CINXE.COM
Research News • The Register
<!doctype html> <html lang="en"> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta name="Googlebot-News" content="noindex"> <title>Research News • The Register</title> <meta name="robots" content="max-snippet:-1, max-image-preview:standard, max-video-preview:0"> <meta name="viewport" content="initial-scale=1.0, width=device-width"/> <meta name="description" content="Latest news on security research"> <script> var RegZoot = { }; var RegCC = [ ]; var RegPageType = 'Section'; var RegTruePageType = 'www section'; var RegEagleType = 'RT-2FLite'; var RegBirds = ["eagle","falcon","hawk"]; </script> <link rel="canonical" href="https://www.theregister.com/security/research/"> <script src="/Design/javascript/html5shiv.min.js"></script> <script> // IE8 only polyfilly for eventListener // source: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener#Compatibility !function(){if(Event.prototype.preventDefault||(Event.prototype.preventDefault=function(){this.returnValue=!1}),Event.prototype.stopPropagation||(Event.prototype.stopPropagation=function(){this.cancelBubble=!0}),!Element.prototype.addEventListener){var e=[],t=function(t,n){var o=this,r=function(e){e.target=e.srcElement,e.currentTarget=o,void 0!==n.handleEvent?n.handleEvent(e):n.call(o,e)};if("DOMContentLoaded"==t){var a=function(e){"complete"==document.readyState&&r(e)};if(document.attachEvent("onreadystatechange",a),e.push({object:this,type:t,listener:n,wrapper:a}),"complete"==document.readyState){var p=new Event;p.srcElement=window,a(p)}}else this.attachEvent("on"+t,r),e.push({object:this,type:t,listener:n,wrapper:r})},n=function(t,n){for(var o=0;o<e.length;){var r=e[o];if(r.object==this&&r.type==t&&r.listener==n){"DOMContentLoaded"==t?this.detachEvent("onreadystatechange",r.wrapper):this.detachEvent("on"+t,r.wrapper),e.splice(o,1);break}++o}};Element.prototype.addEventListener=t,Element.prototype.removeEventListener=n,HTMLDocument&&(HTMLDocument.prototype.addEventListener=t,HTMLDocument.prototype.removeEventListener=n),Window&&(Window.prototype.addEventListener=t,Window.prototype.removeEventListener=n)}}(); document.attachEvent("onreadystatechange", function() { if (document.readyState === "complete") { // list of icons we want <= IE8 to replace with their png equivalents var svg_icons_png_equiv = [ // masthead icons (twitter + facebook are also shared for footer): 'reg_logo.svg', 'twitter.svg', 'facebook.svg', 'linkedin.svg', // navigation bar icons: 'vulture.svg', 'vulture_white.svg', 'search.svg', 'search_white.svg', // footer icons: 'sitpub_footer.svg', 'linkedin_white.svg', 'rss.svg', // lectures section icons: 'reglecture_logo.svg', // story template icons: 'reddit.svg', 'linkedin_alt.svg', 'linkedin.svg', 'calendar.svg', 'location.svg', 'rect_comment_bubble_white.svg', 'rect_comment_bubble_black.svg', 'envelope.svg', 'polls_unit_arrow.svg' ]; for (i = 0; i <= svg_icons_png_equiv.length - 1; i++) { var svg_icon = svg_icons_png_equiv[i]; var img_svg_icons = $('img[src$="' + svg_icon + '"]'); img_svg_icons.each(function() { $(this).attr('src', $(this).attr('src').replace('.svg','.png')); }); } var ad_params = { src: 'https://regmedia.co.uk/2018/06/15/gg2b_book.png', href: 'https://forms.theregister.com/gg2b/?td=iaomwtkie78' }; bird_alternative('ad_wp_top', ad_params); } }); </script> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/scaffolding.css"> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/design.css"> <style> #nav-security, #nav-security-research { text-decoration: underline !important; } </style> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/rows_basic.css"> <link rel=alternate type="application/atom+xml" href="/headlines.atom" title="The Register: whole site"> <link rel=alternate type="application/atom+xml" href="/security/research/headlines.atom" title="The Register: Research section"> <script> var RegCR = false; </script> <script src="/design_picker/14513432720673f1c1ee02761ba265b674b7bee1/javascript/_.js"></script> <script> RegGPT('reg_security/research','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); </script> <script async src="https://www.googletagmanager.com/gtag/js"></script> <link rel=search href="https://search.theregister.com/"> <link rel=search type="application/opensearchdescription+xml" title="El Reg Search" href="/Design/page/search.osd"> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.ico" sizes="any"><!-- 32×32 --> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.svg" type="image/svg+xml"> <link rel="apple-touch-icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/apple-touch-icon.png"><!-- 180×180 --> <link rel="manifest" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/site.webmanifest"> <meta name="msapplication-TileColor" content="#ff0000"> <meta name="msapplication-config" content="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/browserconfig.xml"> <meta name="theme-color" content="#ff0000"> <script src="/Design/javascript/respond.min.js"></script> </head> <body class="fullwidth" data-pagetype='Section' data-iebrowser='7'> <div id="page"> <div data-oop="1" data-pos="top" data-raptor="kite" aria-hidden="true" class="adun"></div> <div id="masthead"> <div class="los_amigos"> <div class="left_nav"> <a id="mob_user_link" href="https://account.theregister.com/register/" aria-label="Your Account"> <img class="account_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents.svg" alt=""> <img class="filled_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_filled_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_filled_white_extents.svg" alt=""> <span id="mob_user_text"><span>Sign in / up</span></span> </a> </div> <div class="center_nav"> <a href="https://www.theregister.com/" id="logo"> <img src="/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.png" srcset="/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.svg" width="190" height="35" alt="The Register® — Biting the hand that feeds IT"> </a> </div> <div class="right_nav"> <a href="https://search.theregister.com/" class="nav_search topnav_elem" data-name="Search" aria-label="Search"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents.svg" alt=""> </a> <div id="site_nav_mobile"> <noscript><div id="site_nav_mobile_hiding_stamp"></div></noscript> <button id="mobile_menu_toggle" aria-label="Open menu" type="button"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_extents.svg" alt=""> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_extents.svg" alt=""> </button> </div> </div> </div> <div id="top_panel_wrapper"> <div id="top_panel"> <div class="block_section nav"> <div class="nav_col first_col"> <div class="nav_top_group"> <div class="nav_topics"> <div class="nav_head_bk"> <h2 class="main_head">Topics</h2> </div> <div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem mob_only">Security</a> <h2 class="desk_only section_nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem desk_only">Security</a> </h2> </div> </div><div id="subnav-box-nav-security" class="subnav_box"><a href="https://www.theregister.com/security/" class="subnav_elem" id="nav-security-all"><span class="prefix_all">All </span>Security</a><a href="https://www.theregister.com/security/cyber_crime/" class="subnav_elem" id="nav-security-cyber_crime">Cyber-crime</a><a href="https://www.theregister.com/security/patches/" class="subnav_elem" id="nav-security-patches">Patches</a><a href="https://www.theregister.com/security/research/" class="subnav_elem" id="nav-security-research">Research</a><a href="https://www.theregister.com/security/cso/" class="subnav_elem" id="nav-security-cso">CSO</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem mob_only">Off-Prem</a> <h2 class="desk_only section_nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem desk_only">Off-Prem</a> </h2> </div> </div><div id="subnav-box-nav-off_prem" class="subnav_box"><a href="https://www.theregister.com/off_prem/" class="subnav_elem" id="nav-off_prem-all"><span class="prefix_all">All </span>Off-Prem</a><a href="https://www.theregister.com/off_prem/edge_iot/" class="subnav_elem" id="nav-off_prem-edge_iot">Edge + IoT</a><a href="https://www.theregister.com/off_prem/channel/" class="subnav_elem" id="nav-off_prem-channel">Channel</a><a href="https://www.theregister.com/off_prem/paas_iaas/" class="subnav_elem" id="nav-off_prem-paas_iaas">PaaS + IaaS</a><a href="https://www.theregister.com/off_prem/saas/" class="subnav_elem" id="nav-off_prem-saas">SaaS</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem mob_only">On-Prem</a> <h2 class="desk_only section_nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem desk_only">On-Prem</a> </h2> </div> </div><div id="subnav-box-nav-on_prem" class="subnav_box"><a href="https://www.theregister.com/on_prem/" class="subnav_elem" id="nav-on_prem-all"><span class="prefix_all">All </span>On-Prem</a><a href="https://www.theregister.com/on_prem/systems/" class="subnav_elem" id="nav-on_prem-systems">Systems</a><a