The polyfill.io domain is being used to infect more than 100,000 websites with malware after a Chinese organization bought the domain earlier this year.β¦
Customer information said to have been stolen from Neiman Marcus's Snowflake instance has been put up for sale on the dark web for $150,000.β¦
The FBI says in just 12 months, scumbags stole circa $10 million from victims of crypto scams after posing as helpful lawyers offering to recover their lost tokens.β¦
US cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool (CSAT) portal.β¦
UK and US cops have reportedly joined forces to find and fight Qilin, the ransomware gang wreaking havoc on the global healthcare industry.β¦
Sponsored Feature You know that a technology problem is serious when the White House holds a summit about it.β¦
Webinar Stay ahead of cyber threats with our upcoming session on "Why attack surfaces are expanding," brought to you by Cloudflare in partnership with The Register.β¦
WikiLeaks founder Julian Assange has been freed from prison in the UK after agreeing to plead guilty to just one count of conspiracy to obtain and disclose national defense information, brought against him by the United States. Uncle Sam previously filed more than a dozen counts.β¦
Analysis Introduced in April, the American Privacy Rights Act (APRA) was - in the words of its drafters - "the best opportunity weβve had in decades to establish a national data privacy and security standard that gives people the right to control their personal information."β¦
A now-patched vulnerability in Ollama β a popular open source project for running LLMs β can lead to remote code execution, according to flaw finders who warned that upwards of 1,000 vulnerable instances remain exposed to the internet.β¦
The number of US companies filing Form 8-Ks with the Securities and Exchange Commission (SEC) and referencing embattled car dealership software biz CDK is mounting.β¦
There are early indications of active attacks targeting end-of-life Zyxel NAS boxes just a few weeks after details of three critical vulnerabilities were made public.β¦
The UK government has been accused of blowing Β£174 million ($220 million) on "external advice" for a new radio system for the armed forces that has been beset by delays and cancelled contracts.β¦
There were data breaches galore in the US last week with various major incidents reported to state attorneys general, some in good time, some not.β¦
Opinion When two stories from opposite ends of the IT universe boil down to the same thing, sound the klaxons. At the uber-fashionable AI end of tech, Meta has grudgingly complied with a ruling not to feed European social media crap into its training data. Meanwhile, in the industrial slums, 20 percent of running Microsoft SQL Server instances are now past the end of support.β¦
Who, me? Brace yourselves, gentle readers, for it is once again Monday, and the work week has commenced. Thankfully, The Reg is here with another dose of Who, Me? in which readers share tales of times they had a day worse than the one you're having. We hope it helps.β¦
Infosec in brief The descending ball of trouble over at Snowflake keeps growing larger, with more victims β and even one of the alleged intruders β coming forward last week.β¦
Google this week offered reassurance that its vetting of Chrome extensions catches most malicious code, even as it acknowledged that "as with any software, extensions can also introduce risk."β¦
Kettle The US government on Thursday banned Kaspersky Lab from selling its antivirus and other products in America from late July, and from issuing updates and malware signatures from October.β¦
Change Healthcare is formally notifying some of its pharmacy and hospital customers that their patients' data was stolen from it by ransomware criminals back in February β and for the first time has concretely disclosed the types of information swiped during that IT intrusion.β¦
Uncle Sam took another swing at Kaspersky Lab today and sanctioned a dozen C-suite and senior-level executives at the antivirus maker, but spared CEO and co-founder Eugene Kaspersky.β¦
A new vulnerability in UEFI firmware is threatening the security of a wide range of Intel chip families in a similar fashion to BlackLotus and others like it.β¦
Webinar In the ever-evolving world of cybersecurity, understanding why attack surfaces are expanding is more critical than ever.β¦
The ransomware gang responsible for the chaos at London hospitals kept true to its word and released a trove of data that it claims belongs to pathology services provider Synnovis.β¦
Sweden says its satellites have been impacted by "harmful interference" from Russia ever since the Nordic nation joined the North Atlantic Treaty Organization (NATO) last March.β¦
The data breach at Australian telco Optus, which saw over nine million customers' personal information exposed, has been blamed on a coding error that broke API access controls, and was left in place for years.β¦
Consulting Radiologists has notified almost 512,000 patients that digital intruders accessed their personal and medical information during a February cyberattack.β¦
The Biden administration today banned the sale of Kaspersky Lab products and services in the United States, declaring the Russian biz a national security risk.β¦
The vendor behind the software on which nearly 15,000 car dealerships across the US rely says an ongoing "cyber incident" has forced it to pull systems offline for a second time in as many days.β¦
Kraken, one of the largest cryptocurrency exchanges in the world, has accused a trio of security researchers of discovering a critical bug, expoliting it to steal millions in digital cash, then using stolen funds to extort the exchange for more.β¦
A fresh report into the Nobelium offensive cyber crew published by France's computer emergency response team (CERT-FR) highlights the group's latest tricks as the country prepares for a major election and to host this year's Olympic and Paralympic Games.β¦
