Updated The Secure Boot process on almost 300 different PC motherboard models manufactured by Micro-Star International (MSI) isn't secure, which is particularly problematic when "Secure" is part of the process description.β¦
Microsoft wants to bulk up the security in Windows Pro editions by ensuring the SMB insecure guest authentication fallbacks are no longer the default setting in the operating system.β¦
Two cryptocurrency exchanges have frozen accounts identified as having been used by North Koreaβs notorious Lazarus Group.β¦
Chinese web and gaming giant Tencent has admitted it fired more than 100 people in 2022 for various forms of corruption β some so serious it reported them to local police.β¦
Opinion For better or worse, we still need passwords, and to protect and organize them, I recommend the open source Bitwarden password manager.β¦
China's government has declared the nation's information security industry needs to grow β fast.β¦
In brief A US intelligence boss has asked Congress to reauthorize a controversial set of powers that give snoops warrantless authorization to surveil electronic communications in the name of fighting terrorism and so forth.β¦
People in Russia can reportedly once again download drivers and some other software from Intel and Microsoft, which both withdrew from the nation after its invasion of Ukraine.β¦
A woman in Canada failed in her claim for wrongful dismissal due to evidence from software designed to track her work time activity.β¦
Techies are reporting that Microsoft Defender for Endpoint attack surface reduction (ASR) rules have gone haywire and are removing icons and applications shortcuts from the Taskbar and Start Menu.β¦
Lengthy privacy notices included in a social media platform's terms of service can do little to help it comply with transparency requirements under European law, according to recently revealed documents from a case in which Meta was fined β¬390 million ($414 million).β¦
On-Call Welcome once again to On-Call, The Register's weekly compendium of tales from readers who were asked to deal with IT oddities and mostly emerged unscathed.β¦
European cops arrested 15 suspected scammers and shut down a multi-country network of call centers selling fake cryptocurrency that law enforcement said stole upwards of hundreds of million euros from victims.β¦
Microsoft has messed up a zero trust upgrade its service provider partners have been asked to implement for customers.β¦
The US Securities and Exchange Commission (SEC) has sued international law firm Covington & Burling for details about 298 of the biz's clients whose information was accessed by a Chinese state-sponsored hacking group in November 2020.β¦
Microsoft researchers are working on a text-to-speech (TTS) model that can mimic a person's voice β complete with emotion and intonation β after a mere three seconds of training.β¦
Three years from now, hypothetically, China launches an amphibious invasion of Taiwan. It does not go well, according to a top Washington think tank report.β¦
Final update Royal Mail confirmed a "cyber incident" has disrupted its ability to send letters and packages abroad, and also caused some delays on post coming into the UK.β¦
GPT-3 language models are being abused to do much more than write college essays, according to WithSecure researchers.β¦
Included in the usual tsunami of fixes Microsoft issued this week as part of Patch Tuesday was one that took care of a connectivity problem for applications using the Open Database Connectivity (ODBC) interface.β¦
Google users don't have enough choice over whether β and to what extent β they agree to "far-reaching processing of their data across services," Germany's competition regulator says, adding that the tech giant should change its "data processing" terms and practices.β¦
A supposedly secure messaging app preferred by the Swiss government and army was infested with bugs β possibly for a long time β before an audit by ETH Zurich researchers.β¦
Global insurer Aflac's Japanese branch has revealed that personal data describing more than three million customers of its cancer insurance product has been leaked online.β¦
Boffins based in China and the UK have devised a telecom network attack that can expose call metadata during VoLTE/VoNR conversations.β¦
Patch Tuesday Microsoft fixed 98 security flaws in its first Patch Tuesday of 2023 including one that's already been exploited and another listed as publicly known. Of the new January vulnerabilities, 11 are rated critical because they lead to remote code execution.β¦
Russian disinformation didn't materially affect the way people voted in the 2016 US presidential election, according to a research study published on Monday, though that doesn't make the effect totally inconsequential.β¦
California's street-legal ink license plates only received a nod from the US government in October, but reverse engineers have already discovered vulnerabilities in the system allowing them to track each plate, reprogram them or even delete them at a whim.β¦
Apple "unlawfully records and uses consumers' personal information and activity," claims a new lawsuit accusing the company of tracking iPhone users' device data even when they've asked for tracking to be switched off.β¦
Pakistanβs government has warned its agencies that the dark web exists, is home to all sorts of unpleasant people, and should be avoided.β¦
Two of the US government's leading security agencies are building a machine learning-based analytics environment to defend against rapidly evolving threats and create more resilient infrastructures for both government entities and private organizations.β¦
The US Supreme Court has quashed spyware maker NSO Group's argument that it cannot be held legally responsible for using WhatsApp technology to deploy its Pegasus snoop-ware on users' phones.β¦
In Brief The Federal Communications Commission plans to overhaul its security reporting rules for the telecom industry to, among other things, eliminate a mandatory seven-day wait for informing customers of stolen data and expand the definition of what constitutes an incident.β¦
