Sage Copilot grounded briefly to fix AI misbehavior
'Minor issue' with showing accounting customers 'unrelated business information' required repairs
AI + ML20 Jan 2025 | 19
CSO
OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries
The S in LLM stands for Security
AI + ML19 Jan 2025 | 26
FCC to telcos: By law you must secure your networks from foreign spies. Get on it
Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping
CSO17 Jan 2025 | 28
Biden signs sweeping cybersecurity order, just in time for Trump to gut it
Analysis Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive
Public Sector17 Jan 2025 | 37
Just as your LLM once again goes off the rails, Cisco, Nvidia are at the door smiling
Some of you have apparently already botched chatbots or allowed ‘shadow AI’ to creep in
AI + ML17 Jan 2025 | 11
GoDaddy slapped with wet lettuce for years of lax security and 'several major breaches'
Watchdog alleged it had no SIEM or MFA, orders rapid adoption of basic infosec tools
CSO15 Jan 2025 | 12
China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says
We are only seeing 'the tip of the iceberg,' Easterly warns
Security15 Jan 2025 | 11
Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used
Updated Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg
Networks14 Jan 2025 | 24
Database tables of student, teacher info stolen from PowerSchool in cyberattack
Class act: Cloud biz only serves 60M-plus folks globally, no biggie
Cyber-crime09 Jan 2025 | 23
I tried hard, but didn't fix all of cybersecurity, admits outgoing US National Cyber Director
In colossal surprise, ONCD boss Harry Coker says more work is needed
CSO08 Jan 2025 | 12
Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid
OFAC, Office of the Treasury Secretary feared hit in data-snarfing swoop
CSO02 Jan 2025 | 3
Trump administration wants to go on cyber offensive against China
The US has never attacked Chinese critical infrastructure before, right?
Cyber-crime16 Dec 2024 | 25
China's Salt Typhoon recorded top American officials' calls, says White House
No word yet on who was snooped on. Any bets?
CSO09 Dec 2024 | 24
OpenWrt orders router firmware updates after supply chain attack scare
A couple of bugs lead to a potentially bad time
CSO09 Dec 2024 | 9
Microsoft dangles $10K for hackers to hijack LLM email service
Outsmart an AI, win a little Christmas cash
CSO09 Dec 2024 | 12
Salt Typhoon forces FCC's hand on making telcos secure their networks
Proposal pushes stricter infosec safeguards after Chinese state baddies expose vulns
Security06 Dec 2024 | 4
Solana blockchain's popular web3.js npm package backdoored to steal keys, funds
Damage likely limited to those running bots with private PKI access
Cyber-crime05 Dec 2024 | 7
T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career'
Interview Security chief talks to El Reg as Feds urge everyone to use encrypted chat
CSO05 Dec 2024 | 54
Microsoft says premature patch could make Windows Recall forget how to work
Installed the final non-security preview update of 2024? Best not hop onto the Dev Channel
CSO04 Dec 2024 | 25
T-Mobile US takes a victory lap after stopping cyberattacks: 'Other providers may be seeing different outcomes'
Funny what putting more effort and resources into IT security can do
CSO27 Nov 2024 | 9
Popular
How to leave the submarine cable cutters all at sea – go Swedish
Opinion Clear rules and guaranteed consequences concentrate the mind wonderfully. Just ask a Russian
OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries
The S in LLM stands for Security
Donald Trump proposes US government acquire half of TikTok, which thanks him and restores service
Incoming president promises to allow ongoing operations for 90 days just as made-in-China app started to go dark
Trump's freshly minted meme coin passes $10B market cap
Crypto critics unhappy as BTC hits all-time high and Melania launches her own currency
Sage Copilot grounded briefly to fix AI misbehavior
'Minor issue' with showing accounting customers 'unrelated business information' required repairs
Developers feared large chaps carrying baseball bats could come to kneecap their ... test account?
Who, Me? A whole different kind of 'technical debt' turned into real-world trouble
Datacus extractus: Harry Potter publisher breached without resorting to magic
Infosec in brief PLUS: Allstate sued for allegedly tracking drivers; Dutch DDoS; More fake jobs from Pyongyang; and more
Ransomware attack forces Brit high school to shut doors
Students have work to complete at home in the meantime
Where does Microsoft's NPU obsession leave Nvidia's AI PC ambitions?
