Refreshed from its holiday, Emotet has gone phishing
Notorious botnet starts spamming again after a three-month pause
Research09 Mar 2023 | 2
Research
Frankenstein malware stitched together from code of others disguised as PyPI package
Crime-as-a-service vendors mix and match components as needed by client
Research03 Mar 2023 | 3
Fast-evolving Prilex POS malware can block contactless payments
... forcing users to insert their cards into less-secure PIN systems
Research03 Feb 2023 | 16
Malvertising attacks are distributing .NET malware loaders
The campaign illustrates another option for miscreants who had relied on Microsoft macros
Research02 Feb 2023 | 7
Microsoft closes another door to attackers by blocking Excel XLL files from the internet
More of them used by baddies since Redmond blocked VBA macros
Research25 Jan 2023 | 6
Microsoft took its macros and went home, so miscreants turned to Windows LNK files
Adapt or die
Research23 Jan 2023 | 6
How to track equipped cars via exploitable e-ink platemaker
Miscreants could have tracked, modified, deleted digital plates
Research10 Jan 2023 | 90
Dridex malware pops back up and turns its attention to macOS
Malware testers spot attempt to attack Macs. But (try not to weep for the bad guys) there are still compatibility issues with MS exe files
Research06 Jan 2023 | 6
Legit Android apps poisoned by sticky 'Zombinder' malware
Sure, go ahead and load APKs instead of using an app store. You won't enjoy the results
Research09 Dec 2022 | 25
Meta links US military to fake social media influence campaigns
Didn't say they were good, though – covert ops apparently got 'little to no engagement' from targets
Research24 Nov 2022 | 20
Still using a discontinued Boa web server? Microsoft warns of supply chain attacks
Flaws in the open-source tool exploited – and India's power grid was a target
Research23 Nov 2022 | 10
WASP malware stings Python developers
Info-stealing trojan hides in malicious PyPI packages on GitHub
Research16 Nov 2022 | 9
Robin Banks crooks back at the table with fresh phish from Russia
Phishing-as-a-service group's toolset now includes ways to get around MFA
Research08 Nov 2022 | 1
All the US midterm-related lies to expect when you're electing
Don't like the results? The election must have been rigged
Research07 Nov 2022 | 149
Oh, look: More malware in the Google Play store
in brief Also, US media hit with JavaScript supply chain attack, while half of govt employees use out-of-date mobile OSes
Research07 Nov 2022 | 25
Double-check demand payment emails from law firms: Convincing fakes surface
Crimson Kingsnake impersonates legit attorneys, fakes email threads from your colleagues in far-reaching BEC campaign
Research04 Nov 2022 | 15
Ordinary web access request or command to malware?
Cranefly group unleashes nasty little technique using Microsoft Internet Information Services (IIS) logs
Research31 Oct 2022 | 4
This Windows worm evolved into slinging ransomware. Here's how to detect it
Raspberry Robin hits 1,000 orgs in just one month
Research28 Oct 2022 | 12
Purpleurchin cryptocurrency miners spotted scouring free GitHub, Heroku accounts
This is why we can't have nice things
Research27 Oct 2022 | 14
DHL named most-spoofed brand in phishing
With Microsoft and LinkedIn close on shipping giant's heels
Research24 Oct 2022 | 4
Popular
Singapore software maker says own hardware in colo costs $400M less than cloud
‘Wouldn’t be profitable, or exist, if our products were 100% on AWS’
Techie wiped a server, nobody noticed, so a customer kept paying for six months
Who, me? A missed migration mitigated the mistake
The UK's bad encryption law can't withstand global contempt
Opinion Any sufficiently stupid technology is indistinguishable from magical thinking
GPT-4 to launch this week, Microsoft Germany's CTO lets slip
In-brief Plus: DuckDuckGo launches its own AI web search chatbot, and more
LockBit brags: We'll leak thousands of SpaceX blueprints stolen from supplier
And also, Ring hit with ransomware, too? No, says Amazon
British industry calls for regulation of autonomous vehicles
Standards that cut across technology could help avoid confusing industry, MPs hear
Yes, Samsung 'fakes' its smartphone Moon photos – who cares?
