Affirm fears customer info pilfered during ransomware raid at Evolve Bank Number of partners acknowledging data theft continues to rise Malware Month02 Jul 2024 | 2
Juniper Networks flings out emergency patches for perfect 10 router vuln Get 'em while they're hot Patches01 Jul 2024 | 5
CISA director: US is 'not afraid' to shout about Big Tech's security failings Jen Easterly hopes CSRB's Microsoft report won't impede future private sector collaboration CSO01 Jul 2024 | 11
TeamViewer says Russia broke into its corp IT network Updated Same APT29 crew that hit Microsoft and SolarWinds. How close were we to a mega backdoor situation? CSO28 Jun 2024 | 25
Polyfill.io owner punches back at 'malicious defamation' amid domain shutdown Updated No supply-chain attacks to see over here! Research28 Jun 2024 | 28
TeamViewer can't bring itself to say someone broke into its network – but it happened Updated Claims customer data, prod environment not affected as NCC sounds alarm Cyber-crime28 Jun 2024 | 24
Microsoft blamed for million-plus patient record theft at US hospital giant Updated Probe: Worker at speech-recog outfit Nuance wasn't locked out after firing CSO26 Jun 2024 | 20
If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately Scripts turn sus after mysterious CDN swallows domain CSO25 Jun 2024 | 61
Fiend touts stolen Neiman Marcus customer info for $150K Flash clobber chain fashionably late to Snowflake fiasco party Cyber-crime25 Jun 2024 | 2
Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server About a thousand vulnerable instances still exposed online, we're told Patches24 Jun 2024 | 8
Change Healthcare finally spills the tea on what medical data was stolen by cyber-crew 'Substantial proportion' of America to get a little note from next month Cyber-crime21 Jun 2024 | 9
Uncle Sam sanctions Kaspersky's top bosses – but not Mr K himself Here's America's list of the supposedly dirty dozen CSO21 Jun 2024 | 16
Crooks get their hands on 500K+ radiology patients' records in cyber-attack Two ransomware gangs bragged of massive theft of personal info and medical files Cyber-crime20 Jun 2024 | 4
Biden bans Kaspersky: No more sales, updates in US Blockade begins July 20 on national security grounds as antivirus slinger vows to fight back CSO20 Jun 2024 | 111
That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise Control-C, Control-V, Enter ... Hell Research19 Jun 2024 | 18
Dark-web kingpin puts 'stolen' internal AMD databases, source code up for sale Updated Chip designer really gonna need to channel some Zen right now Cyber-crime18 Jun 2024 |
Shoddy infosec costs PwC spinoff and NMA $11.3M in settlement with Uncle Sam Updated Pen-testing tools didn't work – and personal info of folks hit by pandemic started appearing in search engines CSO17 Jun 2024 | 2
AWS is pushing ahead with MFA for privileged accounts. What that means for you ... The clock is ticking – why not try a passkey? CSO17 Jun 2024 | 17
Microsoft answered Congress' questions on security. Now the White House needs to act Feature Business as usual needs a real change Public Sector15 Jun 2024 | 44
Meta won't train AI on Euro posts after all, as watchdogs put their paws down Facebook parent calls step forward for privacy a 'step backwards' AI + ML14 Jun 2024 | 41
Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk Full system takeovers on the cards, for those with enough patience to pull it off
'Almost every Apple device' vulnerable to CocoaPods supply chain attack Dependency manager used in millions of apps leaves a bitter taste
Trouble in space as Boeing's not going, and China's back from the Moon Kettle Vultures chew over a busy few days in orbit with a transatlantic chat
How tech went from free love to pay-per-day Devconf.cz FOSS, AI, blockchain, and the cycle of empty nonsense
Polyfill.io claims reveal new cracks in supply chain, but how deep do they go? Opinion There will always be bad actors in the system. We can always learn from the drama they create
France poised to bring 'charges against Nvidia' Euro nation's monopoly gendarmes cheesed off with GPU giant's dominance
Asda kisses Walmart goodbye with half a billion dollar tech breakup bill Project including SAP upgrade beset by cost increases and delays
Verizon hit with whopping $847M verdict for infringing 5G and hotspot patents Must be hard to face a huge, unexpected bill, amirite?
