News

Someone hasn't heard of redundancy

The US Justice Department on Friday announced the arrest of Seth Aaron Pendley, 28, for allegedly planning to blow up a single Amazon data center in Ashburn, Virginia, which he thought would knock out around 70 per cent of the internet.…

Who says everything below the line is a cesspit of useless filth?

Nearly a third of Britons use the name of their pet or a family member as a password, the National Cyber Security Centre has said as it advised folk to adopt what looks very much like a Register forum user's suggestion for secure password generation.…

Very 2021 to have AI bots fight in simulated networks for our entertainment (and science)

Microsoft has open-sourced software that pits machine-learning-powered network intruders against automated defenders inside virtual networks.…

New laws needed to cut off incentive to crooks, argues Marcus Willett

Increasing numbers of senior ex-GCHQ people have called for laws preventing businesses using cyber insurance to buy off ransomware attackers – with the money merely perpetuating the criminals' business model.…

Safer than eyeballs or fingerprints, apparently

India’s National Health Authority has commenced a pilot of facial recognition software as a means of identifying people as they queue in the nation's COVID-19 vaccine centres.…

Euro cops take $1.65bn of blow off the streets after poring over messages

The Belgian plod says it seized 27.64 tons of cocaine worth €1.4bn (£1.2bn, $1.65bn) from shipments into Antwerp in the past six weeks after defeating the encryption in the Sky ECC chat app to read drug smugglers' messages.…

Take the heat out of your firewall deployment

Webcast  If you’ve got an application which faces the web, no one would dispute that you should probably have a web application firewall sitting in front of it.…

Working to improve 'cyberwalls', but for now swift recovery is main strategy

Video  The highest-ranked officer in India’s armed forces has admitted that China has cyber-war capabilities that can overwhelm his nation’s defenses and suggested that only cross-forces collaboration will get India to parity with its giant neighbor.…

Software nasty also 'persists after a factory reset'

Android smartphones from Gigaset have been infected by malware direct from the manufacturer in what appears to be a supply-chain attack.…

Possible culprit: Ancient code running in production. A vuln 'would not be terribly surprising' says maintainer

PHP maintainer Nikita Popov has posted an update concerning how the source code was compromised and malicious code inserted – blaming a user database leak rather than a problem with the server itself.…

Aww, did the big bad criminals get a little lockdown burnout too?

Compromising every web-connected server and service you can find gets tiring after a while – and by the end of 2021 internet criminals targeting British companies were as fatigued as the rest of us, according to Bitdefender.…

Membership data row ascends to desk of California attorney-general

The Atheist Alliance International, an organisation that works to demystify atheism and advocate for secular governance, has taken legal action it hopes will prove that members’ personal data does not remain in the possession of the rival International Association of Atheists.…

So please don't delay in applying updates, says, well, everyone

SAP and security analysts Onapsis say cyber-criminals are pretty quick to analyze the enterprise software outfit's patches and develop exploits to get into vulnerable systems.…

Shouting cyber cyber cyber, mega mega fail thing

The UK Cyber Security Council announced itself to the public realm last week by touting a domain it doesn't own. Helpfully, internet jokesters then bought up variations on the official address.…

Let’s find out... with Cybereason CEO Lior Div

Sponsored  The SolarWinds attacks compromised tens of thousands of systems across US federal government agencies and private sector companies alike. The US will feel its effects for years, and it was largely avoidable. In fact, according to Lior Div, CEO and co-founder of Cybereason, if those systems had been using a concept called operation-centric security, they could have spotted it immediately.…

Plus: Top universities hit by data-stealing extortionists

in Brief  It was a tsunami of DNS queries that ultimately took out a host of Microsoft services, from Xbox Live to Teams, for some netizens about an hour on April Fools' Day, Redmond has said.…

Account info swiped in 2019 via security hole, sold online, now given away for free

Reams of personal data – including phone numbers, email addresses, and birthdays – obtained from 533 million Facebook accounts was offered to all for free on a cyber-crime forum over the weekend.…

Remote code execution hole, arbitrary file writing flaw could make a mess of stored files

Some QNAP network attached storage devices are vulnerable to attack because of two critical vulnerabilities, one that enables unauthenticated remote code execution and another that provides the ability to write to arbitrary files.…

Thousands of people's personal information purloined after UAE hotels compromised

The Netherlands Data Protection Authority has fined Booking.com €475,000 for notifying it too late that criminals had accessed the data of 4,109 people who booked a hotel room via the website.…

Says customer data wasn't touched, doesn't say much about being rooted

Wi-Fi kit-slinger Ubiquiti has suggested the attacker that accessed some of its cloud-hosted systems in January 2021 may have made off with source code and employee logins, not the customer data it initially warned could be in peril.…