href="https://www.theregister.com/on_prem/storage/" class="subnav_elem" id="nav-on_prem-storage">Storage</a><a href="https://www.theregister.com/on_prem/networks/" class="subnav_elem" id="nav-on_prem-networks">Networks</a><a href="https://www.theregister.com/on_prem/hpc/" class="subnav_elem" id="nav-on_prem-hpc">HPC</a><a href="https://www.theregister.com/on_prem/personal_tech/" class="subnav_elem" id="nav-on_prem-personal_tech">Personal Tech</a><a href="https://www.theregister.com/on_prem/cxo/" class="subnav_elem" id="nav-on_prem-cxo">CxO</a><a href="https://www.theregister.com/on_prem/public_sector/" class="subnav_elem" id="nav-on_prem-public_sector">Public Sector</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem mob_only">Software</a> <h2 class="desk_only section_nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem desk_only">Software</a> </h2> </div> </div><div id="subnav-box-nav-software" class="subnav_box"><a href="https://www.theregister.com/software/" class="subnav_elem" id="nav-software-all"><span class="prefix_all">All </span>Software</a><a href="https://www.theregister.com/software/ai_ml/" class="subnav_elem" id="nav-software-ai_ml">AI + ML</a><a href="https://www.theregister.com/software/applications/" class="subnav_elem" id="nav-software-applications">Applications</a><a href="https://www.theregister.com/software/databases/" class="subnav_elem" id="nav-software-databases">Databases</a><a href="https://www.theregister.com/software/devops/" class="subnav_elem" id="nav-software-devops">DevOps</a><a href="https://www.theregister.com/software/oses/" class="subnav_elem" id="nav-software-oses">OSes</a><a href="https://www.theregister.com/software/virtualization/" class="subnav_elem" id="nav-software-virtualization">Virtualization</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem mob_only">Offbeat</a> <h2 class="desk_only section_nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem desk_only">Offbeat</a> </h2> </div> </div><div id="subnav-box-nav-offbeat" class="subnav_box"><a href="https://www.theregister.com/offbeat/" class="subnav_elem" id="nav-offbeat-all"><span class="prefix_all">All </span>Offbeat</a><a href="https://www.theregister.com/Debates/" class="subnav_elem" id="nav-offbeat-debates">Debates</a><a href="https://www.theregister.com/offbeat/columnists/" class="subnav_elem" id="nav-offbeat-columnists">Columnists</a><a href="https://www.theregister.com/offbeat/science/" class="subnav_elem" id="nav-offbeat-science">Science</a><a href="https://www.theregister.com/offbeat/geeks_guide/" class="subnav_elem" id="nav-offbeat-geeks_guide">Geek's Guide</a><a href="https://www.theregister.com/offbeat/bofh/" class="subnav_elem" id="nav-offbeat-bofh">BOFH</a><a href="https://www.theregister.com/offbeat/legal/" class="subnav_elem" id="nav-offbeat-legal">Legal</a><a href="https://www.theregister.com/offbeat/bootnotes/" class="subnav_elem" id="nav-offbeat-bootnotes">Bootnotes</a><a href="https://www.theregister.com/offbeat/site_news/" class="subnav_elem" id="nav-offbeat-site_news">Site News</a><a href="https://www.theregister.com/offbeat/about_us/" class="subnav_elem" id="nav-offbeat-about_us">About Us</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div> </nav> </div> </div> </div> <div class="nav_bottom_group"> <div class="nav_bottom_section nav_special_features"> <div class="nav_head_bk"> <a href="#subnav-box-nav-special_features" data-toggle-for="subnav-box-nav-special_features" id="nav-special_features" class="topnav_elem mob_only">Special Features</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Special Features</span> </h2> </div> <nav> <div class="nav_elem"> <div id="subnav-box-nav-special_features" class="subnav_box"> <a href="https://www.theregister.com/special_features">All Special Features</a> <a href="https://www.theregister.com/special_features/cybersecurity_month">Cybersecurity Month</a> <a href="https://www.theregister.com/special_features/vmware_explore">VMware Explore</a> <a href="https://www.theregister.com/special_features/blackhat_and_defcon">Blackhat and DEF CON</a> <a href="https://www.theregister.com/special_features/cloud_infrastructure_month">Cloud Infrastructure Month</a> <a href="https://www.theregister.com/special_features/malware_month">Malware Month</a> <a href="https://www.theregister.com/special_features/the_reg_in_space">The Reg in Space</a> <a href="https://www.theregister.com/special_features/spotlight_on_rsa">Spotlight on RSA</a> </div> </div> </nav> </div> <div class="nav_bottom_section nav_elem nav_vendor_voice"> <div class="nav_head_bk"> <h2 class="main_head"> <span class="topnav_elem desk_only">Vendor Voice</span> </h2> </div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem mob_only">Vendor Voice</a> <h2 class="desk_only section_nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem desk_only">Vendor Voice</a> </h2> </div> </div> <div id="subnav-box-nav-tag-vendor-voice" class="subnav_box"> <a href="https://www.theregister.com/VendorVoice/" class="subnav_elem" id="nav-tag-vendor-voice-all"> <span class="prefix_all">All </span>Vendor Voice </a> <a href="https://www.theregister.com/VendorVoice/aws_here/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_here"> HERE and AWS </a> <a href="https://www.theregister.com/VendorVoice/aws_vonage/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_vonage"> Vonage </a> <a href="https://www.theregister.com/VendorVoice/aws_amdocs/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_amdocs"> Amdocs </a> <a href="https://www.theregister.com/VendorVoice/aws_ge_vernova_manufacturing/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_ge_vernova_manufacturing"> GE Vernova with AWS </a> <a href="https://www.theregister.com/VendorVoice/aws_ge_vernova/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_ge_vernova"> GE Vernova with AWS </a> <a href="https://www.theregister.com/VendorVoice/siemens_aws/" class="subnav_elem" id="nav-tag-vendor-voice-vv_siemens_aws"> Siemens and AWS Gen AI </a> <a href="https://www.theregister.com/VendorVoice/siemens_aws_itot/" class="subnav_elem" id="nav-tag-vendor-voice-vv_siemens_aws_itot"> Siemens and AWS IT/OT </a> <a href="https://www.theregister.com/VendorVoice/aws_new_horizon_solutions/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_new_horizon_solutions"> Amazon Web Services (AWS) New Horizon in Cloud Computing </a> <a href="https://www.theregister.com/VendorVoice/ddn/" class="subnav_elem" id="nav-tag-vendor-voice-vv_ddn"> DDN </a> <a href="https://www.theregister.com/VendorVoice/google_cloud_data_transformation/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_cloud_data_transformation"> Google Cloud Data Transformation </a> <a href="https://www.theregister.com/VendorVoice/google_gemini/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_gemini"> Google Gemini </a> <a href="https://www.theregister.com/VendorVoice/hpe_greenlake/" class="subnav_elem" id="nav-tag-vendor-voice-vv_hpe_greenlake"> Hewlett Packard Enterprise: Edge-to-Cloud Platform </a> <a href="https://www.theregister.com/VendorVoice/intelvpro/" class="subnav_elem" id="nav-tag-vendor-voice-vv_intelvpro"> Intel vPro </a> <a href="https://www.theregister.com/VendorVoice/vmware/" class="subnav_elem" id="nav-tag-vendor-voice-vv_vmware"> VMware </a> <noscript> <a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a> </noscript> </div> </div> </nav> </div> <div class="nav_bottom_section nav_resources"> <div class="nav_head_bk"> <a href="#subnav-box-nav-resources" data-toggle-for="subnav-box-nav-resources" id="nav-resources" class="topnav_elem mob_only">Resources</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Resources</span> </h2> </div> <nav id="top_nav"> <div class="nav_elem"> <div id="subnav-box-nav-resources" class="subnav_box"> <a href="https://whitepapers.theregister.com/">Whitepapers</a> <a href="https://whitepapers.theregister.com/events/list/">Webinars & Events</a> <a href="https://account.theregister.com/edit/newsletter/">Newsletters</a> </div> </div> </nav> </div> </div> </div> </div> </div> </div> </div> <div class="sec_takeover_top compact"> <p>Sponsored By</p> <a href="http://pubads.g.doubleclick.net/gampad/clk?id=6811134191&iu=/6978" target="_blank"> <img src="https://regmedia.co.uk/2024/10/18/venafi_logo_250x100px.png" alt="CyberArk" width="250" height="100"> </a> </div> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="condor" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu," data-xmd=",fluid,leaderboard," data-lg=",fluid,leaderboard," data-xlg=",superleaderboard,billboard,fluid,leaderboard," data-xxlg=",superleaderboard,billboard,brandwidth,fluid,leaderboard,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0glfDK4FuHbq-6fef7qaQAAANg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0glfDK4FuHbq-6fef7qaQAAANg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> <div id=main-col class="image_lite"> <h2 id=site_sect class="dcl has_lateral_ornaments"><a href="/security/research/">Research</a></h2> <div class=headlines> <div