Business process outsourcing and tech services player Capita says there is proof that some customer data was scooped up by cyber baddies that broke into its systems late last month.β¦
The supply-chain attack against 3CX last month was caused by an earlier supply-chain compromise of a different software firm β Trading Technologies β according to Mandiant, whose consulting crew was hired by 3CX to help the VoIP biz investigate the intrusion.β¦
Sponsored Feature For some time now, alerts concerning the utilisation of AI by cybercriminals have been sounded in specialist and mainstream media alike β with the set-to between AI-armed attackers and AI-protected defenders envisaged in vivid gladiatorial terms.β¦
Sponsored Post Some of the most famous cyber attacks in history have been directed against Industrial Control Systems (ICS).β¦
The Medusa ransomware gang has put online what it claims is a massive leak of internal Microsoft materials, including Bing and Cortana source code.β¦
Six years after a jury decided otherwise, Google has convinced an appeals court to reverse a $20 million patent judgment against the web giant.β¦
Analysis Israeli spyware shop QuaDream is reportedly shutting down due to financial troubles.β¦
Developers who use GitHub Actions to build software packages for the npm registry can now add a command flag that will publish details about the code's origin.β¦
Webinar There's nothing complicated about the statistics released in Sysdig's latest report. They're alarming and should keep many an IT team up at night.β¦
Four US citizens have been accused of working on behalf of the Russian government to push pro-Kremlin propaganda and unduly influence elections in Florida.β¦
The UK and US governments have sounded the alarm on Russian intelligence targeting unpatched Cisco routers to deploy malware and carry out surveillance.β¦
Security researchers and analysts can now search Microsoft's Threat Intelligence Defender database using file hashes and URLs when pulling together information for network intrusion investigations and whatnot.β¦
Updated Two execs and a multinational payment processing company must pay $650k to the US government, says the FTC, which accuses them of knowingly processing credit card payments for Microsoft-themed support scammers.β¦
Several police forces in Britain are being put on the naughty step by the UK's data watchdog for using a calling app that recorded hundreds of thousands of phone conversations and illegally retained that data.β¦
The UKβs chartered institute for IT has slammed proposed legislation that could see the government open a βback doorβ to encrypted messaging.β¦
Black Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale sensitive details, including bank account information, addresses, and passport photos, stolen from the IT outsourcing giant.β¦
The United States Department of Justice has charged 44 people over schemes prosecutors allege were run by Chinaβs National Police to silence opponents of the Communist Party of China.β¦
An Australian military helicopter crash was reportedly caused by failure to apply a software patch, with a hefty side serving of pilot error.β¦
LockBit has developed ransomware that can encrypt files on Arm-powered Macs, said to be a first for the prolific cybercrime crew.Β β¦
A recruitment business that sent out an eye watering 107 million spam emails is now nursing a Β£130,000 ($161,000) fine from Britainβs data watchdog.β¦
Opinion Most data theft does clear harm to the victim, and often to its customers. But while embarrassing, the cyberattack against MSI in which source code was said to be stolen is harder to diagnose. It looks like a valuable company asset that's cost a lot to develop. That its theft may be no loss is a weird idea. But then, firmware is weirder than we give it credit for. It's even hard to say exactly what it is.β¦
Who, Me? Welcome once more to Who Me? The Registerβs confessional column in which readers admit to being the source of SNAFUs.β¦
In brief Google on Friday released an emergency update for Chrome to address a zero-day security flaw.β¦
Special report United Nations negotiators convened this week in Vienna, Austria, to formulate a draft cybercrime treaty, and civil society groups are worried.β¦
A suspected Nigerian fraudster is scheduled to appear in court Friday for his alleged role in a $6 million plot to scam businesses via email.β¦
Integrating the Local Administrator Password Solution (LAPS) into Windows and Windows Server that came with updates earlier this week is causing interoperability problems with what's called legacy LAPS, Microsoft says.β¦
As Elon Musk tears at Twitter's credibility by demanding businesses and individuals pay for their blue verification checks, Microsoft is pushing its own free digital ID tech to companies and their employees on LinkedIn.β¦
The Spectre vulnerability that has haunted hardware and software makers since 2018 continues to defy efforts to bury it.β¦
To improve security, the cybersecurity industry needs to follow the aviation industry's shift from a blame culture to a "just" culture, according to ISACA director Serge Christiaans.β¦
The FBI has detained a 21-year-old Air National Guardsman suspected of leaking a trove of classified Pentagon documents on Discord.β¦
AT&T is "concealing vital cybersecurity reporting" about its FirstNet phone network for first responders and the US military, according to US Senator Ron Wyden (D-OR), who said the network had been dubbed unsafe by CISA.β¦