Comment Moon is real. Pictures of Moon are real. Phone uses lots of pictures of Moon to make your picture less crap
Infosys president leaves to join rival Tech Mahindra as CEO
Asia In Brief PLUS: Singapore tests AWS quantum network; Honda bulks autonomous truck; India tightens crypto laws; and more
Rivian wants out of Amazon electric van lock-in
10k delivery vehicles this year isn't going to cut it and upstart really needs the cash
Rebel without a clause: ISP promises broadband with no contract
We don't need to trap customers to force loyalty, says boss
STORIES
Good news, URSNIF no longer a banking trojan. Bad news, it's now a backdoor
And one designed to slip ransomware and data-stealing code onto infected machines
Research21 Oct 2022 | 1
Tear in Microsoft Azure Service Fabric can give attackers full admin privileges
Orca Security disclosed the bug, and older versions remain vulnerable
Research19 Oct 2022 |
Phishing works so well crims won't bother with deepfakes, says Sophos chap
People reveal passwords if you ask nicely, so AI panic is overblown
Research17 Oct 2022 | 15
Criminal multitool LilithBot arrives on malware-as-a-service scene
Bespoke botnet up for grabs from outfit praised for, er, customer service
Research10 Oct 2022 | 1
Loads of PostgreSQL systems are sitting on the internet without SSL encryption
They probably shouldn't be connected in the first place, says database expert
Research07 Oct 2022 | 20
Steganography alert: Backdoor spyware stashed in Microsoft logo
Now that's sticker shock
Research02 Oct 2022 | 27
Microsoft warns of North Korean crew posing as LinkedIn recruiters
State-sponsored ZINC allegedly passes on malware-laden open source apps
Research30 Sep 2022 | 10
How CIA betrayed informants with shoddy front websites built for covert comms
Top tip, don't give your secret login box the HTML form type 'password'
Research29 Sep 2022 | 37
Pentagon is far too tight with its security bug bounties
But overpriced, useless fighter jets? That's something we can get behind
Research29 Sep 2022 | 16
Matrix chat encryption sunk by five now-patched holes
You take the green pill, you'll spend six hours in a 'don't roll your own crypto' debate
Research28 Sep 2022 | 8
The web's cruising at 13 million new and nefarious domain names a month
Or so Akamai is dying to tell us
Research28 Sep 2022 | 10
Want to sneak a RAT into Windows? Buy Quantum Builder on the dark web
Beware what could be hiding in those LNK shortcuts
Research28 Sep 2022 | 4
China's infosec researchers obeyed Beijing and stopped reporting vulns ... or did they?
Report finds increase in anonymous vuln reports
Research27 Sep 2022 | 4
Can reflections in eyeglasses actually leak info from Zoom calls? Here's a study into it
About time someone shone some light onto this
Security17 Sep 2022 | 68
Mandiant links APT42 to Iranian 'terrorist org'
'It's hard to imagine a more dangerous scenario,' Mandiant Intel VP told The Reg
Research07 Sep 2022 | 27
Oh no, that James Webb Space Telescope snap might actually contain malware
Is nothing sacred?
Research01 Sep 2022 | 25
Find a security hole in Google's open source and you could bag a $31,337 reward
Will it be enough to prevent the next software supply-chain attack?
Research30 Aug 2022 | 5
Twitter, Meta kill hundreds of pro-Western troll accounts
It turns out online chicanery aiming to destabilize foreign nations is a two-way street
Research25 Aug 2022 | 38
Microsoft finds critical hole in operating system that for once isn't Windows
Oh wow, get a load of Google using strcpy() all wrong – strcpy! Haha, you'll never ever catch us doing that
Research23 Aug 2022 | 65
Two years on, Apple iOS VPNs still leak IP addresses
Privacy, it's a useful marketing term. *Offer does not apply in China
Research19 Aug 2022 | 18
Software developer cracks Hyundai car security with Google search
Top tip: Your RSA private key should not be copied from a public code tutorial
Research17 Aug 2022 | 81
Mozilla finds 18 of 25 popular reproductive health apps share your data
Scary in post-Roe America, and Poland, and far too many other places
Research17 Aug 2022 | 44
Oh Deere: Farm hardware jailbroken to run Doom
Corn-y demo heralded as right-to-repair win
Research16 Aug 2022 | 50
Student crashes Cloudflare beta party, redirects email, bags a bug bounty
Simple to exploit, enough to pocket $3,000
Research04 Aug 2022 | 8
Post-quantum crypto cracked in an hour with one core of an ancient Xeon
NIST's nifty new algorithm looks like it's in trouble