class="img_lite_srow img_lite_rt-2f"> <article> <a href="/2024/11/27/600k_sensitive_files_exposed/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>Data broker leaves 600K+ sensitive files exposed online</h4> <div class=standfirst> <span class="label">Exclusive</span> Researcher spotted open database before criminals … we hope</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="27 Nov 18:00" data-epoch="1732730408">27 Nov 2024</span> | <span class="comment light_bg_comments">11</span></div> </div> </a> </article> <article> <a href="/2024/11/27/firstever_uefi_bootkit_for_linux/" class=story_link> <div class="article_text_elements"> <h4>First-ever UEFI bootkit for Linux in the works, experts say</h4> <div class=standfirst>Bootkitty doesn’t bite… yet</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="27 Nov 15:32" data-epoch="1732721532">27 Nov 2024</span> | <span class="comment light_bg_comments">7</span></div> </div> </a> </article> <div class="bird ad-eagle"> <div class="bird_wrapper"> <div class="ad_inner_wrap"> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="eagle" data-xsm=",mpu,dmpu," data-sm=",mpu,dmpu," data-md=",mpu,dmpu," data-xmd=",mpu,dmpu," data-lg=",dmpu,mpu," data-xlg=",dmpu,mpu," data-xxlg=",dmpu,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0glfDK4FuHbq-6fef7qaQAAANg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0glfDK4FuHbq-6fef7qaQAAANg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> </div> </div> </div> <article> <a href="/2024/11/27/workplace_surveillance/" class=story_link> <div class="article_text_elements"> <h4>The workplace has become a surveillance state</h4> <div class=standfirst>Cracked Labs report explores the use of motion sensors and wireless networking kit to monitor offices</div> <div class=time_comments> <span class="section_name">CxO</span><span class="time_stamp" title="27 Nov 08:31" data-epoch="1732696268">27 Nov 2024</span> | <span class="comment light_bg_comments">57</span></div> </div> </a> </article> <article> <a href="/2024/11/21/qualys_needrestart_linux_vulnerabilities/" class=story_link> <div class="article_text_elements"> <h4>'Alarming' security bugs lay low in Linux's needrestart utility for 10 years</h4> <div class=standfirst>Update now: Qualys says flaws give root to local users, 'easily exploitable', default in Ubuntu Server</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="21 Nov 15:03" data-epoch="1732201385">21 Nov 2024</span> | <span class="comment light_bg_comments">15</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/11/20/google_ossfuzz/" class=story_link> <div class="article_text_elements"> <h4>Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed</h4> <div class=standfirst>OSS-Fuzz is making a strong argument for LLMs in security research</div> <div class=time_comments> <span class="section_name">AI + ML</span><span class="time_stamp" title="20 Nov 17:01" data-epoch="1732122087">20 Nov 2024</span> | <span class="comment light_bg_comments">9</span></div> </div> </a> </article> <article> <a href="/2024/11/19/china_brazenbamboo_fortinet_0day/" class=story_link> <div class="article_text_elements"> <h4>China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer</h4> <div class=standfirst>No word on when or if the issue will be fixed</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="19 Nov 23:02" data-epoch="1732057333">19 Nov 2024</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> <article> <a href="/2024/11/19/us_drinking_water_systems_cybersecurity/" class=story_link> <div class="article_text_elements"> <h4>America's drinking water systems have a hard-to-swallow cybersecurity problem</h4> <div class=standfirst>More than 100M rely on gear rife with vulnerabilities, says EPA OIG</div> <div class=time_comments> <span class="section_name">Public Sector</span><span class="time_stamp" title="19 Nov 19:59" data-epoch="1732046345">19 Nov 2024</span> | <span class="comment light_bg_comments">19</span></div> </div> </a> </article> <article> <a href="/2024/11/16/rusthaters_unite_filc/" class=story_link> <div class="article_text_elements"> <h4>Rust haters, unite! Fil-C aims to Make C Great Again</h4> <div class=standfirst>It's memory-safe, with a few caveats</div> <div class=time_comments> <span class="section_name">Software</span><span class="time_stamp" title="16 Nov 10:12" data-epoch="1731751934">16 Nov 2024</span> | <span class="comment light_bg_comments">104</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2024/11/16/chatbots_run_robots/" class=story_link> <div class="article_text_elements"> <h4>Letting chatbots run robots ends as badly as you'd expect</h4> <div class=standfirst>LLM-controlled droids easily jailbroken to perform mayhem, researchers warn</div> <div class=time_comments> <span class="section_name">AI + ML</span><span class="time_stamp" title="16 Nov 00:03" data-epoch="1731715404">16 Nov 2024</span> | <span class="comment light_bg_comments">44</span></div> </div> </a> </article> <article> <a href="/2024/11/14/salt_typhoon_hacked_multiple_telecom/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'</h4> <div class=standfirst> <span class="label">Updated</span> Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="14 Nov 01:54" data-epoch="1731549251">14 Nov 2024</span> | <span class="comment light_bg_comments">5</span></div> </div> </a> </article> <article> <a href="/2024/11/13/china_volt_typhoon_back/" class=story_link> <div class="article_text_elements"> <h4>China's Volt Typhoon crew and its botnet surge back with a vengeance</h4> <div class=standfirst>Ohm, for flux sake</div> <div class=time_comments> <span class="section_name">Public Sector</span><span class="time_stamp" title="13 Nov 00:58" data-epoch="1731459490">13 Nov 2024</span> | <span class="comment light_bg_comments">4</span></div> </div> </a> </article> <article> <a href="/2024/11/07/fake_copyright_email_malware/" class=story_link> <div class="article_text_elements"> <h4>Don't open that 'copyright infringement' email attachment – it's an infostealer</h4> <div class=standfirst>Curiosity gives crims access to wallets and passwords</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="07 Nov 22:18" data-epoch="1731017895">07 Nov 2024</span> | <span class="comment light_bg_comments">21</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-2c"> <div class="bird ad-falcon"> <div class="bird_wrapper"> <div class="ad_inner_wrap"> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="falcon" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu," data-xmd=",fluid,leaderboard,mpu," data-lg=",fluid,leaderboard,mpu," data-xlg=",fluid,billboard,superleaderboard,leaderboard,mpu," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0glfDK4FuHbq-6fef7qaQAAANg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0glfDK4FuHbq-6fef7qaQAAANg&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> </div> </div> </div> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/11/06/bengal_cat_australia/" class=story_link> <div class="article_text_elements"> <h4>Cybercrooks are targeting Bengal cat lovers in Australia for some reason</h4> <div class=standfirst>In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="06 Nov 21:47" data-epoch="1730929626">06 Nov 2024</span> | <span class="comment light_bg_comments">15</span></div> </div> </a> </article> <article> <a href="/2024/11/05/docusigns_envelope_bec/" class=story_link> <div class="article_text_elements"> <h4>Criminals open DocuSign's Envelope API to make BEC special delivery</h4> <div class=standfirst>Why? Because that's where the money is</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="05 Nov 18:34" data-epoch="1730831653">05 Nov 2024</span> | <span class="comment light_bg_comments">4</span></div> </div> </a> </article> <article> <a href="/2024/11/05/typosquatting_npm_campaign/" class=story_link> <div class="article_text_elements"> <h4>Ongoing typosquatting campaign impersonates hundreds of popular npm packages</h4> <div class=standfirst>Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="05 Nov 16:28" data-epoch="1730824086">05 Nov 2024</span> | <span class="comment light_bg_comments">11</span></div> </div> </a> </article> <article> <a href="/2024/11/05/google_ai_vulnerability_hunting/" class=story_link> <div class="article_text_elements"> <h4>Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed</h4> <div class=standfirst>You snooze, you lose, er, win</div> <div class=time_comments> <span class="section_name">AI + ML</span><span class="time_stamp" title="05 Nov 06:38" data-epoch="1730788693">05 Nov 2024</span> | <span class="comment light_bg_comments">19</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/10/31/emeraldwhale_credential_theft/" class=story_link> <div class="article_text_elements"> <h4>Gang gobbles 15K credentials from cloud and email providers' garbage Git configs</h4> <div class=standfirst>Emeraldwhale looked sharp – until it made a common S3 bucket mistake</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="31 