US authorities warn on China's new counter-espionage law Almost anything you download from China could be considered spying, but at least one analyst isn't worried Security03 Jul 2023 | 4
Japan rebukes Fujitsu for cloud security fails Asia In Brief PLUS: Philippines cyber-slave raid; South Korea’s crypto crackdown; AWS boosts Chinese exports; and more Security03 Jul 2023 |
Us, hacked by LockBit? No, says TSMC, that would be our IT supplier So, uh, who's gonna pay that $70M ransom? Cyber-crime30 Jun 2023 | 2
Cops told: Er, no, you need a wiretap order if you want real-time Facebook snooping Privacy: It's a Jersey Thing Security30 Jun 2023 | 10
Life long cyber security learning SANS training courses are scheduled for multiple locations across the EMEA region this Autumn Sponsored Post
Quirky QWERTY killed a password in Paris On Call Quelle tragédie – techie had to visit the city of lights twice to sort this one out Security30 Jun 2023 | 280
Fujitsu admits it fluffed the fix for Japan’s flaky ID card scheme Yet another snafu for digital services push Security30 Jun 2023 | 25
Crook who stole $23m+ in YouTube song royalties gets five years behind bars Claims he wants to stay in the music biz after time in a Sing Sing Cyber-crime29 Jun 2023 | 26
It's 2023 and memory overwrite bugs are not just a thing, they're still number one Cough, cough, use Rust. Plus: Eight more exploited bugs added to CISA's must-patch list Research29 Jun 2023 | 41
Chinese balloon that US shot down was 'crammed' with American hardware Blasted from the sky in February, device never transmitted photos, videos, or radar data it collected, officials say CSO29 Jun 2023 | 67
Now Apple takes a bite out of encryption-bypassing 'spy clause' in UK internet law Not the iPhone maker's first think-of-the-children rodeo Security29 Jun 2023 | 117
Network security guy in extradition tug of war between US and Russia Group-IB spinout confirms Kislitsin is wanted by both Washington and Moscow Cyber-crime29 Jun 2023 | 7
Miscreants leak texts and info siphoned by Android stalkerware app LetMeSpy Just as America's Supremes set a high bar for cyberstalking Cyber-crime27 Jun 2023 | 9
Cops' total pwnage of 'secure' EncroChat nets 6,500+ arrests, €740m in funds – so far Or so the Europlod says Cyber-crime27 Jun 2023 | 11
Warning: JavaScript registry npm vulnerable to 'manifest confusion' abuse Failure to match metadata with packaged files is perfect for supply chain attacks Research27 Jun 2023 | 10
Tackling the cyber skills gap with AI Why the future of cyber security could be fully autonomous where the AI works independently Sponsored Feature
Cloud security advice and expertise at your fingertips Join AWS, Google Cloud, Microsoft Azure, and SANS Institute for the Cloud Security Exchange 2023 Sponsored Post
American and Southwest Airlines pilot candidate data exposed Time to start practising identity protection Cyber-crime26 Jun 2023 | 2
Ex-FBI employee jailed for taking classified material home Infosec in brief Also: a PII harvest at Dole's server farm, military members mailed mystery smartwatches, and this week's critical vulns CSO26 Jun 2023 | 55
JP Morgan accidentally deletes evidence in multi-million record retention screwup Fined $4m for Who-Me-esque mess, for which it blames unnamed archiving vendor's retention settings CSO26 Jun 2023 | 51
JP Morgan accidentally deletes evidence in multi-million record retention screwup Fined $4m for Who-Me-esque mess, for which it blames unnamed archiving vendor's retention settings
Canada plans brain drain of H-1B visa holders, with no-job, no-worries work permits They're vetted, almost acculturated, and will be booted from the US if they lose their gig
Bosses face losing 'key' workers after forcing a return to office Survey says most would prefer a gentle request
Rocky Linux claims to have found 'path forward' from CentOS source purge Ripples rebounding and reflecting from Red Hat's rebuff of RHEL rebuilds
Chinese balloon that US shot down was 'crammed' with American hardware Blasted from the sky in February, device never transmitted photos, videos, or radar data it collected, officials say
Microsoft, OpenAI sued for $3B after allegedly trampling privacy with ChatGPT Where did they get the idea this bot was potentially spitting out personal info? Oh, from The Register
Way out in deep space, astronomers spot precursor of carbon based life James Webb scope finds CH3+ – aka methyl cations – without which you probably wouldn't be reading this
