Malware-slinging miscreants are taking advantage of a trending TikTok challenge β and viewers' dirty minds β to spread data-stealing malware via a phony app that's had more than one million views so far.β¦
Locheed Martin has bagged a government contract to train 17,000 remote US Army civilian employees on security readiness, and wants to also extend the offer to private entities.β¦
Webinar This year's RSA Conference saw SANS security experts gather to identify and discuss five of the most dangerous cyber attack techniques identified in the first half of the year. If you missed the original debate, don't worry, you have another chance to learn what you should be looking out for.β¦
The Russian criminal crew Sandworm is launching another attack against organizations in Ukraine, using a ransomware that analysts at Slovakian software company ESET are calling RansomBoggs.β¦
Europol has arrested hundreds of fraudsters, money launderers and cocaine kingpins, and shut down thousands of websites selling pirated and counterfeit products in a series of raids over the past month.β¦
India's Telecom Regulatory Authority (TRAI) has announced a fresh crackdown on TXT spam β this time using artificial intelligence, after a previous blockchain-powered effort delivered mixed results.β¦
Updates to Windows Server released as part of this month's Patch Tuesday onslaught might cause some domain controllers to stop working or automatically restart, according to Microsoft.β¦
Sponsored Post Christmas is a time for gift giving and spending time with your friends and family β but that doesn't have to be all. What if you could add to the fun by taking part in an entertaining free holiday-themed cyber security event that both builds your skills and gives you the chance of adding a stellar prize to the pile of gifts under your tree?β¦
The United States' Federal Communications Commission (FCC) has barred itself from authorizing the import or sale of Chinese telecoms and video surveillance products from Huawei, ZTE, Hytera Communications, Hikvision, and Dahua, on national security grounds.β¦
Webinar Email provides us with an infinite number of possible exchanges. We send approximately 332 billion messages a day but having so much convenience and flexibility at our fingertips also brings security risks.β¦
In brief NordPass has released its list of the most common passwords of 2022, and frankly we're disappointed in all of you.β¦
Twitter CEO Elon Musk has decided to allow suspended accounts back onto the micro-blogging service.β¦
Updated The United Kingdom has decided Chinese video cameras have no place in government facilities.β¦
In its latest quarterly threat report, Meta said it had detected and disrupted influence operations originating in the US, and it calls out those it believes are responsible: the American military.β¦
The European Parliament has experienced a cyber attack that started not long after it declared Russia to be a state sponsor of terrorism.β¦
Microsoft is warning that systems using the long-discontinued Boa web server could be at risk of attacks after a series of intrusion attempts of power grid operations in India likely included exploiting security flaws in the technology.β¦
The US government seized seven domain names used in so-called "pig butchering" scams that netted criminals more than $10 million.β¦
A credential stuffing attack over the weekend that affected sports betting biz DraftKings resulted in as much as $300,000 being stolen from customer accounts.β¦
Amazon Web Services (AWS) fixed a cross-tenant flaw in AWS AppSync that could allow miscreants to abuse that cloud service to assume identity and access management roles in other AWS accounts, and then gain access to and control over those resources.Β β¦
Microsoft is rolling out fixes for problems with the Kerberos network authentication protocol on Windows Server after it was broken by November Patch Tuesday updates.β¦
Phishing attempts targeting victims in the Middle East increased 100 percent last month in the lead up to the World Cup in Qatar, according to security shop Trellix.β¦
The US Government Accountability Office (GAO) has warned that the time to act on securing the US's offshore oil and natural gas installations is now because they are under "increasing" and "significant risk" of cyberattack.β¦
Sponsored Post Your skills as a cyber security professional are only as up to date as the threats designed to test them, so it's a good idea to stay ahead of the game and keep refreshing them as often as possible. That's what SANS cyber security training events, held across the US in 2023, are here to help you do.Β β¦
Cybersecurity moves fast. New and bigger threats emerge all the time across an ever-expanding attack surface and there's not enough people to fill vacant jobs.β¦
In brief A security researcher whose Google Pixel battery died while sending a text is probably thankful for the interruption - powering it back up led to a discovery that netted him a $70,000 bounty from Google for a lock screen bypass bug.β¦
Hive ransomware criminals have hit more than 1,300 companies globally, extorting about $100 million from its victims over the last 18 months, according to the FBI.β¦
Reader Survey Results Data protection is a top priority for organisations tasked with protecting the integrity of not just their own data, but also the personally identifiable information (PII) they store and process on behalf of their business partners and customers. Not doing it properly risks losing their trust and falling foul of increasingly stringent data protection regulation. So what can be done to toughen up your defences?β¦
Two Russian nationals accused of operating Z-Library β one of the largest online book piracy websites β have been charged with criminal copyright infringement, wire fraud and money laundering.β¦
Israeli fortifications in the West Bank are becoming a bit more faceless, as the military has reportedly deployed robotic turrets capable of firing stun grenades, less-than-lethal bullets, and tear gas at Palestinians protesting their presence.β¦
Private security firms in New York City have co-opted public resources β specifically trees β to track their guards as they make their rounds.β¦
A New York judge has issued a default judgment against two Russian nationals who are alleged to have helped create the "Glupteba" botnet, sold fraudulent credit card information, and generated cryptocurrency using the network.β¦
