Lights, camera, AI! Real-time deepfakes coming to DEF CON DEF CON Red teamer finds they're easy to make, which is welcome to produce fodder for detection bots Black Hat and DEF CON04 Aug 2024 | 6
AI boom is reshaping the face of cloud infrastructure Analysis Capex skyrockets as providers prioritize new shiny over traditional server upgrades Cloud Infrastructure Month04 Aug 2024 | 1
Breaking the economy of trust: How busts affect malware gangs Feature It's hard to track down individuals, so why not disrupt the underground market itself? Malware Month02 Aug 2024 | 6
Fortune 50 biz coughed up record-breaking $75M ransom to halt leak of stolen data They say crime doesn't pay. They're right – it's the victims doing the paying Cyber-crime02 Aug 2024 | 12
Amazon: Our cloud growth just sped up. Did you know we are also quite a big retailer? Reveals Kuiper broadband sats to fly later this year and solid Q2 sales Cloud Infrastructure Month02 Aug 2024 | 8
A fresh approach for container management Watch this interview with Nutanix’s Tobi Knaup for tips on managing Kubernetes clusters across on- and off-premises environments Sponsored Post
Five months after takedown, LockBit is a shadow of its former self Feature An unprecedented period for an unparalleled force in cybercrime Malware Month31 Jul 2024 | 17
'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage A playbook full of strategies and someone fumbles the implementation CSO31 Jul 2024 | 18
'LockBit of phishing' EvilProxy used in more than a million attacks every month Insight Leaves a trail of ransomware infections, data theft, business email compromise in its wake Malware Month30 Jul 2024 | 7
Revamped UK cybersecurity bill couldn't come soon enough, but details are patchy Analysis Long overdue updates include expanded mandatory security incident reporting Malware Month30 Jul 2024 | 28
Beware of fake CrowdStrike domains pumping out Lumma infostealing malware PSA: Only accept updates via official channels ... ironically enough Malware Month25 Jul 2024 | 3
Patch management still seemingly abysmal because no one wants the job Comment Are your security and ops teams fighting to pass the buck? Malware Month25 Jul 2024 | 29
FrostyGoop malware shut off heat to 600 Ukraine apartment buildings First nasty to exploit Modbus to screw with operational tech devices Malware Month23 Jul 2024 | 9
Ransomware continues to pile on costs for critical infrastructure victims Millions more spent without any improvement in recovery times Malware Month17 Jul 2024 | 5
London council accuses watchdog of 'exaggerating' danger of 2020 raid on residents' data You escaped a big fat fine! Take the win and run, won’t you? Malware Month17 Jul 2024 | 26
Iran's MuddyWater phishes Israeli orgs with custom BugSleep backdoor India, Turkey, also being targeted by campaign that relies on corporate email compromise Malware Month17 Jul 2024 | 11
Cyber-crime super-crew Scattered Spider falls in love with RansomHub and Qilin Extortionists left hanging after rivals crawled into the woodwork Malware Month16 Jul 2024 |
Rite Aid admits 2.2 million people’s data stolen by criminals RansomHub allegedly strikes again as its star continues to rise in the cybercrime scene Malware Month16 Jul 2024 | 6
DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed Meet the new boss, same as the old boss Malware Month16 Jul 2024 |
Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack 15K dealerships take estimated $600M+ hit Malware Month12 Jul 2024 | 16
Meta's AI safety system defeated by the space bar 'Ignore previous instructions' thwarts Prompt-Guard model if you just add some good ol' ASCII code 32
Microsoft's Azure networking takes a worldwide tumble Updated Ready to talk it up to investors today, Redmond?
Compared to other distros, Vanilla OS 2 'Orchid' is rewriting how Linux works In front, unmodified GNOME; underneath, it's all a bit strange, but purposefully so
Firefox's Mozilla follows Google in losing trust in Entrust's TLS certificates Compliance failures and unsatisfactory responses mount from the long-time certificate authority
DARPA suggests turning old C code automatically into Rust – using AI, of course Who wants to make a TRACTOR pull request?