Criminals posing as law enforcement agents of the Chinese government are shaking down Chinese nationals living the United States by accusing them of financial crimes and threatening to arrest or hurt them if they don't pay, according to the FBI.β¦
Webinar There's nothing like reading a report based on real world data to give IT teams an fresh sense of priority.β¦
The CEO of VoIP software provider 3CX has teased the imminent release of a security-focused upgrade to the companyβs progressive web application client.β¦
Bots like ChatGPT may not be able to pull off the next big Microsoft server worm or Colonial Pipeline ransomware super-infection but they may help criminal gangs and nation-state hackers develop some attacks against IT, according to Rob Joyce, director of the NSA's Cybersecurity Directorate.β¦
Malware reportedly developed by a little-known Israeli commercial spyware maker has been found on devices of journalists, politicians, and an NGO worker in multiple countries, say researchers.Β β¦
Microsoft patched 97 security flaws today for April's Patch Tuesday including one that has already been found and exploited by miscreants attempting to deploy Nokoyawa ransomware.β¦
A design flaw in Microsoft Azure β that shared key authorization is enabled by default when creating storage accounts β could give attackers full access to your environment, according to Orca Security researchers.β¦
In Brief More than 40 percent of surveyed IT security professionals say they've been told to keep network breaches under wraps despite laws and common decency requiring disclosure.β¦
If you want to sneak malware onto people's Android devices via the official Google Play store, it may cost you about $20,000 to do so, Kaspersky suggests.β¦
The liquidators picking over the remains of FTX have released their first formal report into Sam Bankman-Fried's imploded empire β and it somehow appears things are worse than feared.β¦
Apple rolled out patches on Good Friday to its iOS, iPadOS, and macOS operating systems and the Safari web browser to address vulnerabilities found by Google and Amnesty International that were exploited in the wild.β¦
Owners of Dropcam security cameras and Nest Secure systems have been given an unwelcome deadline from Google: their smart home products will be shut off April 8 next year.β¦
Microsoft and Fortra are taking legal and technical actions to thwart cyber-criminals from using the latter company's Cobalt Strike software to distribute malware.β¦
Sponsored Feature Most economies and business sectors are dealing with extreme volatility and economic uncertainty. Even as the dislocation caused by the pandemic three years ago looked to be settling down, business leaders have had to contend with geopolitical concerns, rising interest rates, and surging inflation.β¦
Owners of MSI-brand motherboards, GPUs, notebooks, PCs, and other equipment should exercise caution when updating their device's firmware or BIOS after the manufacturer revealed it has recently suffered a cyberattack.β¦
The chunk of internal source code Twitter released the other week contains a "shadow ban" vulnerability serious enough to earn its own CVE, as it can be exploited to bury someone's account of sight "without recourse."β¦
A handful of bugs in Nexx's smart home devices can be exploited by crooks to, among other things, open doors, power off appliances, and disable alarms. More than 40,000 of these gadgets in residential and commercial properties are said to be vulnerable after the manufacturer failed to act.β¦
A vulnerability identified in at least 55 Wi-Fi router models can be exploited by miscreants to spy on victims' data as it's sent over a wireless network.β¦
Automotive security experts say they have uncovered a method of car theft relying on direct access to the vehicle's system bus via a smart headlamp's wiring.β¦
ACRO, the UK's criminal records office, is combing over a "cyber security incident" that forced it to pull its customer portal offline.β¦
Spanish cops have arrested a 19-year-old suspected of stealing records belonging to half a million taxpayers and developing a database to sell stolen information to other cyber criminals.β¦
The FBI today released additional information about its takedown of the Genesis Market, a major online shop for stolen account access credentials, revealing that they'd pwned the marketplace for at least two years.β¦
Microsoft is updating a service introduced last year that shifts the responsibility of patching Windows devices from IT admins to the vendor itself.β¦
A notorious source of stolen credentials, genesis.market, has had its website seized by the FBI.β¦
The US Department of Justice has seized cryptocurrency worth about $112 million from accounts linked to so-called pig butchering investment scams.β¦
A Forcepoint staffer has blogged about how he used ChatGPT to craft some code that exfiltrates data from an infected machine. At first, it sounds bad, but in reality, it's nothing an intermediate or keen beginner programmer couldn't whack together themselves anyway.β¦
Fresh off the back of an embarrassing "grilling" by US Congress on national security grounds, TikTok has received a more concrete reprimand from the UK's Information Commissioner's Office (ICO) β a fine of Β£12.7 million ($15.8 million) for "misusing children's data."β¦
Australia's Westpac bank re-wrote its job ads for infosec roles after finding the language it used deterred female candidates.β¦
Academics in the US have developed an attack dubbed NUIT, for Near-Ultrasound Inaudible Trojan, that exploits vulnerabilities in smart device microphones and voice assistants to silently and remotely access smart phones and home devices.β¦