Breaking free from reactive security
Webinar Why not adopt a new approach for 2025?
Webinar
Security
Banks must keep ahead of risks and reap AI rewards
Partner Content AI has transformed banking across APAC. But is this transformation secure?
Partner Content
Hackers game out infowar against China with the US Navy
Taipei invites infosec bods to come and play on its home turf
Public Sector20 Jan 2025 | 5
How to leave the submarine cable cutters all at sea – go Swedish
Opinion Clear rules and guaranteed consequences concentrate the mind wonderfully. Just ask a Russian
Networks20 Jan 2025 | 35
Ransomware attack forces Brit high school to shut doors
Students have work to complete at home in the meantime
Cyber-crime20 Jan 2025 | 60
Sage Copilot grounded briefly to fix AI misbehavior
'Minor issue' with showing accounting customers 'unrelated business information' required repairs
AI + ML20 Jan 2025 | 19
Datacus extractus: Harry Potter publisher breached without resorting to magic
Infosec in brief PLUS: Allstate sued for allegedly tracking drivers; Dutch DDoS; More fake jobs from Pyongyang; and more
Security20 Jan 2025 | 5
When food delivery apps reached Indonesia, everyone put on weight
Asia In Brief PLUS: Salt Typhoon and IT worker scammers sanctioned; Alibaba Cloud’s K8s go global; Amazon acquires Indian BNPL company
Software20 Jan 2025 | 4
Donald Trump proposes US government acquire half of TikTok, which thanks him and restores service
Incoming president promises to allow ongoing operations for 90 days just as made-in-China app started to go dark
Public Sector20 Jan 2025 | 112
OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries
The S in LLM stands for Security
AI + ML19 Jan 2025 | 26
FCC to telcos: By law you must secure your networks from foreign spies. Get on it
Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping
CSO17 Jan 2025 | 28
Biden signs sweeping cybersecurity order, just in time for Trump to gut it
Analysis Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive
Public Sector17 Jan 2025 | 37
Fortinet: FortiGate config leaks are genuine but misleading
Competition hots up with Ivanti over who can have the worst start to a year
Cyber-crime17 Jan 2025 | 5
Clock ticking for TikTok as US Supreme Court upholds ban
Updated With Biden reportedly planning to skirt enforcement and kick the can to Trump, this saga might still not be over
Security17 Jan 2025 | 44
Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day
Turns out tool does both file transfers and security fixes fast
Patches17 Jan 2025 | 19
Medusa ransomware group claims attack on UK's Gateshead Council
Pastes allegedly stolen documents on leak site with £600K demand
Cyber-crime17 Jan 2025 | 12
Microsoft eggheads say AI can never be made secure – after testing Redmond's own products
If you want a picture of the future, imagine your infosec team stamping on software forever
AI + ML17 Jan 2025 | 83
Just as your LLM once again goes off the rails, Cisco, Nvidia are at the door smiling
Some of you have apparently already botched chatbots or allowed ‘shadow AI’ to creep in
AI + ML17 Jan 2025 | 11
GM parks claims that driver location data was given to insurers, pushing up premiums
We'll defo ask for permission next time, automaker tells FTC
Personal Tech17 Jan 2025 | 39
Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts
updated FSB cyberspies venture into a new app for espionage, Microsoft says
Security16 Jan 2025 | 3
Popular
How to leave the submarine cable cutters all at sea – go Swedish
Opinion Clear rules and guaranteed consequences concentrate the mind wonderfully. Just ask a Russian
OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries
The S in LLM stands for Security
Donald Trump proposes US government acquire half of TikTok, which thanks him and restores service
Incoming president promises to allow ongoing operations for 90 days just as made-in-China app started to go dark
Trump's freshly minted meme coin passes $10B market cap
Crypto critics unhappy as BTC hits all-time high and Melania launches her own currency
Sage Copilot grounded briefly to fix AI misbehavior
'Minor issue' with showing accounting customers 'unrelated business information' required repairs
AWS declares it's Iceberg all the way until customers say otherwise
Cloud giant explains its thinking behind support for Apache open table format
Developers feared large chaps carrying baseball bats could come to kneecap their ... test account?
Who, Me? A whole different kind of 'technical debt' turned into real-world trouble
Datacus extractus: Harry Potter publisher breached without resorting to magic
Infosec in brief PLUS: Allstate sued for allegedly tracking drivers; Dutch DDoS; More fake jobs from Pyongyang; and more
Ransomware attack forces Brit high school to shut doors
Students have work to complete at home in the meantime
Where does Microsoft's NPU obsession leave Nvidia's AI PC ambitions?