50 years ago, CP/M started the microcomputer revolution In 1974, Gary Kildall got the first version working and changed the world of operating systems
Boeing's Starliner proves better at torching cash than reaching orbit Perhaps those thrusters actually burn dollars after all
Post-CrowdStrike, Microsoft to discourage use of kernel drivers by security tools Updated Now there's an idea – parsing config data in user mode
DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder For the want of an underscore
Russia takes aim at Sitting Ducks domains, bags 30,000+ Eight-year-old domain hijacking technique still claiming victims
IcedID henchman gets nine years in clanger for abusing malware to drain bank accounts The slippery Ukrainian national must also pay a hefty $74 million on top of the jail time Malware Month12 Jul 2024 | 7
China's APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox Meet DodgeBox, son of StealthVector Malware Month12 Jul 2024 |
Japanese space agency spotted zero-day attacks while cleaning up raid on M365 Multiple malware assault saw personal data accessed, rocket science remained safe Security11 Jul 2024 | 12
Malware that is 'not ransomware' wormed its way through Fujitsu Japan's systems IT giant says data exfiltration was extremely difficult to detect Malware Month10 Jul 2024 | 8
Ransomware crews investing in custom data stealing malware BlackByte, LockBit among the criminals using bespoke tools Malware Month10 Jul 2024 |
ViperSoftX variant spotted abusing .NET runtime to disguise data theft Freeware AutoIt also used to hide entire PowerShell environments in scripts Malware Month10 Jul 2024 | 3
Houthi rebels are operating their own GuardZoo spyware Interview Fairly 'low budget', unsophisticated malware, say researchers, but it can collect the same data as Pegasus Malware Month09 Jul 2024 |
Eldorado ransomware-as-a-service gang targets Linux, Windows systems US orgs bear the brunt of attacks by probably-Russian crew Malware Month09 Jul 2024 | 21
China's APT40 gang is ready to attack vulns within hours or days of public release Lax patching and vulnerable small biz kit make life easy for Beijing's secret-stealers Security09 Jul 2024 | 8
Avast secretly gave DoNex ransomware decryptors to victims before crims vanished Updated Good riddance to another pesky tribe of miscreants Malware Month08 Jul 2024 | 12
Cancer patient forced to make terrible decision after Qilin attack on London hospitals Exclusive Skin-sparing mastectomy and breast reconstruction scrapped as result of ransomware at supplier Malware Month05 Jul 2024 | 73
Europol nukes nearly 600 IP addresses in Cobalt Strike crackdown Private sector helped out with week-long operation – but didn't touch China Malware Month04 Jul 2024 | 7
Ransomware scum who hit Indonesian government apologizes, hands over encryption key Brain Cipher was never getting the $8 million it demanded anyway Malware Month04 Jul 2024 | 35
Patelco banking services AWOL amid ransomware ruckus Late fees? Don't worry, the credit union has you covered Malware Month03 Jul 2024 | 2
No rest for the wiry as Cisco Nexus switches flip out over latest zero-day Command injection bug being abused by suspected Chinese spies – patch up Malware Month02 Jul 2024 | 6
Despite OS shields up, half of America opts for third-party antivirus – just in case Wisdom of the oldies or just a traditional fear of malware? Malware Month02 Jul 2024 | 50
Affirm fears customer info pilfered during ransomware raid at Evolve Bank Number of partners acknowledging data theft continues to rise Malware Month02 Jul 2024 | 2
Baddies hijack Korean ERP vendor's update systems to spew malware Notorious 'Andariel' crew takes a bite of HotCroissant backdoor for fresh attack Malware Month02 Jul 2024 |
Indonesian government didn't have backups of ransomwared data, because DR was only an option President has ordered a datacenter audit and made backups mandatory Malware Month01 Jul 2024 | 23
Polyfill.io owner punches back at 'malicious defamation' amid domain shutdown Updated No supply-chain attacks to see over here! Research28 Jun 2024 | 28
UK and US cops band together to tackle Qilin's ransomware shakedowns Attacking the NHS is a very bad move Malware Month25 Jun 2024 | 26
Ukrainian cops collar Kyiv programmer believed to be Conti, LockBit linchpin 28-year-old accused of major ransomware attacks across Europe Malware Month13 Jun 2024 | 13
Ransomware crew may have exploited Windows make-me-admin bug as a zero-day Symantec suggests Black Basta crew beat Microsoft to the patch Malware Month12 Jun 2024 | 2
Akira: Perhaps the next big thing in ransomware, says Tidal threat intelligence chief Interview Scott Small tells us gang's 'intent and capability' should get the attention of CSOs Malware Month09 Jun 2024 | 3
FBI encourages LockBit victims to step right up for free decryption keys The bad news? Gang wasn't deleting victim data after payments Malware Month06 Jun 2024 | 6
