Former NSA cyberspy's not-so-secret hobby: Hacking Christmas lights
Video Rob Joyce explains how it's done
Security25 Dec 2024 | 18
Security
How Androxgh0st rose from Mozi's ashes to become 'most prevalent malware'
Botnet's operators 'driven by similar interests as that of the Chinese state'
Cyber-crime24 Dec 2024 | 1
What do ransomware and Jesus have in common? A birth month and an unwillingness to die
Feature 35 years since AIDS first borked a PC and we're still no closer to a solution
Cyber-crime24 Dec 2024 | 19
One third of adults can't delete device data
Easier to let those old phones gather dust in a drawer, survey finds
Security24 Dec 2024 | 115
'That's not a bug, it's a feature' takes on a darker tone when malware's involved
Opinion Mummy, where do zero days come from?
Security23 Dec 2024 | 21
Suspected LockBit dev, facing US extradition, 'did it for the money'
Dual Russian-Israeli national arrested in August
Cyber-crime23 Dec 2024 | 17
UK ICO not happy with Google's plans to allow device fingerprinting
in brief Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more
Security23 Dec 2024 | 75
Infosec experts divided on AI's potential to assist red teams
CANALYS FORUMS APAC Yes, LLMs can do the heavy lifting. But good luck getting one to give evidence
Security20 Dec 2024 | 8
Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish
Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns
Cyber-crime19 Dec 2024 | 17
US reportedly mulls TP-Link router ban over national security risk
updated It could end up like Huawei -Trump's gonna get ya, get ya, get ya
Security18 Dec 2024 | 55
Microsoft won't let customers opt out of passkey push
Enrollment invitations will continue until security improves
Security18 Dec 2024 | 105
Boffins trick AI model into giving up its secrets
All it took to make an Google Edge TPU give up model hyperparameters was specific hardware, a novel attack technique … and several days
Research18 Dec 2024 | 22
Phishers cast wide net with spoofed Google Calendar invites
Not that you needed another reason to enable the 'known senders' setting
Cyber-crime18 Dec 2024 | 17
Interpol wants everyone to stop saying 'pig butchering'
Victims' feelings might get hurt, global cops contend, and that could hinder reporting
Cyber-crime17 Dec 2024 | 46
Critical security hole in Apache Struts under exploit
You applied the patch that could stop possible RCE attacks last week, right?
Patches17 Dec 2024 | 4
Ireland fines Meta for 2018 'View As' breach that exposed 30M accounts
€251 million? Zuck can find that in his couch cushions, but Meta still vows to appeal
Security17 Dec 2024 | 13
BlackBerry offloads Cylance's endpoint security products to Arctic Wolf
Fresh attempt to mix the perfect cocktail of IoT and Infosec
Security17 Dec 2024 | 1
Australia moves to drop some cryptography by 2030 – before quantum carves it up
The likes of SHA-256, RSA, ECDSA and ECDH won't be welcome in just five years
Security17 Dec 2024 | 51
Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility
But can you really take crims at their word?
Security16 Dec 2024 | 1
Trump administration wants to go on cyber offensive against China
The US has never attacked Chinese critical infrastructure before, right?
Cyber-crime16 Dec 2024 | 26
Popular
Apple called on to ditch AI headline summaries after BBC debacle
'Facts can't be decided by a roll of the dice'
Fining Big Tech isn't working. Make them give away illegally trained LLMs as public domain
Opinion It's all made from our data, anyway, so it should be ours to use as we want
The Automattic vs WP Engine WordPress wars are getting really annoying
Opinion Forks at dawn.... but it's not great sign for open source
Former NSA cyberspy's not-so-secret hobby: Hacking Christmas lights
Video Rob Joyce explains how it's done
SvarDOS: DR-DOS is reborn as an open source operating system
A #DOScember surprise: fits on a single floppy, but has a network-capable package manager
UK ICO not happy with Google's plans to allow device fingerprinting
in brief Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more
One third of adults can't delete device data
Easier to let those old phones gather dust in a drawer, survey finds
'That's not a bug, it's a feature' takes on a darker tone when malware's involved
Opinion Mummy, where do zero days come from?
