Mandiant: Orgs are detecting cybercriminals faster than ever The 'big victory for the good guys' shouldn't be celebrated too much, though Security23 Apr 2024 | 1
UnitedHealth admits IT security breach could 'cover substantial proportion of people in America' That said, good ol' American healthcare system so elaborately costly, some are forced to avoid altogether Cyber-crime23 Apr 2024 | 9
Leicester streetlights take ransomware attack personally, shine on 24/7 City council says it lost control after shutting down systems Cyber-crime23 Apr 2024 | 23
Over a million Neighbourhood Watch members exposed through web app bug Unverified users could scoop up data on high-value individuals without any form of verification process Security23 Apr 2024 | 23
Misconfigured cloud server leaked clues of North Korean animation scam Outsourcers outsourced work for the BBC, Amazon, and HBO Max to the hermit kingdom Cyber-crime23 Apr 2024 | 14
Old Windows print spooler bug is latest target of Russia's Fancy Bear gang Putin's pals use 'GooseEgg' malware to launch attacks you can defeat with patches or deletion Security23 Apr 2024 | 6
FBI and friends get two more years of warrantless FISA Section 702 snooping Senate kills reform amendments, Biden swiftly signs bill into law Public Sector22 Apr 2024 | 9
Europol now latest cops to beg Big Tech to ditch E2EE Don't bore us, get to the chorus: You need less privacy so we can protect the children Security22 Apr 2024 | 23
Germany arrests trio accused of trying to smuggle naval military tech to China Prosecutors believe one frikkin' laser did make its way to Beijing Public Sector22 Apr 2024 |
Watchdog tells Dutch govt: 'Do not use Facebook if there is uncertainty about privacy' Meta insists it's just misunderstood and it's safe to talk to citizens over FB Security22 Apr 2024 | 8
US House passes fresh TikTok ban proposal to Senate Sadly no push to end stupid TikTok dances, but ByteDance would have year to offload app stateside Security22 Apr 2024 | 23
UK data watchdog questions how private Google's Privacy Sandbox is Leaked draft report says stated goals still come up short Security22 Apr 2024 | 2
Has the ever-present cyber danger just got worse? Facing down the triple threat of ransomware, data breaches and criminal extortion Sponsored
Google all at sea over rising tide of robo-spam Opinion What if it's not AI but the algorithm to blame? Security22 Apr 2024 | 36
Rarest, strangest, form of Windows saved techie from moment of security madness Who, Me? For once, Redmond's finest saved the day - by being rubbish in unexpectedly useful ways Security22 Apr 2024 | 82
Researchers claim Windows Defender can be fooled into deleting databases BLACK HAT ASIA Two rounds of reports and patches may not have completely closed this hole Security22 Apr 2024 | 17
China creates 'Information Support Force' to improve networked defence capabilities A day after FBI boss warns Beijing is poised to strike against US infrastructure Public Sector22 Apr 2024 | 8
MITRE admits 'nation state' attackers touched its NERVE R&D operation Infosec In Brief PLUS: Akira ransomware resurgent; Telehealth outfit fined for data-sharing; This week's nastiest vulns Security22 Apr 2024 | 3
Sacramento airport goes no-fly after AT&T internet cable snipped Police say this appears to be a 'deliberate act.' Cyber-crime19 Apr 2024 | 44
WhatsApp, Threads, more banished from Apple App Store in China Still available in Hong Kong and Macau, for now Security19 Apr 2024 | 8
Ex-Amazon exec claims she was asked to ignore copyright law in race to AI High-flying AI scientist claims unfair dismissal following pregnancy leave
Rarest, strangest, form of Windows saved techie from moment of security madness Who, Me? For once, Redmond's finest saved the day - by being rubbish in unexpectedly useful ways
Researchers claim Windows Defender can be fooled into deleting databases BLACK HAT ASIA Two rounds of reports and patches may not have completely closed this hole
Zilog to end standalone sales of the legendary Z80 CPU The processor that gave the world the ZX Spectrum and so much more is out of wafers
Google all at sea over rising tide of robo-spam Opinion What if it's not AI but the algorithm to blame?