Oct 23:59" data-epoch="1730419152">31 Oct 2024</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> <article> <a href="/2024/10/24/aws_cloud_development_kit_flaw/" class=story_link> <div class="article_text_elements"> <h4>AWS Cloud Development Kit flaw exposed accounts to full takeover</h4> <div class=standfirst>Remember Bucket Monopoly? Yeah, it gets worse</div> <div class=time_comments> <span class="section_name">Cybersecurity Month</span><span class="time_stamp" title="24 Oct 22:33" data-epoch="1729809191">24 Oct 2024</span> | <span class="comment light_bg_comments">13</span></div> </div> </a> </article> <article> <a href="/2024/10/24/perfctl_malware_strikes_again/" class=story_link> <div class="article_text_elements"> <h4>Perfctl malware strikes again as crypto-crooks target Docker Remote API servers</h4> <div class=standfirst>Attacks on unprotected servers reach 'critical level'</div> <div class=time_comments> <span class="section_name">Cybersecurity Month</span><span class="time_stamp" title="24 Oct 02:30" data-epoch="1729737007">24 Oct 2024</span> | <span class="comment light_bg_comments">1</span></div> </div> </a> </article> <article> <a href="/2024/10/23/android_ios_security/" class=story_link> <div class="article_text_elements"> <h4>Millions of Android and iOS users at risk from hardcoded creds in popular apps</h4> <div class=standfirst>Azure Blob Storage, AWS, and Twilio keys all up for grabs</div> <div class=time_comments> <span class="section_name">Cybersecurity Month</span><span class="time_stamp" title="23 Oct 00:31" data-epoch="1729643469">23 Oct 2024</span> | <span class="comment light_bg_comments">17</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-2d"> <div class="bird ad-hawk"> <div class="bird_wrapper"> <div class="ad_inner_wrap"> <div aria-hidden="true" class="adun" data-pos="mid" data-raptor="hawk" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu," data-xmd=",fluid,leaderboard,mpu," data-lg=",fluid,leaderboard,mpu," data-xlg=",fluid,billboard,superleaderboard,leaderboard,mpu," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,"></div> </div> </div> </div> </div> <div class="img_lite_srow img_lite_rt-3c has_label"> <h3 class="row_label"><a class="row_title_link has_lateral_ornaments" href="/Popular/" aria-label="Popular Stories">Popular</a></h3> <article> <a href="/2024/11/26/third_major_cyber_incident_declared/" class=story_link> <div class="article_text_elements"> <h4>Another 'major cyber incident' at a UK hospital, outpatients asked to stay away</h4> <div class=standfirst>Third time this year an NHS unit's IT systems have come under attack</div> </div> </a> </article> <article> <a href="/2024/11/26/amazon_elastic_vmware_service_preview/" class=story_link> <div class="article_text_elements"> <h4>AWS bends to Broadcom's will with VMware Cloud Foundation as-a-service</h4> <div class=standfirst>Microsoft, Oracle, and IBM are all doing it. Andy Jassy's rent-a-server shop may have felt it was leaving money on the table</div> </div> </a> </article> <article> <a href="/2024/11/26/us_senators_healthcare_cybersecurity/" class=story_link> <div class="article_text_elements"> <h4>US senators propose law to require bare minimum security standards</h4> <div class=standfirst>In case anyone forgot about Change Healthcare</div> </div> </a> </article> <article> <a href="/2024/11/27/workplace_surveillance/" class=story_link> <div class="article_text_elements"> <h4>The workplace has become a surveillance state</h4> <div class=standfirst>Cracked Labs report explores the use of motion sensors and wireless networking kit to monitor offices</div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/10/17/wechat_devs_modded_tls_introducing/" class=story_link> <div class="article_text_elements"> <h4>WeChat devs introduced security flaws when they modded TLS, say researchers</h4> <div class=standfirst>No attacks possible, but enough issues to cause concern</div> <div class=time_comments> <span class="section_name">Cybersecurity Month</span><span class="time_stamp" title="17 Oct 08:31" data-epoch="1729153872">17 Oct 2024</span> | <span class="comment light_bg_comments">15</span></div> </div> </a> </article> <article> <a href="/2024/10/16/whatsapp_privacy_concerns/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>WhatsApp may expose the OS you use to run it – which could expose you to crooks</h4> <div class=standfirst> <span class="label">Updated</span> Meta knows messaging service creates persistent user IDs that have different qualities on each device</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="16 Oct 04:26" data-epoch="1729052770">16 Oct 2024</span> | <span class="comment light_bg_comments">16</span></div> </div> </a> </article> <article> <a href="/2024/10/14/china_quantum_attack/" class=story_link> <div class="article_text_elements"> <h4>Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption</h4> <div class=standfirst>With an off-the-shelf D-Wave machine, but only against very short keys</div> <div class=time_comments> <span class="section_name">Cybersecurity Month</span><span class="time_stamp" title="14 Oct 06:30" data-epoch="1728887409">14 Oct 2024</span> | <span class="comment light_bg_comments">23</span></div> </div> </a> </article> <article> <a href="/2024/10/11/inc_ransomware_lynx/" class=story_link> <div class="article_text_elements"> <h4>INC ransomware rebrands to Lynx – same code, new name, still up to no good</h4> <div class=standfirst>Researchers point to evidence that scumbags visited the strategy boutique</div> <div class=time_comments> <span class="section_name">Cybersecurity Month</span><span class="time_stamp" title="11 Oct 23:00" data-epoch="1728687614">11 Oct 2024</span> | <span class="comment light_bg_comments">10</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/10/09/smart_tv_spy_on_viewers/" class=story_link> <div class="article_text_elements"> <h4>Smart TVs are spying on everyone</h4> <div class=standfirst>Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change</div> <div class=time_comments> <span class="section_name">Cybersecurity Month</span><span class="time_stamp" title="09 Oct 22:15" data-epoch="1728512108">09 Oct 2024</span> | <span class="comment light_bg_comments">127</span></div> </div> </a> </article> <article> <a href="/2024/10/04/harvard_engineer_meta_smart_glasses/" class=story_link> <div class="article_text_elements"> <h4>Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds</h4> <div class=standfirst>'You can build this in a few days – even as a very naïve developer'</div> <div class=time_comments> <span class="section_name">Cybersecurity Month</span><span class="time_stamp" title="04 Oct 06:32" data-epoch="1728023525">04 Oct 2024</span> | <span class="comment light_bg_comments">115</span></div> </div> </a> </article> <article> <a href="/2024/10/03/ransomware_spree_infects_100_orgs/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant</h4> <div class=standfirst> <span class="label">Exclusive</span> Crooks 'like a sysadmin, with a malicious slant'</div> <div class=time_comments> <span class="section_name">Cybersecurity Month</span><span class="time_stamp" title="03 Oct 10:00" data-epoch="1727949609">03 Oct 2024</span> | <span class="comment light_bg_comments">3</span></div> </div> </a> </article> <article> <a href="/2024/10/02/cve_pileup_nvd_missed_deadline/" class=story_link> <div class="article_text_elements"> <h4>NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great</h4> <div class=standfirst>Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline</div> <div class=time_comments> <span class="section_name">Cybersecurity Month</span><span class="time_stamp" title="02 Oct 12:31" data-epoch="1727872265">02 Oct 2024</span> | <span class="comment light_bg_comments">8</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/10/02/rpki_immaturity_study/" class=story_link> <div class="article_text_elements"> <h4>The fix for BGP's weaknesses has big, scary, issues of its own, boffins find</h4> <div class=standfirst>Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="02 Oct 06:31" data-epoch="1727850667">02 Oct 2024</span> | <span class="comment light_bg_comments">9</span></div> </div> </a> </article> <article> <a href="/2024/09/30/pwc_security_survey/" class=story_link> <div class="article_text_elements"> <h4>Cloud threats have execs the most freaked out because they're not prepared</h4> <div class=standfirst>Ransomware? More like 'we don't care' for everyone but CISOs</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="30 Sep 11:30" data-epoch="1727695817">30 Sep 2024</span> | <span class="comment light_bg_comments">3</span></div> </div> </a> </article> <article> <a href="/2024/09/29/interview_with_a_social_engineering/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>Red team hacker on how she 'breaks into buildings and pretends to be the bad guy'</h4> <div class=standfirst> <span class="label">Interview</span> Alethe Denis exposes tricks that made you fall