China starts testing national cyber-ID before consultation on the idea closes Eighty-one apps signed up to pilot facial recognition and real name ID system Public Sector05 Aug 2024 | 4
Google gamed into advertising a malicious version of Authenticator Infosec in brief Plus: CISA's AI hire; and Canuck SIM swappers busted Security05 Aug 2024 | 2
DARPA suggests turning old C code automatically into Rust – using AI, of course Who wants to make a TRACTOR pull request? Research03 Aug 2024 | 106
Israeli hacktivist group brags it took down Iran's internet WeRedEvils alleges successful attack on infrastructure, including data theft Cyber-crime02 Aug 2024 | 5
Respect your data, and protect it Hear how AI runtime security secures applications in the complete journey from design to build to run Sponsored Post
Fortune 50 biz coughed up record-breaking $75M ransom to halt leak of stolen data They say crime doesn't pay. They're right – it's the victims doing the paying Cyber-crime02 Aug 2024 | 12
UK plans to revamp national cyber defense tools are already in motion Work aims to build on the success of NCSC's 2016 initiative – and private sector will play a part Cyber-crime02 Aug 2024 | 7
UK crimebusters shut down global call-spoofing outfit that claimed 170K-plus victims Suspected devs behind Russian Coms cuffed – now to find the users of the nastyware Cyber-crime02 Aug 2024 | 10
Japan mandates app to ensure national ID cards aren't forged First delays, then data leaks – now fraud detection needed at point of use Security02 Aug 2024 | 29
India contemplates compulsory dynamic 2FA for digital payments SMS OTPs are overused, so bring on the tokens and biometrics Security02 Aug 2024 | 4
US sends cybercriminals back to Russia in prisoner swap that freed WSJ journo, others Techno-crooks greeted by grinning Putin after landing Cyber-crime02 Aug 2024 | 27
Too late now for canary test updates, says pension fund suing CrowdStrike That horse has not just bolted, it's trampled all over kernel space CSO01 Aug 2024 | 109
FBI, CISA remind US voters that DDoS attacks can't touch election systems PSA comes amid multiple IT services crises in recent days Cyber-crime01 Aug 2024 | 16
Firefox's Mozilla follows Google in losing trust in Entrust's TLS certificates Compliance failures and unsatisfactory responses mount from the long-time certificate authority CSO01 Aug 2024 | 15
Germany names China as source of attack on government geospatial agency Meanwhile, US apparently considers further AI hardware sanctions Cyber-crime01 Aug 2024 | 10
Ransomware infection cuts off blood supply to 250+ hospitals Scumbags go for the jugular Cyber-crime31 Jul 2024 | 35
More than 83K certs from nearly 7K DigiCert customers must be swapped out now Small stay of execution in 'exceptional circumstances' promised – amid legal action to pause digital bonfire CSO31 Jul 2024 | 18
Russia takes aim at Sitting Ducks domains, bags 30,000+ Eight-year-old domain hijacking technique still claiming victims Research31 Jul 2024 |
Chrome adopts app-bound encryption to stymie cookie-stealing malware Windows users now get macOS-grade secret security CSO31 Jul 2024 | 4
DARPA suggests turning old C code automatically into Rust – using AI, of course Who wants to make a TRACTOR pull request?