CISA director: US is 'not afraid' to shout about Big Tech's security failings Jen Easterly hopes CSRB's Microsoft report won't impede future private sector collaboration
Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended 'It's not our job to find the culprits – That's what we're paying you for' lawmaker scolds Brad Smith CSO14 Jun 2024 | 57
Oracle Ads have had it: $2B operation shuts down after dwindling to $300M Analysis In this slightly more private era, your data ain't as profitable as it once was Personal Tech13 Jun 2024 | 25
Ransomware crew may have exploited Windows make-me-admin bug as a zero-day Symantec suggests Black Basta crew beat Microsoft to the patch Malware Month12 Jun 2024 | 2
White House report dishes deets on all 11 major government breaches from 2023 The MOVEit breach and ransomware weren’t kind to the Feds last year CSO12 Jun 2024 | 1
Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows Patch Tuesday Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack CSO12 Jun 2024 | 7
Akira: Perhaps the next big thing in ransomware, says Tidal threat intelligence chief Interview Scott Small tells us gang's 'intent and capability' should get the attention of CSOs Malware Month09 Jun 2024 | 3
Uber ex-CSO Joe Sullivan: We need security leaders running to work, not giving up Interview Lessons learned from the infosec chief convicted and punished for covering up theft of data from taxi app maker CSO08 Jun 2024 | 32
FCC takes some action against notorious BGP How's your RPKI-based security plan coming along? Feds want to know Networks07 Jun 2024 | 9
Microsoft Research chief scientist has no issue with Windows Recall As tool emerges to probe OS feature's SQLite-based store of user activities OSes06 Jun 2024 | 114
Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation Let customers interfere with other tenants? That's our cloud working by design, Redmond seems to say CSO05 Jun 2024 | 9
Command senior chief busted for secretly setting up Wi-Fi on US Navy combat ship In the Navy, no, you cannot have an unauthorized WLAN. In the Navy, no, that's not a good plan CSO04 Jun 2024 | 91
Pentagon 'doubling down' on Microsoft despite 'massive hack,' senators complain Meanwhile Mr Smith goes to Washington to testify before Congress Public Sector04 Jun 2024 | 5
Hudson Rock yanks report fingering Snowflake employee creds snafu for mega-leak Analysis Cloud storage giant lawyers up against infosec house Cyber-crime04 Jun 2024 | 18
NIST turns to IT consultants to clear National Vulnerability Database backlog Aims to get CVE logjam cleared by the end of FY 24 CSO03 Jun 2024 | 5
US senator claims UnitedHealth's CEO, board appointed 'unqualified' CISO Similar cases have resulted in serious sanctions, and they were on a far smaller scale CSO31 May 2024 | 26
OpenAI is very smug after thwarting five ineffective AI covert influence ops That said, use of generative ML to sway public opinion may not always be weak sauce AI + ML30 May 2024 | 11
IBM spin-off Kyndryl accused of discriminating on basis of age, race, disability Exclusive Five current and former employees file formal charges with US employment watchdog CSO30 May 2024 | 18
2.8M US folks learn their personal info was swiped months ago in Sav-Rx IT heist Theft happened in October, only now are details coming to light Cyber-crime28 May 2024 | 8
How's Uncle Sam getting on with Biden's AI exec order? Pretty good, we're told Interview Former Pentagon deputy CIO Rob Carey tells us guardrails should steer Feds away from bad ML Public Sector27 May 2024 | 7
Three-year-old Apache Flink flaw under active attack We know IT admins have busy schedules but c'mon Patches24 May 2024 | 11
70% of CISOs worry their org is at risk of a material cyber attack Wait, why do you want this job again? CSO23 May 2024 | 7
Go after UnitedHealth, not us, 100+ medical groups urge Uncle Sam Why should we get its paperwork? CSO22 May 2024 | 8
Confused by the SEC's IT security breach reporting rules? Read this 'Clarification' weighs in on material vs voluntary disclosures CSO22 May 2024 | 2
Telegram CEO calls out rival Signal, claiming it has ties to US government Drama between two of the leading secure messaging services Applications14 May 2024 | 25
AI red-teaming tools helped X-Force break into a major tech manufacturer 'in 8 hours' RSAC Hint: It's the 'the largest' maker of a key computer component Spotlight on RSA13 May 2024 | 7
