the use of motion sensors and wireless networking kit to monitor offices CxO27 Nov 2024 | 70
'Alarming' security bugs lay low in Linux's needrestart utility for 10 years Update now: Qualys says flaws give root to local users, 'easily exploitable', default in Ubuntu Server Research21 Nov 2024 | 15
Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed OSS-Fuzz is making a strong argument for LLMs in security research AI + ML20 Nov 2024 | 9
China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer No word on when or if the issue will be fixed Security19 Nov 2024 | 2
America's drinking water systems have a hard-to-swallow cybersecurity problem More than 100M rely on gear rife with vulnerabilities, says EPA OIG Public Sector19 Nov 2024 | 20
Rust haters, unite! Fil-C aims to Make C Great Again It's memory-safe, with a few caveats Software16 Nov 2024 | 104
Letting chatbots run robots ends as badly as you'd expect LLM-controlled droids easily jailbroken to perform mayhem, researchers warn AI + ML16 Nov 2024 | 44
Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' Updated Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds Research14 Nov 2024 | 5
China's Volt Typhoon crew and its botnet surge back with a vengeance Ohm, for flux sake Public Sector13 Nov 2024 | 4
Don't open that 'copyright infringement' email attachment – it's an infostealer Curiosity gives crims access to wallets and passwords Research07 Nov 2024 | 21
Cybercrooks are targeting Bengal cat lovers in Australia for some reason In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos Research06 Nov 2024 | 15
Criminals open DocuSign's Envelope API to make BEC special delivery Why? Because that's where the money is Research05 Nov 2024 | 4
Ongoing typosquatting campaign impersonates hundreds of popular npm packages Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials Research05 Nov 2024 | 11
Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed You snooze, you lose, er, win AI + ML05 Nov 2024 | 19
Gang gobbles 15K credentials from cloud and email providers' garbage Git configs Emeraldwhale looked sharp – until it made a common S3 bucket mistake Research31 Oct 2024 | 2
AWS Cloud Development Kit flaw exposed accounts to full takeover Remember Bucket Monopoly? Yeah, it gets worse Cybersecurity Month24 Oct 2024 | 13
Perfctl malware strikes again as crypto-crooks target Docker Remote API servers Attacks on unprotected servers reach 'critical level' Cybersecurity Month24 Oct 2024 | 1
Wubuntu: The lovechild of Windows and Linux nobody asked for A third-party Kubuntu remix with a severe identity crisis
T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career' interview Security chief talks to El Reg as Feds urge everyone to use encrypted chat
Broadcom makes U-turn on plan to serve top 2,000 VMware customers itself Canalys Forums APAC Now wants to work with 500 and lean more on partners to defend against migrations – which Dell says are on the cards
Day after nuclear power vow, Meta announces largest-ever datacenter powered by fossil fuels Louisiana facility's three natural gas turbine plants to churn out 2,262 MW
Windows 11 24H2 rolls out to more devices – with a growing list of known issues Compatibility holds persist as gamers face black screens
BT Group confirms attackers tried to break into Conferencing division Sensitive data allegedly stolen from US subsidiary following Black Basta post
No, I can't help – you called the wrong helpdesk, in the wrong place, for the wrong platform On Call Call the boss instead. He's not a big fan of sleep
Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware Threatened with life in prison, Kyiv charity worker gives middle finger to state spies
Ransomware hangover, Putin grudge blamed for vodka maker's bankruptcy Stoli Group on the rocks in the US
Huawei handed 2,596,148,429,267,413, 814,265,248,164,610,048 IPv6 addresses That's 2.56 decillion of them, destined for use in CDNs and the cloud – and APNIC needed 83 decillion more to handle the request
Millions of Android and iOS users at risk from hardcoded creds in popular apps Azure Blob Storage, AWS, and Twilio keys all up for grabs Cybersecurity Month23 Oct 2024 | 17