Microsoft's GitHub under fire for DDoSing crucial open source project website A tale of emergency firewalling, a little bit of victim blaming, and workflow scripts gone berserk
It's 2023 and memory overwrite bugs are not just a thing, they're still number one Cough, cough, use Rust. Plus: Eight more exploited bugs added to CISA's must-patch list
Five billion phones are dead in drawers – carriers want to mine them There's gold in them thar mobes. Also copper, silver and cobalt
Google bug bounties inch closer to Microsoft's payouts Chocolate Factory paid a record $12m in 2022 Security24 Jun 2023 | 8
UK cyberspies warn ransomware crews targeting law firms Nation states will use you to get to your friends, says NCSC CSO23 Jun 2023 | 8
Chinese malware intended to infect USB drives accidentally infects networked storage too Hides itself from popular Asian AV, also uses games to do its dirty work Security23 Jun 2023 | 23
US cyber ambassador says China knows how to steal its way to dominance of cloud and AI Calls on governments to combat 'playbook' that propelled Huawei to prominence Security23 Jun 2023 | 20
To kill BlackLotus malware, patching is a good start, but... ...that alone 'could provide a false sense of security,' NSA warns in this handy free guide for orgs CSO22 Jun 2023 | 4
Now BlackCat extortionists threaten to leak stolen plastic surgery pics Sharing a cancer patient's nude snaps earlier wasn't enough for these scumbags Cyber-crime22 Jun 2023 | 10
The Log4j vulnerability – how can we all do better next time? Accept there are some risks you don’t control but which nonetheless you can’t ignore Sponsored Feature
Japan's digital ID card gets emergency review amid data leaks PM wants response as urgent as that mustered for COVID-19 Security22 Jun 2023 | 12
A (cautionary) tale of two patched bugs, both exploited in the wild One affects VMware's monitoring tool and the other TP-Link routers Patches21 Jun 2023 | 8
Apple squashes kernel bug used by TriangleDB spyware Snoops may be targeting macOS in addition to iPhones, Kaspersky says Patches21 Jun 2023 | 3
FTC accuses DNA testing company of lying about dumping samples 1Health must strengthen protections for genetic information as part of settlement CSO21 Jun 2023 | 4
Oreo cookie maker says crooks gobbled up staff info 50K-plus employees' personal info swiped after law firm rolled Cyber-crime20 Jun 2023 | 6
Reddit confirms BlackCat gang pinched some data Crooks demand $4.5m to keep '80GB' of corp info private – and no API price hikes Cyber-crime20 Jun 2023 | 4
Over 100,000 compromised ChatGPT accounts found for sale on dark web UPDATED Cybercrooks hoping users have whispered employer secrets to chatbot Cyber-crime20 Jun 2023 | 26
Data leak at major law firm sets Australia's government and elites scrambling BlackCat attack sparks injunction preventing coverage of purloined docs Security20 Jun 2023 | 24
Guess what happened to this US agency using outdated software? Infosec in brief Also: Hackers target security researchers, MaaS model flourishing, and this week's vulnerabilities Patches19 Jun 2023 | 16
Outsource to infill on cyber security Automating, simplifying, and calling in external help can increase the chances of blocking and mitigating attacks Sponsored Feature
With dead-time dump, Microsoft revealed DDoS as cause of recent cloud outages Previous claims its own software updates were the issue remain almost, kinda, plausible Security19 Jun 2023 | 20
Third MOVEit bug fixed a day after PoC exploit made public Millions of people's personal info swiped, Clop leaks begin with 'Shell's stolen data' Patches16 Jun 2023 | 18
LockBit suspect's arrest sheds more light on 'trustworthy' gang Plus: Accused is innocent until proven guilty, but is known to be an Apple fan Cyber-crime16 Jun 2023 | 10
Capita faces first legal Letter of Claim over mega breach Barings Law claims 250 people that 'suspect' data theft signed up to class action Cyber-crime16 Jun 2023 | 15
Microsoft: Russia sent its B team to wipe Ukrainian hard drives WhisperGate-spreading Cadet Blizzard painted as haphazard but dangerous crew Research16 Jun 2023 | 10
EU boss Breton: There's no Huawei that Chinese comms kit is safe to use in Europe European Commission's own networks to toss Middle Kingdom boxes amid calls for total replacement Security16 Jun 2023 | 55