Huawei wants to take homegrown HarmonyOS phone platform worldwide Chinese tech juggernaut eyes global expansion despite US tech restrictions
Fedora 40 is just around the corner with more spins and flavors than ever KDE edition has the most conspicuous changes, and could become future flagship
MITRE admits 'nation state' attackers touched its NERVE R&D operation Infosec In Brief PLUS: Akira ransomware resurgent; Telehealth outfit fined for data-sharing; This week's nastiest vulns
Gone in 35 seconds – the Cybertruck's misbehaving acceleration pedal Riveting conclusion to Tesla recall saga
Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals It’s the second time the World-Check list has fallen into the wrong hands Cyber-crime19 Apr 2024 | 21
Germany cuffs alleged Russian spies over plot to bomb industrial and military targets Apparently an attempt to damage Ukraine's war effort Security19 Apr 2024 | 5
Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers Updated Source blames BlackSuit infection – as separately ISP Frontier confirms cyberattack Cyber-crime18 Apr 2024 | 9
Crooks exploit OpenMetadata holes to mine crypto – and leave a sob story for victims 'I want to buy a car. That's all' Cyber-crime18 Apr 2024 | 6
House passes bill banning Uncle Sam from snooping on citizens via data brokers Vote met strong opposition from Biden's office Security18 Apr 2024 | 21
Fraudsters abused Apple Stores' third-party pickup policy to phish for profits Black Hat Asia Scam prevalent across Korea and Japan actually had some winners Cyber-crime18 Apr 2024 | 1
185K people's sensitive data in the pits after ransomware raid on Cherry Health Extent of information seized will be a concern for those affected Cyber-crime18 Apr 2024 | 6
EU tells Meta it can't paywall privacy Platforms should not confront users with 'binary choice' over personal data use Security18 Apr 2024 | 70
Prolific phishing-made-easy emporium LabHost knocked offline in cyber-cop op Feature Police emit Spotify Wrapped-style videos to let crims know they're being hunted Security18 Apr 2024 | 13
Cisco creates architecture to improve security and sell you new switches Hypershield detects bad behavior and automagically reconfigures networks to snuff out threats Security18 Apr 2024 | 11
Singapore infosec boss warns China/West tech split will be bad for interoperability When you decide not to trust a big chunk of the supply chain, tech (and trade) get harder Cyber-crime18 Apr 2024 | 3
Taiwanese film studio snaps up Chinese surveillance camera specialist Dahua Stymied by sanctions, it had to go … but where? Security18 Apr 2024 |
Hugely expanded Section 702 surveillance powers set for US Senate vote Opponents warn almost anyone could be asked to share info with Uncle Sam Public Sector17 Apr 2024 | 18
Kremlin's Sandworm blamed for cyberattacks on US, European water utilities Water tank overflowed during one system malfunction, says Mandiant Research17 Apr 2024 | 10
Exploit code for Palo Alto Networks zero-day now public Race on to patch as researchers warn of mass exploitation of directory traversal bug Security17 Apr 2024 | 3
OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories While some other LLMs appear to flat-out suck AI + ML17 Apr 2024 | 6
Japanese government rejects Yahoo! infosec improvement plan Just doesn't believe it will sort out the mess that saw data leak from LINE messaging app Security17 Apr 2024 | 3
Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack Also warns of brute force attacks targeting its own VPNs, Check Point, Fortinet, SonicWall and more Security17 Apr 2024 | 6
MGM says FTC can't possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time What a twist! Cyber-crime16 Apr 2024 | 19
Alleged cryptojacker accused of stealing $3.5M from cloud to mine under $1M in crypto No prizes for guessing the victims Research16 Apr 2024 | 2
SIM swap crooks solicit T-Mobile US, Verizon staff via text to do their dirty work No breach responsible for employee contact info getting out, says T-Mo Cyber-crime16 Apr 2024 | 4
Open sourcerers say suspected xz-style attacks continue to target maintainers Social engineering patterns spotted across range of popular projects Security16 Apr 2024 | 29
Change Healthcare’s ransomware attack costs edge toward $1B so far First glimpse at attack financials reveals huge pain Cyber-crime16 Apr 2024 | 11
Google location tracking deal could be derailed by politics $62 million settlement plan challenged over payments to progressive nonprofits Security16 Apr 2024 | 17