WeChat devs introduced security flaws when they modded TLS, say researchers No attacks possible, but enough issues to cause concern Cybersecurity Month17 Oct 2024 | 15
WhatsApp may expose the OS you use to run it – which could expose you to crooks Updated Meta knows messaging service creates persistent user IDs that have different qualities on each device Research16 Oct 2024 | 16
Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption With an off-the-shelf D-Wave machine, but only against very short keys Cybersecurity Month14 Oct 2024 | 23
INC ransomware rebrands to Lynx – same code, new name, still up to no good Researchers point to evidence that scumbags visited the strategy boutique Cybersecurity Month11 Oct 2024 | 10
Smart TVs are spying on everyone Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change Cybersecurity Month09 Oct 2024 | 127
Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds 'You can build this in a few days – even as a very naïve developer' Cybersecurity Month04 Oct 2024 | 115
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant Exclusive Crooks 'like a sysadmin, with a malicious slant' Cybersecurity Month03 Oct 2024 | 3
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline Cybersecurity Month02 Oct 2024 | 8
The fix for BGP's weaknesses has big, scary, issues of its own, boffins find Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works Security02 Oct 2024 | 9
Cloud threats have execs the most freaked out because they're not prepared Ransomware? More like 'we don't care' for everyone but CISOs Research30 Sep 2024 | 3
Red team hacker on how she 'breaks into buildings and pretends to be the bad guy' Interview Alethe Denis exposes tricks that made you fall for that return-to-office survey Cybersecurity Month29 Sep 2024 | 68
Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda Research27 Sep 2024 | 6
Russia's digital warfare on Ukraine shows no signs of slowing: Malware hits surge Severe incidents may be down, but Putin had to throw one in for good measure Cyber-crime24 Sep 2024 | 9
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town No malware crew linked to this latest red-teaming tool yet Research23 Sep 2024 |
No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom Says Lina Khan in latest push to rein in Meta, Google, Amazon and pals Personal Tech19 Sep 2024 | 26
Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations Updated Better check your widgets, people Research19 Sep 2024 | 7
Tor insists its network is safe after German cops convict CSAM dark-web admin Outdated software blamed for cracks in the armor Cyber-crime19 Sep 2024 | 25
Putin really wants Trump back in the White House US govt, Microsoft report on Kremlin trolls' latest antics to Make America Grate Again Research18 Sep 2024 | 268
Chinese spies spent months inside aerospace engineering firm's network via legacy IT Exclusive Getting sloppy, Xi CSO18 Sep 2024 | 32
Feeld dating app's security too open-minded as private data swings into public view No love for months-long wait to fix this, either Research13 Sep 2024 | 8
Mind your header! There's nothing refreshing about phishers' latest tactic It could lead to a costly BEC situation Research12 Sep 2024 | 2
If HDMI screen rips aren't good enough for you pirates, DeCENC is another way to beat web video DRM Academically interesting technique for poking holes in paywalled tech specs Research12 Sep 2024 | 37
How $20 and a lapsed domain allowed security pros to undermine internet integrity What happens at Black Hat… Research11 Sep 2024 | 19
Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials Research04 Sep 2024 |
Novel attack on Windows spotted in phishing campaign run from and targeting China Resources hosted at Tencent Cloud involved in Cobalt Strike campaign Research02 Sep 2024 | 3
Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers Updated Infosec hounds say they spotted vulnerability during routine travel in the US Research30 Aug 2024 | 28
31.5M invoices, contracts, patient consent forms, and more exposed to the internet Exclusive Unprotected database with 12 years of biz records yanked offline CSO26 Aug 2024 | 28
110K domains targeted in 'sophisticated' AWS cloud extortion campaign Updated If you needed yet another reminder of what happens when security basics go awry Research21 Aug 2024 | 4