BOFH: Printer's festive bips herald a merry mystery for the Boss's budget
Episode 24 Merry as in see you down the pub
Adélie Linux 1.0 – small, fast, but not quite grown up
Remarkably compact, remarkably cross-platform, remarkably long beta period
STORIES
Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat'
Personal and financial data probably stolen
Cyber-crime16 Dec 2024 | 2
Are your Prometheus servers and exporters secure? Probably not
Infosec in brief Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more
Security15 Dec 2024 | 1
Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks
IOCONTROL targets IoT and OT devices from a ton of makers, apparently
Research13 Dec 2024 | 15
Scumbag gets 30 years in the clink for running CSAM dark-web chatrooms, abusing kids
'Today’s sentencing is more than just a punishment. It’s a message'
Cyber-crime13 Dec 2024 | 42
Google Timeline location purge causes collateral damage
Privacy measure leaves some mourning lost memories
Security13 Dec 2024 | 48
Cyber protection made intuitive and affordable
How Cynet delivered 100 percent Protection and 100 percent Detection Visibility in 2024 MITRE ATT&CK Evaluation
Partner Content
Taming the multi-vault beast
GitGuardian takes on enterprise secrets sprawl
Partner Content
North Korea's fake IT worker scam hauled in at least $88M over six years
DoJ thinks it's found the folks that ran it, and some of the 'IT warriors' sent out to fleece employers
Cyber-crime13 Dec 2024 | 3
Apache issues patches for critical Struts 2 RCE bug
More details released after devs allowed weeks to apply fixes
Patches12 Dec 2024 |
Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push
Holiday cheer comes in the form of three arrests and 27 shuttered domains
Cyber-crime12 Dec 2024 | 5
British Army zaps drones out of the sky with laser trucks
High-energy weapon proves its mettle in testing
Public Sector12 Dec 2024 | 145
Firefox ditches Do Not Track because nobody was listening anyway
Few websites actually respect the option, says Mozilla
Software12 Dec 2024 | 88
Citrix goes shopping in Europe and returns with gifts for security-conscious customers
Acquires two companies that help those on the nice list keep naughty list types at bay
Virtualization12 Dec 2024 |
Blocking Chinese spies from intercepting calls? There ought to be a law
Sen. Wyden blasts FCC's 'failure' amid Salt Typhoon hacks
Security11 Dec 2024 | 17
Krispy Kreme Doughnut Corporation admits to hole in security
Belly-busting biz says it's been hit by cowardly custards
Security11 Dec 2024 | 33
Three more vulns spotted in Ivanti CSA, all critical, one 10/10
Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker
Patches11 Dec 2024 | 2
US names Chinese national it alleges was behind 2020 attack on Sophos firewalls
Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware
Cyber-crime11 Dec 2024 | 4
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins
Patch Tuesday Twas the night before Christmas, and all through the house, patching was done with the click of a mouse
Security10 Dec 2024 | 24
US military grounds entire Osprey tiltrotor fleet over safety concerns
Boeing-Bell V-22 can't outfly its checkered past, it seems
Public Sector10 Dec 2024 | 89
AMD secure VM tech undone by DRAM meddling
Boffins devise BadRAM attack to pilfer secrets from SEV-SNP encrypted memory
Systems10 Dec 2024 | 10
Fully patched Cleo products under renewed 'zero-day-ish' mass attack
Thousands of servers targeted while customers wait for patches
Research10 Dec 2024 |
Heart surgery device maker's security bypassed, data encrypted and stolen
Sounds like th-aorta get this sorted quickly
Cyber-crime10 Dec 2024 | 20
Bitfinex heist gets the Netflix treatment after 'cringey couple' sentenced
Streamer's trademark dramatic style takes on Bitcoin Bonnie and Clyde
Cyber-crime10 Dec 2024 | 6
WhatsApp finally fixes View Once flaw that allowed theft of supposedly vanishing pics
And it only took four months, tut
Security10 Dec 2024 | 22
Police arrest suspect in murder of UnitedHealthcare CEO, with grainy pics the only tech involved
McDonald's worker called it in, cops swooped, found 'gun, suppressor, manifesto'
Security10 Dec 2024 | 131
China's Salt Typhoon recorded top American officials' calls, says White House
No word yet on who was snooped on. Any bets?
