Login
Malware reportedly developed by a little-known Israeli commercial spyware maker has been found on devices of journalists, politicians, and an NGO worker in multiple countries, say researchers.Β β¦
Microsoft patched 97 security flaws today for April's Patch Tuesday including one that has already been found and exploited by miscreants attempting to deploy Nokoyawa ransomware.β¦
A design flaw in Microsoft Azure β that shared key authorization is enabled by default when creating storage accounts β could give attackers full access to your environment, according to Orca Security researchers.β¦
In Brief More than 40 percent of surveyed IT security professionals say they've been told to keep network breaches under wraps despite laws and common decency requiring disclosure.β¦
If you want to sneak malware onto people's Android devices via the official Google Play store, it may cost you about $20,000 to do so, Kaspersky suggests.β¦
The liquidators picking over the remains of FTX have released their first formal report into Sam Bankman-Fried's imploded empire β and it somehow appears things are worse than feared.β¦
Apple rolled out patches on Good Friday to its iOS, iPadOS, and macOS operating systems and the Safari web browser to address vulnerabilities found by Google and Amnesty International that were exploited in the wild.β¦
Owners of Dropcam security cameras and Nest Secure systems have been given an unwelcome deadline from Google: their smart home products will be shut off April 8 next year.β¦
Microsoft and Fortra are taking legal and technical actions to thwart cyber-criminals from using the latter company's Cobalt Strike software to distribute malware.β¦
Sponsored Feature Most economies and business sectors are dealing with extreme volatility and economic uncertainty. Even as the dislocation caused by the pandemic three years ago looked to be settling down, business leaders have had to contend with geopolitical concerns, rising interest rates, and surging inflation.β¦
Owners of MSI-brand motherboards, GPUs, notebooks, PCs, and other equipment should exercise caution when updating their device's firmware or BIOS after the manufacturer revealed it has recently suffered a cyberattack.β¦
The chunk of internal source code Twitter released the other week contains a "shadow ban" vulnerability serious enough to earn its own CVE, as it can be exploited to bury someone's account of sight "without recourse."β¦
A handful of bugs in Nexx's smart home devices can be exploited by crooks to, among other things, open doors, power off appliances, and disable alarms. More than 40,000 of these gadgets in residential and commercial properties are said to be vulnerable after the manufacturer failed to act.β¦
A vulnerability identified in at least 55 Wi-Fi router models can be exploited by miscreants to spy on victims' data as it's sent over a wireless network.β¦
Automotive security experts say they have uncovered a method of car theft relying on direct access to the vehicle's system bus via a smart headlamp's wiring.β¦
ACRO, the UK's criminal records office, is combing over a "cyber security incident" that forced it to pull its customer portal offline.β¦
Spanish cops have arrested a 19-year-old suspected of stealing records belonging to half a million taxpayers and developing a database to sell stolen information to other cyber criminals.β¦
The FBI today released additional information about its takedown of the Genesis Market, a major online shop for stolen account access credentials, revealing that they'd pwned the marketplace for at least two years.β¦
Microsoft is updating a service introduced last year that shifts the responsibility of patching Windows devices from IT admins to the vendor itself.β¦
A notorious source of stolen credentials, genesis.market, has had its website seized by the FBI.β¦
The US Department of Justice has seized cryptocurrency worth about $112 million from accounts linked to so-called pig butchering investment scams.β¦
A Forcepoint staffer has blogged about how he used ChatGPT to craft some code that exfiltrates data from an infected machine. At first, it sounds bad, but in reality, it's nothing an intermediate or keen beginner programmer couldn't whack together themselves anyway.β¦
Fresh off the back of an embarrassing "grilling" by US Congress on national security grounds, TikTok has received a more concrete reprimand from the UK's Information Commissioner's Office (ICO) β a fine of Β£12.7 million ($15.8 million) for "misusing children's data."β¦
Australia's Westpac bank re-wrote its job ads for infosec roles after finding the language it used deterred female candidates.β¦
Academics in the US have developed an attack dubbed NUIT, for Near-Ultrasound Inaudible Trojan, that exploits vulnerabilities in smart device microphones and voice assistants to silently and remotely access smart phones and home devices.β¦
Uber has had more of its internal data stolen from a third party that suffered a security breach. This time, the personal info of the app's drivers was swiped by miscreants from the IT systems of law firm Genova Burns.β¦
The last few days of America's tax season are stressful enough, dealing with deadlines and, increasingly, online scams. Now comes another one, a sophisticated and ongoing phishing campaign by a threat group dubbed "Tactical#Octopus" that is using tax-related lures to spread malware.β¦
Capita β everyone's favorite outsourcing badass β is still working to restore services for some customers after admitting the IT outage of certain services on Friday was caused by a cyber attack and efforts to contain the infiltration.β¦
Webinar Keeping digital authentication credentials safe is a highly sensitive task in an ever-evolving IT landscape, made more difficult when you consider the ongoing shift from static to dynamic applications aligned with increasingly distributed teams of workers.β¦
Western Digital is today dealing with a "network security incident" after detecting a break-in into its internal systems by an unauthorized third party.β¦
