Intruders broke into a third-party cloud storage service LastPass shares with affiliate company GoTo and gained access to "certain elements" of customers' information, the pair have confirmed.β¦
The ClamAV command-line virus scanner used on many Linux boxes has attained an important-looking milestone release: version 1.0.0.β¦
Sponsored Feature It's easy to forget the human factor when it comes to cybersecurity. Completely locking down your network will certainly make you secure, just as completely locking down your building will do the same. The problem is you'll struggle to get much work done, because people need access to assets, physical or virtual, to do their jobs.β¦
Almost 300 apps, downloaded by around 15 million users, have been pulled from the Google Play and Apple App stores over claims they promised quick loans at reasonable rates but then used extortion and other predatory schemes against borrowers.β¦
Sirius XM's Connected Vehicle Services has fixed an authorization flaw that would have allowed an attacker to remotely unlock doors and start engines on connected cars knowing only the vehicle identification number (VIN).β¦
Updated San Francisco police can deploy so-called "killer robots" following a Board of Supervisors' vote on Tuesday, clearing the cops to use robots equipped with explosives in extreme situations.β¦
The governor of South Dakota issued an executive order on Tuesday banning the use of Chinese social media platform TikTok for state government agencies, employees and contractors on state devices.β¦
Cloudflare has found a way to extend some of its services across the Great Firewall and into mainland China.β¦
Malware-slinging miscreants are taking advantage of a trending TikTok challenge β and viewers' dirty minds β to spread data-stealing malware via a phony app that's had more than one million views so far.β¦
Locheed Martin has bagged a government contract to train 17,000 remote US Army civilian employees on security readiness, and wants to also extend the offer to private entities.β¦
Webinar This year's RSA Conference saw SANS security experts gather to identify and discuss five of the most dangerous cyber attack techniques identified in the first half of the year. If you missed the original debate, don't worry, you have another chance to learn what you should be looking out for.β¦
The Russian criminal crew Sandworm is launching another attack against organizations in Ukraine, using a ransomware that analysts at Slovakian software company ESET are calling RansomBoggs.β¦
Europol has arrested hundreds of fraudsters, money launderers and cocaine kingpins, and shut down thousands of websites selling pirated and counterfeit products in a series of raids over the past month.β¦
India's Telecom Regulatory Authority (TRAI) has announced a fresh crackdown on TXT spam β this time using artificial intelligence, after a previous blockchain-powered effort delivered mixed results.β¦
Updates to Windows Server released as part of this month's Patch Tuesday onslaught might cause some domain controllers to stop working or automatically restart, according to Microsoft.β¦
Sponsored Post Christmas is a time for gift giving and spending time with your friends and family β but that doesn't have to be all. What if you could add to the fun by taking part in an entertaining free holiday-themed cyber security event that both builds your skills and gives you the chance of adding a stellar prize to the pile of gifts under your tree?β¦
The United States' Federal Communications Commission (FCC) has barred itself from authorizing the import or sale of Chinese telecoms and video surveillance products from Huawei, ZTE, Hytera Communications, Hikvision, and Dahua, on national security grounds.β¦
Webinar Email provides us with an infinite number of possible exchanges. We send approximately 332 billion messages a day but having so much convenience and flexibility at our fingertips also brings security risks.β¦
In brief NordPass has released its list of the most common passwords of 2022, and frankly we're disappointed in all of you.β¦
Twitter CEO Elon Musk has decided to allow suspended accounts back onto the micro-blogging service.β¦
Updated The United Kingdom has decided Chinese video cameras have no place in government facilities.β¦
In its latest quarterly threat report, Meta said it had detected and disrupted influence operations originating in the US, and it calls out those it believes are responsible: the American military.β¦
The European Parliament has experienced a cyber attack that started not long after it declared Russia to be a state sponsor of terrorism.β¦
Microsoft is warning that systems using the long-discontinued Boa web server could be at risk of attacks after a series of intrusion attempts of power grid operations in India likely included exploiting security flaws in the technology.β¦
The US government seized seven domain names used in so-called "pig butchering" scams that netted criminals more than $10 million.β¦
A credential stuffing attack over the weekend that affected sports betting biz DraftKings resulted in as much as $300,000 being stolen from customer accounts.β¦
Amazon Web Services (AWS) fixed a cross-tenant flaw in AWS AppSync that could allow miscreants to abuse that cloud service to assume identity and access management roles in other AWS accounts, and then gain access to and control over those resources.Β β¦
Microsoft is rolling out fixes for problems with the Kerberos network authentication protocol on Windows Server after it was broken by November Patch Tuesday updates.β¦
Phishing attempts targeting victims in the Middle East increased 100 percent last month in the lead up to the World Cup in Qatar, according to security shop Trellix.β¦
The US Government Accountability Office (GAO) has warned that the time to act on securing the US's offshore oil and natural gas installations is now because they are under "increasing" and "significant risk" of cyberattack.β¦
Sponsored Post Your skills as a cyber security professional are only as up to date as the threats designed to test them, so it's a good idea to stay ahead of the game and keep refreshing them as often as possible. That's what SANS cyber security training events, held across the US in 2023, are here to help you do.Β β¦
Cybersecurity moves fast. New and bigger threats emerge all the time across an ever-expanding attack surface and there's not enough people to fill vacant jobs.β¦