Briefly this week, it appeared that quantum computers might finally be ready to break 2048-bit RSA encryption, but that moment has passed.β¦
Multiple bugs affecting millions of vehicles from almost all major car brands could allow miscreants to perform any manner of mischief β in some cases including full takeovers βΒ by exploiting vulnerabilities in the vehicles' telematic systems, automotive APIs and supporting infrastructure, according to security researchers.β¦
An international law enforcement effort has released a decryptor for victims of MegaCortex ransomware, widely used by cybercriminals to infect large corporations across 71 countries to the tune of more than $100 million in damages.β¦
Webinar How does your security team prioritize work? When a new attack from a state actor hits the news, do you know if your team should drop everything to hunt for IOCs? Do you understand your security control coverage for the threat actors that might target your organization? Recently, the Red Canary corporate security team asked itself these questions when it was creating its own threat model.β¦
A variant of the bad penny that is Dridex, the general-purpose malware that has been around for years, now has macOS platforms in its sights and a new way of delivering malicious macros via documents.β¦
A New York federal judge told JP Morgan Chase Bank this week that he would not toss a lawsuit accusing the bank of ignoring red flags when cybercrooks stole $272 million from the New York account of the company that makes Ray-Bans in 2019.β¦
Rackspace has confirmed the Play ransomware gang was behind last month's hacking and said it won't bring back its hosted Microsoft Exchange email service, as it continues working to recover customers' email data lost in the December 2 ransomware attack.β¦
Updated More than 200 million Twitter users' information is now available for anyone to download for free.β¦
Updated Former Twitter security chief and whistleblower Peiter "Mudge" Zatko has landed his first official role since he left the company, a part-time job as "executive in residence" with cybersecurity firm Rapid7.β¦
An ex-General Electric engineer has been sentenced to two years in prison after being convicted of stealing the US giant's turbine technology for China.β¦
Updated Long-standing British newspaper The Guardian has told staff to continue working from home and notified the UK's data privacy watchdog about the security breach following a suspected ransomware attack before Christmas.β¦
Updated A legal saga between Meta, Ireland and the European Union has reached a conclusion β at least for now β that forces the social media giant to remove data consent requirements from its terms of service in favor of explicit consent, and subjects it to a few hundred million more euros in fines for the trouble.Β β¦
An unknown attacker used the PyPI code repository to get developers to download a compromised PyTorch dependency that included malicious code designed to steal system data.β¦
Notorious ransomware gang LockBit "formally apologized" for an extortion attack against Canada's largest children's hospital that the criminals blamed on a now-blocked affiliate group, and said it published a free decryptor for the victim to recover the files.β¦
An anti-government protest by truckers in Canada has been called off following "multiple security breaches," according to organizers, who also cited "personal character attacks,"Β as a reason for the withdrawal.β¦
Google has settled two more of the many location tracking lawsuits it had been facing over the past year, and this time the search giant is getting an even better deal: just $29.5 million to resolve complaints filed in Indiana and Washington DC with no admission of wrongdoing.β¦
Blocked by the British government from acquiring Newport Wafer Fab β Britain's largest chip factory β Nexperia has solicited the help of US law firm Akin Gump in the hopes of overturning the ban.β¦
The US government's New Year's resolution for 2023: no more TikTok at work.β¦
Updated A miscreant this Christmas weekend said they are willing to sell public and private info on more than 400 million Twitter accounts.β¦
In brief Merry Christmas, Linux systems administrators: here's a kernel vulnerability with a CVSS score of 10 potentially in your SMB server. It can be exploited to achieve unauthenticated user remote code execution.Β β¦
Password locker LastPass has warned customers that the August 2022 attack on its systems saw unknown parties copy encrypted files that contains customers' stored passwords.β¦
Intruders copied source code belonging to Okta after breaching the identity management company's GitHub repositories.β¦
US regulators want to fine the operators of a claimed massive robocall operation almost $300 million that made more than 5 billion pre-recorded calls over three months early last year.β¦
The Zerobot botnet, first detected earlier this month, is expanding the types of Internet of Things (IoT) devices it can compromise by going after Apache systems.β¦
Sponsored Feature When software vulnerabilities and zero days moved up the enterprise worry list 15 years ago, nobody imagined the world would one day end up with a threat as perplexing as Log4Shell β a vulnerability in the Apache Log4j open source logging framework that's used in software on all major operating systems spanning everything from cloud services to PC games.β¦
Scammers using Google Ads, stolen blog articles, and a "popunder" ad scheme on adult websites pulled in more than $275,000 a month by generating millions of ad impressions every month.β¦
Apple has been accused of selling out human rights for the sake of profit by cooperating with authoritarian censorship demands in China and Russia, according to two reports issued on Thursday.β¦
Crooks are using an Android banking Trojan dubbed Godfather to steal from banking and cryptocurrency exchange app users in 16 countries, according to Group-IB security researchersβ¦