CISA in a flap as Chirp smart door locks can be trivially unlocked remotely Hard-coded credentials last thing you want in home security app Security15 Apr 2024 | 49
Roku makes 2FA mandatory for all after nearly 600K accounts pwned Streamer says access came via credential stuffing Cyber-crime15 Apr 2024 | 15
Delinea Secret Server customers should apply latest patches Updated Attackers could nab an org's most sensitive keys if left unaddressed Patches15 Apr 2024 | 3
US senator wants to put the brakes on Chinese EVs Fears of low-cost invasion and data spies spark call for ban Security15 Apr 2024 | 39
US House approves FISA renewal – warrantless surveillance and all Infosec in brief PLUS: Chinese chipmaker Nexperia attacked; A Microsoft-signed backdoor; CISA starts scanning your malware; and more Security15 Apr 2024 | 12
Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways Out of the PAN-OS and into the firewall, a Python backdoor this way comes Cyber-crime12 Apr 2024 | 13
Google One VPN axed for everyone but Pixel loyalists ... for now Another one bytes the dust Personal Tech12 Apr 2024 | 8
Microsoft breach allowed Russian spies to steal emails from US government Affected federal agencies must comb through mails, reset API keys and passwords Cyber-crime12 Apr 2024 | 18
French issue alerte rouge after local governments knocked offline by cyber attack Embarrassing, as its officials are in the US to discuss Olympics cyber threats Security12 Apr 2024 | 9
Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware' Report claims India's government, which is accused of using Pegasus at home, was displeased Security12 Apr 2024 | 10
Space Force boss warns 'the US will lose' without help from Musk and Bezos China, Russia have muscled up, and whoever wins up there wins down here Security11 Apr 2024 | 41
96% of US hospital websites share visitor info with Meta, Google, data brokers Could have been worse – last time researchers checked it was 98.6% Research11 Apr 2024 | 13
Global taxi software vendor exposes details of nearly 300K across UK and Ireland Exclusive High-profile individuals including MPs said to be caught up in leak Research11 Apr 2024 | 5
It's 2024 and Intel silicon is still haunted by data-spilling Spectre Go, go InSpectre Gadget Research10 Apr 2024 | 23
Rust rustles up fix for 10/10 critical command injection bug on Windows in std lib BatBadBut hits Erlang, Go, Python, Ruby as well Patches10 Apr 2024 | 56
X fixes URL blunder that could enable convincing social media phishing campaigns Poorly implemented rule allowed miscreants to deceive users with trusted URLs CSO10 Apr 2024 | 27
Chrome Enterprise Premium promises extra security – for a fee Cloud Next Paying for browsers is no longer a memory from the 1990s Security10 Apr 2024 | 33
Microsoft squashes SmartScreen security bypass bug exploited in the wild Patch Tuesday Plus: Adobe, SAP, Fortinet, VMware, Cisco issue pressing updates Security10 Apr 2024 | 22
Got an unpatched LG 'smart' television? It could be watching you back Four fatal flaws allow TV takeover Security09 Apr 2024 | 42
UK businesses shockingly unaware of how to handle security threats Many decide to make no changes after detecting a breach Cyber-crime09 Apr 2024 | 23
US insurers use drone photos to deny home insurance policies Of course, it helps if you don't live in a potential disaster zone Security08 Apr 2024 | 136
Home Depot confirms worker data leak after miscreant dumps info online SaaS slip up leads to scumbags seeking sinecure Cyber-crime08 Apr 2024 | 3
Puppies, kittens, data at risk after 'cyber incident' at veterinary giant IT systems pulled offline for chance to paws and reflect Security08 Apr 2024 | 12
Change Healthcare faces second ransomware dilemma weeks after ALPHV attack Theories abound over who's truly responsible Security08 Apr 2024 | 23
Head of Israeli cyber spy unit exposed ... by his own privacy mistake Infosec in brief Plus: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns Security08 Apr 2024 | 19
What can be done to protect open source devs from next xz backdoor drama? Kettle What happened, how it was found, and what your vultures have made of it all Research06 Apr 2024 | 92
US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products Analysis In what other sphere does a bad supplier not feel pain for its foulups? Cyber-crime05 Apr 2024 | 21
Hotel check-in terminal bug spews out access codes for guest rooms Attacks could be completed in seconds, compromising customer safety Research05 Apr 2024 | 31