Digital wallets can allow purchases with stolen credit cards Researchers find it's possible to downgrade authentication checks, and shabby token refresh policies Research20 Aug 2024 | 36
Multiple flaws in Microsoft macOS apps unpatched despite potential risks Windows giant tells Cisco Talos it isn't fixing them Research19 Aug 2024 | 21
Google raps Iran's APT42 for raining down spear-phishing attacks US politicians and Israeli officials among the top targets for the IRGC’s cyber unit Research15 Aug 2024 | 1
China-linked cyber-spies infect Russian govt, IT sector No, no, go ahead, don't let us stop you, Xi Research15 Aug 2024 | 17
Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls Because apps talking like pirates and creating ASCII art never gets old AI + ML13 Aug 2024 | 17
Raptor Lake microcode limits Intel chips to a mere 1.55 volts to prevent CPU destruction Is that a lot? Depends on the context. GHz, no. Voltage, yes Personal Tech09 Aug 2024 | 28
It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0 Can't reach someone's private server on localhost from outside? No problem Research09 Aug 2024 | 39
Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware Black Hat Why run your own evil infrastructure when Big Tech offers robust tools hosted at trusted URLs? Black Hat and DEF CON08 Aug 2024 | 2
Faulty instructions in Alibaba's T-Head C910 RISC-V CPUs blow away all security Black Hat Let's get physical, physical ... I don't wanna hear your MMU talk Black Hat and DEF CON07 Aug 2024 | 48
Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net A simple HTML change and the warning is gone! Research07 Aug 2024 | 13
SharpRhino malware targets IT admins – Hunters International gang suspected Fake Angry IP Scanner will make you furious - or maybe remind you of how the Hive gang went about its banal business Security07 Aug 2024 |
Georgia's voter portal gets a crash course in client versus backend input validation Trying to cancel a citizen's registration would be caught by humans no matter what the page said, officials say Research07 Aug 2024 | 36
Bad apps bypass Windows security alerts for six years using newly unveiled trick Windows SmartScreen and Smart App Control both have weaknesses of which to be wary Research06 Aug 2024 | 16
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets Malware logs users' keystrokes, pilfers credentials, exfiltrates data Research05 Aug 2024 | 15
DARPA suggests turning old C code automatically into Rust – using AI, of course Who wants to make a TRACTOR pull request? Research03 Aug 2024 | 146
Russia takes aim at Sitting Ducks domains, bags 30,000+ Eight-year-old domain hijacking technique still claiming victims Research31 Jul 2024 |
Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others They DKIM here, they DKIM there Research30 Jul 2024 | 33
Meta's AI safety system defeated by the space bar 'Ignore previous instructions' thwarts Prompt-Guard model if you just add some good ol' ASCII code 32 AI + ML29 Jul 2024 | 57
Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank May even have targeted other malware gangs, and infosec researchers Cyber-crime26 Jul 2024 | 9
Beware of fake CrowdStrike domains pumping out Lumma infostealing malware PSA: Only accept updates via official channels ... ironically enough Malware Month25 Jul 2024 | 3
FYI: Data from deleted GitHub repos may not actually be deleted And the forking Microsoft-owned code warehouse doesn't see this as much of a problem CSO25 Jul 2024 | 49
Oops. Apple relied on bad code while flaming Google Chrome's Topics ad tech Yes, you can be fingerprinted and tracked via Privacy Sandbox – tho the risk isn't as high as feared Personal Tech24 Jul 2024 | 8
Forget security – Google's reCAPTCHA v2 is exploiting users for profit Updated Web puzzles don't protect against bots, but humans have spent 819 million unpaid hours solving them Security24 Jul 2024 | 72
How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code Analysis Maybe next time some staged rollouts? A bit of QA too? CSO23 Jul 2024 | 119
Russia’s FIN7 is peddling its EDR-nerfing malware to ransomware gangs Major vendors' products scuppered by novel techniques Research18 Jul 2024 | 5