Bugging out: 53 years since humans first drove a battery-powered car on the Moon Feature And you thought you had range anxiety
AI boom is reshaping the face of cloud infrastructure Analysis Capex skyrockets as providers prioritize new shiny over traditional server upgrades
IBM Canada can't duck channel exec's systematic age discrimination claim 'They actually replaced me with a younger employee'
Lights, camera, AI! Real-time deepfakes coming to DEF CON DEF CON Red teamer finds they're easy to make, which is welcome to produce fodder for detection bots
Google gamed into advertising a malicious version of Authenticator Infosec in brief Plus: CISA's AI hire; and Canuck SIM swappers busted
India migrates 25,000 small lenders to ERP in just five months ASIA IN BRIEF Plus: Food poisoning hits ByteDance Singapore; Indonesia bans DuckDuckGo; and more
China starts testing national cyber-ID before consultation on the idea closes Eighty-one apps signed up to pilot facial recognition and real name ID system
Atlassian softens its cloud-first approach for remaining on-prem customers Happy to have 'em go hybrid as it wises up to the enterprise
Tencent Cloud's home-grown traffic-tamer halves WAN latency Sigcomm 2024 MegaTE can arrange things so each endpoint gets just the network it needs
'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage A playbook full of strategies and someone fumbles the implementation CSO31 Jul 2024 | 18
UK Electoral Commission slapped for basic cybersecurity fails It took 13 months to notice 40 million voters' data was compromised CSO31 Jul 2024 | 25
DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder For the want of an underscore CSO31 Jul 2024 | 26
Delta Air Lines dials up Microsoft's legal nemesis over CrowdStrike losses Oh, Boies, here we go again CSO30 Jul 2024 | 17
'LockBit of phishing' EvilProxy used in more than a million attacks every month Insight Leaves a trail of ransomware infections, data theft, business email compromise in its wake Malware Month30 Jul 2024 | 7
Ransomware gangs are loving this dumb but deadly make-me-admin ESXi vulnerability Get those patches applied – all the big dogs are abusing it Patches30 Jul 2024 | 18
Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others They DKIM here, they DKIM there Research30 Jul 2024 | 33
Malaysia is working on an internet 'kill switch', says minister Follows requirement for social media and messaging platforms to get a license Public Sector30 Jul 2024 | 21
Meta's AI safety system defeated by the space bar 'Ignore previous instructions' thwarts Prompt-Guard model if you just add some good ol' ASCII code 32 AI + ML29 Jul 2024 | 55
US border cops really must get a warrant in NY before searching your phones, devices Do we really want to bother SCOTUS with this, friends? Surely they're way too busy to take a look Public Sector29 Jul 2024 | 38
Intruders at HealthEquity rifled through storage, stole 4.3M people's data No mention of malware or ransomware – somewhat of a rarity these days Cyber-crime29 Jul 2024 | 5
Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update Happy Sysadmin Day CSO29 Jul 2024 | 13
Post-CrowdStrike, Microsoft to discourage use of kernel drivers by security tools Updated Now there's an idea – parsing config data in user mode OSes29 Jul 2024 | 46
China ponders creating a national 'cyberspace ID' Because clearly it's better for Beijing to know who you are than for every ISP and social service to keep its own records Public Sector29 Jul 2024 | 18
Secure Boot useless on hundreds of PCs from major vendors after key leak Infosec in brief Plus: More stalkerware exposure; a $16M TracFone fine; Ransomware victims don't use MFA, and more Security29 Jul 2024 | 35
CrowdStrike meets Murphy's Law: Anything that can go wrong will Opinion And boy, did last Friday's Windows fiasco ever prove that yet again Patches26 Jul 2024 | 98
Progress discloses second critical flaw in Telerik Report Server in as many months These are the kinds of bugs APTs thrive on, just ask the Feds Patches26 Jul 2024 | 1
North Korean chap charged for attacks on US hospitals, military, NASA – and even China Microsoft, Mandiant, weigh in with info about methods used by Andariel gang alleged to have made many, many, heists Security26 Jul 2024 | 4
Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank May even have targeted other malware gangs, and infosec researchers Cyber-crime26 Jul 2024 | 9
CrowdStrike update blunder may cost world billions – and insurance ain't covering it all We offer this formula instead: RND(100.0)*(10^9) CSO26 Jul 2024 | 60
Beware of fake CrowdStrike domains pumping out Lumma infostealing malware PSA: Only accept updates via official channels ... ironically enough Malware Month25 Jul 2024 | 3
FYI: Data from deleted GitHub repos may not actually be deleted And the forking Microsoft-owned code warehouse doesn't see this as much of a problem CSO25 Jul 2024 | 49