Academics probe Apple's privacy settings and get lost and confused Just disabling Siri requires visits to five submenus Security05 Apr 2024 | 30
World's second-largest eyeglass lens-maker blinded by infosec incident Japan's Hoya also makes components for chips, displays, and hard disks, and has spent four days groping for a fix Security05 Apr 2024 | 5
Feds probe alleged classified US govt data theft and leak Updated State Dept keeps schtum 'for security reasons' Security04 Apr 2024 | 11
Ivanti commits to secure-by-design overhaul after vulnerability nightmare CEO addresses whirlwind start to 2024 and how it plans to prevent a repeat Security04 Apr 2024 | 19
Ransomware gang did steal residents' confidential data, UK city council admits INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs Cyber-crime04 Apr 2024 | 17
When AI attacks Watch this webinar for a hair raising journey into the darkest depths of GenAI enabled cyber crime Sponsored Post
Nearly 1M medical records feared stolen from City of Hope cancer centers Is there no cure for this cyber-plague? Cyber-crime03 Apr 2024 | 7
Cyberattack hits Omni Hotels systems, taking out bookings, payments, door locks Updated As WhatsApp, Facebook Messenger, other Meta bits plus Apple stuff fall offline today Security03 Apr 2024 | 18
Security pioneer Ross Anderson dies at 67 Obituary A man with a list of accolades long enough for several lifetimes, friends remember his brilliance Research03 Apr 2024 | 34
Google bakes new cookie strategy that will leave crooks with a bad taste Device Bound Session Credentials said to render cookie theft useless Security03 Apr 2024 | 27
Meet clickjacking's slicker cousin, 'gesture jacking,' aka 'cross window forgery' Web devs advised to do their part to limit UI redress attacks Security03 Apr 2024 | 9
Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online CISA calls for 'fundamental, security-focused reforms' to happen ASAP, delaying work on other software Security03 Apr 2024 | 39
Feds finally decide to do something about years-old SS7 spy holes in phone networks And Diameter, too, for good measure Networks02 Apr 2024 | 22
OWASP server blunder exposes decade of resumes Irony alerts: Open Web Application Security Project Foundation suffers lapse Security02 Apr 2024 | 5
Pandabuy confirms crooks nabbed data on 1.3M punters Nothing says 'sorry' like 10 percent off shipping for a month Cyber-crime02 Apr 2024 |
Microsoft warns deepfake election subversion is disturbingly easy Simple stuff like slapping on a logo fools more folks and travels further Public Sector02 Apr 2024 | 10
Rubrik files to go public following alliance with Microsoft Cloud cyber resilience model could raise $700M despite $278M losses Security02 Apr 2024 |
Polish officials may face criminal charges in Pegasus spyware probe Victims of the powerful surveillance tool will soon find out the truth Security02 Apr 2024 | 13
INC Ransom claims to be behind 'cyber incident' at UK city council This follows attack on NHS services in Scotland last week Cyber-crime02 Apr 2024 | 10
Happy 20th birthday Gmail, you're mostly grown up – now fix the spam Senders of more than 5K messages a day are in the crosshairs Personal Tech02 Apr 2024 | 52
Apple's GoFetch silicon security fail was down to an obsession with speed Opinion Ye cannae change the laws of physics, but you can change your mind Security02 Apr 2024 | 23
Six banks share customer info to help Singapore fight money laundering Asia in brief Plus: Google Cloud ANZ boss departs; Japan revives airliner ambitions; China-linked attackers target Asian entities Cyber-crime02 Apr 2024 | 4
US House of Reps tells staff: No Microsoft Copilot for you! At least not until Redmond's government edition is ready to roll Public Sector01 Apr 2024 | 10
Malicious xz backdoor reveals fragility of open source Analysis This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy Devops01 Apr 2024 | 98
Nearly 3M people hit in Harvard Pilgrim healthcare data theft Infosec in brief Also, TheMoon botnet back for EoL SOHO routers, Sellafield to be prosecuted for 'infosec failures', plus critical vulns Security01 Apr 2024 | 3
Ex-White House CIO tells The Reg: TikTok ban may be diplomatic disaster Interview Theresa Payton on why US needs a national privacy law Public Sector01 Apr 2024 | 63
AT&T admits massive 70M+ mid-March customer data dump is real though old Still claims the personal info wasn't stolen from its systems Security01 Apr 2024 | 10
Rust developers at Google are twice as productive as C++ teams Code shines up nicely in production, says Chocolate Factory's Bergstrom Devops31 Mar 2024 | 134