Interview The ransomware gang responsible for a healthcare crisis at London hospitals says it has no regrets about its cyberattack, which was entirely deliberate, it told The Register in an interview.β¦
US rail service Amtrak is writing to users of its Guest Rewards program to inform them that their data is potentially at risk following a derailment of their individual account security.Β β¦
Crafty criminals are targeting thousands of orgs around the world in social-engineering attacks that use phony error messages to trick users into running malicious PowerShell scripts.Β β¦
A now-former IT director has pleaded guilty to defrauding the university at which he was employed β and a computer equipment supplier β for $2.1 million over five years.β¦
Updated AMD's IT team is no doubt going through its logs today after cyber-crooks put up for sale what is claimed to be internal data stolen from the US microprocessor designer.β¦
On Thursday, the EU Council is scheduled to vote on a legislative proposal that would attempt to protect children online by disallowing confidential communication.β¦
Updated A group of technology organizations has formed the CHERI Alliance CIC (Community Interest Company) to promote industry adoption of the security technology focused on memory access.β¦
The US government is winding down its financial support for healthcare providers originally introduced following the ransomware attack at Change Healthcare in February.β¦
The chief exec at NHS Dumfries and Galloway will write to thousands of folks in the Scottish region whose data was stolen by criminals, admitting the lot of it was published after the trust did not give in to the miscreants' demands.β¦
VMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server β the tool used to manage virtual machines and hosts in its flagship Cloud Foundation and vSphere suites.β¦
In 2018, chip designer Arm introduced a hardware security feature called Memory Tagging Extensions (MTE) as a defense against memory safety bugs. But it may not be as effective as first hoped.β¦
Updated Two consulting firms, Guidehouse and Nan McKay and Associates, have agreed to pay a total of $11.3 million to resolve allegations of cybersecurity failings over their roll-out of COVID-19 assistance.β¦
The two alleged administrators of Empire Market, a dark-web bazaar that peddled drugs, malware, digital fraud, and other illegal stuff, have been detained on charges related to owning and operating the illicit souk.β¦
Months after escaping without a fine from the US Federal Trade Commission (FTC), the luck of cloud software biz Blackbaud ran out when it came to reaching a settlement with California's attorney general.β¦
Spanish police arrested a person they allege to be the leader of the notorious cybercrime gang Scattered Spider as he boarded a private flight to Naples.β¦
Heads up: Amazon Web Services is pushing ahead with making multi-factor authentication (MFA) mandatory for certain users, and we love to see it.β¦
Exclusive A cybersecurity researcher claims UK health club and gym chain Total Fitness bungled its data protection responsibilities by failing to lock down a database chock-full of members' personal data.β¦
Notorious cyber gang UNC3944 β the crew suspected of involvement in the recent attacks on Snowflake and MGM Entertainment, and plenty more besides β has changed its tactics and is now targeting SaaS applicationsβ¦
Infosec in brief A popular spam blocklist service that went offline earlier this month has advised users it is down permanently β but at least one potential candidate is stepping up to try to fill the threat intelligence void.β¦
Asia in brief The space junk cleaning mission launched by Japan's Aerospace Exploration Agency (JAXA) has successfully hunted down one of its targets.β¦
Feature Microsoft president Brad Smith struck a conciliatory tone regarding his IT giant's repeated computer security failings during a congressional hearing on Thursday β while also claiming the Windows maker is above the rule of law, at least in China.β¦
The Stanford Internet Observatory (SIO), which for the past five years has been studying and reporting on social media disinformation, is being reimagined with new management and fewer staff following the recent departure of research director Renee DiResta.β¦
Meta has caved to European regulators, and agreed to pause its plans to train AI models on EU users' Facebook and Instagram users' posts β a move that the social media giant said will delay its plans to launch Meta AI in the economic zone.β¦
A Nigerian national has been convicted of participating in a business email compromise (BEC) scam worth $1.5 million after a jury found him guilty on all counts.β¦
Infrastructure that enabled two pro-Russia Ukraine residents to break into soldiers' devices and deploy spyware has been dismantled by the Security Service of Ukraine (SSU).β¦
The French government has confirmed an offer of β¬700 million ($748 million) for key assets of ailing IT services giant Atos, following the companyβs acceptance of a restructuring deal earlier this week.β¦
Lawmakers on Thursday grilled Microsoft president Brad Smith about the Windows giant's businesses dealing in China β and the super-corp's repeated security failings β at a time when Beijing-backed spies are accused of breaking into Microsoft-hosted email accounts of American government officials.β¦
A plan by America's Space Force to harden GPS against spoofing attacks may be going nowhere: A request by the service branch for $77 million of public cash to finish the work is struggling to get approval from Congress.β¦
Analysis Oracle Advertising is shutting down, CEO Safra Catz said during the database goliath's fiscal 2024 Q4 earnings call with Wall Street this week.β¦