CSO09 Dec 2024 | 24
Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket
Exclusive ShinyHunters-linked heist thought to have been ongoing since March
Research09 Dec 2024 | 9
OpenWrt orders router firmware updates after supply chain attack scare
A couple of bugs lead to a potentially bad time
CSO09 Dec 2024 | 9
Microsoft dangles $10K for hackers to hijack LLM email service
Outsmart an AI, win a little Christmas cash
CSO09 Dec 2024 | 12
Blue Yonder ransomware termites claim credit
Infosec in brief Also: Mystery US firm compromised by Chinese hackers for months; Safe links that aren't; Polish spy boss arrested, and more
Security09 Dec 2024 | 3
How Chinese insiders are stealing data scooped up by President Xi's national surveillance system
Feature 'It's a double-edged sword,' security researchers tell The Reg
Public Sector08 Dec 2024 | 52
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+
Updated Microsoft's OS sure loves throwing your creds at remote systems
Patches06 Dec 2024 | 13
Facing sale or ban, TikTok tossed under national security bus by appeals court
Video slinger looks to Supremes for salvation, though anything could happen under Trump
Personal Tech06 Dec 2024 | 43
Salt Typhoon forces FCC's hand on making telcos secure their networks
Proposal pushes stricter infosec safeguards after Chinese state baddies expose vulns
Security06 Dec 2024 | 4
Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware
Threatened with life in prison, Kyiv charity worker gives middle finger to state spies
Security06 Dec 2024 | 64
Protect your clouds
Get best practice advice on how to safeguard your cloud infrastructure from SANS
Sponsored Post
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files
updated Still unpatched 100+ days later, watchTowr says
Cyber-crime06 Dec 2024 | 4
Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday'
Redmond threat intel maven talks explains this persistent pain to The Reg
Security06 Dec 2024 | 16
Solana blockchain's popular web3.js npm package backdoored to steal keys, funds
Damage likely limited to those running bots with private PKI access
Cyber-crime05 Dec 2024 | 7
British hospitals hit by cyberattacks still battling to get systems back online
Updated Children's hospital and cardiac unit say criminals broke in via shared 'digital gateway service'
Cyber-crime05 Dec 2024 | 21
BT Group confirms attackers tried to break into Conferencing division
Sensitive data allegedly stolen from US subsidiary following Black Basta post
Cyber-crime05 Dec 2024 | 8
Shape the future of UK cyber security
Support the industry by sponsoring the UK Cyber Team Competition
Partner Content
Ransomware hangover, Putin grudge blamed for vodka maker's bankruptcy
Stoli Group on the rocks in the US
Security05 Dec 2024 | 35
T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career'
Interview Security chief talks to El Reg as Feds urge everyone to use encrypted chat
CSO05 Dec 2024 | 54
Cops arrest suspected admin of German-language crime bazaar
Drugs, botnets, forged docs, and more generated fortune for platform sellers
Cyber-crime04 Dec 2024 | 24
Microsoft says premature patch could make Windows Recall forget how to work
Installed the final non-security preview update of 2024? Best not hop onto the Dev Channel
CSO04 Dec 2024 | 25
Eurocops take down 'secure' criminal chat system known as Matrix
Updated They took the red pill
Cyber-crime04 Dec 2024 | 46
FTC scolds two data brokers for allegedly selling your location to the meter
'Where we go is who we are' totally isn't a creepy ad slogan at all
Personal Tech04 Dec 2024 | 22
Perfect 10 directory traversal vuln hits SailPoint's IAM solution
Updated 20-year-old info disclosure class bug still pervades security software
Patches03 Dec 2024 | 6
Major energy contractor reports 'limited' access to IT after ransomware locks files
ENGlobal customers include the Pentagon as well as major oil and gas producers
Security03 Dec 2024 | 11
Severity of the risk facing the UK is widely underestimated, NCSC annual review warns
National cyber emergencies increased threefold this year
Cyber-crime03 Dec 2024 | 18
Russia gives life sentence to Hydra dark web kingpin after seizing a ton of drugs
No exaggeration – literally a ton. Plus, 15 co-conspirators also put behind bars
Cyber-crime03 Dec 2024 | 27
Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online
Yet another result of the MOVEit mess
Cyber-crime03 Dec 2024 | 3
