Apple's GoFetch silicon security fail was down to an obsession with speed Opinion Ye cannae change the laws of physics, but you can change your mind Security02 Apr 2024 | 23
Six banks share customer info to help Singapore fight money laundering Asia in brief Plus: Google Cloud ANZ boss departs; Japan revives airliner ambitions; China-linked attackers target Asian entities Cyber-crime02 Apr 2024 | 4
US House of Reps tells staff: No Microsoft Copilot for you! At least not until Redmond's government edition is ready to roll Public Sector01 Apr 2024 | 10
Malicious xz backdoor reveals fragility of open source Analysis This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy Devops01 Apr 2024 | 98
Nearly 3M people hit in Harvard Pilgrim healthcare data theft Infosec in brief Also, TheMoon botnet back for EoL SOHO routers, Sellafield to be prosecuted for 'infosec failures', plus critical vulns Security01 Apr 2024 | 3
Ex-White House CIO tells The Reg: TikTok ban may be diplomatic disaster Interview Theresa Payton on why US needs a national privacy law Public Sector01 Apr 2024 | 63
AT&T admits massive 70M+ mid-March customer data dump is real though old Still claims the personal info wasn't stolen from its systems Security01 Apr 2024 | 10
Rust developers at Google are twice as productive as C++ teams Code shines up nicely in production, says Chocolate Factory's Bergstrom Devops31 Mar 2024 | 134
Malicious SSH backdoor sneaks into xz, Linux world's data compression library STOP USAGE OF FEDORA RAWHIDE, says Red Hat while Debian Unstable and others also affected CSO29 Mar 2024 | 123
Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching CVE-2024-1086 turns the page tables on system admins Patches29 Mar 2024 | 26
JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat Updated Vendor takes hardline approach to patch disclosure to new levels Patches28 Mar 2024 | 14
FTX crypto-crook Sam Bankman-Fried gets 25 years in prison Could have been worse: Prosecutors wanted decades more Cyber-crime28 Mar 2024 | 107
Nvidia's newborn ChatRTX bot patched for security bugs Flaws enable privilege escalation and remote code execution Patches28 Mar 2024 | 1
US critical infrastructure cyberattack reporting rules inch closer to reality After all, it's only about keeping the essentials on – no rush Security28 Mar 2024 | 4
Canonical cracks down on crypto cons following Snap Store scam spree In happier news, Ubuntu Pro extended support now goes up to 12 years Security28 Mar 2024 | 18
INC Ransom claims responsibility for attack on NHS Scotland Sensitive documents dumped on leak site amid claims of 3 TB of data stolen in total Cyber-crime28 Mar 2024 | 14
These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb One might say this is a wurst case scenario Patches28 Mar 2024 | 44
AI hallucinates software packages and devs download them – even if potentially poisoned with malware In-depth Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that Security28 Mar 2024 | 84
Execs in Japan busted for winning dev bids then outsourcing to North Koreans Government issues stern warning over despot money-making scheme Cyber-crime28 Mar 2024 | 12
China encouraged armed offensive against Myanmar government to protest proliferation of online scams Report claims Beijing is most displeased by junta's failure to address slave labor scam settlements Cyber-crime28 Mar 2024 | 5
Apple fans deluged with phony password reset requests Beware support calls offering a fix Security27 Mar 2024 | 18
Majority of Americans now use ad blockers We're dreaming of a white list, because we're just like the ones you used to know Security27 Mar 2024 | 114
'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders CSO27 Mar 2024 | 14
Meta accused of snarfing people's Snapchat data via traffic decryption I ain't afraid of no ghosts, but in this case... Personal Tech27 Mar 2024 | 20
Miscreants are exploiting enterprise tech zero days more and more, Google warns Crooks know where the big bucks are Cyber-crime27 Mar 2024 | 5
Street newspaper appears to have Big Issue with Qilin ransomware gang The days of cybercriminals having something of a moral compass are over Cyber-crime27 Mar 2024 | 12
The easy road to pervasive DLP How Forcepoint Data Security Everywhere does what it says on the tin Sponsored Post
Uncle Sam's had it up to here with 'unforgivable' SQL injection flaws Software slackers urged to up their game Security26 Mar 2024 | 66
Ransomware can mean life or death at hospitals. DEF CON hackers to the rescue? Interview ARPA-H joins DARPA's AIxCC, adds $20M to cash rewards Cyber-crime26 Mar 2024 | 22
FreeBSD Foundation hands out Beacon gongs for safer software Multiple CHERI-related projects win money for important research that prizes safety over speed Security26 Mar 2024 | 13
UK elections are unaffected by China's cyber-interference, says deputy PM Sanctions galore for APT31, which has been blamed for two major attacks on democracy Cyber-crime26 Mar 2024 | 18
