Malaysia could be putting itself on a collision course with the EU and US as the country looks set to allow Chinese suppliers including Huawei a chance to play a part in its planned 5G network rollout.β¦
Researchers recently uncovered the following novel attack on the Python Package Index (PyPI).β¦
The United States and the Republic of Korea have issued a joint cyber security advisory [PDF] about North Koreas "Kimsuky" cyber crime group.β¦
FAQ You may have seen some headlines about a supply-chain backdoor in millions of Gigabyte motherboards. Here's the lowdown.β¦
Security researchers and the US government have sounded the alarm on a flaw in Progress Software's MOVEit Transfer that criminals have been "mass exploiting" for at least a month to break into IT environments and steal data.β¦
Russian intelligence has accused American snoops and Apple of working together to backdoor iPhones to spy on "thousands" of diplomats worldwide.β¦
Webinar Popular DevOps tools are great when it comes to helping developers optimize digital infrastructure, but there's a potential downside β the hidden risks they can contain which may compromise your supply chain.β¦
America's Federal Trade Commission has made Amazon a case study for every cautionary tale about how sloppily designed internet-of-things devices and associated services represent a risk to privacy β and made the cost of those actions, as alleged, a mere $30.8 million.β¦
A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine, according to Trend Micro analysts.β¦
Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at least two attacks since the beginning of the year.β¦
A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the US border, barring exigent circumstances.β¦
A critical remote command injection vulnerability in some Barracuda Network devices that the vendor patched 11 days ago has been exploited by miscreants β for at least the past seven months.β¦
The criminals who hit one of the biggest government-backed dental care and insurance providers in the US earlier this year hung about for 10 days while they extracted info on nearly 9 million people, including kids from poverty-stricken homes.β¦
SGI may be no more but people are still using its code β and some more of that code may be about to enjoy a revival.β¦
Webinar A software supply chain attack is a hugely painful form of infiltration which can paralyse any business or organization. An attack like a lethal snake bite where the poison silently and swiftly infects your whole software base.β¦
Sponsored Feature What do bears and cyber criminals have in common? Both of them are scary, and they both have the same effect on security teams.β¦
Just days after releasing the second β and supposedly more stable and secure β version of its decentralized finance (DeFi) app, Jimbos Protocol over the weekend was hit by attackers who stole stole 4,090 ETH tokens from the project worth about $7.5 million.β¦
A coalition of 90-plus groups, including Fight for the Future and Mozilla, will descend upon Slack's offices in San Francisco and Denver on Wednesday to ask on the collaboration app to protect users' conversations via end-to-end encryption (E2EE).β¦
Spyware maker NSO Group has a new ringleader, as the notorious biz seeks to revamp its image amid new reports that the company's Pegasus malware is targeting yet more human rights advocates and journalists.β¦
security in brief The fallout from an eight-month-old cyber attack on a county in Long Island, New York has devolved into mud-slinging as leaders try to figure out just what is going on.β¦
The Android Predator spyware has more surveillance capabilities than previously suspected, according to analysis by Cisco Talos, with an assist from non-profit Citizen Lab in Canada.β¦
The US International Trade Administration (ITA) has admitted it promotes the sale of American-approved commercial spyware to foreign governments, and won't answer questions about it, according to US Senator Ron Wyden (D-OR).β¦
BlackByte ransomware crew has claimed Augusta, Georgia, as its latest victim, following what the US city's mayor has, so far, only called a cyber "incident."β¦
Sri Lanka's Ministry of Technology has confirmed it will have a cyber security authority β at some point.β¦
Malware designed to disrupt electric power grids was likely developed by a Russian contractor, according to Mandiant's threat intel team that discovered the malicious software and dubbed it CosmicEnergy.β¦
Register Kettle If there's one thing that's more all the rage these days than this AI hype, it's warrantless spying by the Feds.β¦
The UK Parliament has heard that a facial recognition system used by the Metropolitan police during the Kingβs Coronation can exhibit racial bias at certain thresholds.β¦
China has attacked critical infrastructure organizations in the US using a "living off the land" attack that hides offensive action among everyday Windows admin activity.β¦
Google Play has been caught with its cybersecurity pants down yet again after a once-legit Android screen-and-audio recorder app was updated to include malicious code that listened in on device microphones.β¦
The Philadelphia Inquirer has punched back at the Cuba ransomware gang after the criminals leaked what they said were files stolen from the newspaper.β¦
A former IT security analyst at Oxford Biomedica has admitted, five years after the fact, to turning to the dark side β by hijacking a cyber attack against his own company in an attempt to divert any ransom payments to himself.β¦
When businesses go shopping for IT services, North Korea-controlled companies probably struggle to make it into many lists.β¦