AWS unveils cloud security IR service for a mere $7K a month
Re:Invent Tap into the infinite scalability... of pricing
Security03 Dec 2024 | 5
Russia arrests one of its own – a cybercrime suspect on FBI's most wanted list
The latest in an unusual change of fortune for group once protected by the Kremlin
Cyber-crime02 Dec 2024 | 58
Telco security is a dumpster fire and everyone's getting burned
Opinion The politics of cybersecurity are too important to be left to the politicians
Security02 Dec 2024 | 63
Interpol nabs thousands, seizes millions in global cybercrime-busting op
Infosec in brief Also, script kiddies still a threat, Tornado Cash is back, UK firms lose billions to avoidable attacks, and more
Security01 Dec 2024 | 8
RansomHub claims to net data hat-trick against Bologna FC
Crooks say they have stolen sensitive files on managers and players
Cyber-crime30 Nov 2024 | 2
Zabbix urges upgrades after critical SQL injection bug disclosure
US agencies blasted 'unforgivable' SQLi flaws earlier this year
Patches29 Nov 2024 | 7
Ransom gang claims attack on NHS Alder Hey Children's Hospital
Second alleged intrusion on English NHS org systems this week
Cyber-crime29 Nov 2024 | 21
Fighting cybercrime with actionable knowledge
A reason to celebrate SANS and its 35 years of cyber security training
Sponsored Post
NHS major 'cyber incident' forces hospitals to use pen and paper
Systems are isolated and pulled offline, while scheduled procedures are canceled
Cyber-crime28 Nov 2024 | 56
The only thing worse than being fired is scammers fooling you into thinking you're fired
Scumbags play on victims' worst fears in phishing campaign referencing UK Employment Tribunal
Cyber-crime28 Nov 2024 | 50
Salt Typhoon's surge extends far beyond US telcos
Plus, a brand-new backdoor, GhostSpider, is linked to the cyber spy crew's operations
Security27 Nov 2024 | 7
T-Mobile US takes a victory lap after stopping cyberattacks: 'Other providers may be seeing different outcomes'
Funny what putting more effort and resources into IT security can do
CSO27 Nov 2024 | 9
Bolster resilience against 2025 cyber threats
Watch this webinar to learn why cybersecurity leaders can trust the MITRE ATT&CK Evaluations
Partner Content
Data broker leaves 600K+ sensitive files exposed online
Exclusive Researcher spotted open database before criminals … we hope
Research27 Nov 2024 | 22
First-ever UEFI bootkit for Linux in the works, experts say
Bootkitty doesn’t bite… yet
Research27 Nov 2024 | 14
The workplace has become a surveillance state
Cracked Labs report explores the use of motion sensors and wireless networking kit to monitor offices
CxO27 Nov 2024 | 70
CrowdStrike still doesn't know how much its Falcon flame-out will cost
Thinks customers may have forgiven it after revenue hits a record
Security27 Nov 2024 | 19
Telco engineer who spied on US employer for Beijing gets four years in the clink
Provides insight to how China gets inside US systems, perhaps at Verizon and Infosys
Cyber-crime27 Nov 2024 | 15
Man accused of hilariously bad opsec as alleged cybercrime spree detailed
Complaint claims he trespassed, gave himself discounts, and sorted CCTV access…
Cyber-crime26 Nov 2024 | 24
US senators propose law to require bare minimum security standards
In case anyone forgot about Change Healthcare
Security26 Nov 2024 | 15
Fortify your data
How cyber resilient storage hardware can defeat ransomware
Sponsored Feature
Bing Wallpaper app, now in Windows Store, accused of cookie shenanigans
Microsoft free tool snooping on users? Surely not!
Security26 Nov 2024 | 47
Another 'major cyber incident' at a UK hospital, outpatients asked to stay away
Third time this year an NHS unit's IT systems have come under attack
Cyber-crime26 Nov 2024 | 53
QNAP and Veritas dump 30-plus vulns over the weekend
Updated Just what you want to find when you start a new week
Patches26 Nov 2024 | 2
Britain Putin up stronger AI defences to counter growing cyber threats
'Be in no doubt: the UK and others in this room are watching Russia'
Security26 Nov 2024 | 26
Supply chain management vendor Blue Yonder succumbs to ransomware
And it looks like major UK retailers that rely on it are feeling the pinch
Cyber-crime26 Nov 2024 | 9
Security? We've heard of it: How Microsoft plans to better defend Windows
Ignite Did we say CrowdStrike? We meant, er, The July Incident...
CSO25 Nov 2024 | 28
Biting the hand that feeds IT
