News

Fast forward into 2022 with Sophos’ Cybersecurity Summit 2021

Paid Post  Whatever sector you’re in, 2022 is likely to mean more and nastier cyber-threats.…

Only affects Windows Server Core, so that's alright then

A sad-faced Microsoft engineer has had to reset the "Days since we last shot ourselves in the foot" counter at the company's HQ after a security update broke Microsoft Defender for Endpoint on Windows Server Core.…

The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them.

Advertorial  I’m always asked what keeps me awake at night. Being targeted by APT groups? New ransomware strains?…

Mandatory vuln reporting, hefty fines for non-compliance

A new British IoT product security law is racing through the House of Commons, with the government boasting it will outlaw default admin passwords and more.…

Ad giant's first stab at providing the 'world's premier security advisory' starts with the obvious

Google's Cybersecurity Action Team has released its first "threat horizon" report on the scary things it's found on the internet.…

Cynos.7 trojan found its way into 9.3 million downloads

Cybersecurity researchers at anti-virus software company Dr Web have discovered a treasure trove of malware-laced Android games on Huawei's AppGallery.…

Other additions to Entity List are accused of helping Pakistan, North Korea make nukes, missiles

The US Dept of Commerce's Bureau of Industry and Security has added 27 companies to its list of entities prohibited from doing business with the USA on grounds they threaten national security – and one of the firms is associated with HPE’s Chinese joint venture H3C.…

Watchdog argues 'fairness' in process should keep some documents confidential

Data privacy campaign group noyb, founded by Austrian lawyer Max Schrems, has filed a complaint with the Austrian Office for the Prosecution of Corruption (WKStA) for a potential violation of Austrian criminal laws by the Irish Data Protection Commission.…

Regional exec says Apple wants offensive researchers out of the field because they are harmful to the reputation of the company

Kaspersky's APAC director of Global Research and Analysis, Vitaly Kamlyuk, has called Apple's lawsuit against Pegasus maker NSO a "declaration of war against software developers."…

Millions of devices potentially vulnerable, we're told

Check Point Research will today spill the beans on security holes it found within the audio processor firmware in millions of smartphones, which can be potentially exploited by malicious apps to secretly eavesdrop on people.…

Here’s a clue … it involves encryption

Advertorial  It may have escaped your notice, but last month was Cybersecurity Awareness month, and this year’s theme is “Do Your Part. Be #CyberSmart”.…

Beware of Communists bearing internet governance proposals, says Australian Strategic Policy Institute

China is actively trying to export its internal internet governance model, according to a paper from the International Cyber Policy Centre at the Australian Strategic Policy Institute.…

iGiant pledges any damages plus $10m to anti-cybersurveillance groups

Apple today sued NSO Group, which sells spyware to governments and other organizations, for infecting and snooping on people's iPhones.…

InstallerFileTakeOver code pops up on GitHub

The day has a 'y' in it, so it must be time for another zero day to drop for a Microsoft product. In this case, a local privilege-elevation vulnerability to gain control of fully patched Windows 10, 11, and Server systems up to the 2022 build.…

Complaints abound that yoof use it to mean 'digital currency'

Infosec must "reclaim" the word crypto from people who trade in Bitcoins and other digital currencies, according to industry veteran Bruce Schneier – and it seems some Reg readers agree.…

'Exceptional' case involves 100 BTC payoff, judge told

A Briton accused of playing a pivotal role in an $8.5m SIM-swapping attack shouldn't be extradited to the US because he might commit suicide, making his an "exceptional" case, a court was told.…

There's a default admin password online too

The Ministry of Justice has secured a set of Wi-Fi access points that potentially gave admin access to industrial control equipment after a tipoff by The Register.…

Plus: DNS cache poisoning again, cops probe property conveyancing group's IT outage, Azure hole addressed, and more

In brief  Sky has fixed a flaw in six million of its home broadband routers, and it only took the British broadcaster'n'telecoms giant a year to do so, infosec researchers have said.…

Infosec firm says it found unpatched software, Bank admits Exchange may not have been in the best shape

India's Punjab National Bank has smacked down a security firm's allegation that it exposed personal and financial data of its 180 million customers – but appears to have admitted its Exchange Server implementation wasn't in tip-top shape.…

Yikes: Up to 1.2 million customers affected

GoDaddy has admitted to America's financial watchdog that one or more miscreants broke into its systems and potentially accessed a huge amount of customer data, from email addresses to SSL private keys.…