Comment While Microsoft pushes AI PC experiences, Nvidia is busy wooing developers
STORIES
Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M
That's in addition to the $4.5M fine paid to three state AGs last year
Cyber-crime16 Jan 2025 | 1
Cybersecurity rethink - from reaction to resilience
Proactive strategies for data security and identity management in 2025
Webinar
Raspberry Pi hands out prizes to all in the RP2350 Hacking Challenge
Power-induced glitches, lasers, and electromagnetic fields are all tools of the trade
Security16 Jan 2025 | 18
Infoseccer: Private security biz let guard down, exposed 120K+ files
Assist Security’s client list includes fashion icons, critical infrastructure orgs
Security16 Jan 2025 | 14
GoDaddy slapped with wet lettuce for years of lax security and 'several major breaches'
Watchdog alleged it had no SIEM or MFA, orders rapid adoption of basic infosec tools
CSO15 Jan 2025 | 12
DJI loosens flight restrictions, decides to trust operators to follow FAA rules
Right after one of its drones crashed into an aircraft fighting California wildfires? Great timing
Security15 Jan 2025 | 16
China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says
We are only seeing 'the tip of the iceberg,' Easterly warns
Security15 Jan 2025 | 11
Even modest makeup can thwart facial recognition
You may not need to go full Juggalo for the sake of privacy
AI + ML15 Jan 2025 | 47
Windows Patch Tuesday hits snag with Citrix software, workarounds published
Microsoft starts 2025 as it hopefully doesn't mean to go on
Patches15 Jan 2025 | 8
Crypto klepto North Korea stole $659M over just 5 heists last year
US, Japan, South Korea vow to intensify counter efforts
Cyber-crime15 Jan 2025 | 12
Microsoft fixes under-attack privilege-escalation holes in Hyper-V
Patch Tuesday Plus: Excel hell, angst for Adobe fans, and life's too Snort for Cisco
Patches15 Jan 2025 | 7
FBI wipes Chinese PlugX malware from thousands of Windows PCs in America
Hey, Xi: Zài jiàn!
Cyber-crime14 Jan 2025 | 30
Snyk appears to deploy 'malicious' packages targeting Cursor for unknown reason
Updated Packages removed, vendor said to have apologized to AI code editor as onlookers say it could have been a test
Security14 Jan 2025 | 1
It's not just Big Tech: The UK's Online Safety Act applies across the board
Analysis That niche forum running for 20 years – get ready, there's work to do
Security14 Jan 2025 | 148
UK floats ransomware payout ban for public sector
Stronger proposals may also see private sector applying for a payment 'license'
Cyber-crime14 Jan 2025 | 25
Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used
Updated Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg
Networks14 Jan 2025 | 24
Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug
This is what happens when you publish PoCs immediately, hm?
Patches13 Jan 2025 | 1
Microsoft sues 'foreign-based' cyber-crooks, seizes sites used to abuse AI
Scumbags stole API keys, then started a hacking-as-a-service biz, it is claimed
Security13 Jan 2025 | 4
Azure, Microsoft 365 MFA outage locks out users across regions
It's fixed, mostly, after Europeans had a manic Monday
Security13 Jan 2025 | 10
NATO's newest member comes out swinging following latest Baltic Sea cable attack
'Sweden has changed,' PM warns as trio of warships join defense efforts
Networks13 Jan 2025 | 51
Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days
'Codefinger' crims on the hunt for compromised keys
Research13 Jan 2025 | 5
Nominet probes network intrusion linked to Ivanti zero-day exploit
Unauthorized activity detected, but no backdoors found
Security13 Jan 2025 | 6
Europe coughs up €400 to punter after breaking its own GDPR data protection rules
Infosec in brief PLUS: Data broker leak reveals extent of info trading; Hot new ransomware gang might be all AI, no bark; and more
Security13 Jan 2025 | 15
Chinese cyber-spies peek over shoulder of officials probing real-estate deals near American military bases