Uncle Sam accuses telco IT pro of decade-long spying campaign for China Beijing has a long history of recruiting US residents to carry out various espionage activities Cyber-crime25 Jul 2024 | 8
You should probably fix this 5-year-old critical Docker vuln fairly sharpish For some unknown reason, initial patch was omitted from later versions Patches25 Jul 2024 |
Kaspersky says Uncle Sam snubbed proposal to open up its code for third-party review Exclusive Those national security threat claims? 'No evidence,' VP tells The Reg CSO25 Jul 2024 | 53
Patch management still seemingly abysmal because no one wants the job Comment Are your security and ops teams fighting to pass the buck? Malware Month25 Jul 2024 | 29
How a cheap barcode scanner helped fix CrowdStrike'd Windows PCs in a flash This one weird trick saved countless hours and stress – no, really OSes25 Jul 2024 | 88
The months and days before and after CrowdStrike's fatal Friday Analysis 'In the short term, they're going to have to do a lot of groveling' CSO25 Jul 2024 | 46
Oops. Apple relied on bad code while flaming Google Chrome's Topics ad tech Yes, you can be fingerprinted and tracked via Privacy Sandbox – tho the risk isn't as high as feared Personal Tech24 Jul 2024 | 8
Uncle Sam opens probe into CrowdStrike turbulence at Delta Air Lines Concerns abound over why it has taken so long to recover compared to competitors Security24 Jul 2024 | 10
Windows Patch Tuesday update might send a user to the BitLocker recovery screen Not now, Microsoft Patches24 Jul 2024 | 44
Data pilfered from Pentagon IT supplier Leidos Updated With numerous US government agency customers, any leak could be serious Cyber-crime24 Jul 2024 | 2
School gets an F for using facial recognition on kids in canteen Watchdog reprimand follows similar cases in 2021 Security24 Jul 2024 | 96
Forget security – Google's reCAPTCHA v2 is exploiting users for profit Updated Web puzzles don't protect against bots, but humans have spent 819 million unpaid hours solving them Security24 Jul 2024 | 73
CrowdStrike blames a test software bug for that giant global mess it made Something called 'Content Validator' did not validate the content, and the rest is history Security24 Jul 2024 | 154
Security biz KnowBe4 hired fake North Korean techie, who got straight to work ... on evil If it can happen to folks that run social engineering defence training, what hope for the rest of us? Security24 Jul 2024 | 36
Philippines wipes out its legit online gambling industry to take down scammers President apologizes in advance for job losses Public Sector24 Jul 2024 | 5
How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code Analysis Maybe next time some staged rollouts? A bit of QA too? CSO23 Jul 2024 | 119
Administrators have update lessons to learn from the CrowdStrike outage How could this happen to us? We were supposed to be two versions behind? Security23 Jul 2024 | 34
Cybercrooks spell trouble with typosquatting domains amid CrowdStrike crisis Latest trend follows various malware campaigns that began just hours after IT calamity Cyber-crime23 Jul 2024 | 4
Alphabet's reported $23B bet on Wiz fizzles out Cybersecurity outfit to go its own way to IPO and $1B ARR Security23 Jul 2024 | 4
Google's plan to drop third-party cookies in Chrome crumbles Ad giant promises to protect privacy, as critics say surveillance continues Software23 Jul 2024 | 60
Global cops power down world's 'most prolific' DDoS dealership One arrest was made weeks ago but no word on the suspect's identity yet Cyber-crime22 Jul 2024 | 1
LA County Superior Court closes doors to reboot justice after ransomware attack Some rest for the wicked? Cyber-crime22 Jul 2024 | 6
Cybercrooks crafting solo careers in wake of ransomware takedowns More baddies go it alone as trust in big gangs withers, claims Europol Cyber-crime22 Jul 2024 | 2
Oracle coughs up $115M to make privacy case go away Big Red agrees not to capture personal details after two-year class action Security22 Jul 2024 | 6
EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft Was a 2009 agreement on interoperability to blame? Security22 Jul 2024 | 220
Two Russians sanctioned over cyberattacks on US critical infrastructure Supposed hacktivist efforts previously linked to the Kremlin's GRU Cyber-crime22 Jul 2024 | 5
Cellebrite got into Trump shooter's Samsung device in just 40 minutes Infosec in brief Also: Second-string Russian hackers sanctioned; Senators demand answers from Snowflake, and more Security22 Jul 2024 | 63
CrowdStrike's Falcon Sensor also linked to Linux kernel panics and crashes Updated Rapid restore tool being tested as Microsoft estimates 8.5M machines went down Security21 Jul 2024 | 84
UK cops arrest teen suspect in MGM Resorts cyberattack probe 17-year-old cuffed as FBI says it will 'relentlessly pursue' miscreants around the globe Cyber-crime19 Jul 2024 | 16
CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear Kettle Our vultures gather to review this very freaky Friday CSO19 Jul 2024 | 75
CrowdStrike file update bricks Windows machines around the world Updated Falcon Sensor putting hosts into deathloop - but there's a workaround Software19 Jul 2024 | 550
North Korea likely behind takedown of Indian crypto exchange WazirX Firm halts trades after seeing $230 million disappear Security19 Jul 2024 | 21
Beijing's attack gang Volt Typhoon was a false flag inside job conspiracy: China Run by the NSA, the FBI, and Five Eyes nations, who fooled infosec researchers, apparently Cyber-crime19 Jul 2024 | 30
Judge mostly drags SEC's lawsuit against SolarWinds into the recycling bin Russia-invaded software biz 'grateful for the support we have received' CSO18 Jul 2024 | 3
Kaspersky challenges US government to put up or shut up about Kremlin ties Stick an independent probe in our software, you won't find any Putin.DLL backdoor Security18 Jul 2024 | 49
Russia’s FIN7 is peddling its EDR-nerfing malware to ransomware gangs Major vendors' products scuppered by novel techniques Research18 Jul 2024 | 5
Maximum-severity Cisco vulnerability allows attackers to change admin passwords You’re going to want to patch this one Patches18 Jul 2024 | 17
Firms skip security reviews of major app updates about half the time Updated Complicated, costly, time-consuming – pick three Patches18 Jul 2024 | 18
Release the hounds! Securing datacenters may soon need sniffer dogs Nothing else can detect attackers with implants designed to foil physical security Security18 Jul 2024 | 35
Merged Exabeam and LogRhythm cut jobs, face lawsuit Unconfirmed reports suggest 30 percent reduction in headcount Security17 Jul 2024 | 4
Kaspersky gives US customers six months of free updates as a parting gift Updated So long, farewell, do svidaniya, goodbye Security17 Jul 2024 | 15
Ransomware continues to pile on costs for critical infrastructure victims Millions more spent without any improvement in recovery times Malware Month17 Jul 2024 | 5
London council accuses watchdog of 'exaggerating' danger of 2020 raid on residents' data You escaped a big fat fine! Take the win and run, won’t you? Malware Month17 Jul 2024 | 26
Craig Wright admits he isn't the inventor of Bitcoin after High Court judgment in UK Aussie definitely not Satoshi Nakamoto, faces £6M legal bill and possible perjury trial Security17 Jul 2024 | 85
Iran's MuddyWater phishes Israeli orgs with custom BugSleep backdoor India, Turkey, also being targeted by campaign that relies on corporate email compromise Malware Month17 Jul 2024 | 11
Cyber-crime super-crew Scattered Spider falls in love with RansomHub and Qilin Extortionists left hanging after rivals crawled into the woodwork Malware Month16 Jul 2024 |
Don’t be complacent on cybersecurity resilience Read the 2024 Cisco Cybersecurity Readiness Index for tips on how best to prepare Sponsored Post
Privacy warriors gripe to UK watchdog about Meta harvesting user data to train AI Move follows Instagram and Facebook giant's decision to reverse direction in EU after protests Security16 Jul 2024 | 10
FBI gains access to Trump rally shooter's phone Hasn't said how it did it, but has form cracking devices Research16 Jul 2024 | 115
Kaspersky culls staff, closes doors in US amid Biden's ban After all we've done for you, America, sniffs antivirus lab CSO15 Jul 2024 | 25
ZDI shames Microsoft for – yet another – coordinated vulnerability disclosure snafu Exclusive 'It seems like they really don't have a full grasp of what's going on with this patch' Patches15 Jul 2024 | 11
Infoseccers claim Squarespace migration linked to DNS hijackings at Web3 firms Company keeps quiet amid high-profile compromises Security15 Jul 2024 | 3
Google reportedly in talks to buy infosec outfit Wiz for $23B The security industry has never had a clear leader – could it be the Chocolate Factory? Security15 Jul 2024 | 17
I spy another mSpy breach: Millions more stalkerware buyers exposed Infosec in brief Also: Velops routers love plaintext; everything is a dark pattern; Internet Explorer rises from the grave, and more Security15 Jul 2024 | 8
UK cyber-boss slams China's bug-hoarding laws ASIA IN BRIEF Plus: Japanese scientists ID ancient supernova; AWS dismisses China trouble rumor; and more Security15 Jul 2024 | 1
Three words to send a chill down your spine: Snowflake. Intrusion. Alert Kettle And can AI save us from the scourge of malware? In theory, why not, but in practice ... Color us skeptical CSO13 Jul 2024 | 7
Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack 15K dealerships take estimated $600M+ hit Malware Month12 Jul 2024 | 16
White House urged to double check Microsoft isn't funneling AI to China via G42 deal Windows maker insisted everything will be locked down and secure – which given its reputation, uh-oh! AI + ML12 Jul 2024 | 4