News

Scattered Spider, ShinyHunters, and Lapsus$ spent the weekend bragging to each other on a Telegram channel

Prolific cybercrime collectives Scattered Spider, ShinyHunters, and Lapsus$ appear to have come together in a new Telegram channel that shares news of their exploits.…

Automaker's answer to spate of car thefts is to charge customers for extra

Hyundai is charging UK customers £49 ($66) for a security upgrade to prevent thieves from bypassing its car locks.…

Home Office officials reportedly concede Brit government on back foot as Trump moves to protect US Big Tech players

Analysis  The Home Office's war on encryption – its most technically complex and controversial aspect of modern policymaking yet – is starting to look like battlefield failure after more than ten years of skirmishes.…

Sysadmins, your job is safe

Automating IT operations using AI may not be the best idea at the moment.…

A few weeks earlier 'zeroplayer' advertised an $80K WinRAR 0-day exploit

Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix.…

The alleged perpetrators remain at large

The US Department of Justice is trying to recoup around $1 million that three IT specialists secretly working for the North Korean government allegedly stole from a New York company.…

The bad news? The machines, and their operators, are coming on fast

Black Hat/DEF CON  At the opening of Black Hat, the largest security shindig in the Hacker Summer Camp week ahead of DEF CON and BSides, the opening keynote speaker suggested the current state of AI slightly favors defenders over attackers, but he warned that was not a given for much longer.…

But it can contest if it lands up in 'Category 1,' and the move hurts operations, says judge

Wikipedia today lost a legal battle against the UK's tech secretary to tighten the criteria around the Online Safety Act 2023 (OSA), as it seeks to exclude itself from the strictest regulations.…

Amid hints by president he may announce 100% tariffs on imported chips, semiconductors

Intel boss Lip-Bu Tan reportedly has an appointment at the White House today, just days after President Donald Trump called for his resignation. The move comes as Intel's former CEO Craig Barrett weighs in on the troubled chipmaker's future.…

By video, picture, and voice – the fakers are coming for your money

DEF CON  While AI was on everyone's lips in Las Vegas this week at the trio of security conferences in Sin City – BSides, Black Hat, AND DEF CON – there were a lot of people using the F-word too: fraud.…

Many core offerings now back in action, says retailer

British retailer Marks and Spencer updated its website today, confirming its Click & Collect service is once again available to customers.…

And yes, that means (retch) catering to AI searchers

The job market is queasy and since you're reading this, you need to upgrade your CV. It's going to require some work to game the poorly trained AIs now doing so much of the heavy lifting. I know you don't want to, but it's best to think of this as dealing with a buggy lump of undocumented code, because frankly that's what is between you and your next job.…

PLUS: Crypto mixer founders plead guilty; Another French telco hacked; Meta fights WhatsApp scams; And more!

Infosec In Brief  A critical vulnerability in the on-prem version of Trend Micro's Apex One endpoint security platform is under active exploitation, the company admitted last week, and there's no patch available.…

Five pilot deployments are just a drop in the bucket, so it's time to turbo scale

def con  A DEF CON hacker walks into a small-town water facility…no, this is not the setup for a joke or a (super-geeky) odd-couple rom-com. It's a true story that happened at five utilities across four states.…

It turns out no one was clean on OPSEC

DEF CON  On Saturday at DEF CON, security boffin Micah Lee explained just how he hacked into TeleMessage, the supposedly secure messaging app used by White House officials, which in turn led to a massive database dump of their communications.…

In misinformation, Russia might be the top dog but the Chinese are coming warns former NSA boss

DEF CON  A cache of documents uncovered by Vanderbilt University has revealed disturbing details about how a Chinese company is building up a database of US politicians and influencers with whom to share propaganda.…

Fun feature found in Debian 13: send your selected text to China – in plaintext

As Trixie gets ready to début, a little-known app is hogging the limelight: StarDict, which sends whatever text you select, unencrypted, to servers in China.…

Tells The Reg China's ability to p0wn Redmond's wares 'gives me a political aneurysm'

Comment  Roger Cressey served two US presidents as a senior cybersecurity and counter-terrorism advisor and currently worries he'll experience a "political aneurysm" due to Microsoft's many security messes.…

Not a very smart home: crims could hijack smart-home boiler, open and close powered windows and more. Now fixed

Black hat  A trio of researchers has disclosed a major prompt injection vulnerability in Google's Gemini large language model-powered applications.…

Campaigners brand Home Office’s lack of transparency as ‘astonishing’ and ‘dangerous’

Privacy groups report a surge in UK police facial recognition scans of databases secretly stocked with passport photos lacking parliamentary oversight.…