The Register
IT suppliers hacked off with Uncle Sam's demands in aftermath of cyberattacks
Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident.…
Volt Typhoon not the only Chinese crew lurking in US energy, critical networks
Volt Typhoon isn't the only Chinese spying crew infiltrating computer networks in America's energy sector and other critical organizations with the aim of wrecking equipment and causing other headaches, the US government has said.…
Half of polled infosec pros say their degree was less than useful for real-world work
Half of infosec professionals polled by Kaspersky said any cybersecurity knowledge they picked up from their higher education is at best somewhat useful for doing their day jobs. On the other hand, half said the know-how was at least very useful. We're a glass half-empty lot.…
US says China's Volt Typhoon is readying destructive cyberattacks
The US government today confirmed China's Volt Typhoon crew comprised "multiple" critical infrastructure org's IT networks in America – and Uncle Sam warned that the Beijing-backed spies are readying "disruptive or destructive cyberattacks" against those targets.…
Iran's cyber operations in Israel a potential prelude to US election interference
Iran's anti-Israel cyber operations are providing a window into the techniques the country may deploy in the run-up to the 2024 US Presidential elections, Microsoft says.…
Raspberry Pi Pico cracks BitLocker in under a minute
We're very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company will be bragging too much about that particular application.…
JetBrains urges swift patching of latest critical TeamCity flaw
JetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool.…
The spyware business is booming despite government crackdowns
The commercial spyware economy – despite government and big tech's efforts to crack down – appears to be booming.…
DEF CON is canceled! No, really this time – but the show will go on
It's an annual meme that DEF CON infosec conference has been canceled, but this time it actually happened.…
Mozilla adds paid-for data-deletion tier to Monitor, its privacy-breach radar
Mozilla on Tuesday expanded its free privacy-monitoring service with a paid-for tier called Mozilla Monitor Plus that will try to get data brokers to delete their copies of subscribers' personal information.…
Verizon says 63K employees' info fell into the wrong hands – an insider this time
Verizon is notifying more than 63,000 people, mostly current employees, that an insider, accidentally or otherwise, had inappropriate access to their personal data.…
Chinese Coathanger malware hung out to dry by Dutch defense department
Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense (MoD), blaming Chinese state-sponsored attackers for the espionage-focused intrusion.…
EquiLend back in the saddle as ransom payment rumors swirl
Global securities finance tech company EquiLend's systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago.…
Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM
Fortinet's FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution.…
New kids on the ransomware block in 2023: Akira and 8Base lead dozens of newbies
At least 25 new ransomware gangs emerged in 2023, with Akira and 8Base proving the most "successful," research reveals.…
Google throws $1M at Rust Foundation to build C++ bridges
Google on Monday donated $1 million to the Rust Foundation specifically to improve interoperability between the language and C++.…
Ivanti devices hit by wave of exploits for latest security hole
Various miscreants are attempting to exploit the latest Ivanti flaw, a server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 that can be used to hijack equipment.…
Ignore Uncle Sam's 'voluntary' cybersecurity goals for hospitals at your peril
Interview If you are responsible for infosec at a US hospital or other healthcare organization, and you treat the government's new "voluntary" cybersecurity performance goals (CPGs) as, well, voluntary, you're ignoring the writing on the wall. …
AnyDesk revokes signing certs, portal passwords after crooks sneak into systems
AnyDesk has copped to an IT security "incident" in which criminals broke into the remote-desktop software maker's production systems. The biz has told customers to expect disruption as it attempts to lock down its infrastructure.…
Lurie Children's Hospital back to pen and paper after cyberattack
For the second time in one week, cybercriminals have targeted a Chicago children's hospital, this time causing significant operational disruption.…