for that return-to-office survey</div> <div class=time_comments> <span class="section_name">Cybersecurity Month</span><span class="time_stamp" title="29 Sep 16:39" data-epoch="1727627946">29 Sep 2024</span> | <span class="comment light_bg_comments">68</span></div> </div> </a> </article> <article> <a href="/2024/09/27/microsoft_storm_0501/" class=story_link> <div class="article_text_elements"> <h4>Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud</h4> <div class=standfirst>Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="27 Sep 13:35" data-epoch="1727444111">27 Sep 2024</span> | <span class="comment light_bg_comments">6</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/09/24/russia_malware_ukraine_attacks/" class=story_link> <div class="article_text_elements"> <h4>Russia's digital warfare on Ukraine shows no signs of slowing: Malware hits surge</h4> <div class=standfirst>Severe incidents may be down, but Putin had to throw one in for good measure</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="24 Sep 18:30" data-epoch="1727202611">24 Sep 2024</span> | <span class="comment light_bg_comments">9</span></div> </div> </a> </article> <article> <a href="/2024/09/23/splinter_red_team_tool/" class=story_link> <div class="article_text_elements"> <h4>Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town</h4> <div class=standfirst>No malware crew linked to this latest red-teaming tool yet</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="23 Sep 06:46" data-epoch="1727073975">23 Sep 2024</span> | <span class="comment light_bg_no_comments"></span></div> </div> </a> </article> <article> <a href="/2024/09/19/social_media_data_harvesting_handling_ftc/" class=story_link> <div class="article_text_elements"> <h4>No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom</h4> <div class=standfirst>Says Lina Khan in latest push to rein in Meta, Google, Amazon and pals</div> <div class=time_comments> <span class="section_name">Personal Tech</span><span class="time_stamp" title="19 Sep 21:48" data-epoch="1726782534">19 Sep 2024</span> | <span class="comment light_bg_comments">26</span></div> </div> </a> </article> <article> <a href="/2024/09/19/servicenow_knowledge_base_leaks/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations</h4> <div class=standfirst> <span class="label">Updated</span> Better check your widgets, people</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="19 Sep 14:02" data-epoch="1726754528">19 Sep 2024</span> | <span class="comment light_bg_comments">7</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/09/19/tor_police_germany/" class=story_link> <div class="article_text_elements"> <h4>Tor insists its network is safe after German cops convict CSAM dark-web admin</h4> <div class=standfirst>Outdated software blamed for cracks in the armor</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="19 Sep 06:39" data-epoch="1726727946">19 Sep 2024</span> | <span class="comment light_bg_comments">25</span></div> </div> </a> </article> <article> <a href="/2024/09/18/russia_putin_trump_white_house/" class=story_link> <div class="article_text_elements"> <h4>Putin really wants Trump back in the White House</h4> <div class=standfirst>US govt, Microsoft report on Kremlin trolls' latest antics to Make America Grate Again</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="18 Sep 19:34" data-epoch="1726688063">18 Sep 2024</span> | <span class="comment light_bg_comments">268</span></div> </div> </a> </article> <article> <a href="/2024/09/18/chinese_spies_found_on_us_hq_firm_network/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>Chinese spies spent months inside aerospace engineering firm's network via legacy IT</h4> <div class=standfirst> <span class="label">Exclusive</span> Getting sloppy, Xi</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="18 Sep 17:00" data-epoch="1726678813">18 Sep 2024</span> | <span class="comment light_bg_comments">32</span></div> </div> </a> </article> <article> <a href="/2024/09/13/feeld_dating_app_failures/" class=story_link> <div class="article_text_elements"> <h4>Feeld dating app's security too open-minded as private data swings into public view</h4> <div class=standfirst>No love for months-long wait to fix this, either</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="13 Sep 18:22" data-epoch="1726251731">13 Sep 2024</span> | <span class="comment light_bg_comments">7</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/09/12/http_headers/" class=story_link> <div class="article_text_elements"> <h4>Mind your header! There's nothing refreshing about phishers' latest tactic</h4> <div class=standfirst>It could lead to a costly BEC situation</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="12 Sep 09:15" data-epoch="1726132511">12 Sep 2024</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> <article> <a href="/2024/09/12/cenc_encryption_stream_attack/" class=story_link> <div class="article_text_elements"> <h4>If HDMI screen rips aren't good enough for you pirates, DeCENC is another way to beat web video DRM</h4> <div class=standfirst>Academically interesting technique for poking holes in paywalled tech specs</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="12 Sep 07:25" data-epoch="1726125906">12 Sep 2024</span> | <span class="comment light_bg_comments">37</span></div> </div> </a> </article> <article> <a href="/2024/09/11/watchtowr_black_hat_whois/" class=story_link> <div class="article_text_elements"> <h4>How $20 and a lapsed domain allowed security pros to undermine internet integrity</h4> <div class=standfirst>What happens at Black Hat…</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="11 Sep 11:00" data-epoch="1726052414">11 Sep 2024</span> | <span class="comment light_bg_comments">19</span></div> </div> </a> </article> <article> <a href="/2024/09/04/cicada_ransomware_blackcat_links/" class=story_link> <div class="article_text_elements"> <h4>Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade</h4> <div class=standfirst>Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="04 Sep 14:29" data-epoch="1725460146">04 Sep 2024</span> | <span class="comment light_bg_no_comments"></span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/09/02/securonix_china_slowtempest_campaign/" class=story_link> <div class="article_text_elements"> <h4>Novel attack on Windows spotted in phishing campaign run from and targeting China</h4> <div class=standfirst>Resources hosted at Tencent Cloud involved in Cobalt Strike campaign</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="02 Sep 03:06" data-epoch="1725246384">02 Sep 2024</span> | <span class="comment light_bg_comments">3</span></div> </div> </a> </article> <article> <a href="/2024/08/30/sql_injection_known_crewmember/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers</h4> <div class=standfirst> <span class="label">Updated</span> Infosec hounds say they spotted vulnerability during routine travel in the US</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="30 Aug 13:28" data-epoch="1725024494">30 Aug 2024</span> | <span class="comment light_bg_comments">28</span></div> </div> </a> </article> <article> <a href="/2024/08/26/31m_invoices_business_files_exposed/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>31.5M invoices, contracts, patient consent forms, and more exposed to the internet</h4> <div class=standfirst> <span class="label">Exclusive</span> Unprotected database with 12 years of biz records yanked offline</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="26 Aug 13:00" data-epoch="1724677206">26 Aug 2024</span> | <span class="comment light_bg_comments">28</span></div> </div> </a> </article> <article> <a href="/2024/08/21/aws_extortion_campaign/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>110K domains targeted in 'sophisticated' AWS cloud extortion campaign</h4> <div class=standfirst> <span class="label">Updated</span> If you needed yet another reminder of what happens when security basics go awry</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="21 Aug 17:23" data-epoch="1724260987">21 Aug 2024</span> | <span class="comment light_bg_comments">4</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/08/20/digital_wallets_simplify_fraud/" class=story_link> <div class="article_text_elements"> <h4>Digital wallets can allow purchases with stolen credit cards</h4> <div class=standfirst>Researchers find it's possible to downgrade authentication checks, and shabby token refresh policies</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="20 Aug 01:29" data-epoch="1724117387">20 Aug 2024</span> | <span class="comment light_bg_comments">36</span></div> </div> </a> </article> <article> <a href="/2024/08/19/cisco_talos_microsoft_macos/" class=story_link> <div class="article_text_elements"> <h4>Multiple flaws in Microsoft macOS apps unpatched despite potential risks</h4> <div class=standfirst>Windows giant tells Cisco Talos it isn't fixing them</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="19 