Updated The CEO of VoIP software provider 3CX said his team tested its products in response to alerts of suspicious activity that was later found to be a supply chain attack, and assessed reports of issues with the software as a false positive.β¦
Almost two million mobile phone subscribers in Vietnam are at risk of having their services severed, thanks to a new government policy that seeks to curb spam.β¦
In Brief The principal of a Florida science and technology charter school has resigned after allegedly writing a $100,000 check to an Elon Musk impersonator using school funds.β¦
Ukrainian cops have arrested two suspects and detained 10 others for their alleged roles in a cybercrime gang that used phishing scams and phony online marketplaces to steal more than $4.3 million from over 1,000 victims across Europe.β¦
Back in July 2020, then New York City Mayor Bill de Blasio signed the Public Oversight of Surveillance Technology (POST) Act into law, which required the New York Police Department to reveal how it uses surveillance technology and to formulate surveillance policies.β¦
Given the importance of the Treasury department's function to Britain, Reg readers might expect the Head of Cyber Security vacancy currently being advertised would come with a salary that reflects its criticality.β¦
In a classic email snafu NHS Highland sent messages to 37 patients infected with HIV and inadvertently used carbon copy (CC) instead of Blind Carbon Copy meaning the recipients could see each otherβs email addresses.β¦
A cyber spy gang supporting Russia is targeting US elected officials and their staffers, in addition to European lawmakers, using unpatched Zimbra Collaboration software in two campaigns spotted by Proofpoint.β¦
An unidentified whistleblower has provided several media organizations with access to leaked documents from NTC Vulkan β a Moscow IT consultancy β that allegedly show how the firm supports Russia's military and intelligence agencies with cyber warfare tools.β¦
An Azure Active Directory (AAD) misconfiguration by Microsoft in one of its own cloud-hosted applications could have allowed miscreants to subvert the IT giant's Bing search engine β even changing search results.β¦
A fast-evolving toolkit that can be used to compromise email and web hosting services represents a disturbing evolution of attacks in the cloud, which for the most part have previously been confined to mining cryptocurrencies.β¦
Two security firms have found what they believe to be a supply chain attack on communications software maker 3CX β and the vendor's boss is advising users to switch to the progressive web app until the 3CX desktop client is updated.β¦
Some Exchange Online users who have the RPS feature turned off by Microsoft can now have it re-enabled β at least until September when the tool is retired.β¦
Webinar Business email compromise (BEC) is possibly the worst of cybercrimes because it abuses trust. It feeds on relationships carefully nurtured over decades and erodes a confidence which is foundational to cooperation, and progress.β¦
Ambiguity in the Wi-Fi specification has left the wireless networking stacks in various operating systems vulnerable to several attacks that have the potential to expose network traffic.β¦
Google Cloud's recently acquired security outfit Mandiant has named a new nasty from North Korea: a cyber crime gang it calls APT43 and accuses of a five-year rampage.β¦
International Talk Like a Pirate Day is still months away β circle September 19 on your calendar, me hearties! β but The Register has found news of technology smuggling in China that suggests a buccaneering approach to imports.β¦
Clipboard-injector malware disguised as Tor browser installers has been used to steal about $400,000 in cryptocurrency from nearly 16,000 users worldwide so far in 2023, according to Kaspersky researchers.β¦
Updated Microsoft's at-times-glitchy Defender service is again causing headaches for IT admins by flagging legitimate URLs as malicious.β¦
By March 2024, instant messaging and real-time media apps operated by large tech platforms in Europe will be required to communicate with other services, per the EU's Digital Markets Act (DMA).β¦
US authorities have charged FTX co-founder Sam Bankman-Fried (aka SBF) with attempting to bribe Chinese officials with $40 million worth of cryptocurrency in exchange for unfreezing trading accounts.β¦
Sponsored Feature Ransomware may currently be the biggest bogeyman for cybersecurity pros, law enforcement, and governments, but it shouldn't divert us from more traditional, but still very disruptive threats.β¦
Senior Chinese government officials have urged Apple CEO Tim Cook to improve the security and privacy features of his company's products.β¦
Happy belated Patch Tuesday from Cupertino: Apple has issued security updates for almost every piece of code it slings - including a fix for a vulnerability in older iOS devices the iGiant believes is under attack right now.β¦
Updated Google Chat histories handed over by the web giant in ongoing Android antitrust litigation reveal the biz has been systematically destroying evidence, according to those suing the big G.β¦
US president Joe Biden on Monday issued an executive order on the "prohibition on use by the United States government of commercial spyware that poses risks to national security" β a title that is not quite as simple it seems.β¦
New York law firm Heidell, Pittoni, Murphy and Bach (HPMB) has agreed to pay $200,000 to settle a data-breach lawsuit related to the now-notorious Hafnium Microsoft Exchange attacks that siphoned sensitive data from victims around the world.Β β¦
In brief A team of hackers from French security shop Synacktiv have won $100,000 and a Tesla Model 3 after subverting the Muskmobile's entertainment system, and from there opening up the car's core management systems.β¦
Opinion As country after country bans TikTok from official systems, itβs fair to ask whatβs so dodgy about a social network filled with dance crazes, makeup advice and cats.β¦
American cybersecurity officials have released an early-warning system to protect Microsoft cloud users.β¦
FreshRSS