Beijing sent a message to foreign businesses this week when it launched an investigation into Shanghai-based Capvision Partners on the grounds of national security, accusing the consultancy firm of failure to prevent espionage.β¦
Updated Intel is investigating reports that BootGuard private keys, used to protect PCs from hidden malware, were leaked when data belonging to Micro-Star International (MSI) was stolen and dumped online.Β β¦
Customer information was stolen from the IT systems of Western Digital in the March security breach we've previously reported, forcing the storage manufacturer to shut down its online store until at least next week.β¦
WordPress users with the Advanced Custom Fields plugin on their website should upgrade after the discovery of a vulnerability in the code that could open up sites and their visitors to cross-site scripting (XSS) attacks.β¦
Twitter has finally admitted a "security incident" caused some users' semi-private Twitter Circle tweets to show up on others' timelines.β¦
Microsoft last year said that it was putting off the next version of Exchange Server until the second half of 2025 so engineers could continue bulking up the security of a product that has become a popular target of cybercriminals.β¦
in brief We'd say you'll never guess which telco admitted to a security breakdown last week, but you totally will: T-Mobile US, and for the second time (so far) this year.β¦
This year's DEF CON AI Village has invited hackers to show up, dive in, and find bugs and biases in large language models (LLMs) built by OpenAI, Google, Anthropic, and others.β¦
There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit.β¦
The city of Dallas, Texas, is working to restore city services following a ransomware attack that crippled its IT systems.β¦
Capita is telling pension customers that some data contained within its systems was potentially accessed when criminals broke into the outsourcing giant's tech infrastructure earlier this year.β¦
Updated The UK National Savings and Investment bank is being bombarded with complaints over failing online security and authentication features which customers say have locked them out of their accounts.β¦
The National Computer Virus Emergency Response Center of China and local infosec outfit 360 Total Security have conducted an investigation called "The Matrix" that found the CIA conducts offensive cyber ops, and labelled the United States an "Empire of Hacking".β¦
Joe Sullivan won't serve any serious time behind bars for his role in covering up Uber's 2016 computer security breach and trying to pass off a ransom payment as a bug bounty.β¦
The US Federal Trade Commission is preparing to take action against Facebook parent company Meta for a third time over claims it failed to protect user privacy, as required under a 2020 agreement Meta made with the regulator.β¦
Google wants to take us further into a passwordless future by allowing personal account holders to login using passkeys rather than using passphrases and multifactor authentication (MFA).β¦
Meta says it has shut down over 1,000 links related to ChatGPT that lead its users to malware, as criminals seek to profit from the current craze for generative AI.β¦
Merck's insurers can't use an "act of war" clause to deny the pharmaceutical giant an enormous payout to clean up its NotPetya infection, a court has ruled.β¦
Logowatch Google plans to retire the padlock icon that appears in the Chrome status bar during a secure HTTPS web browsing session because the interface graphic has outlived its usefulness.β¦
Sponsored Post The importance of certifications such as the GIAC (Global Information Assurance Certification) has never been greater for infosec professionals. Because adding them to the CV will not only improve individual skill levels, but also differentiate candidates in an increasingly competitive cyber security industry.β¦
Apple on Monday pushed to some iPhones and Macs its first-ever rapid security fix.β¦
The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet.β¦
Apple and Google have come together to develop an industry specification to prevent "unwanted tracking," otherwise known as stalking, via Bluetooth location tracking tags.β¦
In an international operation 288 people have been arrested across the US, Europe and South America after allegedly selling opioids on the now-shuttered Monopoly Market dark web drug trafficking marketplace, according to US and European law enforcement.β¦
Webinar Every organization needs a full set of data recovery tools. The sort that will get you back up and running quickly after a ransomware attack, outage, or accidental data deletion. And it's best to be prepared in advance rather than deal with the data disaster face to face when it happens.β¦
Data loss β particularly from ransomware attacks β has always been a costly proposition for enterprises. However, the price organizations have to pay is going up, not only in terms of the ransom demanded but also for the cost of investigating attacks and the lawsuits that increasingly follow in the wake of such breaches.β¦
The Kremlin-backed threat group APT28 is flooding Ukrainian government agencies with email messages about bogus Windows updates in the hope of dropping malware that will exfiltrate system data.β¦
Warrantless searches of US residents' communications by the FBI dropped sharply last year β from about 3.4 million in 2021 to 119,383 in 2022, according to Uncle Sam.β¦
German IT services provider Bitmarck has shut down all of its customer and internal systems, including entire datacenters in some cases, following a cyberattack.Β β¦