Aug 19:01" data-epoch="1724094066">19 Aug 2024</span> | <span class="comment light_bg_comments">21</span></div> </div> </a> </article> <article> <a href="/2024/08/15/google_iran_apt42_campaigns/" class=story_link> <div class="article_text_elements"> <h4>Google raps Iran's APT42 for raining down spear-phishing attacks</h4> <div class=standfirst>US politicians and Israeli officials among the top targets for the IRGC’s cyber unit</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="15 Aug 16:25" data-epoch="1723739106">15 Aug 2024</span> | <span class="comment light_bg_comments">1</span></div> </div> </a> </article> <article> <a href="/2024/08/15/suspected_chinese_attackers_hacked_russia/" class=story_link> <div class="article_text_elements"> <h4>China-linked cyber-spies infect Russian govt, IT sector</h4> <div class=standfirst>No, no, go ahead, don't let us stop you, Xi</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="15 Aug 02:50" data-epoch="1723690207">15 Aug 2024</span> | <span class="comment light_bg_comments">17</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/08/13/who_uses_llm_prompt_injection/" class=story_link> <div class="article_text_elements"> <h4>Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls</h4> <div class=standfirst>Because apps talking like pirates and creating ASCII art never gets old</div> <div class=time_comments> <span class="section_name">AI + ML</span><span class="time_stamp" title="13 Aug 10:46" data-epoch="1723545970">13 Aug 2024</span> | <span class="comment light_bg_comments">17</span></div> </div> </a> </article> <article> <a href="/2024/08/09/new_raptor_lake_microcode_limits/" class=story_link> <div class="article_text_elements"> <h4>Raptor Lake microcode limits Intel chips to a mere 1.55 volts to prevent CPU destruction</h4> <div class=standfirst>Is that a lot? Depends on the context. GHz, no. Voltage, yes</div> <div class=time_comments> <span class="section_name">Personal Tech</span><span class="time_stamp" title="09 Aug 19:16" data-epoch="1723231013">09 Aug 2024</span> | <span class="comment light_bg_comments">28</span></div> </div> </a> </article> <article> <a href="/2024/08/09/0000_day_bug/" class=story_link> <div class="article_text_elements"> <h4>It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0</h4> <div class=standfirst>Can't reach someone's private server on localhost from outside? No problem</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="09 Aug 05:34" data-epoch="1723181648">09 Aug 2024</span> | <span class="comment light_bg_comments">39</span></div> </div> </a> </article> <article> <a href="/2024/08/08/microsoft_google_cloud_storage_malware/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware</h4> <div class=standfirst> <span class="label">Black Hat</span> Why run your own evil infrastructure when Big Tech offers robust tools hosted at trusted URLs?</div> <div class=time_comments> <span class="section_name">Black Hat and DEF CON</span><span class="time_stamp" title="08 Aug 01:58" data-epoch="1723082293">08 Aug 2024</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/08/07/riscv_business_thead_c910_vulnerable/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>Faulty instructions in Alibaba's T-Head C910 RISC-V CPUs blow away all security</h4> <div class=standfirst> <span class="label">Black Hat</span> Let's get physical, physical ... I don't wanna hear your MMU talk</div> <div class=time_comments> <span class="section_name">Black Hat and DEF CON</span><span class="time_stamp" title="07 Aug 17:00" data-epoch="1723050015">07 Aug 2024</span> | <span class="comment light_bg_comments">48</span></div> </div> </a> </article> <article> <a href="/2024/08/07/small_css_tweaks_can_help/" class=story_link> <div class="article_text_elements"> <h4>Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net</h4> <div class=standfirst>A simple HTML change and the warning is gone!</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="07 Aug 13:23" data-epoch="1723036987">07 Aug 2024</span> | <span class="comment light_bg_comments">13</span></div> </div> </a> </article> <article> <a href="/2024/08/07/sharprhino_malware_admins/" class=story_link> <div class="article_text_elements"> <h4>SharpRhino malware targets IT admins – Hunters International gang suspected</h4> <div class=standfirst>Fake Angry IP Scanner will make you furious - or maybe remind you of how the Hive gang went about its banal business</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="07 Aug 05:29" data-epoch="1723008554">07 Aug 2024</span> | <span class="comment light_bg_no_comments"></span></div> </div> </a> </article> <article> <a href="/2024/08/07/security_flaw_and_data_leak/" class=story_link> <div class="article_text_elements"> <h4>Georgia's voter portal gets a crash course in client versus backend input validation</h4> <div class=standfirst>Trying to cancel a citizen's registration would be caught by humans no matter what the page said, officials say</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="07 Aug 04:05" data-epoch="1723003515">07 Aug 2024</span> | <span class="comment light_bg_comments">36</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/08/06/bad_apps_bypass_windows_security/" class=story_link> <div class="article_text_elements"> <h4>Bad apps bypass Windows security alerts for six years using newly unveiled trick</h4> <div class=standfirst>Windows SmartScreen and Smart App Control both have weaknesses of which to be wary</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="06 Aug 14:41" data-epoch="1722955275">06 Aug 2024</span> | <span class="comment light_bg_comments">16</span></div> </div> </a> </article> <article> <a href="/2024/08/05/snakekeylogger_malware_windows/" class=story_link> <div class="article_text_elements"> <h4>Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets</h4> <div class=standfirst>Malware logs users' keystrokes, pilfers credentials, exfiltrates data</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="05 Aug 14:28" data-epoch="1722868092">05 Aug 2024</span> | <span class="comment light_bg_comments">15</span></div> </div> </a> </article> <article> <a href="/2024/08/03/darpa_c_to_rust/" class=story_link> <div class="article_text_elements"> <h4>DARPA suggests turning old C code automatically into Rust – using AI, of course</h4> <div class=standfirst>Who wants to make a TRACTOR pull request?</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="03 Aug 10:03" data-epoch="1722679391">03 Aug 2024</span> | <span class="comment light_bg_comments">146</span></div> </div> </a> </article> <article> <a href="/2024/07/31/domains_with_delegated_name_service/" class=story_link> <div class="article_text_elements"> <h4>Russia takes aim at Sitting Ducks domains, bags 30,000+</h4> <div class=standfirst>Eight-year-old domain hijacking technique still claiming victims</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="31 Jul 20:50" data-epoch="1722459012">31 Jul 2024</span> | <span class="comment light_bg_no_comments"></span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/07/30/scammers_spoofed_emails/" class=story_link> <div class="article_text_elements"> <h4>Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others</h4> <div class=standfirst>They DKIM here, they DKIM there</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="30 Jul 06:27" data-epoch="1722320826">30 Jul 2024</span> | <span class="comment light_bg_comments">33</span></div> </div> </a> </article> <article> <a href="/2024/07/29/meta_ai_safety/" class=story_link> <div class="article_text_elements"> <h4>Meta's AI safety system defeated by the space bar</h4> <div class=standfirst>'Ignore previous instructions' thwarts Prompt-Guard model if you just add some good ol' ASCII code 32</div> <div class=time_comments> <span class="section_name">AI + ML</span><span class="time_stamp" title="29 Jul 21:01" data-epoch="1722286885">29 Jul 2024</span> | <span class="comment light_bg_comments">57</span></div> </div> </a> </article> <article> <a href="/2024/07/26/github_stargazers_goblin_malware/" class=story_link> <div class="article_text_elements"> <h4>Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank</h4> <div class=standfirst>May even have targeted other malware gangs, and infosec researchers</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="26 Jul 01:34" data-epoch="1721957647">26 Jul 2024</span> | <span class="comment light_bg_comments">9</span></div> </div> </a> </article> <article> <a href="/2024/07/25/crowdstrike_lumma_infostealer/" class=story_link> <div class="article_text_elements"> <h4>Beware of fake CrowdStrike domains pumping out Lumma infostealing malware</h4> <div class=standfirst>PSA: Only accept updates via official channels ... ironically enough</div> <div class=time_comments> <span class="section_name">Malware Month</span><span class="time_stamp" title="25 Jul 22:30" data-epoch="1721946649">25 Jul 2024</span> | <span class="comment