Personal and financial data describing almost 1.9 million Apria Healthcare patients and employees may have been accessed by crooks who breached the company's networks over a series of months in 2019 and 2021.β¦
Dish Network has admitted that a February cybersecurity incident and associated multi-day outage led to the extraction of data on nearly 300,000 people, while also appearing to indirectly admit it may have paid cybercriminals to delete said data.β¦
TikTok, the social video platform used by around 150 million people in the US, is set to hand access to its source code, algorithm and content moderation material to Oracle in a bid to allay data protection and national security concerns stateside.β¦
The FBI has issued a warning about fake job ads that recruit workers into forced labor operations in Southeast Asia β some of which enslave visitors and force them to participate in cryptocurrency scams.β¦
US memory-maker Micron has no idea why Chinese authorities have decided its products represent a security risk, or which customers it's not allowed to sell to.β¦
Uncle Sam announced its commenced over 4,000 legal actions in three months β mostly harshly worded letters β to rein in "money mules" involved in romance scams, business email compromise, and other fraudulent schemes.β¦
in brief Google has settled another location tracking lawsuit, yet again being fined a relative pittance.β¦
The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an unsecured AWS bucket, and, separately, pension clients warning of possible data theft in March's mega breach.β¦
Sponsored Post Cyber criminals never stop learning so nor should you. Fresh security hacks are being concocted and deployed every week, so it's a good idea for cyber security professionals to pool their knowledge when working out how best to defend against them.β¦
Who, Me? Wait? What? Is it Monday already? Not to fear, gentle readerfolk, for Uncle Reg is here with another instalment of Who, Me? β tales of readers having a much worse day than you. Enjoy the schadenfreude.β¦
An 18-year-old Wisconsin man has been charged with allegedly playing a central role in the theft of $600,000 from DraftKings customer accounts.β¦
A Russian IT worker accused of participating in pro-Ukraine denial of service attacks against Russian government websites has been sentenced to three years in a penal colony and ordered to pay 800,000 rubles (about $10,000).Β β¦
Biometrics and surveillance camera commissioner Professor Fraser Sampson has warned that independent oversight of facial recognition is at risk just as the policing minister plans to "embed" it into the force.β¦
Apple has issued a bushel of security updates and warned that three of the flaws it's fixed are under active attack.β¦
Cisco rolled out patches for four critical security vulnerabilities in several of its network switches for small businesses that can be exploited to remotely hijack the equipment.β¦
Microsoft wants to take the decision of which multi-factor authentication (MFA) method to use out of the users' hands and into its own.β¦
PharMerica, one of the largest pharmacy service providers in the US, has revealed its IT systems were breached β and it's feared the intruders stole personal and healthcare data belonging to more than 5.8 million past customersβ¦
The FBI and friends have warned organizations to "strictly limit the use of RDP and other remote desktop services" to avoid BianLian infections and the ransomware gang's extortion attempts that follow the data encryption.β¦
Capita is facing criticism about its security hygiene on a new front after an Amazon cloud bucket containing benefits data on residents in a south east England city council was left exposed to the public web.β¦
Comment In early May, Google Domains added support for eight new top-level domains, two of which β .zip, and .mov β raised the hackles of the security community.β¦
A new-ish messaging service that claimed to put privacy first has pulled its end-to-end encryption claims from its website and its app from both the Apple and Google software stores after being called out online.β¦
Business is very good for affiliates of the Qilin ransomware-as-a-service (RaaS) group, which is very bad for the rest of us.β¦
The Feds have sanctioned a Russian national accused of using LockBit, Babuk, and Hive ransomware to extort a law enforcement agency and nonprofit healthcare organization in New Jersey, and the Metropolitan Police Department in Washington DC, among "numerous" other victim organizations in the US and globally.β¦
A US Department of Transportation computer system used to reimburse federal government employees for commuting costs somehow suffered a security breach that exposed the personal info for 237,000 current and former workers.β¦
Sponsored Post Eminent US businessman Norman Ralph Augustine - who served as United States Under Secretary of the Army, as well as chairman and CEO of the Lockheed Martin Corporation - pointed to the importance of audit and compliance when he famously commented: "Two-thirds of the Earth's surface is covered with water. The other third is covered with auditors from headquarters."β¦
Police have arrested 69 people alleged to have used bots to book up nearly all of Spain's available appointments with immigration officials, and then sold those meeting slots for between β¬30 and β¬200 ($33 to $218) to aspiring migrants.β¦
A VoIP provider was at the heart of billions of robocalls made over the past five years that broke a slew of US regulations, from enabling telemarketing scams to calling numbers on the National Do Not Call Registry, it is claimed.β¦
False alarm: despite a patch notes suggesting otherwise, that mysterious blob of microcode released for many Intel microprocessors last week was not a security update, the x86 giant says.β¦