The Emotet malware-delivery botnet is back after a short hiatus, quickly ramping up the number of malicious emails it's sending and sporting additional capabilities, including changes to its binary and delivering a new version of the IcedID malware dropper.β¦
Iranian state-sponsored cyber criminals used an unpatched Log4j flaw to break into a US government network, illegally mine for cryptocurrency, steal credentials and change passwords, and then snoop around undetected for several months, according to CISA.β¦
World Cup apps from the Qatari government collect more personal information than they need to, according to Germany's data protection agency, which this week warned football fans to only install the two apps "if it is absolutely necessary." Also: consider using a burner phone.β¦
Malware dubbed WASP is using steganography and polymorphism to evade detection, with its malicious Python packages designed to steal credentials, personal information, and cryptocurrency.β¦
Canalys Forums APAC Canalys CEO Steve Brazier has proposed that cloud vendors should have similar accountability to credit card companies when accounts are hacked and used to mine cryptocurrency.β¦
Somewhere between 73 and 81 percent of retail Bitcoin buyers are likely to be into the negative on their investment, according to research published Monday by the Bank of International Settlements (BIS).β¦
Sponsored Feature The widespread, global deployment of 5G telecommunications equipment and systems is already well underway. The GSMA forecasts that by 2025, 29 percent of the mobile connections in Europe β including those linking mission-critical infrastructure such as remotely operated power grids β will be made through 5G.β¦
A vulnerability in network technology widely used in space and aircraft could, if successfully exploited, have disastrous effects on those critical systems, according to academics.β¦
If you've noticed car charging stations showing up in your area, congratulations! You're part of a growing network of systems so poorly secured they could one day be used to destabilize entire electrical grids, and which contain enough security issues to be problematic today.Β β¦
Webinar Every now and again the dangers of using personal and unencrypted email services makes it to the top of the news agenda. It happened to Hilary Clinton in the States, and it's been all over the front pages in the UK following the resignation of British Home Secretary Suella Braverman after she used her personal email account six times for government business.β¦
Even though Japan lags behind the rest of the developed world in digital transformation, it hopes to create global data flow standards for discussion at next year's G7 meetings.β¦
Reader Survey Results Back in September, we asked readers of The Register about data sovereignty. It's a concept about which we see more and more conversation among businesses, and increased awareness is also bringing corresponding concerns about the perils and pitfalls of not taking it seriously.β¦
Updated US government agencies including the Army and Centers for Disease Control and Prevention pulled apps running Pushwoosh code after learning the software company β which presents itself as American β is actually Russian, according to Reuters.β¦
GitHub is offering a scheme for security researchers to privately report vulnerabilities found in public repositories.β¦
Over the weekend it was revealed that cryptocurrency exchange company Crypto.com accidentally sent over $400 million to another cryptocurrency exchange and was miraculously able to get it back.β¦
Australia's government has declared the nation is planning to go on the offensive against international cyber crooks following recent high-profile attacks on local health insurer Medibank and telco Optus.β¦
In Brief A suspected member of the notorious international LockBit ransomware mob has been arrested β and could spend several years behind bars if convicted.β¦
With mandated spyware downloads to tens of thousands of surveillance cameras equipped with facial-recognition technology, the World Cup in Qatar next month is looking more like a data security and privacy nightmare than a celebration of the beautiful game.β¦
The NSA has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory-safe alternatives β namely C#, Rust, Go, Java, Ruby or Swift.β¦
The European Commission on Thursday proposed a cyber defense policy in response to Europe's "deteriorating security environment" since Russia illegally invaded Ukraine earlier this year.β¦
The Australian Federal Police (AFP) has pointed to Russia as the location of the attackers who breached local health insurer Medibank, accessed almost ten million customer records, and in recent days dumped some customer data onto the dark web.β¦
An international cyber-scammer and Instagram star who plotted to launder more than $300 million over the course of 18 months was this week jailed β and he must pay back more than $1.7 million to his victims.Β β¦
A woman and her husband, who both copped to trying to sell nuclear warship secrets to a foreign government, have been sentenced to prison, with each set to spend around two decades behind bars.β¦
Troubled social media giant Twitter has lost the services of its chief information security officer to cap off another chaotic week following its acquisition by Elon Musk.β¦
Sponsored Post It's a common problem when it comes to finding a new job or landing that all important promotion. You need to upgrade your CV to show some knowledge and experience of systems, tools and frameworks that your current role doesn't require but the next step up the ladder does. But how do you learn what you need if you're current role focuses on a different set of priorities, or even know what areas of speciality different organisations prize most highly in the first place?β¦
A malware loader deemed in June to be a "work in progress" is now fully functional and infecting thousands of Windows corporate and home PCs.β¦
Wells Fargo customers who use Zelle to send and request payments suffer more than twice the rate of fraud and other online scams as people using other big banks, according to US Senator Elizabeth Warren (D-MA).β¦
VMware has revealed a terrible trio of critical-rated flaws in Workspace ONE Assist for Windows β a product used by IT and help desk staff to remotely take over and manage employees' devices.β¦
Patch Tuesday November's Patch Tuesday also falls on election day in the US, so let's hope that democracy fares better than Microsoft, which reported six of today's bugs are already being exploited in the wild by miscreants.β¦