Release the hounds! Securing datacenters may soon need sniffer dogs Nothing else can detect attackers with implants designed to foil physical security Security18 Jul 2024 | 35
Ransomware continues to pile on costs for critical infrastructure victims Millions more spent without any improvement in recovery times Malware Month17 Jul 2024 | 5
FBI gains access to Trump rally shooter's phone Hasn't said how it did it, but has form cracking devices Research16 Jul 2024 | 115
RADIUS networking protocol blasted into submission through MD5-based flaw If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed Research10 Jul 2024 | 11
Latest Ghostscript vulnerability haunts experts as the next big breach enabler There's also chatter about whether medium severity scare is actually code red nightmare Research05 Jul 2024 | 25
Traeger security bugs bad news for grillers with neighborly beef Never risk it when it comes to brisket – make sure those updates are applied Research03 Jul 2024 | 20
CISA looked at C/C++ projects and found a lot of C/C++ code. Wanna redo any of it in Rust? So, so many lines of memory-unsafe routines in crucial open source, and unsafe dependencies Research28 Jun 2024 | 81
'Skeleton Key' attack unlocks the worst of AI, says Microsoft Simple jailbreak prompt can bypass safety guardrails on major models AI + ML28 Jun 2024 | 115
Polyfill.io owner punches back at 'malicious defamation' amid domain shutdown Updated No supply-chain attacks to see over here! Research28 Jun 2024 | 28
If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately Scripts turn sus after mysterious CDN swallows domain CSO25 Jun 2024 | 61
'Mirai-like' botnet observed attacking EOL Zyxel NAS devices Seems like as good a time as any to upgrade older hardware Research24 Jun 2024 | 3
Risk of installing dodgy extensions from Chrome store way worse than Google's letting on, study suggests All depends on how you count it – Chocolate Factory claims 1% fail rate Research23 Jun 2024 | 34
Phoenix UEFI flaw puts long list of Intel chips in hot seat Researchers discuss it in same breath as BlackLotus and MosaicRegressor Research21 Jun 2024 | 21
That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise Control-C, Control-V, Enter ... Hell Research19 Jun 2024 | 18
CHERI Alliance formed to promote memory security tech ... but where's Arm? Updated Academic-industry project takes next step as key promoter chip designer licks its wounds Research18 Jun 2024 | 3
Uncle Sam ends financial support to orgs hurt by Change Healthcare attack Billions of dollars made available but worst appears to be over Research18 Jun 2024 | 3
Arm security defense shattered by speculative execution 95% of the time 'TikTag' security folks find anti-exploit mechanism rather fragile Research18 Jun 2024 | 27
Stanford Internet Observatory wilts under legal pressure during election year Because who needs disinformation research at times like these Research14 Jun 2024 | 85
Cybercrooks get cozy with BoxedApp to dodge detection Some of the biggest names in the game are hopping on the trend Research04 Jun 2024 | 2
Researchers warn robot cars can be crashed with tinfoil and paint daubed on cardboard Use Baidu's platform to show how the fusion of Lidar, radar, and cameras can be fooled by stuff from your kids' craft box Research03 Jun 2024 | 34
Pretty much all the headaches at MSPs stem from cybersecurity More cybercrime means more problems as understaffed teams stretched to the limit Research30 May 2024 | 14
How Apple Wi-Fi Positioning System can be abused to track people around the globe In-depth SpaceX is smart on this, Cupertino and GL.iNet not so much Networks23 May 2024 | 78
'China-aligned' spyware slingers operating since 2018 unmasked at last Unfading Sea Haze adept at staying under the radar Research23 May 2024 | 1
Uncle Sam to inject $50M into auto-patcher for hospital IT Boffins, why not simply invent an algorithm that autonomously fixes flaws, thereby ending ransomware forever Public Sector22 May 2024 | 33
Critical Fluent Bit bug affects all major cloud providers, say researchers Crashes galore, plus especially crafty crims could use it for much worse Research21 May 2024 | 2
With ransomware whales becoming so dominant, would-be challengers ask 'what's the point?' Fewer rivals on the scene as big-gang success soars Research21 May 2024 | 3