7-year-old Oracle WebLogic bug under active exploitation Experts say Big Red will probably re-release patch in an upcoming cycle Malware Month06 Jun 2024 | 6
What is RansomHub? Looks like a Knight ransomware reboot Malware code potentially sold off, tweaked, back at it infecting victims Malware Month05 Jun 2024 | 1
Euro cops disrupt malware droppers, seize thousands of domains Operation Endgame just beginning: 'Stay tuned,' says Europol Malware Month30 May 2024 |
Here's yet more ransomware using BitLocker against Microsoft's own users Updated ShrinkLocker throws steel and vaccine makers into the hurt locker Malware Month23 May 2024 | 4
RSA Conference 2024: The good, the bad, and the downright worrying Kettle If there's one thing infosec needs right now, it's a little pick-me-up Spotlight on RSA14 May 2024 | 3
AI red-teaming tools helped X-Force break into a major tech manufacturer 'in 8 hours' RSAC Hint: It's the 'the largest' maker of a key computer component Spotlight on RSA13 May 2024 | 7
AWS CISO tells The Reg: In the AI gold rush, folks are forgetting application security RSAC 'Everybody's learning as they go. But there's a rush to get these apps out' AI + ML13 May 2024 | 5
Ransomware negotiator weighs in on the extortion payment debate with El Reg Interview As gang tactics get nastier while attacks hit all-time highs Cyber-crime12 May 2024 | 43
Critical infrastructure security will stay poor until everyone pulls together Interview Claroty CEO Yaniv Vardi tells us what's needed to defend vital networks Public Sector11 May 2024 | 12
Iran most likely to launch destructive cyber-attack against US – ex-Air Force intel analyst Interview But China's the most technologically advanced Spotlight on RSA10 May 2024 | 8
'Four horsemen of cyber' look back on 2008 DoD IT breach that led to US Cyber Command RSAC 'This was a no sh*tter' Spotlight on RSA10 May 2024 | 4
Ex-White House election threat hunter weighs in on what to expect in November Interview Spoiler alert: We're gonna talk about AI Public Sector09 May 2024 | 36
Dell customer order database of '49M records' stolen, now up for sale on dark web IT giant tries to downplay leak as just names, addresses, info about kit Cyber-crime09 May 2024 | 35
America's enemies targeting US critical infrastructure should be 'wake-up call' RSAC Having China, Russia, and Iran routinely rummaging around is cause for concern, says ex-NSA man Spotlight on RSA09 May 2024 | 8
68 tech names sign CISA's secure-by-design pledge RSAC Security's an uphill battle ... does this latest move have teeth? Spotlight on RSA09 May 2024 | 14
VMware security advisories now behind bureaucratic Broadcom barricade Updated If it ain't broke, make it less accessible Spotlight on RSA09 May 2024 | 16
Undersea cables must have high-priority protection before they become top targets Interview It's 'essential to national security' ex-Navy intel officer tells us Networks08 May 2024 | 36
CISA boss: Secure code is the 'only way to make ransomware a shocking anomaly' RSAC And it would seriously inconvenience the Chinese and Russians, too Spotlight on RSA08 May 2024 | 58
One year on, universities org admits MOVEit attack hit data of 800K people Nearly 95M people in total snagged by flaw in file transfer tool Spotlight on RSA08 May 2024 | 2
UK opens investigation of MoD payroll contractor after confirming attack China vehemently denies involvement Cyber-crime08 May 2024 | 50
Ten years since the first corp ransomware, Mikko Hyppönen sees no end in sight Interview On the plus side, infosec's a good bet for a long, stable career Malware Month08 May 2024 | 24
From infosec to skunks, RSA Conference SVP spills the tea Interview Keynotes, physical security, playlists … the buck stops with Linda Gray Martin Spotlight on RSA08 May 2024 |
UnitedHealth's 'egregious negligence' led to Change Healthcare ransomware infection Interview 'I'm blown away by the fact that they weren't using MFA' Spotlight on RSA08 May 2024 | 25
America's War on Drugs and Crime will be AI powered, says Homeland Security boss RSAC Or at least it might well be if these trial programs work out, with some civil lib oversight etc etc etc Spotlight on RSA07 May 2024 | 25
Watch out for rogue DHCP servers decloaking your VPN connections Avoid traffic-redirecting snoops who have TunnelVision Spotlight on RSA07 May 2024 | 34
CISA's early-warning system helped critical orgs close 852 ransomware holes Interview In the first year alone, that's saved us all a lot of money and woe Spotlight on RSA07 May 2024 | 3
US State Department launches cyber and digital policy strategy RSAC Part of the race with Beijing to set standards and advance norms Spotlight on RSA07 May 2024 | 4
Ransomware crooks now SIM swap executives' kids to pressure their parents RSAC Extortionists turning to 'psychological attacks', Mandiant CTO says Spotlight on RSA07 May 2024 | 20