Comment While Microsoft pushes AI PC experiences, Nvidia is busy wooing developers
When food delivery apps reached Indonesia, everyone put on weight
Asia In Brief PLUS: Salt Typhoon and IT worker scammers sanctioned; Alibaba Cloud’s K8s go global; Amazon acquires Indian BNPL company
STORIES
Security? We've heard of it: How Microsoft plans to better defend Windows
Ignite Did we say CrowdStrike? We meant, er, The July Incident...
CSO25 Nov 2024 | 28
Trump taps border hawk to head DHS. Will Noem's 'enthusiasm' extend to digital domain?
Analysis Meanwhile, CISA chief Jen Easterly will step down prior to inauguration
Public Sector23 Nov 2024 | 43
1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole
Updated PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more
CSO22 Nov 2024 | 22
Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator
Meet Liminal Panda, which prowls telecom networks in South Asia and Africa
CSO20 Nov 2024 | 32
D-Link tells users to trash old VPN routers over bug too dangerous to identify
Vendor offers 20% discount on new model, but not patches
CSO20 Nov 2024 | 59
Data is the new uranium – incredibly powerful and amazingly dangerous
Column CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value
CSO20 Nov 2024 | 55
Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit
Yank access to management interface, stat
CSO15 Nov 2024 | 28
Five Eyes infosec agencies list 2023's most exploited software flaws
Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns
CSO14 Nov 2024 | 28
ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue
Plus: CISA's ScubaGear dives deep to fix M365 misconfigs
CSO14 Nov 2024 | 3
Air National Guardsman gets 15 years after splashing classified docs on Discord
22-year-old talked of 'culling the weak minded' – hmm!
Cyber-crime13 Nov 2024 | 93
HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code
'Once again, we've lost a little more faith in the internet,' researcher says
CSO12 Nov 2024 | 3
The story behind the Health Infrastructure Security and Accountability Act
Health care breaches lead to legislation
Partner Content
Bitwarden's FOSS halo slips as new SDK requirement locks down freedoms
Arguments continue but change suggests it's not Free Software anymore
Applications24 Oct 2024 | 16
US healthcare org admits up to 400,000 people's personal info was snatched
It waited till just before Columbus Day weekend to make mandated filing, but don't worry, we saw it
Cybersecurity Month14 Oct 2024 | 3
CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame
Usual three-week window to address significant risks to federal agencies applies
Cybersecurity Month10 Oct 2024 |
Ransomware gang Trinity joins pile of scumbags targeting healthcare
As if hospitals and clinics didn't have enough to worry about
Cybersecurity Month09 Oct 2024 | 6
Average North American CISO pay now $565K, mainly thanks to one weird trick
Best way to boost your package is to leave, or pretend to
Cybersecurity Month03 Oct 2024 | 12
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant
Exclusive Crooks 'like a sysadmin, with a malicious slant'
Cybersecurity Month03 Oct 2024 | 3
Brits hate how big tech handles their data, but can't be bothered to do much about it
Managing the endless stream of cookie banners leaves little energy for anything else
Cybersecurity Month03 Oct 2024 | 38
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking
With 14 serious security flaws found, what a gift for spies and crooks
Cybersecurity Month02 Oct 2024 | 21
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing
Poor use of PHP include() strikes again
Cybersecurity Month02 Oct 2024 | 4
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great
Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline
Cybersecurity Month02 Oct 2024 | 8
Rackspace internal monitoring web servers hit by zero-day
Exclusive Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry
Cybersecurity Month30 Sep 2024 | 10
T-Mobile US to cough up $31.5M after that long string of security SNAFUs
At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue'
CSO30 Sep 2024 | 4
Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable
AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more
OSes27 Sep 2024 | 122
China's Salt Typhoon cyber spies are deep inside US ISPs
Updated Expecting a longer storm season this year?
