Sponsored Feature Ransomware gangs that steal and encrypt vital business data before extorting payment for its decryption and restoration are ramping up global attacks at an ever-increasing rate. In fact, cyber security experts agree that ransomware now represents one of - if not the most - serious cybersecurity threats currently facing governments, public/private sector organisations and enterprises around the world.β¦
Infosec in brief Almost as quickly as a paper came out last week revealing an AI side-channel vulnerability, Cloudflare researchers have figured out how to solve it: just obscure your token size.β¦
Feature While in a rush to understand, build, and ship AI products, developers and data scientists are being urged to be mindful of security and not fall prey to supply-chain attacks.β¦
IT helpdesk workers are increasingly the target of cybercriminals β a trend researchers have described as "the most noteworthy" of the past year.β¦
The London Mayor's Office for Policing and Crime is being rapped by regulators for untidy tech practices that made public the personal data of hundreds of people who filed complaints against the Metropolitan Police Service.β¦
Updated There's another Chinese-manufactured product β joining the likes of TikTok, cars and semiconductors β that poses a national security risk to Americans: Electronic locks, such as those used in safes.β¦
A pair of tech support businesses accused of swindling marks out of their hard-earned cash have agreed to cough up a $26 million settlement following an undercover probe by the FTC.β¦
A LockBit ransomware kingpin has been sentenced to almost four years behind bars and ordered to pay more than CA$860,000 ($635,000, Β£500,000) in restitution to some of his victims by a Canadian court as he awaits extradition to the US.β¦
Google has enhanced its Safe Browsing service to enable real-time protection in Chrome for desktop, iOS, and soon Android against risky websites, without sending browsing history data to the ad biz.β¦
A French government department - responsible for registering and assisting unemployed people - is the latest victim of a mega data breach that compromised the information of up to 43 million citizens.β¦
The Cybercrime Atlas, a massive undertaking that aims to disrupt cybercriminals across the globe, enters its operational phase in 2024, two years after organizers laid the groundwork at the RSA Conference.β¦
Change Healthcare is being investigated over the alleged 6 TB data theft by the ALPHV ransomware group as it continues recovery efforts.β¦
The United States House of Representatives on Wednesday passed the Protecting Americans from Foreign Adversary Controlled Applications Act β a law aimed at forcing TikTok's Chinese parent ByteDance to sell the app's US operations or face the prospect of a ban.β¦
Over the next few weeks, Nissan Oceania will make contact with around 100,000 people in Australia and New Zealand whose data was pilfered in a December 2023 attack on its systems β perhaps by the Akira ransomware gang.β¦
Google awarded $10 million to 632 bug hunters last year through its vulnerability reward programs.β¦
The operator of the world's longest-running Bitcoin money laundering service faces a 50-year prison sentence after being found guilty in a US court.β¦
Microsoft Copilot for Security, a subscription AI security service, will be generally available on April 1, 2024, the company announced on Wednesday.β¦
Stanford University says the cybersecurity incident it dealt with last year was indeed ransomware, which it failed to spot for more than four months.β¦
Sponsored Feature The world is filled with choices. Whether it's the 20 different types of shampoo on offer at the grocery store, or the dozens of Linux distros you can try for free, you can have it all.β¦
Boffins have managed to pry open closed AI services from OpenAI and Google with an attack that recovers an otherwise hidden portion of transformer models.β¦
Patch Tuesday Microsoft's monthly patch drop has arrived, delivering a mere 61 CVE-tagged vulnerabilities β none listed as under active attack or already known to the public.β¦
An ex-Meta veep has been sued by his former bosses for "brazenly disloyal and dishonest conduct" β and by that, they mean he allegedly stole confidential documents to help him build and recruit colleagues for an AI cloud startup.Β β¦
US President Joe Biden has asked Congress to approve an extra $103 million in funding for the Cybersecurity and Infrastructure Security Agency, bringing CISA's total budget to $3 billion.β¦
Last week, we wrote about how security outfit Rapid7 threw JetBrains, the company behind the popular CI/CD platform TeamCity, under the bus over allegations of silent patching. Now, JetBrains has gone on the offensive.β¦
Leicester City Council says IT systems and a number of its critical service phone lines will remain down until later this week at the earliest following a "cyber incident".β¦
Several French government websites have been disrupted by a severe distributed denial of service attack.β¦
The Biden administration and US lawmakers are turning up the pressure on UnitedHealth group to ease medical providers' pain after the ransomware attack on Change Healthcare, by expediting payments to hospitals, physicians and pharmacists β among other tactics.β¦
The Kremlin has accused the United States of meddling in Russia's upcoming presidential election, and even accused Uncle Sam of planning a cyberattack on the country's online voting system.β¦
The British Library says legacy IT is the overwhelming factor delaying efforts to recover from the Rhysida ransomware attack in late 2023.β¦
