News

What happens at Black Hat…

While trying to escape the Las Vegas heat during Black Hat last month, watchTowr Labs researchers decided to poke around for weaknesses in the WHOIS protocol. They claim to have found a way to undermine certificate authorities, which the world trusts to keep the internet safe by verifying the identity of websites.…

ISC2 argues security training needs to steer toward what hiring managers want

The shortfall between the number of working security professionals and the number of security job openings has reached 4.8 million – a new high, according to cyber security non-profit ISC2.…

Minister reckons dedicated cops necessary to protect digital transactions

India has announced a plan to train a specialized wing of 5000 "Cyber Commandos" in the next five years, as part of its efforts to address cyber crime.…

CISA wants you to leap on Citrix and Ivanti issues. Adobe, Intel, SAP also bid for patching priorities

Patch Tuesday  Another Patch Tuesday has dawned, as usual with the unpleasant news that there are pressing security weaknesses and blunders to address.…

Elderly people report the greatest losses

The FBI just dropped its annual report examining the costs of crypto-related cybercrime, painting a predictably grim picture as total losses in the US exceeded $5.6 billion in 2023 – a 45 percent year-on-year increase.…

Beijing aimed research at immediate needs – like blocking leaks – while the US sought abstract knowledge

China has an undeniable lead in quantum networking technology – a state of affairs that should give the US pause, despite its lead in quantum computing.…

It promised vanishing messages, but now 'it's privacy theater'

Video  A popular privacy feature in WhatsApp is "completely broken and can be trivially bypassed," according to developers at cryptowallet startup Zengo.…

US alarmed by heightened Kremlin naval activity worldwide

Russia's naval activity near undersea cables is reportedly drawing the scrutiny of US officials, further sparking concerns that the Kremlin may be plotting to "sabotage" underwater infrastructure via a secretive, dedicated military unit called the General Staff Main Directorate for Deep Sea Research (GUGI).…

'Insider wrongdoing' to blame for the breach

Avis Rent A Car System has alerted 299,006 customers across multiple US states that their personal information was stolen in an August data breach.…

Criminals with plenty of time on their hands may now have credit card details

Around 1.7 million people will receive a letter from Florida-based Slim CD, if they haven't already, after the company detected an intrusion dating back nearly a year.…

Watch this webinar for tips on enhancing resilience with advanced protection strategies

Webinar  As cyberattacks like ransomware and malware grow more sophisticated, organizations need to ensure their enterprise storage systems are robust and resilient.…

The latest of many attempts to stifle perceived threats to Putin's regime

A pro-democracy NGO in Russia says it looks like the Kremlin-linked COLDRIVER group was behind last month's hack-and-leak job that saw files and inboxes dumped online.…

Understanding new NIS2, DORA, and Tiber-EU legislation is essential to improving IT security, explains SANS

Webinar  As cybersecurity regulations tighten, organisations face new challenges that require more than just compliance checklists.…

Plus: Trump family X accounts hijacked to promote crypto scam; Fog ransomware spreads; Hijacked PyPI packages; and more

Infosec in brief  After activating its chameleon field and going to ground following press attention earlier this year, the dangerous Predator commercial spyware kit is back – with upgrades.…

White House floats round two of regulations

It sounds like the start of a bad joke: Digital trespassers from China, Russia, and Iran break into US water systems.…

Not so much when trying to convert coding veterans

Google recently rewrote the firmware for protected virtual machines in its Android Virtualization Framework using the Rust programming language and wants you to do the same, assuming you deal with firmware.…

The 'security issue' was caused by a 9.8-rated Magento flaw Adobe patched back in June

Bad news for anyone who purchased a Cisco hoodie earlier this month: Suspected Russia-based attackers injected data-stealing JavaScript into the networking giant's online store selling Cisco-branded merch.…

When maintenance windows are hard to open, a little lubrication helps

On Call  The Register understands consuming alcohol is quite a popular way to wind down from the working week, but each Friday we get the party started early with a new and sober instalment of On Call, the reader contributed column in which you share stories about the emotional hangovers you've earned delivering tech support.…

Supply chains, 13M jobs and $649B a year at risk, so Uncle Sam is fighting back - with a request for info

The US Department of Homeland Security is seeking help to assess the security of tech at maritime ports, to safeguard the 13 million jobs and $649 billion of economic activity generated by the nation’s docks.…

Now do your patriotic duty and fill one of those 500k open roles, please?

The White House has unveiled a new strategy to fill some of the hundreds of thousands of critical cybersecurity vacancies across the US: Pitch cyber as a national service.…