Networks25 Sep 2024 | 4
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town
No malware crew linked to this latest red-teaming tool yet
Research23 Sep 2024 |
CISA boss: Makers of insecure software must stop enabling today's cyber villains
Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret'
Software20 Sep 2024 | 93
Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims
Boasts 'appear to be credible' experts tell El Reg
Cyber-crime19 Sep 2024 | 7
Chinese spies spent months inside aerospace engineering firm's network via legacy IT
Exclusive Getting sloppy, Xi
CSO18 Sep 2024 | 32
VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation
Bug reports made in China
Virtualization17 Sep 2024 | 1
I stole 20 GB of data from Capgemini – and now I'm leaking it, says cybercrook
Updated Allegedly pilfered database has source code, private keys, staff info, T-Mobile VM logs, more
Cyber-crime12 Sep 2024 | 20
Google says replacing C/C++ in firmware with Rust is easy
Not so much when trying to convert coding veterans
Software06 Sep 2024 | 175
Security boom is over, with over a third of CISOs reporting flat or falling budgets
Good news? Security is still getting a growing part of IT budget
CSO05 Sep 2024 | 1
Ex-senior New York State staffer charged in cash-for-favors scandal with China
Bagging two posh properties, three luxury cars on a govt salary a bit of a giveaway – allegedly
Public Sector04 Sep 2024 | 6
31.5M invoices, contracts, patient consent forms, and more exposed to the internet
Exclusive Unprotected database with 12 years of biz records yanked offline
CSO26 Aug 2024 | 28
SolarWinds left critical hardcoded credentials in its Web Help Desk product
Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway
CSO22 Aug 2024 | 18
This uni thought it would be a good idea to do a phishing test with a fake Ebola scare
Needless to say, it backfired in a big way
CSO22 Aug 2024 | 118
Delta: CrowdStrike's offer to help in Falcon meltdown was too little, too late
Airline unimpressed with 'unhelpful and untimely' phone call from CEO, Falcon maker says claims untrue
CxO08 Aug 2024 | 32
US 'laptop farm' man accused of outsourcing his IT jobs to North Korea to fund weapons programs
American and Brit firms thought they were employing a Westerner, but not so, it's alleged
CSO08 Aug 2024 | 19
Report: Tech misconceptions plague the IT world
Just snapping the webcam shutter closed won't keep a user safe online
Personal Tech08 Aug 2024 | 74
Microsoft punches back at Delta Air Lines and its legal threats
SatNad himself offered CrowdStrike recovery help, Redmond says, before suggesting airline's IT is in a mess
CxO07 Aug 2024 | 39
That cyber-heist of 2.9B personal records? There's a class-action lawsuit looming for that
Updated Background check biz accused of negligence
Cyber-crime05 Aug 2024 | 11
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets
Malware logs users' keystrokes, pilfers credentials, exfiltrates data
Research05 Aug 2024 | 15
DARPA suggests turning old C code automatically into Rust – using AI, of course
Who wants to make a TRACTOR pull request?
Research03 Aug 2024 | 146
Too late now for canary test updates, says pension fund suing CrowdStrike
That horse has not just bolted, it's trampled all over kernel space
CSO01 Aug 2024 | 114
Firefox's Mozilla follows Google in losing trust in Entrust's TLS certificates
Compliance failures and unsatisfactory responses mount from the long-time certificate authority
CSO01 Aug 2024 | 16
Ransomware infection cuts off blood supply to 250+ hospitals
Scumbags go for the jugular
Cyber-crime31 Jul 2024 | 39
More than 83K certs from nearly 7K DigiCert customers must be swapped out now
Small stay of execution in 'exceptional circumstances' promised – amid legal action to pause digital bonfire
CSO31 Jul 2024 | 18
Chrome adopts app-bound encryption to stymie cookie-stealing malware
Windows users now get macOS-grade secret security
CSO31 Jul 2024 | 4
'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage
A playbook full of strategies and someone fumbles the implementation
CSO31 Jul 2024 | 18
UK Electoral Commission slapped for basic cybersecurity fails
It took 13 months to notice 40 million voters' data was compromised
CSO31 Jul 2024 | 25
DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder
For the want of an underscore
CSO31 Jul 2024 | 27
Delta Air Lines dials up Microsoft's legal nemesis over CrowdStrike losses
Oh, Boies, here we go again
CSO30 Jul 2024 | 17
Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others
They DKIM here, they DKIM there
Research30 Jul 2024 | 33
Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update
Happy Sysadmin Day
CSO29 Jul 2024 | 13
CrowdStrike update blunder may cost world billions – and insurance ain't covering it all
We offer this formula instead: RND(100.0)*(10^9)
CSO26 Jul 2024 | 60
FYI: Data from deleted GitHub repos may not actually be deleted
And the forking Microsoft-owned code warehouse doesn't see this as much of a problem
CSO25 Jul 2024 | 49
Kaspersky says Uncle Sam snubbed proposal to open up its code for third-party review
Exclusive Those national security threat claims? 'No evidence,' VP tells The Reg
CSO25 Jul 2024 | 56
Patch management still seemingly abysmal because no one wants the job
Comment Are your security and ops teams fighting to pass the buck?
