The Register

PLUS: MGM settles breach suits; AWS doesn't trust you with security defaults; A new .NET backdoor; and more

Infosec in brief  The United States Food and Drug Administration has told medical facilities and caregivers that monitor patients using Contec equipment to disconnect the devices from the internet ASAP.…

As if secure design is the only bullet point in a list of software engineering best practices

Systems Approach  As my Systems Approach co-author Bruce Davie and I think through what it means to apply the systems lens to security, I find that I keep asking myself what it is, exactly, that’s unique about security as a system requirement?…

Nulled and Cracked had a Lorelai-cal rise - until Operation Talent stepped in

Law enforcement officers across Europe assembled again to collectively disrupt major facilitators of cybercrime, with at least one of those cuffed apparently a fan of the dramedy series The Gilmore Girls.…

How to communicate risk to executives

Partner Content  Have you ever watched ? It's one of my all-time favorite movies, not just for the story but for how it handles complexity.…

And it doesn't take a crystal ball to predict the future

If the nonstop flood of ransomware attacks doesn't already make every day feel like Groundhog Day, then a look back at 2024 – and predictions for 2025 – definitely will.…

And you, China, Russia, North Korea ... Guardrails block malware generation

Google says it's spotted Chinese, Russian, Iranian, and North Korean government agents using its Gemini AI for nefarious purposes, with Tehran by far the most frequent naughty user out of the four.…

Why organizations should protect everything, everywhere, all at once

Sponsored Feature  Considering it has such a large share of the data protection market, Veeam doesn't talk much about backups in meetings with enterprise customers these days.…

Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom's virtualization giant

Broadcom has fixed five flaws, collectively deemed "high severity," in VMware's IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to credential leakage under certain conditions.…

‘No one was kicked off the NTSB in the middle of investigating a crash’

interview  Gutting the Cyber Safety Review Board as it was investigating how China's Salt Typhoon breached American government and telecommunications networks was "foolish" and "bad for national security," according to retired US Navy Rear Admiral Mark Montgomery.…

400 hospitals and med centers across 15 states rely on its products

New York Blood Center Enterprises (NYBCe) is currently in its fifth day of handling a ransomware attack that has led to system disruption.…

Neither Labour, Conservatives, nor the Lib Dems offered a retort to rights org's report

The Open Rights Group (ORG) has raised concerns about a number of security issues it found in all three of the canvassing apps developed on behalf of the UK's three major political parties.…

Employers remain blissfully unaware/wilfully ignorant of the impact of surveillance on staff

More than three-quarters of UK employers admit to using some form of surveillance tech to spy on their remote workers' productivity.…

Digital canvas slinger indicates dot-com was skimmed for over a month

Graphics tablet maker Wacom has warned customers their credit card details may well have been stolen by miscreants while they were buying stuff from its website.…

Oh someone's in DeepShi...

China-based AI biz DeepSeek may have developed competitive, cost-efficient generative models, but its cybersecurity chops are another story.…

Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better?

North Korea's Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing as of earlier this month, according to security researchers.…

And now you won't stop calling me, I'm kinda busy

A new variant of the Mirai-based malware Aquabot is actively exploiting a vulnerability in Mitel phones to build a remote-controlled botnet, according to Akamai's Security Intelligence and Response Team.…

Watch this webinar on-demand and learn how to safeguard your organisation’s future

Webinar  The cybersecurity landscape continues to change at pace, leaving IT professionals constantly battling threats.…

Mastermind begs colluders to bury evidence later used to imprison him

In announcing the sentencing of three Brits who ran OTP Agency, an account-takeover business, the National Crime Agency (NCA) revealed how a 2021 report sent the fraudsters into a panicked frenzy.…

Think government cybersecurity is bad? Guess again. It’s alarmingly so

The UK government is significantly behind on its 2022 target to harden systems against cyberattacks by 2025, with a new report from the spending watchdog suggesting it may not achieve this goal even by 2030.…

Lawsuit challenges effort to create federal-wide centralized inbox expected to be used for mass firings

Two anonymous US government employees have sued Uncle Sam's HR department – the Office of Personnel Management – claiming the Trump administration's rapid roll out of a new federal email system broke the law.…