Gee, wonder why Beijing is so keen on the – checks notes – Committee on Foreign Investment in the US
Cyber-crime10 Jan 2025 | 7
Drug addiction treatment service admits attackers stole sensitive patient data
Details of afflictions and care plastered online
Cyber-crime10 Jan 2025 | 8
Devs sent into security panic by 'feature that was helpful … until it wasn't'
On Call Screenshot showed it wasn't a possible attack – unless you qualify everything Google does as a threat
SaaS10 Jan 2025 | 79
Look for the label: White House rolls out 'Cyber Trust Mark' for smart devices
Beware the IoT that doesn’t get a security tag
Security09 Jan 2025 | 38
Zero-day exploits plague Ivanti Connect Secure appliances for second year running
Factory resets and apply patches is the advice amid fortnight delay for other appliances
Patches09 Jan 2025 | 2
Security pros baited with fake Windows LDAP exploit traps
Tricky attackers trying yet again to deceive the good guys on home territory
Cyber-crime09 Jan 2025 | 7
Japanese police claim China ran five-year cyberattack campaign targeting local orgs
‘MirrorFace’ group found ways to run malware in the Windows sandbox, which may be worrying
Security09 Jan 2025 | 6
Database tables of student, teacher info stolen from PowerSchool in cyberattack
Class act: Cloud biz only serves 60M-plus folks globally, no biggie
Cyber-crime09 Jan 2025 | 23
I tried hard, but didn't fix all of cybersecurity, admits outgoing US National Cyber Director
In colossal surprise, ONCD boss Harry Coker says more work is needed
CSO08 Jan 2025 | 12
Mitel 0-day, 5-year-old Oracle RCE bug under active exploit
3 CVEs added to CISA's catalog
Security08 Jan 2025 | 4
DNA sequencers found running ancient BIOS, posing risk to clinical research
Updated Devices on six-year-old firmware vulnerable to takeover and destruction
Research08 Jan 2025 | 24
UN's aviation agency confirms attack on recruitment database
Various data points compromised but no risk to flight security
Cyber-crime08 Jan 2025 | 4
Crims backdoored the backdoors they supplied to other miscreants. Then the domains lapsed
Here's what $20 gets you these days
Research08 Jan 2025 | 13
Akamai to quit its CDN in China, seemingly not due to trouble from Beijing
Security and cloud compute have so much more upside than the boring business of shifting bits
Security08 Jan 2025 | 4
FCC boss urges speedy spectrum auction to fund 'Rip'n'Replace' of Chinese kit
Telcos would effectively fund grants paid to protect national security
Networks08 Jan 2025 | 15
Turbulence at UN aviation agency as probe into potential data theft begins
Crime forum-dweller claims to have leaked 42,000 documents packed with personal info
Cyber-crime07 Jan 2025 |
DEF CON's hacker-in-chief faces fortune in medical bills after paralyzing neck injury
Marc Rogers is 'lucky to be alive'
Security07 Jan 2025 | 72
US adds web and gaming giant Tencent to list of Chinese military companies
This could be the start of a saga to rival TikTok’s troubles, and embroil Tesla and Microsoft
Security07 Jan 2025 | 13
Charter, Consolidated, Windstream reportedly join China's Salt Typhoon victim list
Slow drip of compromised telecom networks continues
Cyber-crime06 Jan 2025 | 4
FireScam infostealer poses as Telegram Premium app to surveil Android devices
updated Once installed, it helps itself to your data like it's a free buffet
Research06 Jan 2025 | 5
MediaTek rings in the new year with a parade of chipset vulns
Manufacturers should have had ample time to apply the fixes
Security06 Jan 2025 | 5
After China's Salt Typhoon, the reconstruction starts now
Opinion If 40 years of faulty building gets blown down, don’t rebuild with the rubble
Cyber-crime06 Jan 2025 | 41
Taiwan reportedly claims China-linked ship damaged one of its submarine cables
More evidence of Beijing’s liking for gray zone warfare, or a murky claim with odd African entanglements?
