In brief Let's start with the good news: according to a survey of security and business leaders, executives have become far more aware of the importance of cyber security in the past two years, better aligning security teams and leadership.Β β¦
Tax authorities from Australia, Canada, France, the UK and the USA have conducted a joint probe into "electronic sales suppression software" β applications that falsify point of sale data to help merchants avoid paying tax on their true revenue.β¦
Asia In Brief Australia's home affairs and cybersecurity minister Clare O'Neill has given the nation a goal of becoming the world's most cyber secure nation by 2030.β¦
Newish ransomware gang Royal has been spotted targeting the healthcare sector, the US Department of Health and Human Services (HHS) has said.β¦
Threat researchers have discovered an obfuscation platform that attaches malware to legitimate Android applications to lure users to install the malicious payload and make it difficult for security tools to detect.β¦
The United Kingdom, Japan and Italy will pool resources to build a sixth-generation warplane scheduled to be ready for deployment by 2035, with capabilities to rival never-before-seen tech on fighter jets built by China and Russia, although this wasn't stated explicitly.β¦
More than 70,000 websites belonging to Fortune 500 brands, government agencies, and universities share consumers' data with Twitter using data tracking code hosted on these other organizations' websites, according to research published on Thursday by Adalytics.β¦
The UK government is putting forward changes to the law which would require social media platforms to give users the option to avoid seeing and engaging with harmful β but legal β content.β¦
On Call Welcome once again, comrades, to On-Call, The Register's celebration of the tech proletariat's struggles with oppression by bourgeois bosses β and the eventual triumph of the workers!β¦
North Korean IT pros are using freelancing platforms to earn money that the nation's authoritarian government uses to fund the development of missiles and nuclear weapons, according to South Korea's government. Seoul therefore wants gig platforms to impose stricter checks to restrict its enemy's activities.β¦
Australian health insurance company Medibank will take all of its IT systems offline and close its branches over the weekend as part of its ongoing efforts to improve security and recover from a massive data security breach in October.β¦
Britain's data watchdog has slapped financial penalties totaling Β£435,000 (c $529,000) on five companies it says collectively made almost half of million marketing calls to people registered with the Telephone Preference Service (TPS).β¦
Scammers have scammed their fellow cybercriminals out of more than $2.5 million on three dark web forums alone over the last 12 months, according to Sophos researchers.β¦
North Korea has hit a new low, using the death of over 150 people to exploit a zero-day flaw in Internet Explorer.β¦
Two more US states have launched aggressive action against made-in-China social media app TikTok.β¦
Apple says it will provide end-to-end encryption for most iCloud services, having abandoned its previously announced β and then quietly shelved β plan to check the legality of on-device photos prior to cloud synchronization.β¦
San Francisco legislators this week changed course on their killer robot policy, banning the police from using remote-control bots fitted with explosives. For now.β¦
Public sector bans of Chinese platform TikTok on the grounds of national security have arisen in both Taiwan and additional US states following last weekβs ban in South Dakota.β¦
Microsoft has warned Europe to be on alert for cyber attacks from Russia this winter, just as a series of attacks hit Russian organizations β including the country's second-largest bank.β¦
The Canadian branch of Amnesty International was the target of an attack it has pinned on a Chinese state-sponsored actor.β¦
New Zealand's Privacy Commission has signalled it may open an investigation into local managed services provider Mercury IT, which serves many government agencies and businesses and has been hit by ransomware.β¦
Updated Rackspace has admitted a ransomware infection was to blame for the days-long email outage that disrupted services for customers.Β β¦
Enterprise security pros can detect malware samples in environments that incorporate the highly evasive Cobalt Strike attack code by analyzing artifacts in process memory, according to researchers with Palo Alto Networks' Unit 42 threat intelligence unit.β¦
Somewhere out there, a botnet operator is kicking themselves and probably hoping no one noticed the typo they transmitted in a command that crashed their whole operation.Β β¦
Webinar There you are, standing in front of two peaks, a security roadmap in your back pocket to guide you up the sheer track of the first mountain. In the other pocket, a DevOps plan that will have you leaping like a mountain goat from rock to rock up the next door peak. You wonder which mountain to scale first, but it is an impossible choice. The night is stealing all the light from the sky, and you must make up your mind.β¦
America's Transport Security Administration, better known as the TSA, has been testing facial recognition software to automatically screen passengers flying across the country in 16 airports. And now it's looking into rolling it out nationwide next year.β¦
Four men suspected of plotting to commit wire fraud and identity theft have been arrested and now face extradition to America.β¦
Officials in Moore County, North Carolina, declared a state of emergency on Sunday after gunfire damaged an electrical substation and left 45,000 homes and businesses without power in near freezing temperatures.β¦
Compromised Android platform certificate keys from device makers including Samsung, LG and Mediatek are being used to sign malware and deploy spyware, among other software nasties.β¦
Webinar Just as Frank Sinatra sang in days gone by, 'love and marriage' goes together like a 'horse and carriage,' there should be no question about the true pairing of security and speed. Or as Sinatra went on to croon, 'try, try, try to separate them, it's an illusion.' Companies may feel they are forced to choose between securing all their application identities at the cost of speed of development, but this doesn't have to be the case.β¦
