A French citizen was scheduled to appear before a US court on Friday on a nine-count indictment related to his alleged involvement in the ShinyHunters cybercrime gang that trafficked in identity and corporate data theft and sometimes extortion.β¦
Microsoft is urging organizations to protect their Exchange servers from cyberattacks by keeping them updated and hardened, since online criminals are still going after valuable data in the email system.β¦
Uncle Sam has put up a $10 million reward for intel on Hive ransomware criminals' identities and whereabouts, while Russia has blocked the FBI and CIA websites, along with the Rewards for Justice site offering the bounty.β¦
Sponsored Post They say there's no such thing as a free lunch, but in fact there's a veritable feast of valuable resources online for infosec professionals which won't cost you anything.β¦
The UK's National Cyber Security Centre (NCSC) has warned of two similar spear-phishing campaigns, one originating from Russia, the other from Iran.β¦
The FBI said it has shut down the Hive's ransomware network, seizing control of the notorious gang's servers and websites, and thwarting the pesky criminals' ability to sting future victims.β¦
The FBI has confirmed what cybersecurity researchers have been saying for months: the North Korean-sponsored Lazarus Group was behind the theft last year of $100 million in crypto assets from blockchain startup Harmony.β¦
Google's Threat Analysis Group (TAG) has burned more than 50,000 spammy fake news stories and other content posted by the pro-China 'Dragonbridge' gang.β¦
A man suspected of stealing personal data belonging to tens of millions of people worldwide and selling that info on cybercrime forums has been arrested by Dutch police.β¦
Most Windows-powered datacenter systems and applications remain vulnerable to a spoofing bug in CryptoAPI that was disclosed by the NSA and the UK National Cyber Security Center (NCSC) and patched by Microsoft last year, according to Akamai's researchers.β¦
Microsoft in March will start blocking Excel XLL add-ins from the internet to shut down an increasingly popular attack vector for miscreants.β¦
Webinar The implementation of lockdowns during the maelstrom of the Coronavirus pandemic led to fast track changes to traditional work practices. To meet the challenges of operating in a global emergency, businesses and organizations of every kind had to urgently find a way to keep operating.β¦
Sponsored Post The scale of cybersecurity threats facing Latin America was brought into focus by recently when it published details of NICKEL, a "China-based threat actor". The malware was used to attack global organisations with "a large amount of activity" targeting Central and South America, including Mexico and Brazil.β¦
Remote access outfit GoTo has admitted that a threat actor exfiltrated an encryption key that allowed access to "a portion" of encrypted backup files.β¦
VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software.Β β¦
Apple has issued an emergency patch for older kit to fix a WebKit security flaw that Cupertino warns is under active attack.β¦
Research conducted by Fujitsu suggests there is no need to panic about quantum computers being able to decode encrypted data β this is unlikely to happen in the near future, it claims.β¦
Microsoft's move last year to block macros by default in Office applications is forcing miscreants to find other tools with which to launch cyberattacks, including the software vendor's LNK files β the shortcuts Windows uses to point to other files.β¦
The Cyberspace Administration of China (CAC) has preempted celebrations for Lunar New Year β the Year of the Rabbit* commences on January 22 β by warning citizens to keep evidence of seasonal overindulgence off the internet.β¦
In brief Nearly 3,000 immigrants seeking asylum in the United States have been released from custody after Immigration and Customs Enforcement (ICE) officials inadvertently published their personal information online.β¦
Asia In Brief India's IT minister has signaled he is willing to revisit a proposal to use government fact checkers to decide what is fake news that should be removed from social media.β¦
Ireland's data protection authority has fined WhatsApp Ireland β¬5.5 million for breaches of the GDPR relating to its service and told it comply with data processing laws within six months.β¦
As enterprises around the world continue to move to the cloud, cybercriminals are following right behind them.β¦
T-Mobile US today said someone abused an API to download the personal information of 37 million subscribers.β¦
The personal information of 35,000 PayPal users was exposed in December, according to a notification letter sent to the online payment company's customers this week.β¦
The amount of money paid to ransomware attackers dropped significantly in 2022, and not because the number of attacks fell.β¦
Faculty and students at the University of Texas at Austin (UT) this week became the latest members of a public US university to lose access to Chinese video app TikTok via campus networks.β¦
Email marketing service Mailchimp has confirmed intruders have gained access to more than 100 customer accounts after successfully deploying a social engineering attack.β¦
A Norwegian maritime risk management business is getting a lesson in that very area, after a ransomware attack forced its ShipManager software offline and left 1,000 ships without a connection to on-shore servers.Β β¦
Updated More than 4,000 public-facing Sophos firewalls remain vulnerable to a critical remote code execution bug disclosed last year and patched months later, according to security researchers.β¦
