Movatterモバイル変換

GreyNoise's Glenn Thorpe counts the cost of missed opportunities

'I did not think it was going to happen to me, but here we are'

Security chief says criminals are already automating workflows, with full end-to-end tools likely within years

Fix didn't quite do the job – attackers spotted logging in

Investors didn't present a valid claim, says judge, but they're welcome to try again

New crooks on the block get crafty with blockchain to evade defenses

In SEC filings, Fortinet and Palo Alto show shrinking product margins taking hold.

Cop wins hit crime infrastructure, not the people behind it

interview Lock 'em down

On-site staff keep key systems working while all but one region battles with encrypted PCs

Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews

Attackers sidestep encryption with spoofed apps and zero-click exploits to compromise 'high-value' mobile users

Months after China-linked spies burrowed into US networks, regulator tears up its own response

Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix

Company 'clearly delighted' with the outcome

Updated GlobalProtect login endpoints targeted, sparking concern that something bigger may be brewing

interview And companies are getting caught in the crossfire

Readiness metrics have flatlined since 2023, with most sectors slipping backward as teams fumble crisis drills

Various touch-ups added as MPs seek greater resilience to attacks on critical sectors

Massive increase in policy claims… and data doesn’t even cover the major attacks of 2025

Infosec agency warns hacktivists broke into critical infrastructure systems to tamper with controls

The Cyberspace Solarium Commission says years of progress are being undone amid current administration's cuts

CISA adds high-severity flaw to KEV list, urges swift updating

Feature Security pros explore whether infection-spoofing code can immunize Windows systems against attack

CRM giant 'will not engage, negotiate with, or pay' the scumbags

Berlin's opposition likely kills off Brussels' bid to scan everyone's messages

Microsoft Copilot, not so much

Researchers suggest internet-facing portals are exposing 'thousands' of orgs

570GB of data claimed to be stolen by the Crimson Collective

50,000 firewall devices still exposed

Mandiant CTO anticipates 'hearing about this campaign for the next one to two years'

Covid-style financial support? Nothing to confirm yet, say MPs

With no idea when engines restart, families gear down on spending ahead of Christmas

Reeves points finger at Moscow in interview when authorities reckon it's local lads

Outside experts say the vulnerability has probably already been exploited

Until Microsoft lobbed it into a virtual volcano

Still exotic for now, but moves are afoot

Latest extension to factory closures takes incident response into fourth week

Bank says incident went undetected for over a year before discovery in June

Kimsuky gang proves that with the right wording, you can turn generative AI into a counterfeit factory

As post-cyberattack layoffs begin, labor org argues UK goverment should step in

Exclusive HelloGym's data security clearly skipped leg day

Busy lawyers on hold for five hours as staff handhold users into deploying the security measure

Senior officials summoned to science and tech committee to explain further

Apology issued after names tied to redress scheme revealed in mass mailing

Tulsi Gabbard boasts Washington forced Blighty to drop iPhone encryption fight

HR SaaS giant insists core systems untouched

Black Hat/DEF CON The bad news? The machines, and their operators, are coming on fast

DEF CON By video, picture, and voice – the fakers are coming for your money

Comment TellsThe Reg China's ability to p0wn Redmond's wares 'gives me a political aneurysm'

Indications of compromise and Sigma rules report for your security scanners amid ongoing 'ToolShell' blitz

Spy vs. spy

Plus, 60% don't have enough analysts to make sense of it

Get your creds in order or risk BEC, ransomware attacks, orgs warned

Who is the third party that does the thing in our thing? Yep. Attacks explode over past year

Interview Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI

Penalty follows year-long probe into flaws that allowed attack to affect so many

Infosec employers demanding too much from early-career recruits, says ISC2

It was one of the offenders' final warning

SentinelOne discovered the campaign when they tried to hit the security vendor's own servers

Feature Don't negotiate unless you must, and if so, drag it out as long as you can

No formal attribution made but two separate probes hint at the same suspect

If it ain't broke?

Nothing like insecure code in security suites

INTERVIEW Plus, Co-op tells The Reg: 'we took early and decisive action' to block the crooks

Phony LinkedIn recruitment ads? Groundbreaking

Sometimes, less information is more

interview Lessons learned from last year's security snafu

Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product

No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'

CYBERUK Crickets as senior security folk asked about risks at NCSC conference

Defenses are weaker, and victims are more likely to pay, SANS warns

Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti

CYBERUK Providers argue that if end users prioritized security, they'd get it

Opinion We need to make taking IT systems 'off the books' a problem for corporate types

Now individual school districts extorted by fiends

CEO: Neural net tech 'flattens our hiring curve, helps us innovate'

Don't f&#k with Zuck

What was the plan, showing her his big iron?

RSAC With North Korean IT workers storming the gates, too

RSAC Real-time video deepfakes? Not convincing yet

RSAC Will the personal assistant shop for groceries? Or get hijacked by a teen?

RSAC For now it's a potential bug-finder and friend to defenders

Go ahead, please do Bash static analysis

Google dumped io_uring after $1M in bug bounties

RSAC Artificial intelligence is helping Beijing's goons break in faster and stay longer

Florida man altered allergen info, DoSed former colleagues

Updated Sometimes, silence is the best option

RSAC Whistleblowing, email is evidential mail, HR is not your friend, and more discussed by CxO panel

RSAC Homeland Security boss Noem added as last-minute keynote, mind you

Opinion Infosec is a team sport … unless you're in the White House

What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future

German software giant paywalls details, but experts piece together the clues

Because coding phishing sites from scratch is a real pain in the neck

Cybercriminals are targeting software shops, accountants, lawyers

Tech giants don't need smartphone mics to target adverts – your insurer just gives your data away, anyway

RSAC All aboard the hype train

Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get

Opinion The CVE system nearly dying shows that someone has lost the plot

As cyber-agency faces cuts, makes noises about switching up program