Ransomware negotiator weighs in on the extortion payment debate with El Reg Interview As gang tactics get nastier while attacks hit all-time highs Cyber-crime12 May 2024 | 43
Critical infrastructure security will stay poor until everyone pulls together Interview Claroty CEO Yaniv Vardi tells us what's needed to defend vital networks Public Sector11 May 2024 | 12
Ex-White House election threat hunter weighs in on what to expect in November Interview Spoiler alert: We're gonna talk about AI Public Sector09 May 2024 | 36
Ten years since the first corp ransomware, Mikko Hyppönen sees no end in sight Interview On the plus side, infosec's a good bet for a long, stable career Malware Month08 May 2024 | 24
From infosec to skunks, RSA Conference SVP spills the tea Interview Keynotes, physical security, playlists … the buck stops with Linda Gray Martin Spotlight on RSA08 May 2024 |
UnitedHealth's 'egregious negligence' led to Change Healthcare ransomware infection Interview 'I'm blown away by the fact that they weren't using MFA' Spotlight on RSA08 May 2024 | 25
CISA says 'no more' to decades-old directory traversal bugs Recent attacks on healthcare thrust infosec agency into alert mode CSO06 May 2024 | 13
It may take decade to shore up software supply chain security, says infosec CEO interview Sure, we're waking to the risk, but we gotta get outta bed, warns Endor Labs founder Varun Badhwar CSO03 May 2024 | 27
Qantas app glitch sees boarding passes fly to other accounts Issue now resolved and isn't thought to be the work of criminals CSO01 May 2024 | 8
UnitedHealth CEO: 'Decision to pay ransom was mine' Updated Congress to hear how Citrix MFA snafu led to massive data theft, $870M+ loss Malware Month30 Apr 2024 | 28
London Drugs closes all of its pharmacies following 'cybersecurity incident' Updated Canadian stores shuttered 'until further notice' CSO29 Apr 2024 | 20
UK lays down fresh legislation banning crummy default device passwords New laws mean vendors need to make clear how long you'll get updates too CSO29 Apr 2024 | 77
Kaiser Permanente handed over 13.4M people's data to Microsoft, Google, others Ouch! CSO26 Apr 2024 | 8
Management company settles for $18.4M after nuclear weapons plant staff fudged their timesheets The firm 'fessed up to staff misconduct and avoided criminal liability CSO24 Apr 2024 | 10
Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers Updated Source blames BlackSuit infection – as separately ISP Frontier confirms cyberattack Cyber-crime18 Apr 2024 | 9
Kremlin's Sandworm blamed for cyberattacks on US, European water utilities Water tank overflowed during one system malfunction, says Mandiant Research17 Apr 2024 | 10
MGM says FTC can't possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time What a twist! Cyber-crime16 Apr 2024 | 19
X fixes URL blunder that could enable convincing social media phishing campaigns Poorly implemented rule allowed miscreants to deceive users with trusted URLs CSO10 Apr 2024 | 27
Nearly 1M medical records feared stolen from City of Hope cancer centers Is there no cure for this cyber-plague? Cyber-crime03 Apr 2024 | 7
Malicious xz backdoor reveals fragility of open source Analysis This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy Devops01 Apr 2024 | 98
Malicious SSH backdoor sneaks into xz, Linux world's data compression library STOP USAGE OF FEDORA RAWHIDE, says Red Hat while Debian Unstable and others also affected CSO29 Mar 2024 | 123
These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb One might say this is a wurst case scenario Patches28 Mar 2024 | 44
'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders CSO27 Mar 2024 | 14
Row breaks out over true severity of two DNSSEC flaws Updated Some of us would be happy being rated 7.5 out of 10, just sayin' CSO26 Mar 2024 | 11
Don't be like these 900+ websites and expose millions of passwords via Firebase Warning: Poorly configured Google Cloud databases spill billing info, plaintext credentials CSO18 Mar 2024 | 11
Meta sues ex infra VP for allegedly stealing top-secret datacenter blueprints Exec accused of using own work PC to swipe confidential AI and staffing docs for stealth cloud startup PaaS + IaaS12 Mar 2024 | 4
Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes Plus: CISA pulls plug on couple of systems feared compromised Cyber-crime08 Mar 2024 | 2
Securing open source software: Whose job is it, anyway? CISA announces more help, and calls on app makers to step up CSO08 Mar 2024 | 21