A bill proposed by Washingston state lawmakers would make it illegal for period-tracking apps, Google or any other website to sell consumers' health data while also making it harder for them to collect and share this personal information.β¦
Cybersecurity firm Avast has released a free decryptor for victims of BianLian β an emerging ransomware threat that came into the public eye in last year.β¦
Cybercriminals are famously fast adopters of new tools for nefarious purposes, and ChatGPT is no different in that regard.Β β¦
Updated The Secure Boot process on almost 300 different PC motherboard models manufactured by Micro-Star International (MSI) isn't secure, which is particularly problematic when "Secure" is part of the process description.β¦
Microsoft wants to bulk up the security in Windows Pro editions by ensuring the SMB insecure guest authentication fallbacks are no longer the default setting in the operating system.β¦
Two cryptocurrency exchanges have frozen accounts identified as having been used by North Koreaβs notorious Lazarus Group.β¦
Chinese web and gaming giant Tencent has admitted it fired more than 100 people in 2022 for various forms of corruption β some so serious it reported them to local police.β¦
Opinion For better or worse, we still need passwords, and to protect and organize them, I recommend the open source Bitwarden password manager.β¦
China's government has declared the nation's information security industry needs to grow β fast.β¦
In brief A US intelligence boss has asked Congress to reauthorize a controversial set of powers that give snoops warrantless authorization to surveil electronic communications in the name of fighting terrorism and so forth.β¦
People in Russia can reportedly once again download drivers and some other software from Intel and Microsoft, which both withdrew from the nation after its invasion of Ukraine.β¦
A woman in Canada failed in her claim for wrongful dismissal due to evidence from software designed to track her work time activity.β¦
Techies are reporting that Microsoft Defender for Endpoint attack surface reduction (ASR) rules have gone haywire and are removing icons and applications shortcuts from the Taskbar and Start Menu.β¦
Lengthy privacy notices included in a social media platform's terms of service can do little to help it comply with transparency requirements under European law, according to recently revealed documents from a case in which Meta was fined β¬390 million ($414 million).β¦
On-Call Welcome once again to On-Call, The Register's weekly compendium of tales from readers who were asked to deal with IT oddities and mostly emerged unscathed.β¦
European cops arrested 15 suspected scammers and shut down a multi-country network of call centers selling fake cryptocurrency that law enforcement said stole upwards of hundreds of million euros from victims.β¦
Microsoft has messed up a zero trust upgrade its service provider partners have been asked to implement for customers.β¦
The US Securities and Exchange Commission (SEC) has sued international law firm Covington & Burling for details about 298 of the biz's clients whose information was accessed by a Chinese state-sponsored hacking group in November 2020.β¦
Microsoft researchers are working on a text-to-speech (TTS) model that can mimic a person's voice β complete with emotion and intonation β after a mere three seconds of training.β¦
Three years from now, hypothetically, China launches an amphibious invasion of Taiwan. It does not go well, according to a top Washington think tank report.β¦
Final update Royal Mail confirmed a "cyber incident" has disrupted its ability to send letters and packages abroad, and also caused some delays on post coming into the UK.β¦
GPT-3 language models are being abused to do much more than write college essays, according to WithSecure researchers.β¦
Included in the usual tsunami of fixes Microsoft issued this week as part of Patch Tuesday was one that took care of a connectivity problem for applications using the Open Database Connectivity (ODBC) interface.β¦
Google users don't have enough choice over whether β and to what extent β they agree to "far-reaching processing of their data across services," Germany's competition regulator says, adding that the tech giant should change its "data processing" terms and practices.β¦
A supposedly secure messaging app preferred by the Swiss government and army was infested with bugs β possibly for a long time β before an audit by ETH Zurich researchers.β¦
Global insurer Aflac's Japanese branch has revealed that personal data describing more than three million customers of its cancer insurance product has been leaked online.β¦
Boffins based in China and the UK have devised a telecom network attack that can expose call metadata during VoLTE/VoNR conversations.β¦
Patch Tuesday Microsoft fixed 98 security flaws in its first Patch Tuesday of 2023 including one that's already been exploited and another listed as publicly known. Of the new January vulnerabilities, 11 are rated critical because they lead to remote code execution.β¦
Russian disinformation didn't materially affect the way people voted in the 2016 US presidential election, according to a research study published on Monday, though that doesn't make the effect totally inconsequential.β¦
California's street-legal ink license plates only received a nod from the US government in October, but reverse engineers have already discovered vulnerabilities in the system allowing them to track each plate, reprogram them or even delete them at a whim.β¦