Row breaks out over true severity of two DNSSEC flaws Updated Some of us would be happy being rated 7.5 out of 10, just sayin' CSO26 Mar 2024 | 11
New Zealand to world: China attacked us, too! Reveals 2021 incident that saw parliamentary agencies briefly probed Public Sector26 Mar 2024 | 3
US charges Chinese nationals with cyber-spying on pretty much everyone for Beijing Plus: Alleged front sanctioned, UK blames PRC for Electoral Commission theft, and does America need a Cyber Force? Cyber-crime25 Mar 2024 | 6
Over 170K users caught up in poisoned Python package ruse Supply chain attack targeted GitHub community of Top.gg Discord server Cyber-crime25 Mar 2024 | 44
Tech trade union confirms cyberattack behind IT, email outage Exclusive Systems have been pulled offline as a precaution Cyber-crime25 Mar 2024 | 11
Mozilla fixes $100,000 Firefox zero-days following two-day hackathon Users may have to upgrade twice to protect their browsers Security25 Mar 2024 | 9
GoFetch security exploit can't be disabled on M1 and M2 Apple chips For now, cryptographic work should be run on slower Icestorm cores Research25 Mar 2024 | 14
Time to examine the anatomy of the British Library ransomware nightmare Opinion Mistakes years in the making tell a universal story that must not be ignored Cyber-crime25 Mar 2024 | 103
That Asian meal you eat on holidays could launder money for North Korea United Nations finds IT contract and crypto scams are just two of DPRK's illicit menu items Security25 Mar 2024 | 17
Microsoft confirms memory leak in March Windows Server security update Infosec in brief ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns Security25 Mar 2024 | 11
Some 300,000 IPs vulnerable to this Loop DoS attack Easy to exploit, not yet exploited, not widely patched – pick three Research24 Mar 2024 | 24
Vans claims cyber crooks didn't run off with its customers' financial info Just 35.5M names, addresses, emails, phone numbers … no biggie Cyber-crime24 Mar 2024 | 8
Russia's Cozy Bear caught phishing German politicos with phony dinner invites Forget the Riesling, bring on the WINELOADER Cyber-crime23 Mar 2024 | 8
Chinese snoops use F5, ConnectWise bugs to sell access into top US, UK networks Crew may well be working under contract for Beijing Cyber-crime22 Mar 2024 | 5
3 million doors open to uninvited guests in keycard exploit As months go by without fixes, hotels take the scenic route to securing rooms Research22 Mar 2024 | 53
Hardware-level Apple Silicon vulnerability can leak cryptographic keys Short of redesigning CPUs, the fix will seriously degrade performance Research22 Mar 2024 | 22
NVD slowdown leaves thousands of vulnerabilities without analysis data Opinion Security world reacts as NIST does a lot less of oft criticized, 'almost always thankless' work Security22 Mar 2024 | 5
Truck-to-truck worm could infect – and disrupt – entire US commercial fleet The device that makes it possible is required in all American big rigs, and has poor security Security22 Mar 2024 | 74
FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert You better watch out, you better not cry, better not pout, they're telling you why Security21 Mar 2024 | 4
Microsoft faces bipartisan criticism for alleged censorship on Bing in China Redmond says it does what it's told, but still thinks users are better off Security21 Mar 2024 | 4
Congress votes unanimously to ban brokers selling American data to enemies At least we can all agree on something Security21 Mar 2024 | 19
Yacht dealer to the stars attacked by Rhysida ransomware gang MarineMax may be in choppy waters after 'stolen data' given million-dollar price tag Cyber-crime21 Mar 2024 | 9
UK council won't say whether two-week 'cyber incident' impacted resident data Security experts insist ransomware is involved but Leicester zips its lips Cyber-crime21 Mar 2024 | 22
Exposed: Chinese smartphone farms that run thousands of barebones mobes to do crime Operators pack twenty phones into a chassis – then rack 'em and stack 'em ready to do evil Cyber-crime21 Mar 2024 | 34
It's 2024 and North Korea's Kimsuky gang is exploiting Windows Help files New infostealer may indicate a shift in tactics – and maybe targets too, beyond Asia Research21 Mar 2024 | 5
It's tax season, and scammers are a step ahead of filers, Microsoft says Phishing season started early with crims intent on the hooking early filers Security20 Mar 2024 | 7
US task force aims to plug security leaks in water sector From a trickle to a flood, threats now seen as too great to ignore Cyber-crime20 Mar 2024 | 14
London Clinic probes claim staffer tried to peek at Princess Kate's records First: Not being able buy a meat pie with a credit card. Now this Security20 Mar 2024 | 74
Serial extortionist of medical facilities pleads guilty to cybercrime charges Robert Purbeck even went as far as threatening a dentist with the sale of his child’s data Cyber-crime20 Mar 2024 | 6