Chinese chap charged with stealing Google’s AI datacenter secrets Moonlighted for PRC companies after side-stepping Big G's security, allegedly On-Prem07 Mar 2024 | 13
FBI: Critical infrastructure suffers spike in ransomware attacks Jump in overall cybercrime reports, $60M-plus reportedly lost to extortionists alone, Feds reckon CSO06 Mar 2024 | 4
IP address X-posure now a feature on Musk's social media thing Just a little FYI Personal Tech05 Mar 2024 | 33
Sandvine put on America's export no-fly list after Egypt used network tech for spying Canadian network box maker floats in denial CSO27 Feb 2024 | 11
Security is hard because it has to be right all the time? Yeah, like everything else Systems Approach It takes only one bottleneck or single point of failure to ruin your week CSO25 Feb 2024 | 28
Google open sources file-identifying Magika AI for malware hunters and others Cool, but it's 2024 – needs more hype, hand wringing, and flashy staged demos to be proper ML CSO17 Feb 2024 | 10
Quest Diagnostics pays $5M after mixing patient medical data with hazardous waste Will cough up less than two days of annual profit in settlement – and California calls this a win CSO16 Feb 2024 | 12
IT suppliers hacked off with Uncle Sam's demands in aftermath of cyberattacks Plan says to hand over keys to networks – and report intrusions within eight hours of discovery Public Sector08 Feb 2024 | 36
Half of polled infosec pros say their degree was less than useful for real-world work The other half paid attention in class? CSO07 Feb 2024 | 18
Chinese Coathanger malware hung out to dry by Dutch defense department Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions CSO06 Feb 2024 | 13
Blackbaud settles with FTC after that IT breach exposed millions of people's info Cloud software slinger admits no guilt, promises better basic security hygiene Cyber-crime02 Feb 2024 | 6
Cloudflare sheds more light on Thanksgiving security breach in which tokens, source code accessed by suspected spies Atlassian systen compromised via October Okta intrusion CSO02 Feb 2024 | 14
Rise of deepfake threats means biometric security measures won't be enough Defenses need a rethink in face of increasing sophistication CSO01 Feb 2024 | 18
SolarWinds slams SEC lawsuit against it as 'unprecedented' victim blaming 18,000 customers, including the Pentagon and Microsoft, may have other thoughts CSO29 Jan 2024 | 16
Microsoft sheds some light on Russian email heist – and how to learn from Redmond's mistakes Step one, actually turn on MFA CSO27 Jan 2024 | 17
Wait, security courses aren't a requirement to graduate with a computer science degree? Comment And software makers seem to be OK with this, apparently CSO26 Jan 2024 | 64
What Microsoft's latest email breach says about this IT security heavyweight Comment Senator Wyden tells The Reg this latest infosec lapse is 'inexcusable' CSO24 Jan 2024 | 45
JPMorgan exec claims bank repels '45 billion' cyberattack attempts per day Updated Assets boss also reckons she has more engineers than Amazon CSO18 Jan 2024 | 20
FBI: Beware of thieves building Androxgh0st botnets using stolen creds Infecting networks via years-old CVEs that should have been patched by now CSO17 Jan 2024 |
Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in Snoops had no fewer than five custom bits of malware to hand to backdoor networks CSO13 Jan 2024 | 4
Ransomware payment ban: Wrong idea at the wrong time Opinion Won't stop the chaos, may lead to attacks with more dire consequences CSO06 Jan 2024 | 130
After injecting cancer hospital with ransomware, crims threaten to swat patients Remember the good old days when ransomware crooks vowed not to infect medical centers? CSO05 Jan 2024 | 70
Sandworm's Kyivstar attack should serve as a reminder of the Kremlin crew's 'global reach' 'Almost everything' wiped in the telecom attack, says Ukraine's top cyber spy CSO05 Jan 2024 | 13
Three Chinese balloons float near Taiwanese airbase Also: Remember that balloon over the US last February? It might have used a US internet provider CSO04 Jan 2024 | 15
A tale of 2 casino ransomware attacks: One paid out, one did not Feature What can be learned from MGM's and Caesars' infosec moves CSO28 Dec 2023 | 64
Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure? Interview Katie Moussouris, who pioneered Redmond's program, says folks are focusing on the wrong thing CSO22 Nov 2023 | 9
SonicWall swallows Solutions Granted amid cybersecurity demand surge CEO Bob VanKirk makes near-20-year partnership official, teases big things coming to EMEA CSO17 Nov 2023 | 1