NIST turns to IT consultants to clear National Vulnerability Database backlog
Aims to get CVE logjam cleared by the end of FY 24
CSO03 Jun 2024 | 5
CSO
US senator claims UnitedHealth's CEO, board appointed 'unqualified' CISO
Similar cases have resulted in serious sanctions, and they were on a far smaller scale
CSO31 May 2024 | 26
OpenAI is very smug after thwarting five ineffective AI covert influence ops
That said, use of generative ML to sway public opinion may not always be weak sauce
AI + ML30 May 2024 | 11
IBM spin-off Kyndryl accused of discriminating on basis of age, race, disability
Exclusive Five current and former employees file formal charges with US employment watchdog
CSO30 May 2024 | 18
2.8M US folks learn their personal info was swiped months ago in Sav-Rx IT heist
Theft happened in October, only now are details coming to light
Cyber-crime28 May 2024 | 8
How's Uncle Sam getting on with Biden's AI exec order? Pretty good, we're told
Interview Former Pentagon deputy CIO Rob Carey tells us guardrails should steer Feds away from bad ML
Public Sector27 May 2024 | 7
Three-year-old Apache Flink flaw under active attack
We know IT admins have busy schedules but c'mon
Patches24 May 2024 | 11
70% of CISOs worry their org is at risk of a material cyber attack
Wait, why do you want this job again?
CSO23 May 2024 | 7
Go after UnitedHealth, not us, 100+ medical groups urge Uncle Sam
Why should we get its paperwork?
CSO22 May 2024 | 8
Confused by the SEC's IT security breach reporting rules? Read this
'Clarification' weighs in on material vs voluntary disclosures
CSO22 May 2024 | 2
Telegram CEO calls out rival Signal, claiming it has ties to US government
Drama between two of the leading secure messaging services
Applications14 May 2024 | 25
AI red-teaming tools helped X-Force break into a major tech manufacturer 'in 8 hours'
RSAC Hint: It's the 'the largest' maker of a key computer component
Spotlight on RSA13 May 2024 | 7
Ransomware negotiator weighs in on the extortion payment debate with El Reg
Interview As gang tactics get nastier while attacks hit all-time highs
Cyber-crime12 May 2024 | 43
Critical infrastructure security will stay poor until everyone pulls together
Interview Claroty CEO Yaniv Vardi tells us what's needed to defend vital networks
Public Sector11 May 2024 | 12
Ex-White House election threat hunter weighs in on what to expect in November
Interview Spoiler alert: We're gonna talk about AI
Public Sector09 May 2024 | 36
Ten years since the first corp ransomware, Mikko Hyppönen sees no end in sight
Interview On the plus side, infosec's a good bet for a long, stable career
Malware Month08 May 2024 | 24
From infosec to skunks, RSA Conference SVP spills the tea
Interview Keynotes, physical security, playlists … the buck stops with Linda Gray Martin
Spotlight on RSA08 May 2024 |
UnitedHealth's 'egregious negligence' led to Change Healthcare ransomware infection
Interview 'I'm blown away by the fact that they weren't using MFA'
Spotlight on RSA08 May 2024 | 25
CISA says 'no more' to decades-old directory traversal bugs
Recent attacks on healthcare thrust infosec agency into alert mode
CSO06 May 2024 | 13
It may take decade to shore up software supply chain security, says infosec CEO
interview Sure, we're waking to the risk, but we gotta get outta bed, warns Endor Labs founder Varun Badhwar
CSO03 May 2024 | 27
Qantas app glitch sees boarding passes fly to other accounts
Issue now resolved and isn't thought to be the work of criminals
CSO01 May 2024 | 8
UnitedHealth CEO: 'Decision to pay ransom was mine'
Updated Congress to hear how Citrix MFA snafu led to massive data theft, $870M+ loss
Malware Month30 Apr 2024 | 28
London Drugs closes all of its pharmacies following 'cybersecurity incident'
Updated Canadian stores shuttered 'until further notice'
CSO29 Apr 2024 | 20
UK lays down fresh legislation banning crummy default device passwords
New laws mean vendors need to make clear how long you'll get updates too
CSO29 Apr 2024 | 77
Kaiser Permanente handed over 13.4M people's data to Microsoft, Google, others
Ouch!
CSO26 Apr 2024 | 8
Management company settles for $18.4M after nuclear weapons plant staff fudged their timesheets
The firm 'fessed up to staff misconduct and avoided criminal liability
CSO24 Apr 2024 | 10
Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers
Updated Source blames BlackSuit infection – as separately ISP Frontier confirms cyberattack
Cyber-crime18 Apr 2024 | 9
Kremlin's Sandworm blamed for cyberattacks on US, European water utilities
Water tank overflowed during one system malfunction, says Mandiant
Research17 Apr 2024 | 10
MGM says FTC can't possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time
What a twist!