US government hit by Russia's Clop in MOVEit mass attack CISA chief tells us exploitation 'largely opportunistic', not on same level of SolarWinds CSO15 Jun 2023 | 7
Chinese spies blamed for data-harvesting raids on Barracuda email gateways Snoops 'aggressively targeted' specific govt, academic accounts CSO15 Jun 2023 | 2
North Korea created very phishy evil twin of Naver, South Korea's top portal Think of it as a fake Google tuned for credential capture and you'll understand why authorities want to kill it Security15 Jun 2023 | 9
Decision to hold women-in-cyber events in abortion-banning states sparks outcry 'Many factors were considered,' WiCyS boss tells The Reg as (ISC)² suggests an end to 'girlfriend test' jargon Security14 Jun 2023 | 130
LockBit victims in the US alone paid over $90m in ransoms since 2020 As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections CSO14 Jun 2023 | 2
Capita wins £50M fraud reporting contract with City of London cops No, the irony isn't lost on us either Security14 Jun 2023 | 22
Bringing security to account: why identity must be unified As identity management becomes the new security perimeter, cyber risk underwriters want to see resilient IAM control ID sprawl Sponsored Feature
Florida man insists he didn't violate the law by keeping Top Secret docs Populist politician pleads not guilty at Miami arraignment Security14 Jun 2023 | 449
June Patch Tuesday: VMware vuln under attack by Chinese spies, Microsoft kinda meh Plus: Adobe, SAP and Android push updates Patches13 Jun 2023 | 2
Last of the Gozi 3 sentenced over Windows info-stealing malware ops Banking trojan still going strong as feds put bulletproof hosting point man behind bars Cyber-crime13 Jun 2023 |
These Microsoft Office security signatures are 'practically worthless' Updated Turns out it's easy to forge documents relying on OOXML Research13 Jun 2023 | 13
Russia-Ukraine war sending shockwaves into cyber-ecosystem Conflict could be first shooting war to deploy armies of ‘citizen hackers’ that cause at-risk organisations to rethink their defensive strategies Sponsored Feature
UK telco watchdog Ofcom, Minnesota Dept of Ed named as latest MOVEit victims As another CVE is assigned Cyber-crime13 Jun 2023 | 12
China's cyber now aimed at infrastructure, warns CISA boss Resilience against threats needs a boost Security13 Jun 2023 | 2
India probes medical info 'leak' to Telegram Asia In Brief PLUS: Vietnam's free domain names for youngsters; China's Cuba spy base; Hyundai and Samsung team for car chips; and more Security13 Jun 2023 | 2
Unsealed: Charges against Russians blamed for Mt Gox crypto-exchange collapse What a blast from the past, the past being a year before the pandemic Cyber-crime12 Jun 2023 | 7
Fortinet squashes hijack-my-VPN bug in FortiOS gear And it's already being exploited in the wild, probably Patches12 Jun 2023 | 2
Posing as journalists, Pink Drainer pilfers $3.3M in crypto First the interview, then the phishing attack Cyber-crime12 Jun 2023 | 10
Microsoft stole our stolen dark web data, says security outfit Suit claims Redmond took far more than allowed from Hold's 360M-credential database Security12 Jun 2023 | 8
Lantum S3 bucket leak is prescription for chaos for thousands of UK doctors Updated Freelance agency exposed personal details that would be highly valuable in the wrong hands Cyber-crime12 Jun 2023 | 12
Hold it – another vulnerability found in MOVEit file transfer software Infosec in brief Also, the FBI's $180k investment in AN0M keeps paying off, and this week's critical vulnerabilities Cyber-crime12 Jun 2023 | 7
Online muggers make serious moves on unpatched Microsoft bugs Win32k and Visual Studio flaws are under attack Security09 Jun 2023 | 3
FBI: FISA Section 702 'absolutely critical' to spy on, err, protect Americans No protection without surveillance? Security09 Jun 2023 | 30
Ransomware scum hit Japanese pharma giant Eisai Group Some servers encrypted in weekend attack, but product supply not affected Cyber-crime09 Jun 2023 | 1
Seven steps for using zero trust to protect your multicloud estate Your multicloud environment is complex. You need an uncompromising zero trust approach to manage and secure it. Commissioned
Brit data watchdog fines sleazy sales ops £250K for 'bombarding' folk with calls Crown Glazing and Maxen Power Supply fall foul of PECR Security09 Jun 2023 | 25
Darkweb credit card marts in decline across Asia, researchers claim India tops the charts for document theft Security09 Jun 2023 | 1
