Infosec outfit Checkpoint says it's spotted a Chinese actor targeting diplomatic facilities around Europe.β¦
More than 338,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical bug Fortinet fixed last month that's being exploited in the wild.β¦
America's Transportation Security Agency (TSA) intends to expand its facial-recognition program used to screen US air travel passengers to 430 domestic airports in under a decade.β¦
It's an awkward Monday for Dublin Airport after pay and benefits details for some 2,000 staff were apparently "compromised" following a recent attack on professional service provider Aon.β¦
The United States' National Counterintelligence and Security Center (NCSC) has warned that China's updated Counter-Espionage law β which came into effect on July 1 β is dangerously ambiguous and could pose a risk to global business.β¦
Asia In Brief Japan's government last Friday rebuked Fujitsu for shabby cloud security.β¦
Following claims by ransomware gang LockBit that it has stolen data belonging to TSMC, the chip-making giant has said it was in fact one of its equipment suppliers, Kinmax, that was compromised by the crew, and not TSMC itself.β¦
New Jersey cops must apply for a wiretap order β not just a warrant β for near-continual snooping on suspects' Facebook accounts, according to a unanimous ruling by that US state's Supreme Court.Β β¦
Sponsored Post Nobody here at is likely to argue with Albert Einstein's idea that "intellectual growth should commence at birth and cease only at death".β¦
On Call Hard-coded into The Register's week is that each Friday morning youβll find a new instalment of On Call, our reader contributed tales of tech support troubles.β¦
Fujitsu Japan is in the spotlight again for all the wrong reasons, after fumbling its attempt to fix the nation's troubled ID card scheme.β¦
One of the two men who admitted stealing more than $23 million in royalty payments for songs played on YouTube has been sentenced to nearly six years behind bars for his role in what prosecutors called "one of the largest music-royalty frauds ever."β¦
The most dangerous type of software bug is the out-of-bounds write, according to MITRE this week. This type of flaw is responsible for 70 CVE-tagged holes in the US government's list of known vulnerabilities that are under active attack and need to be patched, we note.β¦
It's been months since "spy balloon" fever gripped the United States, but the headline-grabbing flying object βΒ alleged to have been deployed by China β is back in the news. Preliminary findings from the US inspection of its wreckage show a whole bunch of commercially available hardware made in the States.β¦
Apple has joined the rapidly growing chorus of tech organizations calling on British lawmakers to revise the nation's Online Safety Bill β which for now is in the hands of the House of Lords β so that it safeguards strong end-to-end encryption.β¦
A Russian network security specialist and former editor of Hacker magazine who is wanted by the US and Russia on cybercrime charges has been detained in Kazakhstan as the two governments seek his extradition.β¦
It's bad enough there's some Android stalkerware out there with the not-at-all-creepy moniker LetMeSpy. Now someone's got hold of the information the app collects β such as victims' text messages and call logs β as well as the email addresses of those who sought out the software, and leaked it all.β¦
Police breaking into and snooping on the EncroChat encrypted messaging network has led to 6,558 arrests worldwide and nearly β¬740 million seized in criminal funds, according to cops in France and the Netherlands.β¦
The npm Public Registry, a database of JavaScript packages, fails to compare npm package manifest data with the archive of files that data describes, creating an opportunity for the installation and execution of malicious files.β¦
Sponsored Feature The cybersecurity sector, it is now routinely attested, is in the midst of a long-term skills crisis.β¦
Sponsored Post Imagine if you could get instant advice on how to protect your cloud infrastructure against cyber threats from some of the world's best cloud security experts without leaving the comfort of your chair.β¦
A vendor that operates a pilot recruitment platform used by major airlines exposed the personal files of more than 8,000 pilot and cadet applicants at American Airlines and Southwest Airlines.β¦
Infosec in brief In a case startlingly similar to charges recently unsealed against one-term US president Donald Trump, a former FBI analyst has been jailed for taking sensitive classified material home with her.β¦
JP Morgan has been fined $4 million by America's securities watchdog, the SEC, for deleting millions of email records dating from 2018 relating to its Chase Bank subsidiary.β¦
Webinar In the new age of generative AI, it would be foolhardy to imagine that bad actors won't already be exploiting every opportunity to launch an attack with their own malicious AI generated war machines.β¦
Bug hunters who found security holes in Google β and also responsibly disclosed details of those flaws to the Chocolate Factory β earned more than $12 million in bounty rewards in 2022, marking a record year for the corporation's Vulnerability Reward Programs (VRPs) in terms of payouts and number of vulnerabilities found and fixed.β¦
British law practices of "all sizes and types" have been warned by GCHQ's cyberspy arm that their "widespread adoption of hybrid working" combined with the large sums of money they handle is making them a target.β¦
Webinar The explosion in remote working since the pandemic means the number of people doing their job from home has more than doubled in the UK.β¦
Malware intended to spread on USB drives is unintentionally infecting networked storage devices, according to infosec vendor Checkpoint.β¦
China has a playbook to use IP theft to seize leadership in cloud computing, and other nations should band together to stop that happening, according to Nathaniel C. Fick, the US ambassador-at-large for cyberspace and digital policy.β¦
