News

'MarbledDust' gang has honed the skills it uses to assist Ankara

Turkish spies exploited a zero-day bug in a messaging app to collect info on the Kurdish army in Iraq, according to Microsoft, which says the attacks began more than a year ago.…

Support for the underlying OS is another story

Microsoft has pledged to support and issue security fixes for M365 apps on Windows 10 into late 2028. That's well past a cut-off point of October 14 this year, when Redmond's support for Windows 10 officially ends unless you buy an extended support package.…

Cripes, we were only joking when we called Elon's social network the new state media

The US government's Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X.…

Today’s complex IT environments demand a new approach

Partner content  For many organizations, managing IT assets is like trying to complete a jigsaw puzzle without all the pieces. Despite massive investments in security tools and controls, many companies still have critical gaps in their ecosystems that leave them vulnerable to breaches.…

Intruders claim they stole GlobalX's flight records and manifests

GlobalX, a charter airline used for deportations by the US government, has admitted someone broke into its network infrastructure.…

Providers argue that if end users prioritized security, they'd get it

CYBERUK  Intervention is required to ensure the security market holds vendors to account for shipping insecure wares – imposing costs on those whose failures lead to cyberattacks and having to draft in cleanup crews. The security market must properly incentivize security vendors to do security better.…

We need to make taking IT systems 'off the books' a problem for corporate types

Opinion  It's been a devastating few weeks for UK retail giants. Marks and Spencer, the Co-Op, and now uber-posh Harrods have had massive disruptions due to ransomware attacks taking systems down for prolonged periods.…

PLUS: Celsius scammer sent to slammer; Death-by-hacking victim warns you're never safe; and more

Infosec in brief  Good cybersecurity habits don't appear to qualify anyone to work at DOGE, as one Musk minion seemingly fell victim to infostealer malware.…

Rapid7 threat hunter told The Reg wrote a PoC. No he's not releasing it

RSAC  If Rapid7's Christiaan Beek decided to change careers and become a ransomware criminal, he knows exactly how he'd innovate: CPU ransomware.…

The FBI also issued a list of end-of-life routers you need to replace

Earlier this week, the FBI urged folks to bin aging routers vulnerable to hijacking, citing ongoing attacks linked to TheMoon malware. In a related move, the US Department of Justice unsealed indictments against four foreign nationals accused of running a long-running proxy-for-hire network that exploited outdated routers to funnel criminal traffic.…

France's share of MOD cash is growing while the US's shrinks

The UK's Ministry of Defence (MOD) is gradually shifting its spending from the US to Europe, according to research from Tussell.…

Weapons-grade fuel for fraud

Insight Partners, a mega venture capital firm with more than $90 billion in funds under management, fears network intruders got their hands on internal sensitive data about employees, portfolio companies, investors, and more.…

Linux giant finds Chinese environment to be perilous beneath pretty exterior

SUSE has kicked the Deepin Desktop Environment (DDE) out of its community-driven Linux distro, openSUSE, and the reasons it gives for doing so are revealing.…