Cyber-crime16 Apr 2024 | 19
X fixes URL blunder that could enable convincing social media phishing campaigns
Poorly implemented rule allowed miscreants to deceive users with trusted URLs
CSO10 Apr 2024 | 27
Nearly 1M medical records feared stolen from City of Hope cancer centers
Is there no cure for this cyber-plague?
Cyber-crime03 Apr 2024 | 7
Malicious xz backdoor reveals fragility of open source
Analysis This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy
Devops01 Apr 2024 | 98
Malicious SSH backdoor sneaks into xz, Linux world's data compression library
STOP USAGE OF FEDORA RAWHIDE, says Red Hat while Debian Unstable and others also affected
CSO29 Mar 2024 | 123
These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb
One might say this is a wurst case scenario
Patches28 Mar 2024 | 44
'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw
Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders
CSO27 Mar 2024 | 14
Row breaks out over true severity of two DNSSEC flaws
Updated Some of us would be happy being rated 7.5 out of 10, just sayin'
CSO26 Mar 2024 | 11
Don't be like these 900+ websites and expose millions of passwords via Firebase
Warning: Poorly configured Google Cloud databases spill billing info, plaintext credentials
CSO18 Mar 2024 | 11
Meta sues ex infra VP for allegedly stealing top-secret datacenter blueprints
Exec accused of using own work PC to swipe confidential AI and staffing docs for stealth cloud startup
PaaS + IaaS12 Mar 2024 | 4
Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes
Plus: CISA pulls plug on couple of systems feared compromised
Cyber-crime08 Mar 2024 | 2
Securing open source software: Whose job is it, anyway?
CISA announces more help, and calls on app makers to step up
CSO08 Mar 2024 | 21
Chinese chap charged with stealing Google’s AI datacenter secrets
Moonlighted for PRC companies after side-stepping Big G's security, allegedly
On-Prem07 Mar 2024 | 13
FBI: Critical infrastructure suffers spike in ransomware attacks
Jump in overall cybercrime reports, $60M-plus reportedly lost to extortionists alone, Feds reckon
CSO06 Mar 2024 | 4
IP address X-posure now a feature on Musk's social media thing
Just a little FYI
Personal Tech05 Mar 2024 | 33
Sandvine put on America's export no-fly list after Egypt used network tech for spying
Canadian network box maker floats in denial
CSO27 Feb 2024 | 11
Security is hard because it has to be right all the time? Yeah, like everything else
Systems Approach It takes only one bottleneck or single point of failure to ruin your week
CSO25 Feb 2024 | 28
Google open sources file-identifying Magika AI for malware hunters and others
Cool, but it's 2024 – needs more hype, hand wringing, and flashy staged demos to be proper ML
CSO17 Feb 2024 | 10
Quest Diagnostics pays $5M after mixing patient medical data with hazardous waste
Will cough up less than two days of annual profit in settlement – and California calls this a win
CSO16 Feb 2024 | 12
IT suppliers hacked off with Uncle Sam's demands in aftermath of cyberattacks
Plan says to hand over keys to networks – and report intrusions within eight hours of discovery
Public Sector08 Feb 2024 | 36
Half of polled infosec pros say their degree was less than useful for real-world work
The other half paid attention in class?
CSO07 Feb 2024 | 18
Chinese Coathanger malware hung out to dry by Dutch defense department
Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions
CSO06 Feb 2024 | 13
Blackbaud settles with FTC after that IT breach exposed millions of people's info
Cloud software slinger admits no guilt, promises better basic security hygiene
Cyber-crime02 Feb 2024 | 6
Cloudflare sheds more light on Thanksgiving security breach in which tokens, source code accessed by suspected spies
Atlassian systen compromised via October Okta intrusion
CSO02 Feb 2024 | 14
Rise of deepfake threats means biometric security measures won't be enough
Defenses need a rethink in face of increasing sophistication
CSO01 Feb 2024 | 18
SolarWinds slams SEC lawsuit against it as 'unprecedented' victim blaming
18,000 customers, including the Pentagon and Microsoft, may have other thoughts
CSO29 Jan 2024 | 16
Microsoft sheds some light on Russian email heist – and how to learn from Redmond's mistakes
Step one, actually turn on MFA
CSO27 Jan 2024 | 17
Wait, security courses aren't a requirement to graduate with a computer science degree?
Comment And software makers seem to be OK with this, apparently
CSO26 Jan 2024 | 64
What Microsoft's latest email breach says about this IT security heavyweight
Comment Senator Wyden tells The Reg this latest infosec lapse is 'inexcusable'
CSO24 Jan 2024 | 45
JPMorgan exec claims bank repels '45 billion' cyberattack attempts per day
Updated Assets boss also reckons she has more engineers than Amazon
CSO18 Jan 2024 | 20
FBI: Beware of thieves building Androxgh0st botnets using stolen creds
Infecting networks via years-old CVEs that should have been patched by now
CSO17 Jan 2024 |
Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in
Snoops had no fewer than five custom bits of malware to hand to backdoor networks
CSO13 Jan 2024 | 4
Biting the hand that feeds IT
