News

Customizations not saved with security baseline policy update

Microsoft Intune administrators may face a few days of stress after Redmond acknowledged a problem with security baseline customizations.…

Body stays coy on details but alludes to similarities with 2023 espionage campaign

The International Criminal Court (ICC) says a "sophisticated" cyberattack targeted the institution, the second such incident in two years.…

The silly mistakes to the flagrant failures

They say that success breeds complacency, and complacency leads to failure. For cybercriminals, taking too many shortcuts when it comes to opsec delivers a little more than that. …

Makes the usual complaints about control and cost, adds argument Apple's practices harm privacy

Secure comms biz Proton has joined a lawsuit that alleges Apple’s anticompetitive ways are harming developers, consumers, and privacy.…

Resulting in two indictments, one arrest, and 137 laptops seized

The US Department of Justice has announced a major disruption of multiple North Korean fake IT worker scams.…

Don't leave the door open to disgruntled workers

A judge has sentenced a disgruntled IT worker to more than seven months in prison after he wreaked havoc on his employer's network following his suspension, according to West Yorkshire Police.…

Time ticking for defenders as social engineering pros weave wider web

Just a few weeks after warning about Scattered Spider's tactics shifting toward the insurance industry, the same experts now say the aviation industry is now on the ransomware crew's radar.…

Device compromises and deep-seated access to critical infrastructure exposed surveillance vulnerabilities in agency's work

A major Mexican drug cartel insider grassed on his fellow drug-peddlers back in 2018, telling the FBI that a cartel "hacker" was tracking a federal official and using their deep-rooted access to the country's critical infrastructure to kill informants.…

Like being hard to spot? They’d much rather you didn’t

Opinion  There are few tech deceptions more successful than Chrome's Incognito Mode.…

PLUS: Broadband blimps to fly in Japan; Starbucks China put ads before privacy; and more!

Asia In Brief  Canada’s government has ordered Chinese CCTV systems vendor Hikvision to cease its local operations.…

PLUS: Crooks target hardware crypto wallets; Bad flaws in Brother printers; ,O365 allows takeover-free phishing; and more

Infosec in Brief  Despite warnings not to pay ransomware operators, almost half of those infected by the malware send cash to the crooks who planted it, according to infosec software slinger Sophos.…

Watch out for supply chain hacks especially

interview  The ceasefire between Iran and Israel may prevent the two countries from firing missiles at each other, but it won't carry any weight in cyberspace, according to former NATO hacker Candan Bolukbas.…

Taking advantage of the ridiculously complex US healthcare billing system

Criminals masquerading as insurers are tricking patients and healthcare providers into handing over medical records and bank account information via emails and text messages, according to the FBI.…

Getting it in might mean re-racking the entire datacenter and rebuilding the network, though

Cisco is talking up the integration of security into network infrastructure such as its latest Catalyst switches, claiming this is vital to AI applications, and in particular the current vogue for "agentic AI."…

'No impact on safety,' FAA tells The Reg

update  Hawaiian Airlines said a "cybersecurity incident" affected some of its IT systems, but noted that flights are operating as scheduled. At least one researcher believes Scattered Spider, which previously targeted retailers and insurance companies, could be to blame.…

Pen Test Partners hijack data from Renault Clio to steer, brake, and accelerate in SuperTuxKart

Cybersecurity nerds figured out a way to make those at-home racing simulators even more realistic by turning an actual car into a game controller.…

Finance, health, and national identification details compromised

Multinational grocery and retail megacorp Ahold Delhaize says upwards of 2.2 million people had their data compromised during its November cyberattack with personal, financial and health details among the trove.…

Pro tip: Don't use your personal email account on BreachForums

The notorious data thief known as IntelBroker allegedly broke into computer systems belonging to more than 40 victims worldwide and stole their data, costing them at least $25 million in damages, according to newly unsealed court documents that also name IntelBroker as 25-year-old British national Kai West.…

Czech researcher lays out a business case for reducing reliance on Redmond

Comment  A sharply argued blog post warns that heavy reliance on Microsoft poses serious strategic risks for organizations – a viewpoint unlikely to win favor with Redmond or its millions of corporate customers.…

A 10.0 and a 9.8 – these aren’t patches to dwell on

Cisco has dropped patches for a pair of critical vulnerabilities that could allow unauthenticated remote attackers to execute code on vulnerable systems.…