In brief Certificate Authority TrustCor responded to its ejection from Mozilla and Microsoft's browsers by offering refunds for some customers, while leaving other resellers to pick up the mess on their own.β¦
Rackspace has not offered any explanation of the "security incident" that has taken out its hosted Exchange environment and led the company to predict multiple days of downtime before restoration.β¦
Updated Some of Rackspaceβs hosted Microsoft Exchange services have been taken down by what the company has described as a βsecurity incidentβ.β¦
In Palmdale, California on Friday, Northrop Grumman CEO Kathy Warden revealed a US Air Force warplane that had only been shown in artist renderings and is supposed to be seldom seen, the B-21 Raider.β¦
Australian health insurer Medibank's prognosis following an October data breach keeps getting worse as criminals dumped another batch of stolen customer data on the dark web.Β β¦
The US government has issued an alert about Cuba; not the state but a ransomware gang that's taking millions in purloined profits.β¦
A sophisticated and very patient threat group behind a global malvertising scheme is using so-called aged domains to skirt past cybersecurity tools and catch victims in investment scams.β¦
Updated Mozilla and Microsoft have taken action against a certificate authority accused of having close ties to a US military contractor that allegedly paid software developers to embed data-harvesting malware in mobile apps.β¦
On Call Welcome once more to On-Call, The Register's weekly reader-contributed column that tells tales of IT pros being asked to fix things that should never have broken.β¦
Nvidia fixed more than two dozen security flaws in its GPU display driver, the most severe of which could allow an unprivileged user to modify files, and then escalate privileges, execute code, tamper with or steal data, or even take over your device.β¦
Google's Threat Analysis Group (TAG) said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software.β¦
Intruders broke into a third-party cloud storage service LastPass shares with affiliate company GoTo and gained access to "certain elements" of customers' information, the pair have confirmed.β¦
The ClamAV command-line virus scanner used on many Linux boxes has attained an important-looking milestone release: version 1.0.0.β¦
Sponsored Feature It's easy to forget the human factor when it comes to cybersecurity. Completely locking down your network will certainly make you secure, just as completely locking down your building will do the same. The problem is you'll struggle to get much work done, because people need access to assets, physical or virtual, to do their jobs.β¦
Almost 300 apps, downloaded by around 15 million users, have been pulled from the Google Play and Apple App stores over claims they promised quick loans at reasonable rates but then used extortion and other predatory schemes against borrowers.β¦
Sirius XM's Connected Vehicle Services has fixed an authorization flaw that would have allowed an attacker to remotely unlock doors and start engines on connected cars knowing only the vehicle identification number (VIN).β¦
Updated San Francisco police can deploy so-called "killer robots" following a Board of Supervisors' vote on Tuesday, clearing the cops to use robots equipped with explosives in extreme situations.β¦
The governor of South Dakota issued an executive order on Tuesday banning the use of Chinese social media platform TikTok for state government agencies, employees and contractors on state devices.β¦
Cloudflare has found a way to extend some of its services across the Great Firewall and into mainland China.β¦
Malware-slinging miscreants are taking advantage of a trending TikTok challenge β and viewers' dirty minds β to spread data-stealing malware via a phony app that's had more than one million views so far.β¦
Locheed Martin has bagged a government contract to train 17,000 remote US Army civilian employees on security readiness, and wants to also extend the offer to private entities.β¦
Webinar This year's RSA Conference saw SANS security experts gather to identify and discuss five of the most dangerous cyber attack techniques identified in the first half of the year. If you missed the original debate, don't worry, you have another chance to learn what you should be looking out for.β¦
The Russian criminal crew Sandworm is launching another attack against organizations in Ukraine, using a ransomware that analysts at Slovakian software company ESET are calling RansomBoggs.β¦
Europol has arrested hundreds of fraudsters, money launderers and cocaine kingpins, and shut down thousands of websites selling pirated and counterfeit products in a series of raids over the past month.β¦
India's Telecom Regulatory Authority (TRAI) has announced a fresh crackdown on TXT spam β this time using artificial intelligence, after a previous blockchain-powered effort delivered mixed results.β¦
Updates to Windows Server released as part of this month's Patch Tuesday onslaught might cause some domain controllers to stop working or automatically restart, according to Microsoft.β¦
Sponsored Post Christmas is a time for gift giving and spending time with your friends and family β but that doesn't have to be all. What if you could add to the fun by taking part in an entertaining free holiday-themed cyber security event that both builds your skills and gives you the chance of adding a stellar prize to the pile of gifts under your tree?β¦
The United States' Federal Communications Commission (FCC) has barred itself from authorizing the import or sale of Chinese telecoms and video surveillance products from Huawei, ZTE, Hytera Communications, Hikvision, and Dahua, on national security grounds.β¦
Webinar Email provides us with an infinite number of possible exchanges. We send approximately 332 billion messages a day but having so much convenience and flexibility at our fingertips also brings security risks.β¦
In brief NordPass has released its list of the most common passwords of 2022, and frankly we're disappointed in all of you.β¦