Google changes email authentication after spoof shows a bad delivery for UPS Google's blue tick proves untrustworthy Security09 Jun 2023 | 27
Robot can rip the data out of RAM chips with chilling technology 'The more important a thing is for the world, the less security it has' says inventor Security09 Jun 2023 | 21
North Korea's Lazarus Group linked to Atomic Wallet heist Users' cryptocurrency wallets look unlikely to be refilled Cyber-crime08 Jun 2023 | 6
Barracuda tells its ESG owners to 'immediately' junk buggy kit That patch we issued? Yeah, it wasn't enough Security08 Jun 2023 | 12
Google puts $1M behind its promise to detect cryptomining malware If the chocolate factory's scans don't stop the miners, customers don't foot the bill Security08 Jun 2023 | 4
New York City latest to sue Hyundai and Kia claiming their cars are too easy to steal What started as a TikTok craze has become a 'public nuisance' Security08 Jun 2023 | 29
Microsoft says share the wealth with cyber-info for business It's better to take action than wait for attacks Security08 Jun 2023 | 9
Helping Windows 11 fight the hackers How Intel is using hardware-assisted security to beef up Microsoft OS protection Sponsored Feature
UK government to set deadline for removal of Chinese surveillance cams And compile a list of vendors considered threats to national security Security08 Jun 2023 | 40
Deepfakes being used in 'sextortion' scams, FBI warns AI technology raises the bar in an already troubling crime Cyber-crime08 Jun 2023 | 22
Clop ransomware crew sets June extortion deadline for MOVEit victims Plus: The Feds weigh in with advice, details CSO07 Jun 2023 | 2
10 years after Snowden's first leak, what have we learned? Feature Spies gonna spy Security07 Jun 2023 | 36
Police use of PayPal records under fire after raid on 'Cop City' protest fund trio Nearly anything can look like money laundering if you squint hard enough Security06 Jun 2023 | 10
Malwarebytes may not be allowed to label rival's app as 'potentially unwanted' Legal prof warns: 'This case is like a wrecking ball for internet law' Security06 Jun 2023 | 53
US govt now bans TikTok from contractors' work gear BYODALAINGTI (as long as it's not got TikTok installed) CSO06 Jun 2023 | 11
Microsoft cops $20M slap on the wrist for mishandling kids' Xbox data Pocket change, in other words Security06 Jun 2023 | 4
Identity thieves can hunt us for 'rest of our lives,' claims suit after university data leak Crooks steal Social Security numbers and post them on dark web, victims blame holes in Mercer's security Cyber-crime06 Jun 2023 | 36
Taking the art of email security to the next level AI is beefing up the cyber arsenals of both attackers and defenders Sponsored Feature
SEC drops 42 cases after staff bungle data protection Corporate watchdog fouled its info-separation regime, let the wrong people read sensitive docs CSO06 Jun 2023 | 2
British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack Microsoft blames Russian Clop ransomware crew for theft of staff info Cyber-crime05 Jun 2023 | 27
Crypto catastrophe strikes some Atomic Wallet users, over $35M thought stolen Victims nursing huge losses haven't the foggiest how heist happened, yet Security05 Jun 2023 | 22
Qbot malware adapts to live another day … and another … Operators stay ahead of defenders with new access methods and C2 infrastructure Research05 Jun 2023 | 3
Australian cyber-op attacked ISIL with the terrifying power of Rickrolling Commanders in the field persuaded to give up, let their guard down, run around and desert their posts Security05 Jun 2023 | 10
Toyota admits to yet another cloud leak infosec in brief Also, hackers publish RaidForum user data, Google's $180k Chrome bug bounty, and this week's vulnerabilities Security05 Jun 2023 | 6
Meet TeamT5, the Taiwanese infosec outfit taking on Beijing and defeating its smears Living in the eye of the geopolitical storm is not easy, but is good for business Security05 Jun 2023 | 2
Malaysia goes its own Huawei, won't ban Chinese vendor from 5G network Country to have two networks as first buildout falls behind schedule Security02 Jun 2023 | 22
Microsoft stashes nearly half a billion in case LinkedIn data drama hits Irish regulators sniffing around Facebook-for-suits subsidiary have threatened fine CSO02 Jun 2023 | 12
This malicious PyPI package mixed source and compiled code to dodge detection Oh cool, something else to scan for Security02 Jun 2023 | 11