Security06 Jan 2025 | 13
Telemetry data from 800K VW Group EVs exposed online
Infosec in Brief PLUS: DoJ bans data sale to enemy nations; Do Kwon extradited to US; Tenable CEO passes away; and more
Security06 Jan 2025 | 45
Encryption backdoor debate 'done and dusted,' former White House tech advisor says
interview When the FBI urges E2EE, you know it's serious business
Cyber-crime04 Jan 2025 | 72
Atos denies Space Bears' ransomware claims – with a 'but'
updated Points finger at third-party infrastructure being breached
Cyber-crime04 Jan 2025 | 3
CAPTCHAs now run Doom – on nightmare mode
As if the bot defense measure wasn't obnoxious enough
Offbeat03 Jan 2025 | 42
Boffins carve up C so code can be converted to Rust
Mini-C is a subset of C that can be automatically turned to Rust without much fuss
Software03 Jan 2025 | 117
Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid
OFAC, Office of the Treasury Secretary feared hit in data-snarfing swoop
CSO02 Jan 2025 | 3
Apple offers to settle 'snooping Siri' lawsuit for an utterly incredible $95M
Even the sound of a zip could be enough to start the recordings, according to claims
Security02 Jan 2025 | 40
Eight things that should not have happened last year, but did
Opinion 2024's Tech Fail Roll Of Dishonor
Bootnotes01 Jan 2025 | 112
US Army soldier who allegedly stole Trump's AT&T call logs arrested
Brings the arrest count related to the Snowflake hacks to 3
Cyber-crime01 Jan 2025 | 16
US Treasury Department outs the blast radius of BeyondTrust's key leak
Data pilfered as miscreants roamed affected workstations
Cyber-crime31 Dec 2024 | 16
China's cyber intrusions took a sinister turn in 2024
From targeted espionage to pre-positioning - not that they are mutually exclusive
Security31 Dec 2024 | 9
More telcos confirm China Salt Typhoon security breaches as White House weighs in
Intrusions allowed Beijing to 'geolocate millions of individuals, record phone calls at will'
Cyber-crime30 Dec 2024 | 36
It's only a matter of time before LLMs jump start supply-chain attacks
Interview 'The greatest concern is with spear phishing and social engineering'
Security29 Dec 2024 | 58
How cops taking down LockBit, ALPHV led to RansomHub's meteoric rise
Cut off one head, two more grow back in its place
Cyber-crime28 Dec 2024 | 4
Microsoft adds another problem to the Windows 11 24H2 naughty list
Santa Satya pops one more issue into his sack just in time for Christmas
OSes27 Dec 2024 | 86
Former NSA cyberspy's not-so-secret hobby: Hacking Christmas lights
Video Rob Joyce explains how it's done
Security25 Dec 2024 | 42
How Androxgh0st rose from Mozi's ashes to become 'most prevalent malware'
Botnet's operators 'driven by similar interests as that of the Chinese state'
Cyber-crime24 Dec 2024 | 3
What do ransomware and Jesus have in common? A birth month and an unwillingness to die
Feature 35 years since AIDS first borked a PC and we're still no closer to a solution
Cyber-crime24 Dec 2024 | 23
One third of adults can't delete device data
Easier to let those old phones gather dust in a drawer, survey finds
Security24 Dec 2024 | 189
'That's not a bug, it's a feature' takes on a darker tone when malware's involved
Opinion Mummy, where do zero days come from?
Security23 Dec 2024 | 26
Suspected LockBit dev, facing US extradition, 'did it for the money'
Dual Russian-Israeli national arrested in August
Cyber-crime23 Dec 2024 | 18
UK ICO not happy with Google's plans to allow device fingerprinting
Infosec in brief Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more
Security23 Dec 2024 | 75
Infosec experts divided on AI's potential to assist red teams
CANALYS FORUMS APAC Yes, LLMs can do the heavy lifting. But good luck getting one to give evidence
Security20 Dec 2024 | 10
Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish
Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns
Cyber-crime19 Dec 2024 | 17
US reportedly mulls TP-Link router ban over national security risk
updated It could end up like Huawei -Trump's gonna get ya, get ya, get ya
Security18 Dec 2024 | 55
Microsoft won't let customers opt out of passkey push
Enrollment invitations will continue until security improves
Security18 Dec 2024 | 109
Boffins trick AI model into giving up its secrets
All it took to make an Google Edge TPU give up model hyperparameters was specific hardware, a novel attack technique … and several days
Research18 Dec 2024 | 20
Phishers cast wide net with spoofed Google Calendar invites
Not that you needed another reason to enable the 'known senders' setting
Cyber-crime18 Dec 2024 | 17
Interpol wants everyone to stop saying 'pig butchering'
Victims' feelings might get hurt, global cops contend, and that could hinder reporting
Cyber-crime17 Dec 2024 | 45
Critical security hole in Apache Struts under exploit
You applied the patch that could stop possible RCE attacks last week, right?
Patches17 Dec 2024 | 3
Ireland fines Meta for 2018 'View As' breach that exposed 30M accounts
€251 million? Zuck can find that in his couch cushions, but Meta still vows to appeal
Security17 Dec 2024 | 13
BlackBerry offloads Cylance's endpoint security products to Arctic Wolf
Fresh attempt to mix the perfect cocktail of IoT and Infosec
Security17 Dec 2024 | 1
Australia moves to drop some cryptography by 2030 – before quantum carves it up
The likes of SHA-256, RSA, ECDSA and ECDH won't be welcome in just five years
Security17 Dec 2024 | 52
Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility
But can you really take crims at their word?
Security16 Dec 2024 | 1
Biting the hand that feeds IT