BlackLotus, the malware capable of bypassing Secure Boot protections and compromising Windows computers, has caught the ire of the NSA, which today published a guide to help organizations detect and prevent infections of the UEFI bootkit.β¦
Ransomware gang BlackCat claims it infected a plastic surgery center, stole "lots" of highly sensitive medical records, and has vowed to leak patients' photos if the clinic doesn't pay up.β¦
Sponsored Feature Friday the 10 of December 2021 is etched in the memory of many IT professionals, but not for reasons they will look back on with fondness. That was the day, just as most American workers were logging off for a long weekend, when a critical vulnerability in an obscure but essential piece of software code first came to widespread attention.β¦
Japanese prime minister Fumio Kishida has ordered an emergency review of the nation's ID Cards, amid revelations of glitches and data leaks that threaten the government's digital services push.β¦
Webinar The one thing a cyber security team can rarely afford to do is relax its vigilance. But count the collective manhours spent on the frontline and the figure starts to look unsustainable, leaving many organizations with little choice but to engage with technology to help defend against malign intent.β¦
Miscreants are right now exploiting two security bugs for which patches exist, one in a VMware network and applications monitoring tool and the other in some TP-Link routers.β¦
Whoever is infecting people's iPhones with the TriangleDB spyware may be targeting macOS computers with similar malware, according to Kaspersky researchers.β¦
The Federal Trade Commission has alleged that genetic testing firm 1Health.io, also known as Vitagene, deceived people when it said it would dispose of their physical DNA sample as well as their collected health data.β¦
Sponsored Post Cybercrime is a global phenomenon, but the effectiveness of measures put in place to fight it varies considerably from one region to another.β¦
Mondelez International has warned 51,000 of its past and present employees that their personal information has been stolen from a law firm hired by the Oreo and Ritz cracker giant.β¦
Reddit this week confirmed ransomware gang BlackCat, aka AlphaV, broke into its corporate systems in February.β¦
UPDATED Singapore-based threat intelligence outfit Group-IB has found ChatGPT credentials in more than 100,000 stealer logs traded on the dark web in the past year.β¦
An infosec incident at a major Australian law firm has sparked fear among the nation's governments, banks and businesses β and a free speech debate.β¦
Infosec in brief Remember earlier this year, when we found out that a bunch of baddies including at least one nation-state group broke into a US federal government agency's Microsoft Internet Information Services (IIS) web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution?β¦
Sponsored Feature Life is tougher than ever for security pros facing a rising tide of cyberattacks. And adversaries are becoming more adept than ever at using diverse methods and technologies to scale up assaults on their selected targets.β¦
In the murky world of political and corporate spin, announcing bad news on Friday afternoon β a time when few media outlets are watching, and audiences are at a low ebb β is called "taking out the trash." And thatβs what Microsoft appears to have done last Friday.β¦
Progress Software on Friday issued a fix for a third critical bug in its MOVEit file transfer suite, a vulnerability that had just been disclosed the day earlier.β¦
FBI agents have arrested a Russian man suspected of being part of the Lockbit ransomware gang. An unsealed complaint alleges the 20-year-old was an Apple fanboy, an online gambler, and scored 80 percent of at least one ransom payment given to the criminals.β¦
Capita is facing its first legal claim over the high profile digital burglary in late March that exposed some customer data to intruders and will cost the outsourcing biz around Β£20 million ($26 million) to clean up.β¦
Here's a curious tale about a highly destructive yet flaky Kremlin-backed crew that was active during the early days of Russia's invasion of Ukraine, then went relatively quiet β until this year.β¦
European commissioner Thierry Breton wants Huawei and ZTE barred throughout the EU, and revealed plans to remove kit made by the Chinese telecom vendors from the Commission's internal networks.β¦
The US Department of Energy and other federal bodies are among a growing list of organizations hit by Russians exploiting the MOVEit file-transfer vulnerability.β¦
Chinese spies are behind the data-stealing malware injected into Barracuda's Email Security Gateway (ESG) devices globally as far back as October 2022, according to Mandiant.β¦
North Korea has created a fake version of South Korea's largest internet portal, Naver, in a large scale phishing attempt, Seoul's National Intelligence Service (NIS) said on Wednesday.β¦
Global nonprofit Women in Cybersecurity (WiCyS), despite months of controversy over the cities named to host its 2024 and 2025 conferences, says it will move forward as planned with the events in Nashville, Tennessee, and Dallas, Texas, respectively.β¦
Seven nations today issued an alert, plus protection tips, about LockBit, the prolific ransomware-as-a-service gang.β¦
Webinar The cloud is floating around everywhere and with the rapid expansion of IT always comes new complexities that alter the threat landscape.β¦
Capita, which is still dealing with a digital break-in that exposed customers' data to criminals, has scored a Β£50 million contract with the City of London police to run contact and engagement services for the force's fraud reporting service.β¦
Sponsored Feature Many organizations are suffering from an identity crisis. Not in the psychological sense, nor in respect to their branding or culture. But in how their IT systems enable employees to access the applications and data they need for work.β¦
A Florida man and his valet appeared in a Miami federal courtroom on Tuesday to respond to criminal charges of document hoarding and related claims.β¦