A VoIP provider was at the heart of billions of robocalls made over the past five years that broke a slew of US regulations, from enabling telemarketing scams to calling numbers on the National Do Not Call Registry, it is claimed.β¦
False alarm: despite a patch notes suggesting otherwise, that mysterious blob of microcode released for many Intel microprocessors last week was not a security update, the x86 giant says.β¦
A cyber "incident" stopped The Philadelphia Inquirer's presses over the weekend, halting the Sunday edition's print edition and shutting down the newspaper's offices to staff until at least Tuesday.β¦
Video Presenting at Black Hat Asia 2023, two infosec researchers detailed how remote updates can be exploited to modify voltage on a Supermicro motherboard and remotely brick machines.β¦
Microsoft's decision to block internet-sourced macros by default last year is forcing attackers to find new and creative ways to compromise systems and deliver malware, according to threat researchers at Proofpoint.β¦
Who Me? Welcome once again to the horrors of Monday, dear reader. But fear not β The Register is here to cushion the blow of the working week's resumption with a instalment of Who, Me?, our reader-contributed stories of tech gone awry.β¦
Ransomware actors aim to spend the shortest amount of time possible inside your systems, and that means the encryption they employ is shoddy and often corrupts your data. That in turn means restoration after paying ransoms is often a more expensive chore than just deciding not to pay and working from our own backups.β¦
Black Hat Asia Arm issued a statement last Friday declaring that a successful side attack on its TrustZone-enabled Cortex-M based systems was "not a failure of the protection offered by the architecture."β¦
in brief Japanese automaker Toyota has admitted yet again to mishandling customer data β this time saying it exposed information on more than two million Japanese customers for the past decade, thanks to a misconfigured cloud environment.Β β¦
European police arrested three people in Belgrade described as "the biggest" drug lords in the Balkans in what cops are chalking up to another win in dismantling Sky ECC's encrypted messaging app last year.β¦
Microsoft in March fixed an interesting security hole in Outlook that was exploited by miscreants to leak victims' Windows credentials. This week the IT giant fixed that fix as part of its monthly Patch Tuesday update.β¦
Nickolas Sharp has been sentenced to six years in prison and ordered to pay almost $1.6 million to his now-former employer Ubiquiti β after stealing gigabytes of corporate data from the biz and then trying to extort almost $2 million from his bosses while posing as an anonymous hacker.β¦
Universities Superannuation Scheme, the UKβs largest private pension provider, says Capita has warned that details of almost half a million members were held on servers accessed during the recent breach.β¦
We hear Privacy International and a few other campaign groups set up camp outside Capita's AGM in London yesterday protesting Capita's involvement as an outsourcer in a UK government GPS tracking contract.β¦
The UK's National Crime Agency has partially won an important legal battle in a case that challenged the warrants used to obtain messages from cyber crook hangout EncroChat.β¦
India's IT minister Rajeev Chandrasekhar will ask WhatsApp to explain what's up, after the Meta-owned messaging service experienced a dramatic increase in spam calls.β¦
US voting machines would undergo deeper examination for computer security holes under proposed bipartisan legislation.β¦
Black Hat Asia Miscreants have infected millions of Androids worldwide with malicious firmware before the devices even shipped from their factories, according to Trend Micro researchers at Black Hat Asia.β¦
Cloud services providers that aren't based in Europe βΒ like the Big Three β may have to team up with a cloud that is operated and maintained from the EU if they want ENISA's stamp of approval for handling sensitive data.β¦
Exclusive Software supply chain management biz Sonatype has laid off 14 percent of its global workforce, according to internal documents seen by The Register.β¦
Updated Twitter has rolled out some quality of life updates for direct messages on the platform, and CEO Elon Musk reckons the site is to start encrypting DMs, beginning today, without providing proof that's the case.β¦
Sponsored Microsoft 365 has worked its way into so many facets of our organizations that it can be hard to imagine what life would be like without it.β¦
A 23-year-old British citizen has confessed to "multiple schemes" involving computer crimes, including playing a part in the July 2020 Twitter attack that saw the accounts of Amazon CEO Jeff Bezos, Kanye West, and former President Barack Obama hijacked by an unidentified crew.β¦
Britain's leaky outsourcing behemoth Capita is warning investors that the clean-up bill for its recent digital break-in will cost up to Β£20 million ($25.24 million).β¦
Japan's minister for digital transformation and digital reform, Taro Kono, has apologized after a government app breached citizens' privacy.β¦
Patch Tuesday May's Patch Tuesday brings some good and some bad news, and if you're a glass-half-full type, you'd lead off with Microsoft's relatively low number of security fixes: a mere 38.β¦
The FBI has cut off a network of Kremlin-controlled computers used to spread the Snake malware which, according to the Feds, has been used by Russia's FSB to steal sensitive documents from NATO members for almost two decades.β¦
Microsoft is hoping to curb a growing threat to multi-factor authentication (MFA) by enforcing a number-matching step for those using Microsoft Authenticator push notifications when signing into services.β¦
Tired of working for an egomaniacal startup boss or dull enterprise biz? A new org has been proposed called the Tech Lab, where you'd investigate the worst kinds of surveillance by governments on their citizens. In which despotic state, you ask? Surprise! You could base yourself in any European city.β¦