Fed-run LockBit site back from the dead and vows to really spill the beans on gang Updated After very boring first reveal, this could be the real deal Spotlight on RSA06 May 2024 | 8
UnitedHealth CEO: 'Decision to pay ransom was mine' Updated Congress to hear how Citrix MFA snafu led to massive data theft, $870M+ loss Malware Month30 Apr 2024 | 28
Russia's Cozy Bear dives into cloud environments with a new bag of tricks Kremlin's spies tried out the TTPs on Microsoft, and now they're off to the races Spotlight on Databases27 Feb 2024 | 4
Work to resolve binary babble from Voyager 1 is ongoing You think your latency is bad? How about 45 hours to see if a command worked? The Reg in Space08 Feb 2024 | 34
You could have heard a pin drop: Virgin Galactic reports itself to the FAA Updated Everything's fine, but a fastening fell off when it shouldn't have The Reg in Space06 Feb 2024 | 28
40 years ago, an astronaut first took flight from the Space Shuttle Look Ma: no tether! The Reg in Space05 Feb 2024 | 9
Rocket Lab is a David among Goliaths in the space race Interview CEO Peter Beck on the future of commercial launches and not raining debris over national reserves The Reg in Space05 Feb 2024 | 13
Space exploitation vs space exploration: Humanity has much to learn from the Voyager probes Interview When 'what's the value to the economy?' wasn't front of mind The Reg in Space01 Feb 2024 | 57
Square Kilometre Array prototype 'scope achieves first light SKAMPI was made in China, driven by Docker, located in South Africa, and aimed at the stars The Reg in Space30 Jan 2024 | 5
Japan's lander wakes up, takes blurry snap of Moon Winter Night is coming The Reg in Space29 Jan 2024 | 15
Canada to remove China’s top messaging app WeChat from government devices Kaspersky also on the way out due to ‘unacceptable level of risk to privacy and security' Cybersecurity Month31 Oct 2023 | 11
SolarWinds charged after SEC says biz knew IT was leaky ahead of SUNBURST attack Developer labels action 'unfounded' after company and CISO slapped with suit for misleading investors Cybersecurity Month31 Oct 2023 | 9
Bug bounty hunters load up to stalk AI and fancy bagging big bucks Google offers AI-specific rewards, HackerOne sees more specializations Cybersecurity Month27 Oct 2023 | 1
Telcos should compensate phished subscribers, suggests Singapore Regulator reckons letting scam texts through is a culpable act Cybersecurity Month26 Oct 2023 | 6
Seiko watches 60K personal data records tick away in BlackCat ransomware heist Investigations ongoing as full extent of July breach is questioned Cybersecurity Month25 Oct 2023 |
Spanish phisherfolk caught in cops' net in multi-million-euro catch Crooks swindled about €3 million from victims Cybersecurity Month25 Oct 2023 | 1
After six days and thousands of pwned users, Cisco poised to patch IOS XE flaw Security in brief ALSO: SolarWinds using plaintext passwords; North Korea attacks TeamCity; Critical vulns, and more Cybersecurity Month22 Oct 2023 | 3
International Criminal Court blames spies for 'targeted and sophisticated attack' Tell us it's Russia without telling us it's Russia Cybersecurity Month21 Oct 2023 | 13
Indian authorities raid fake tech support rings after tipoff from Amazon and Microsoft Also went after crypto-crooks who sought money to buy miners for fake token Cybersecurity Month20 Oct 2023 | 38
‘How not to hire a North Korean plant posing as a techie’ guide updated by US and South Korean authorities Advise turning off and never using remote desktop protocol, prohibiting private VPNs, not trusting recruiters’ due diligence Cybersecurity Month19 Oct 2023 | 51
San Francisco mayor suggests police drones and CCTV can cure city's crime woes Suggests bodycam footage should replace paperwork for simple arrests Cybersecurity Month19 Oct 2023 | 30
Paying for WinRAR in all the wrong ways - Russia and China hitting ancient app Incidentally, Windows 11 has native rar support now Cybersecurity Month18 Oct 2023 | 22
Critical Citrix bug exploited by data thieves weeks before being patched Updated Time to close those active sessions Cybersecurity Month18 Oct 2023 |
Governments resent their dependence on Big Tech Singapore summit hears how private sector's constant security sins create risk for sovereigns Cybersecurity Month18 Oct 2023 | 22
Five Eyes intel chiefs warn China's IP theft program now at 'unprecedented' levels Spies come in from the cold for their first public chinwag Cybersecurity Month18 Oct 2023 | 31
Malware crooks find an in with fake browser updates, in case real ones weren't bad enough Researchers say ransomware could be on the horizon if success continues Cybersecurity Month18 Oct 2023 | 2
X marks the bot: Musk thinks spammers won't pay $1 a year Annual fee won't be profitable, will require registration of phone number Cybersecurity Month18 Oct 2023 | 69