Sponsored Feature There's no question that fast-feedback software delivery offers multiple advantages by streamlining processes for developers. But in software development, as in life, there is no such thing as a free lunch.β¦
in brief You may have heard news this week that Google is finally updating its authenticator app to add Google account synchronization. Before you rush to ensure your two-factor secrets are safe in the event you lose your device, take heed: The sync process isn't end-to-end encrypted.β¦
Who, Me? Welcome once again, gentle reader, to the safe space we call Who, Me? in which Reg readers can confess to the naughty or not-quite-competent things they did at work, knowing they will not be judged.β¦
China has 50 hackers for every one of the FBI's cyber-centric agents, the Bureau's director told a congressional committee last week.β¦
Wikipedia won't be age-gating its services no matter what final form the UK's Online Safety Bill takes, two senior folks from nonprofit steward the Wikimedia Foundation said this morning.β¦
Google said it obtained a court order to shut down domains used to distribute CryptBot after suing the distributors of the info-stealing malware.β¦
Microsoft is rewriting core Windows libraries in the Rust programming language, and the more memory-safe code is already reaching developers.β¦
You might want to think twice before typing anything into Microsoft's Edge browser, as an apparent bug in a recent release of Redmond's Chromium clone appears to be funneling URLs you visit back to the Bing API.β¦
The US government is aggressively pursuing three men accused of wide-ranging and complex conspiracies of laundering stolen and illicit cryptocurrency that the North Korean regime used to finance its massive weapons programs.β¦
Sponsored Feature Change in the tech industry is usually evolutionary, but perhaps more interesting are the exceptions to this rule β the microprocessor in 1968, the IBM PC in 1981, the web in 1989, the smartphone in 2007. These are the technologies whose appearance began new eras that completely reshaped the industry around them.β¦
Apache Superset until earlier this year shipped with an insecure default configuration that miscreants could exploit to login and take over the data visualization application, steal data, and execute malicious code.β¦
RSA Conference A group of some of the largest operational technology companies are using this year's RSA Conference as an opportunity to launch an open source early-threat-warning system designed for OT and industrial control systems (ICS) environments.Β β¦
Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into the targeted systems.β¦
In Brief We thought it was probably the case when the news came out, but now it's been confirmed: The X_Trader supply chain attack behind the 3CX compromise last month wasn't confined to the telco developer.β¦
Asia In Brief Chinese scientists have estimated the mass of the Milky Way.β¦
Europe's air-traffic agency appears to be the latest target in pro-Russian miscreants' attempts to disrupt air travel.β¦
Microsoft has partnered with organizations around the globe to bring more women into infosec roles, though the devil is in the details.β¦
An international group of law enforcement agencies are urging Meta not to standardize end-to-end encryption on Facebook Messenger and Instagram, which they say will harm their ability to fight child sexual abuse material (CSAM) online.β¦
Sponsored Post Digital patient medical records now cover a whole gamut of sensitive details such as clinical diagnoses/treatments, prescriptions, personal finances and insurance policies. Which makes keeping them safe more important than ever.β¦
On Call Itβs always twelve oβclock somewhere, the saying goes, but Friday comes around but once a week and only this day does The Register offer a fresh instalment of On Call, our reader-contributed tales of tech support torture and turmoil.β¦
Business process outsourcing and tech services player Capita says there is proof that some customer data was scooped up by cyber baddies that broke into its systems late last month.β¦
The supply-chain attack against 3CX last month was caused by an earlier supply-chain compromise of a different software firm β Trading Technologies β according to Mandiant, whose consulting crew was hired by 3CX to help the VoIP biz investigate the intrusion.β¦
Sponsored Feature For some time now, alerts concerning the utilisation of AI by cybercriminals have been sounded in specialist and mainstream media alike β with the set-to between AI-armed attackers and AI-protected defenders envisaged in vivid gladiatorial terms.β¦
Sponsored Post Some of the most famous cyber attacks in history have been directed against Industrial Control Systems (ICS).β¦
The Medusa ransomware gang has put online what it claims is a massive leak of internal Microsoft materials, including Bing and Cortana source code.β¦
Six years after a jury decided otherwise, Google has convinced an appeals court to reverse a $20 million patent judgment against the web giant.β¦
Analysis Israeli spyware shop QuaDream is reportedly shutting down due to financial troubles.β¦
Developers who use GitHub Actions to build software packages for the npm registry can now add a command flag that will publish details about the code's origin.β¦
Webinar There's nothing complicated about the statistics released in Sysdig's latest report. They're alarming and should keep many an IT team up at night.β¦
Four US citizens have been accused of working on behalf of the Russian government to push pro-Kremlin propaganda and unduly influence elections in Florida.β¦
The UK and US governments have sounded the alarm on Russian intelligence targeting unpatched Cisco routers to deploy malware and carry out surveillance.β¦