Research03 Aug 2022 | 82
Miscreants aim to cause Discord discord with malicious npm packages
LofyLife campaign comes amid GitHub security lockdown
Research02 Aug 2022 | 2
Vietnamese attacker circumvents Facebook security with ‘DUCKTAIL’ malware
Session cookies and 2FA subversion allow takeover of biz and ad accounts, lead to unauthorized ad buys
Research27 Jul 2022 | 8
Node.js prototype pollution is bad for your app environment
Boffins find common code constructs that may be exploitable to achieve remote code execution
Research25 Jul 2022 | 5
US Cyber Command spots another 20 malware strains targeting Ukraine
Plus Mandiant, Cisco Talos uncover digital espionage
Research21 Jul 2022 | 1
Boffins release tool to decrypt Intel microcode. Have at it, x86 giant says
Peek behind the curtain to see SGX implemented, Spectre mitigated, and more
Research20 Jul 2022 | 18
Botnet malware disguises itself as password cracker for industrial controllers
Can't get into that machine? No problem, just trust this completely sketchy looking tool
Research18 Jul 2022 | 8
SCOTUS judges 'doxxed' after overturning Roe v Wade
Physical and IP addresses as well as credit card info revealed in privacy breach
Research13 Jul 2022 | 139
Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant
Speculative execution side-channels continue to haunt silicon world
Research12 Jul 2022 | 8
How data on a billion people may have leaked from a Chinese police dashboard
Record-breaking dump thanks to password-less Kibana endpoint?
Research10 Jul 2022 | 24
Someone may be prepping an NPM crypto-mining spree
1,300 packages from 1,000 automated user accounts set the stage for something big
Research07 Jul 2022 | 8
Hive ransomware gang rapidly evolves with complex encryption, Rust code
RaaS malware devs have been busy bees
Research06 Jul 2022 | 3
Near-undetectable malware linked to Russia's Cozy Bear
The fun folk who attacked Solar Winds using a poisoned CV and tools from the murky world of commercial hackware
Research06 Jul 2022 | 64
Actual quantum computers don't exist yet. The cryptography to defeat them may already be here
NIST pushes ahead with CRYSTALS-KYBER, CRYSTALS-Dilithium, FALCON, SPHINCS+ algorithms
Research05 Jul 2022 | 42
Pentagon: We'll pay you if you can find a way to hack us
DoD puts money behind bug bounty program after reward-free pilot
Research05 Jul 2022 | 18
What to do about inherent security flaws in critical infrastructure?
Industrial systems' security got 99 problems and CVEs are one. Or more
Research03 Jul 2022 | 46
We're now truly in the era of ransomware as pure extortion without the encryption
Feature Why screw around with cryptography and keys when just stealing the info is good enough
Research25 Jun 2022 | 22
Google: How we tackled this iPhone, Android spyware
Watching people's every move and collecting their info – not on our watch, says web ads giant
Research24 Jun 2022 | 25
Mega's unbreakable encryption proves to be anything but
Boffins devise five attacks to expose private files
Research22 Jun 2022 | 39
How refactoring code in Safari's WebKit resurrected 'zombie' security bug
Fixed in 2013, reinstated in 2016, exploited in the wild this year
Research21 Jun 2022 | 14
CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
Updated Nearly 60 holes found affecting 'more than 30,000' machines worldwide
Research21 Jun 2022 | 23
US senators seek ban on sale of health location data
With Supreme Court set to overturn Roe v Wade, privacy is key
Research17 Jun 2022 | 32
Malaysia-linked DragonForce hacktivists attack Indian targets
Just what we needed: a threat to rival Anonymous
Research15 Jun 2022 | 5
Unpatched Exchange server, stolen RDP logins... How miscreants get BlackCat ransomware on your network
Microsoft details this ransomware-as-a-service
Research15 Jun 2022 | 1
Chinese-sponsored gang Gallium upgrades to sneaky PingPull RAT
Broadens targets from telecoms to finance and government orgs
Research14 Jun 2022 | 2
Symbiote Linux malware spotted – and infections are 'very hard to detect'
Performing live forensics on hijacked machine may not turn anything up, warn researchers
Research10 Jun 2022 | 21
Apple M1 chip contains hardware vulnerability that bypasses memory defense
MIT CSAIL boffins devise PACMAN attack to let existing exploits avoid pointer authentication
Research10 Jun 2022 | 9
Emotet malware gang re-emerges with Chrome-based credit card heistware
Crimeware groups are re-inventing themselves
Research10 Jun 2022 | 5
