News
Mitel 0-day, 5-year-old Oracle RCE bug under active exploit
Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw – and a critical remote code execution vulnerability in Oracle WebLogic Server that has been abused for at least five years.…
DNA sequencers found running ancient BIOS, posing risk to clinical research
Argentine cybersecurity shop Eclypsium claims security issues affecting leading DNA sequencing devices could lead to disruptions in crucial clinical research.…
UN's aviation agency confirms attack on recruitment database
The International Civil Aviation Organization (ICAO), the United Nations' aviation agency, has confirmed to The Register that a cyber crim did indeed steal 42,000 records from its recruitment database.…
Crims backdoored the backdoors they supplied to other miscreants. Then the domains lapsed
More than 4,000 unique backdoors are using expired domains and/or abandoned infrastructure, and many of these expose government and academia-owned hosts – thus setting these hosts up for hijacking by criminals who likely have less altruistic intentions than the security researchers who uncovered the backdoors.…
Akamai to quit its CDN in China, seemingly not due to trouble from Beijing
Akamai has decided to end its content delivery network services in China, but not because it’s finding it hard to do business in the Middle Kingdom.…
FCC boss urges speedy spectrum auction to fund 'Rip'n'Replace' of Chinese kit
The outgoing boss of the FCC, Jessica Rosenworcel, has called on her colleagues to "quickly" adopt rules allowing the US regulator to stage a radio spectrum auction, the proceeds of which would fund the removal from American networks of equipment made by Chinese vendors Huawei and ZTE.…
Turbulence at UN aviation agency as probe into potential data theft begins
The United Nations' aviation agency is investigating "a potential information security incident" after a cybercriminal claimed they had laid hands on 42,000 of the branch's documents.…
DEF CON's hacker-in-chief faces fortune in medical bills after paralyzing neck injury
Marc Rogers, DEF CON's head of security, faces tens of thousands of dollars in medical bills following an accident that left him with a broken neck and temporary quadriplegia.…
US adds web and gaming giant Tencent to list of Chinese military companies
The US Department of Defense has added Chinese messaging and gaming Tencent to its list of “Chinese military company”, a designation that won’t necessarily result in a ban but is nonetheless unpleasant.…
Charter, Consolidated, Windstream reportedly join China's Salt Typhoon victim list
The list of telecommunications victims in the Salt Typhoon cyberattack continues to grow as a new report names Charter Communications, Consolidated Communications, and Windstream among those breached by Chinese government snoops.…
FireScam infostealer poses as Telegram Premium app to surveil Android devices
Android malware dubbed FireScam tricks people into thinking they are downloading a Telegram Premium application that stealthily monitors victims' notifications, text messages, and app activity, while stealing sensitive information via Firebase services.…
MediaTek rings in the new year with a parade of chipset vulns
MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code execution bug affecting 51 chipsets.…
After China's Salt Typhoon, the reconstruction starts now
Opinion When a typhoon devastates a land, it takes a while to understand the scale of the destruction. Disaster relief kicks in, communications rebuilt, and news flows out. Salt Typhoon is no different.…
Taiwan reportedly claims China-linked ship damaged one of its submarine cables
Taiwanese authorities have asserted that a China-linked ship entered its waters and damaged a submarine cable.…
Telemetry data from 800K VW Group EVs exposed online
Infosec in Brief Welcome to 2025: hopefully you enjoyed a pleasant holiday season and returned to the security operations center without incident - unlike Volkswagen, which last week admitted it exposed data describing journeys made by some of its electric vehicles, plus info about the vehicle’s owners.…
Encryption backdoor debate 'done and dusted,' former White House tech advisor says
interview In the wake of the Salt Typhoon hacks, which lawmakers and privacy advocates alike have called the worst telecoms breach in America's history, the US government agencies have reversed course on encryption.…
Atos denies Space Bears' ransomware claims – with a 'but'
French tech giant Atos today denied that Space Bears criminals breached its systems - but noted that third-party infrastructure was compromised by the ransomware crew, and that files accessed by the crooks included "data mentioning the Atos company name."…
CAPTCHAs now run Doom – on nightmare mode
Though the same couldn't be said for most of us mere mortals, Vercel CEO Guillermo Rauch had a productive festive period, resulting in a CAPTCHA that requires the user to kill three monsters in Doom – on nightmare mode.…
Boffins carve up C so code can be converted to Rust
Computer scientists affiliated with France's Inria and Microsoft have devised a way to automatically turn a subset of C code into safe Rust code, in an effort to meet the growing demand for memory safety.…
Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid
Chinese spies who compromised the US Treasury Department's workstations reportedly stole data belonging to a government office responsible for sanctions against organizations and individuals.…
Pages