light_bg_comments">3</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/07/25/data_from_deleted_github_repos/" class=story_link> <div class="article_text_elements"> <h4>FYI: Data from deleted GitHub repos may not actually be deleted</h4> <div class=standfirst>And the forking Microsoft-owned code warehouse doesn't see this as much of a problem</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="25 Jul 19:51" data-epoch="1721937092">25 Jul 2024</span> | <span class="comment light_bg_comments">49</span></div> </div> </a> </article> <article> <a href="/2024/07/24/apple_google_topics/" class=story_link> <div class="article_text_elements"> <h4>Oops. Apple relied on bad code while flaming Google Chrome's Topics ad tech</h4> <div class=standfirst>Yes, you can be fingerprinted and tracked via Privacy Sandbox – tho the risk isn't as high as feared</div> <div class=time_comments> <span class="section_name">Personal Tech</span><span class="time_stamp" title="24 Jul 20:44" data-epoch="1721853846">24 Jul 2024</span> | <span class="comment light_bg_comments">8</span></div> </div> </a> </article> <article> <a href="/2024/07/24/googles_recaptchav2_labor/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>Forget security – Google's reCAPTCHA v2 is exploiting users for profit</h4> <div class=standfirst> <span class="label">Updated</span> Web puzzles don't protect against bots, but humans have spent 819 million unpaid hours solving them</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="24 Jul 06:33" data-epoch="1721802791">24 Jul 2024</span> | <span class="comment light_bg_comments">73</span></div> </div> </a> </article> <article> <a href="/2024/07/23/crowdstrike_failure_shows_need_for/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code</h4> <div class=standfirst> <span class="label">Analysis</span> Maybe next time some staged rollouts? A bit of QA too?</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="23 Jul 20:52" data-epoch="1721767932">23 Jul 2024</span> | <span class="comment light_bg_comments">119</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/07/18/russias_fin7_is_peddling_its/" class=story_link> <div class="article_text_elements"> <h4>Russia’s FIN7 is peddling its EDR-nerfing malware to ransomware gangs</h4> <div class=standfirst>Major vendors' products scuppered by novel techniques</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="18 Jul 13:40" data-epoch="1721310024">18 Jul 2024</span> | <span class="comment light_bg_comments">5</span></div> </div> </a> </article> <article> <a href="/2024/07/18/sniffer_dogs_datacenter_defence_implants/" class=story_link> <div class="article_text_elements"> <h4>Release the hounds! Securing datacenters may soon need sniffer dogs</h4> <div class=standfirst>Nothing else can detect attackers with implants designed to foil physical security</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="18 Jul 00:54" data-epoch="1721264050">18 Jul 2024</span> | <span class="comment light_bg_comments">35</span></div> </div> </a> </article> <article> <a href="/2024/07/17/ransomware_continues_to_pile_on/" class=story_link> <div class="article_text_elements"> <h4>Ransomware continues to pile on costs for critical infrastructure victims</h4> <div class=standfirst>Millions more spent without any improvement in recovery times</div> <div class=time_comments> <span class="section_name">Malware Month</span><span class="time_stamp" title="17 Jul 15:01" data-epoch="1721228473">17 Jul 2024</span> | <span class="comment light_bg_comments">5</span></div> </div> </a> </article> <article> <a href="/2024/07/16/fbi_access_trump_shooting_phone/" class=story_link> <div class="article_text_elements"> <h4>FBI gains access to Trump rally shooter's phone</h4> <div class=standfirst>Hasn't said how it did it, but has form cracking devices</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="16 Jul 03:16" data-epoch="1721099790">16 Jul 2024</span> | <span class="comment light_bg_comments">115</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/07/10/radius_critical_vulnerability/" class=story_link> <div class="article_text_elements"> <h4>RADIUS networking protocol blasted into submission through MD5-based flaw</h4> <div class=standfirst>If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="10 Jul 03:15" data-epoch="1720581337">10 Jul 2024</span> | <span class="comment light_bg_comments">11</span></div> </div> </a> </article> <article> <a href="/2024/07/05/ghostscript_vulnerability_severity/" class=story_link> <div class="article_text_elements"> <h4>Latest Ghostscript vulnerability haunts experts as the next big breach enabler</h4> <div class=standfirst>There's also chatter about whether medium severity scare is actually code red nightmare</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="05 Jul 12:34" data-epoch="1720182850">05 Jul 2024</span> | <span class="comment light_bg_comments">25</span></div> </div> </a> </article> <article> <a href="/2024/07/03/traeger_security_bugs/" class=story_link> <div class="article_text_elements"> <h4>Traeger security bugs bad news for grillers with neighborly beef</h4> <div class=standfirst>Never risk it when it comes to brisket – make sure those updates are applied</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="03 Jul 16:24" data-epoch="1720023849">03 Jul 2024</span> | <span class="comment light_bg_comments">20</span></div> </div> </a> </article> <article> <a href="/2024/06/28/cisa_open_source/" class=story_link> <div class="article_text_elements"> <h4>CISA looked at C/C++ projects and found a lot of C/C++ code. Wanna redo any of it in Rust?</h4> <div class=standfirst>So, so many lines of memory-unsafe routines in crucial open source, and unsafe dependencies</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="28 Jun 20:55" data-epoch="1719608106">28 Jun 2024</span> | <span class="comment light_bg_comments">81</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/06/28/microsoft_skeleton_key_ai_attack/" class=story_link> <div class="article_text_elements"> <h4>'Skeleton Key' attack unlocks the worst of AI, says Microsoft</h4> <div class=standfirst>Simple jailbreak prompt can bypass safety guardrails on major models</div> <div class=time_comments> <span class="section_name">AI + ML</span><span class="time_stamp" title="28 Jun 06:38" data-epoch="1719556693">28 Jun 2024</span> | <span class="comment light_bg_comments">115</span></div> </div> </a> </article> <article> <a href="/2024/06/28/polyfillio_cloudflare_malware/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>Polyfill.io owner punches back at 'malicious defamation' amid domain shutdown</h4> <div class=standfirst> <span class="label">Updated</span> No supply-chain attacks to see over here!</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="28 Jun 03:45" data-epoch="1719546346">28 Jun 2024</span> | <span class="comment light_bg_comments">28</span></div> </div> </a> </article> <article> <a href="/2024/06/25/polyfillio_china_crisis/" class=story_link> <div class="article_text_elements"> <h4>If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately</h4> <div class=standfirst>Scripts turn sus after mysterious CDN swallows domain</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="25 Jun 23:48" data-epoch="1719359293">25 Jun 2024</span> | <span class="comment light_bg_comments">61</span></div> </div> </a> </article> <article> <a href="/2024/06/24/mirailike_botnet_zyxel_nas/" class=story_link> <div class="article_text_elements"> <h4>'Mirai-like' botnet observed attacking EOL Zyxel NAS devices</h4> <div class=standfirst>Seems like as good a time as any to upgrade older hardware</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="24 Jun 14:39" data-epoch="1719239948">24 Jun 2024</span> | <span class="comment light_bg_comments">3</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/06/23/google_chrome_web_store_vetting/" class=story_link> <div class="article_text_elements"> <h4>Risk of installing dodgy extensions from Chrome store way worse than Google's letting on, study suggests</h4> <div class=standfirst>All depends on how you count it – Chocolate Factory claims 1% fail rate</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="23 Jun 10:36" data-epoch="1719138970">23 Jun 2024</span> | <span class="comment light_bg_comments">34</span></div> </div> </a> </article> <article> <a href="/2024/06/21/uefi_vulnerability_intel_chips/" class=story_link> <div class="article_text_elements"> <h4>Phoenix UEFI flaw puts long list of Intel chips in hot seat</h4> <div class=standfirst>Researchers discuss it in same breath as BlackLotus and MosaicRegressor</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="21 Jun 16:27" data-epoch="1718987225">21 Jun 2024</span> | <span class="comment light_bg_comments">21</span></div> </div> </a> </article> <article> <a href="/2024/06/19/powershell_fix_malware/" class=story_link> <div class="article_text_elements"> <h4>That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise</h4> <div class=standfirst>Control-C, Control-V, Enter ... Hell</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="19 Jun 07:27" data-epoch="1718782048">19 Jun 2024</span> | <span class="comment light_bg_comments">18</span></div> </div> </a> </article> <article> <a href="/2024/06/18/cheri_alliance_formed_to_promote/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>CHERI Alliance formed to promote memory security tech ... but where's Arm?