Malware Month25 Jul 2024 | 29
How a cheap barcode scanner helped fix CrowdStrike'd Windows PCs in a flash
This one weird trick saved countless hours and stress – no, really
OSes25 Jul 2024 | 89
The months and days before and after CrowdStrike's fatal Friday
Analysis 'In the short term, they're going to have to do a lot of groveling'
CSO25 Jul 2024 | 46
How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code
Analysis Maybe next time some staged rollouts? A bit of QA too?
CSO23 Jul 2024 | 119
CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear
Kettle Our vultures gather to review this very freaky Friday
CSO19 Jul 2024 | 75
Judge mostly drags SEC's lawsuit against SolarWinds into the recycling bin
Russia-invaded software biz 'grateful for the support we have received'
CSO18 Jul 2024 | 3
Kaspersky culls staff, closes doors in US amid Biden's ban
After all we've done for you, America, sniffs antivirus lab
CSO15 Jul 2024 | 25
Three words to send a chill down your spine: Snowflake. Intrusion. Alert
Kettle And can AI save us from the scourge of malware? In theory, why not, but in practice ... Color us skeptical
CSO13 Jul 2024 | 7
Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack
15K dealerships take estimated $600M+ hit
Malware Month12 Jul 2024 | 16
You had a year to patch this Veeam flaw – and now it's going to hurt some more
LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware
Patches11 Jul 2024 | 4
ViperSoftX variant spotted abusing .NET runtime to disguise data theft
Freeware AutoIt also used to hide entire PowerShell environments in scripts
Malware Month10 Jul 2024 | 3
RADIUS networking protocol blasted into submission through MD5-based flaw
If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed
Research10 Jul 2024 | 11
Affirm fears customer info pilfered during ransomware raid at Evolve Bank
Number of partners acknowledging data theft continues to rise
Malware Month02 Jul 2024 | 2
Juniper Networks flings out emergency patches for perfect 10 router vuln
Get 'em while they're hot
Patches01 Jul 2024 | 6
CISA director: US is 'not afraid' to shout about Big Tech's security failings
Jen Easterly hopes CSRB's Microsoft report won't impede future private sector collaboration
CSO01 Jul 2024 | 12
TeamViewer says Russia broke into its corp IT network
Updated Same APT29 crew that hit Microsoft and SolarWinds. How close were we to a mega backdoor situation?
CSO28 Jun 2024 | 25
Polyfill.io owner punches back at 'malicious defamation' amid domain shutdown
Updated No supply-chain attacks to see over here!
Research28 Jun 2024 | 28
TeamViewer can't bring itself to say someone broke into its network – but it happened
Updated Claims customer data, prod environment not affected as NCC sounds alarm
Cyber-crime28 Jun 2024 | 25
Microsoft blamed for million-plus patient record theft at US hospital giant
Updated Probe: Worker at speech-recog outfit Nuance wasn't locked out after firing
CSO26 Jun 2024 | 20
If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately
Scripts turn sus after mysterious CDN swallows domain
CSO25 Jun 2024 | 61
Fiend touts stolen Neiman Marcus customer info for $150K
Flash clobber chain fashionably late to Snowflake fiasco party
Cyber-crime25 Jun 2024 | 3
Biting the hand that feeds IT