Chinese 'Aoqin Dragon' gang runs undetected ten-year espionage spree
Researcher spots it targeting Asian government and telco targets, probably with Beijing's approval
Research10 Jun 2022 | 12
Hardware flaws give Bluetooth chipsets unique fingerprints that can be tracked
While this poses a privacy and security threat, an attacker's ability to exploit it may come down to luck
Research10 Jun 2022 | 6
Now Windows Follina zero-day exploited to infect PCs with Qbot
Data-stealing malware also paired with Black Basta ransomware gang
Research09 Jun 2022 | 4
To cut off all nearby phones with these Chinese chips, this is the bug to exploit
Android patches incoming for NAS-ty memory overwrite flaw
Research03 Jun 2022 | 28
Clipminer rakes in $1.7m in crypto hijacking scam
Crooks divert transactions to own wallets while running mining on the side
Research03 Jun 2022 | 2
Healthcare organizations face rising ransomware attacks – and are paying up
Via their insurance companies, natch
Research03 Jun 2022 | 10
Conti spotted working on exploits for Intel Management Engine flaws
Don't leave those firmware patches to last
Research02 Jun 2022 | 11
Dear Europe, here again are the reasons why scanning devices for unlawful files is not going to fly
Antivirus-but-for-pictures would trample rights, not even work as expected, say academics
Research02 Jun 2022 | 165
Super-spreader FluBot squashed by Europol
Your package is delayed. Click this innocent-looking link to reschedule
Research02 Jun 2022 | 5
Watch out for phishing emails that inject spyware trio
You wait for one infection and then three come along at once
Research01 Jun 2022 | 13
What if ransomware evolved to hit IoT in the enterprise?
Proof-of-concept lab work demos potential future threat
Research01 Jun 2022 | 6
EnemyBot malware adds enterprise flaws to exploit arsenal
Fast-evolving botnet targets critical VMware, F5 BIG-IP bugs, we're told
Research01 Jun 2022 | 2
Australian digital driving licenses can be defaced in minutes
Brute force attack leaves the license wide open for undetectable alteration, but back end data remains unchanged
Research30 May 2022 | 56
This Windows malware uses PowerShell to inject malicious extension into Chrome
And that's a bit odd, says Red Canary
Research27 May 2022 | 13
How to reprogram Apple AirTags, play custom sounds
Voltage glitch here, glitch there, now you can fiddle with location disc's firmware
Research27 May 2022 | 5
Ransomware encrypts files, demands three good deeds to restore data
Shut up and take ... poor kids to KFC?
Research26 May 2022 | 16
Cheers ransomware hits VMware ESXi systems
Now we can say extortionware has jumped the shark
Research26 May 2022 | 3
Verizon: Ransomware sees biggest jump in five years
We're only here for DBIRs
Research26 May 2022 | 6
Ex-spymaster and fellow Brexiteers' emails leaked by suspected Russian op
A 'Very English Coop (sic) d'Etat'
Research26 May 2022 | 166
About half of popular websites tested found vulnerable to account pre-hijacking
In detail: Ocean's Eleven-grade ruse in which victims' profiles are rigged from the start
Research25 May 2022 | 12
Predator spyware sold with Chrome, Android zero-day exploits to monitor targets
Or so says Google after tracking 30+ vendors peddling surveillance malware
Research24 May 2022 | 6
It's 2022 and there are still malware-laden PDFs in emails exploiting bugs from 2017
Crafty file names, encrypted malicious code, Office flaws – ah, it's like the Before Times
Research24 May 2022 | 23
Microsoft Bing censors politically sensitive Chinese terms
Updated Research claims it fails to autofill certain names in Han characters, Microsoft says it's technical error
Research20 May 2022 | 22
Hot glare of the spotlight doesn’t slow BlackByte ransomware gang
Crew's raids continue worldwide, Talos team warns
Research19 May 2022 | 4
Your snoozing iOS 15 iPhone may actually be sleeping with one antenna open
No, you're not really gonna be hacked. But you may be surprised
Research19 May 2022 | 40
Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
Analysis Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D
Research18 May 2022 | 3
Pentester pops open Tesla Model 3 using low-cost Bluetooth module
Anything that uses proximity-based BLE is vulnerable, claim researchers
Research17 May 2022 | 51
Shopping for malware: $260 gets you a password stealer. $90 for a crypto-miner...
We take a look at low, low subscription prices – not that we want to give anyone any ideas
Research14 May 2022 | 6
Biting the hand that feeds IT