The UK's Information Commissioner's Office (ICO) has opened a consultation on "consent or pay" business models. We're sure readers of The Register will have a fair few things to say.β¦
Infosec in brief Cybersecurity researchers informed Microsoft that Notorious North Korean hackers Lazarus Group discovered the "holy grail" of rootkit vulnerabilities in Windows last year, but Redmond still took six months to patch the problem.β¦
There's yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed vulnerabilities before vendors have issued a fix.β¦
Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems. The Redmond giant also characterized the intrusion as "ongoing."β¦
Change Healthcare has taken the first steps toward a full recovery from the ransomware attack in February by bringing its electronic prescription services back online.β¦
Millions of Chrome users now have a way to guard against the threat of extension subversion, that is, if they don't mind installing yet another browser extension.β¦
The Swiss government had around 65,000 files related to it stolen by the Play ransomware gang during an attack on an IT supplier, its National Cyber Security Center (NCSC) says.β¦
Online graphic design platform Canva went looking for security problems in fonts, and found three β in "strange places."β¦
The US government and some of the largest open source foundations and package repositories have announced a series of initiatives intended to improve software supply-chain security, while also repeating calls for developers to increase support for such efforts.β¦
A group of 41 US state attorneys general, tired of serving as a customer complaint clearinghouse for Facebook and Instagram users, have sent a letter to Meta asking it to figure out how to reduce a "dramatic and persistent spike" in account takeovers.β¦
A criminal claiming to be an ALPHV/BlackCat affiliate β the gang responsible for the widely disruptive Change Healthcare ransomware infection last month βΒ may have ties to Chinese government-backed cybercrime syndicates.β¦
Security researchers are increasingly seeing active exploit attempts using the latest vulnerabilities in JetBrains' TeamCity that in some cases are leading to ransomware deployment.β¦
Belgian beer brewer Duvel says a ransomware attack has brought its facility to a standstill while its IT team works to remediate the damage.β¦
Hypervisors are supposed to provide an inviolable isolation layer between virtual machines and hardware. But hypervisor heavyweight VMware by Broadcom yesterday revealed its hypervisors are not quite so inviolable as it might like.β¦
Stolen ChatGPT credentials are a hot commodity on the dark web, according to Singapore-based threat intelligence firm Group-IB, which claims to have found some 225,000 log files containing login details for the service last year.β¦
A group of US lawmakers introduced legislation on Tuesday that, if passed, would force Chinese internet concern ByteDance to divest TikTok β its most valuable property β or see it banned in the US.β¦
Google has been accused of profiting from gift card scams.β¦
A now-former Google employee has been charged with stealing the ad giantβs AI trade secrets while quietly working for two Chinese companies β after easily defeating whatever security controls Big G had in place.β¦
Digital crimes potentially cost victims more than $12.5 billion last year, according to the FBI's latest Internet Crime Complaint Center (IC3) annual report.Β β¦
Apple's latest security patches address four vulnerabilities affecting iOS and iPadOS, including two zero-days that intel suggests attackers have already exploited.β¦
Outsourcing giant Capita today reported a net loss of Β£106.6 million ($135.6 million) for calendar 2023, with the costly cyberattack by criminals making a hefty dent in its annual financials.β¦
SEMI, an industry association representing 3,000 chip vendors, would really appreciate it if the European Union would back off plans to impose export controls on China, arguing that they should only be used as a "last resort" to protect national security.β¦
Japan's government has ordered local tech giants LINE and NAVER to disentangle their tech stacks, after a data breach saw over 510,000 users' data exposed.β¦
The US government has stepped in to help hospitals and other healthcare providers affected by the Change Healthcare ransomware infection, offering more relaxed Medicare rules and urging advanced funding to providers.β¦
Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information β including bank account and routing numbers, credit card numbers and security or access codes β after breaking into Infosys' IT systems in the fall.β¦
Yet another US military man is facing a potentially significant stretch in prison after allegedly sending secret national defense information (NDI) overseas.β¦
Video and audio calling features for X Premium users added last year to Elon Musk's version of Twitter have been expanded to everyone on the platform, and FYI: It may reveal your IP address to those you're nattering away to.β¦
Updated Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server.β¦
Typically it is energy improvement peddlers or debt help specialists that are disgraced by Britain's data watchdog for spamming unsuspecting households, but the latest entrant in the hall of shame is a charity.β¦
Cloudflare has tweaked its web application firewall (WAF) to add protections for applications using large language models.β¦
A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown.β¦