Beijing sent a message to foreign businesses this week when it launched an investigation into Shanghai-based Capvision Partners on the grounds of national security, accusing the consultancy firm of failure to prevent espionage.β¦
Updated Intel is investigating reports that BootGuard private keys, used to protect PCs from hidden malware, were leaked when data belonging to Micro-Star International (MSI) was stolen and dumped online.Β β¦
Customer information was stolen from the IT systems of Western Digital in the March security breach we've previously reported, forcing the storage manufacturer to shut down its online store until at least next week.β¦
WordPress users with the Advanced Custom Fields plugin on their website should upgrade after the discovery of a vulnerability in the code that could open up sites and their visitors to cross-site scripting (XSS) attacks.β¦
Twitter has finally admitted a "security incident" caused some users' semi-private Twitter Circle tweets to show up on others' timelines.β¦
Microsoft last year said that it was putting off the next version of Exchange Server until the second half of 2025 so engineers could continue bulking up the security of a product that has become a popular target of cybercriminals.β¦
in brief We'd say you'll never guess which telco admitted to a security breakdown last week, but you totally will: T-Mobile US, and for the second time (so far) this year.β¦
This year's DEF CON AI Village has invited hackers to show up, dive in, and find bugs and biases in large language models (LLMs) built by OpenAI, Google, Anthropic, and others.β¦
There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit.β¦
The city of Dallas, Texas, is working to restore city services following a ransomware attack that crippled its IT systems.β¦
Capita is telling pension customers that some data contained within its systems was potentially accessed when criminals broke into the outsourcing giant's tech infrastructure earlier this year.β¦
Updated The UK National Savings and Investment bank is being bombarded with complaints over failing online security and authentication features which customers say have locked them out of their accounts.β¦
The National Computer Virus Emergency Response Center of China and local infosec outfit 360 Total Security have conducted an investigation called "The Matrix" that found the CIA conducts offensive cyber ops, and labelled the United States an "Empire of Hacking".β¦
Joe Sullivan won't serve any serious time behind bars for his role in covering up Uber's 2016 computer security breach and trying to pass off a ransom payment as a bug bounty.β¦
The US Federal Trade Commission is preparing to take action against Facebook parent company Meta for a third time over claims it failed to protect user privacy, as required under a 2020 agreement Meta made with the regulator.β¦
Google wants to take us further into a passwordless future by allowing personal account holders to login using passkeys rather than using passphrases and multifactor authentication (MFA).β¦
Meta says it has shut down over 1,000 links related to ChatGPT that lead its users to malware, as criminals seek to profit from the current craze for generative AI.β¦
Merck's insurers can't use an "act of war" clause to deny the pharmaceutical giant an enormous payout to clean up its NotPetya infection, a court has ruled.β¦
Logowatch Google plans to retire the padlock icon that appears in the Chrome status bar during a secure HTTPS web browsing session because the interface graphic has outlived its usefulness.β¦
Sponsored Post The importance of certifications such as the GIAC (Global Information Assurance Certification) has never been greater for infosec professionals. Because adding them to the CV will not only improve individual skill levels, but also differentiate candidates in an increasingly competitive cyber security industry.β¦
Apple on Monday pushed to some iPhones and Macs its first-ever rapid security fix.β¦
The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet.β¦
Apple and Google have come together to develop an industry specification to prevent "unwanted tracking," otherwise known as stalking, via Bluetooth location tracking tags.β¦
In an international operation 288 people have been arrested across the US, Europe and South America after allegedly selling opioids on the now-shuttered Monopoly Market dark web drug trafficking marketplace, according to US and European law enforcement.β¦
Webinar Every organization needs a full set of data recovery tools. The sort that will get you back up and running quickly after a ransomware attack, outage, or accidental data deletion. And it's best to be prepared in advance rather than deal with the data disaster face to face when it happens.β¦
Data loss β particularly from ransomware attacks β has always been a costly proposition for enterprises. However, the price organizations have to pay is going up, not only in terms of the ransom demanded but also for the cost of investigating attacks and the lawsuits that increasingly follow in the wake of such breaches.β¦
The Kremlin-backed threat group APT28 is flooding Ukrainian government agencies with email messages about bogus Windows updates in the hope of dropping malware that will exfiltrate system data.β¦
Warrantless searches of US residents' communications by the FBI dropped sharply last year β from about 3.4 million in 2021 to 119,383 in 2022, according to Uncle Sam.β¦
German IT services provider Bitmarck has shut down all of its customer and internal systems, including entire datacenters in some cases, following a cyberattack.Β β¦
Sponsored Feature There's no question that fast-feedback software delivery offers multiple advantages by streamlining processes for developers. But in software development, as in life, there is no such thing as a free lunch.β¦
in brief You may have heard news this week that Google is finally updating its authenticator app to add Google account synchronization. Before you rush to ensure your two-factor secrets are safe in the event you lose your device, take heed: The sync process isn't end-to-end encrypted.β¦