</h4> <div class=standfirst> <span class="label">Updated</span> Academic-industry project takes next step as key promoter chip designer licks its wounds</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="18 Jun 15:04" data-epoch="1718723052">18 Jun 2024</span> | <span class="comment light_bg_comments">3</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/06/18/support_ends_change_healthcare/" class=story_link> <div class="article_text_elements"> <h4>Uncle Sam ends financial support to orgs hurt by Change Healthcare attack</h4> <div class=standfirst>Billions of dollars made available but worst appears to be over</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="18 Jun 13:15" data-epoch="1718716515">18 Jun 2024</span> | <span class="comment light_bg_comments">3</span></div> </div> </a> </article> <article> <a href="/2024/06/18/arm_memory_tag_extensions_leak/" class=story_link> <div class="article_text_elements"> <h4>Arm security defense shattered by speculative execution 95% of the time</h4> <div class=standfirst>'TikTag' security folks find anti-exploit mechanism rather fragile</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="18 Jun 01:11" data-epoch="1718673069">18 Jun 2024</span> | <span class="comment light_bg_comments">27</span></div> </div> </a> </article> <article> <a href="/2024/06/14/stanford_internet_observatory/" class=story_link> <div class="article_text_elements"> <h4>Stanford Internet Observatory wilts under legal pressure during election year</h4> <div class=standfirst>Because who needs disinformation research at times like these</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="14 Jun 21:38" data-epoch="1718401085">14 Jun 2024</span> | <span class="comment light_bg_comments">85</span></div> </div> </a> </article> <article> <a href="/2024/06/04/cybercriminals_abusing_boxedapp/" class=story_link> <div class="article_text_elements"> <h4>Cybercrooks get cozy with BoxedApp to dodge detection</h4> <div class=standfirst>Some of the biggest names in the game are hopping on the trend</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="04 Jun 12:00" data-epoch="1717502409">04 Jun 2024</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/06/03/baidu_robotaxi_attack/" class=story_link> <div class="article_text_elements"> <h4>Researchers warn robot cars can be crashed with tinfoil and paint daubed on cardboard</h4> <div class=standfirst>Use Baidu's platform to show how the fusion of Lidar, radar, and cameras can be fooled by stuff from your kids' craft box</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="03 Jun 05:48" data-epoch="1717393698">03 Jun 2024</span> | <span class="comment light_bg_comments">34</span></div> </div> </a> </article> <article> <a href="/2024/05/30/msps_security_nightmare/" class=story_link> <div class="article_text_elements"> <h4>Pretty much all the headaches at MSPs stem from cybersecurity</h4> <div class=standfirst>More cybercrime means more problems as understaffed teams stretched to the limit</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="30 May 10:30" data-epoch="1717065008">30 May 2024</span> | <span class="comment light_bg_comments">14</span></div> </div> </a> </article> <article> <a href="/2024/05/23/apple_wifi_positioning_system/" class=story_link> <div class="article_text_elements has_trailer_top"> <h4>How Apple Wi-Fi Positioning System can be abused to track people around the globe</h4> <div class=standfirst> <span class="label">In-depth</span> SpaceX is smart on this, Cupertino and GL.iNet not so much</div> <div class=time_comments> <span class="section_name">Networks</span><span class="time_stamp" title="23 May 06:34" data-epoch="1716446049">23 May 2024</span> | <span class="comment light_bg_comments">78</span></div> </div> </a> </article> <article> <a href="/2024/05/23/china_hacking_group/" class=story_link> <div class="article_text_elements"> <h4>'China-aligned' spyware slingers operating since 2018 unmasked at last</h4> <div class=standfirst>Unfading Sea Haze adept at staying under the radar</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="23 May 03:47" data-epoch="1716436032">23 May 2024</span> | <span class="comment light_bg_comments">1</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1a"> <article> <a href="/2024/05/22/50m_investment_hospital_security/" class=story_link> <div class="article_text_elements"> <h4>Uncle Sam to inject $50M into auto-patcher for hospital IT</h4> <div class=standfirst>Boffins, why not simply invent an algorithm that autonomously fixes flaws, thereby ending ransomware forever</div> <div class=time_comments> <span class="section_name">Public Sector</span><span class="time_stamp" title="22 May 00:46" data-epoch="1716338772">22 May 2024</span> | <span class="comment light_bg_comments">33</span></div> </div> </a> </article> <article> <a href="/2024/05/21/fluent_bit_flaw/" class=story_link> <div class="article_text_elements"> <h4>Critical Fluent Bit bug affects all major cloud providers, say researchers</h4> <div class=standfirst>Crashes galore, plus especially crafty crims could use it for much worse</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="21 May 17:45" data-epoch="1716313515">21 May 2024</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> <article> <a href="/2024/05/21/with_ransomware_whales_becoming_so/" class=story_link> <div class="article_text_elements"> <h4>With ransomware whales becoming so dominant, would-be challengers ask 'what's the point?'</h4> <div class=standfirst>Fewer rivals on the scene as big-gang success soars</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="21 May 11:01" data-epoch="1716289292">21 May 2024</span> | <span class="comment light_bg_comments">3</span></div> </div> </a> </article> <article> <a href="/2024/05/20/qnap_watchtowr/" class=story_link> <div class="article_text_elements"> <h4>Researchers call out QNAP for dragging its heels on patch development</h4> <div class=standfirst>WatchTowr publishes report claiming vendor failed to issue fixes after four months</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="20 May 14:00" data-epoch="1716213612">20 May 2024</span> | <span class="comment light_bg_comments">4</span></div> </div> </a> </article> </div> <a href="/security/research/earlier/1/" class="reg_btn_primary wide" data-unit-type="more_stories_link">MORE STORIES</a> </div> </div> <div id=footer> <div class="footer_slogan"> <div class="footer_wrapper"> <p>The Register <img class="vulture_icon" src="/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_white.png" alt="icon"> Biting the hand that feeds IT</p> </div> </div> <div class="footer_wrapper"> <div class=foot_wrapper> <div class="left_block"> <div class="foot_list"> <h4>About Us<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/contact/">Contact us</a></li> <li><a target=_blank rel=noopener href="https://www.theregister.com/AdvertiseWithUs/">Advertise with us</a></li> <li><a href="https://www.theregister.com/Profile/about_the_register/">Who we are</a></li> </ul> </div> <div class="foot_list more_us"> <h4>Our Websites<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.nextplatform.com/">The Next Platform</a></li> <li><a href="https://devclass.com/">DevClass</a></li> <li><a href="https://blocksandfiles.com/">Blocks and Files</a></li> </ul> </div> <div class="foot_list privacy"> <h4>Your Privacy<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/cookies/">Cookies Policy</a></li> <li><a href="https://www.theregister.com/Profile/privacy/">Privacy Policy</a></li> <li><a href="https://www.theregister.com/Profile/terms_and_conditions_of_use/">Ts & Cs</a></li> </ul> </div> </div> <div class="right_block"> <div class="foot_list"> <a href="https://situationpublishing.com/" id="sitpub_logo"> <img loading="lazy" width="250" alt="Situation Publishing" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/std/sitpublogo_2022.png"> </a> <p> Copyright. All rights reserved © 1998–2024 </p> </div> </div> <noscript><img width="1" height="1" src="/Design/graphics/std/transparent_pixel.png" alt="no-js"></noscript> </div> </div> </div> <div id=end_scripts> <script> if (typeof(ElReg.Ga.sendPageView) === 'function') { ElReg.Ga.sendPageView('reg_security/research','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); } </script> <script> $(function() { RegUtils.set_bucket_group(921) }); </script> </div> <!--[if IE]> <p id=unsupported_browser>The Register does not support such an old IE version. Please upgrade your browser. <img src="https://go.theregister.com/k/abb_oldie> </p> <![endif]--></div> </body> </html>