In brief A security researcher whose Google Pixel battery died while sending a text is probably thankful for the interruption - powering it back up led to a discovery that netted him a $70,000 bounty from Google for a lock screen bypass bug.β¦
Hive ransomware criminals have hit more than 1,300 companies globally, extorting about $100 million from its victims over the last 18 months, according to the FBI.β¦
Reader Survey Results Data protection is a top priority for organisations tasked with protecting the integrity of not just their own data, but also the personally identifiable information (PII) they store and process on behalf of their business partners and customers. Not doing it properly risks losing their trust and falling foul of increasingly stringent data protection regulation. So what can be done to toughen up your defences?β¦
Two Russian nationals accused of operating Z-Library β one of the largest online book piracy websites β have been charged with criminal copyright infringement, wire fraud and money laundering.β¦
Israeli fortifications in the West Bank are becoming a bit more faceless, as the military has reportedly deployed robotic turrets capable of firing stun grenades, less-than-lethal bullets, and tear gas at Palestinians protesting their presence.β¦
Private security firms in New York City have co-opted public resources β specifically trees β to track their guards as they make their rounds.β¦
A New York judge has issued a default judgment against two Russian nationals who are alleged to have helped create the "Glupteba" botnet, sold fraudulent credit card information, and generated cryptocurrency using the network.β¦
The Emotet malware-delivery botnet is back after a short hiatus, quickly ramping up the number of malicious emails it's sending and sporting additional capabilities, including changes to its binary and delivering a new version of the IcedID malware dropper.β¦
Iranian state-sponsored cyber criminals used an unpatched Log4j flaw to break into a US government network, illegally mine for cryptocurrency, steal credentials and change passwords, and then snoop around undetected for several months, according to CISA.β¦
World Cup apps from the Qatari government collect more personal information than they need to, according to Germany's data protection agency, which this week warned football fans to only install the two apps "if it is absolutely necessary." Also: consider using a burner phone.β¦
Malware dubbed WASP is using steganography and polymorphism to evade detection, with its malicious Python packages designed to steal credentials, personal information, and cryptocurrency.β¦
Canalys Forums APAC Canalys CEO Steve Brazier has proposed that cloud vendors should have similar accountability to credit card companies when accounts are hacked and used to mine cryptocurrency.β¦
Somewhere between 73 and 81 percent of retail Bitcoin buyers are likely to be into the negative on their investment, according to research published Monday by the Bank of International Settlements (BIS).β¦
Sponsored Feature The widespread, global deployment of 5G telecommunications equipment and systems is already well underway. The GSMA forecasts that by 2025, 29 percent of the mobile connections in Europe β including those linking mission-critical infrastructure such as remotely operated power grids β will be made through 5G.β¦
A vulnerability in network technology widely used in space and aircraft could, if successfully exploited, have disastrous effects on those critical systems, according to academics.β¦
If you've noticed car charging stations showing up in your area, congratulations! You're part of a growing network of systems so poorly secured they could one day be used to destabilize entire electrical grids, and which contain enough security issues to be problematic today.Β β¦
Webinar Every now and again the dangers of using personal and unencrypted email services makes it to the top of the news agenda. It happened to Hilary Clinton in the States, and it's been all over the front pages in the UK following the resignation of British Home Secretary Suella Braverman after she used her personal email account six times for government business.β¦
Even though Japan lags behind the rest of the developed world in digital transformation, it hopes to create global data flow standards for discussion at next year's G7 meetings.β¦
Reader Survey Results Back in September, we asked readers of The Register about data sovereignty. It's a concept about which we see more and more conversation among businesses, and increased awareness is also bringing corresponding concerns about the perils and pitfalls of not taking it seriously.β¦
Updated US government agencies including the Army and Centers for Disease Control and Prevention pulled apps running Pushwoosh code after learning the software company β which presents itself as American β is actually Russian, according to Reuters.β¦
GitHub is offering a scheme for security researchers to privately report vulnerabilities found in public repositories.β¦
Over the weekend it was revealed that cryptocurrency exchange company Crypto.com accidentally sent over $400 million to another cryptocurrency exchange and was miraculously able to get it back.β¦
Australia's government has declared the nation is planning to go on the offensive against international cyber crooks following recent high-profile attacks on local health insurer Medibank and telco Optus.β¦
In Brief A suspected member of the notorious international LockBit ransomware mob has been arrested β and could spend several years behind bars if convicted.β¦
With mandated spyware downloads to tens of thousands of surveillance cameras equipped with facial-recognition technology, the World Cup in Qatar next month is looking more like a data security and privacy nightmare than a celebration of the beautiful game.β¦
The NSA has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory-safe alternatives β namely C#, Rust, Go, Java, Ruby or Swift.β¦
The European Commission on Thursday proposed a cyber defense policy in response to Europe's "deteriorating security environment" since Russia illegally invaded Ukraine earlier this year.β¦
The Australian Federal Police (AFP) has pointed to Russia as the location of the attackers who breached local health insurer Medibank, accessed almost ten million customer records, and in recent days dumped some customer data onto the dark web.β¦