Fasten your seat belts, secure your tray table, and try not to give away your passwords Australia's Federal Police (AFP) has charged a man with running a fake Wi-Fi network on at least one commercial flight and using it to harvest flier credentials for email and social media services.…

Spammers will probably bid to buy it, so community is trying to find a better home for decades-old service Exclusive  The Spam and Open Relay Blocking System (SORBS) – a longstanding source of info on known sources of spam widely used to create blocklists – has been shuttered by its owner, cyber security software vendor Proofpoint.…

Just doesn't believe it will sort out the mess that saw data leak from LINE messaging app Japan's government has considered the proposed security improvements developed by Yahoo!, found them wanting, and ordered the onetime web giant to take new measures.…

Cleaning up after hackers is easy compared to surviving the politics of consultancy On Call  It’s the last Friday of 2023, but because the need for tech support never goes away neither does On Call, The Register’s Friday column in which readers share their tales of being asked to fix the unfeasible, in circumstances that are often indefensible.…

Risk of ‘significant data loss’ for on-prem customers Atlassian has told customers they “must take immediate action” to address a newly discovered flaw in its Confluence collaboration tool.…

Staff able to watch customers in the bathroom? Tick! Obviously shabby infosec? Tick! Training AI as an excuse for data retention? Tick! America's Federal Trade Commission has made Amazon a case study for every cautionary tale about how sloppily designed internet-of-things devices and associated services represent a risk to privacy – and made the cost of those actions, as alleged, a mere $30.8 million.…

Personal info and data safe, stolen code not critical, apparently Dropbox has said it was successfully phished, resulting in someone copying 130 of its private GitHub code repositories and swiping some of its secret API credentials.…

‘This is not what justice looks like’ says official on sanction for leak of 100 million records Convicted wire fraud perpetrator Paige Thompson (aka "erratic") has been sentenced to time served and five years of probation with location and computer monitoring, prompting U.S. Attorney Nick Brown to label the sanctions unsatisfactory.…

AWS and G Suite admin accounts likely popped, HackerOne bug bounty page hit, and more Updated  Uber is tonight reeling from what looks like a substantial cybersecurity breach.…

Fixes issued, warns it 'has not exhaustively enumerated all potential consequences' Atlassian has warned users of its Bamboo, Bitbucket, Confluence, Fisheye, Crucible, and Jira products that a pair of critical-rated flaws threaten their security.…

The fun folk who attacked Solar Winds using a poisoned CV and tools from the murky world of commercial hackware Palo Alto Networks' Unit 42 threat intelligence team has claimed that a piece of malware that 56 antivirus products were unable to detect is evidence that state-backed attackers have found new ways to go about the evil business.…

Already has 'Iron Dome' – does it need another hero? The new head of Israel's National Cyber Directorate (INCD) has announced the nation intends to build a "Cyber-Dome" – a national defense system to fend off digital attacks.…

Could it be Beijing was right about games being bad for China? Chinese web giant Tencent has admitted to a significant account hijack attack on its QQ.com messaging and social media platform.…

‘Cooperative mutation’ spots problems that checking code alone will miss Black Hat Asia  Security researchers have devised a tool that detects flaws in the way apps like Microsoft Word and Adobe Acrobat process JavaScript, and it's proven so effective they've found 134 bugs – 59 of them considered worthy of a fix by vendors, 33 assigned a CVE number, and 17 producing bug bounty payments totaling $22,000.…

Changes story again to say customers weren't in danger, admits it waited for incident report instead of asking tough questions Identity-management-as-a-service outfit Okta has acknowledged that it made an important mistake in its handling of the attack on a supplier by extortion gang Lapsus$.…

Clouds usually fix this sort of thing before bugs go public. This time it's best to assume you need to do this yourself Microsoft Azure users running Linux VMs in the IT giant's Azure cloud need to take action to protect themselves against the four "OMIGOD" bugs in the Open Management Infrastructure (OMI) framework, because Microsoft hasn't raced to do it for them.…

What’s another 20 minutes of sudden unplanned downtime between friends? Kaseya has fully restored its SaaS product, then quickly inflicted a little more unplanned downtime on users.…

Post-Flashpocalypse, we stumble outside, hoping no one ever creates software as insecure as that ever again Adobe has finally and formally killed Flash.…

Banned merchants restored, rivals’ stores binned, cash sent around town in an Uber, it is alleged US prosecutors claim six people bribed corrupt Amazon insiders to rig the the web giant's Marketplace in their favor and leak terabytes of data including some search algorithms.…

Attack came in waves that probed for staff with access to the creds crims craved Twitter has offered further explanation of the celebrity account hijack hack that saw 130 users’ timelines polluted with a Bitcoin scam.…

Sigh. How many users did it have before it started this stuff? Zoom has outlined more about its efforts to improve its security.…

Sigh. How many users did it have before it started this stuff? Zoom has outlined more about its efforts to improve its security.…

Only from its digital doc-signing service, which is isolated from its cloudy storage Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.…

Huawei is OK, but Xiaomi, OPPO, and Samsung are in strife. And Honor isn't living its name Many Chinese keyboard apps, some from major handset manufacturers, can leak keystrokes to determined snoopers, leaving perhaps three quarters of a billion people at risk according to research from the University of Toronto’s Citizen Lab.…

Nothing else can detect attackers with implants designed to foil physical security Sniffer dogs may soon become a useful means of improving physical security in datacenters, as increasing numbers of people are adopting implants like NFC chips that have the potential to enable novel attacks on access control tools.…

Rapid restore tool being tested as Microsoft estimates 8.5M machines went down Updated  CrowdStrike's now-infamous Falcon Sensor software, which last week led to widespread outages of Windows-powered computers, has also been linked to crashes of Linux machines.…

Now there's an idea – parsing config data in user mode Updated  Microsoft has vowed to reduce cybersecurity vendors' reliance on kernel-mode code, which was at the heart of the CrowdStrike super-snafu this month.…

Unclear if this is a sign controversial service is cleaning up its act everywhere Controversial social network Telegram has co-operated with South Korean authorities and taken down 25 videos depicting sex crimes.…

When maintenance windows are hard to open, a little lubrication helps On Call  The Register understands consuming alcohol is quite a popular way to wind down from the working week, but each Friday we get the party started early with a new and sober instalment of On Call, the reader contributed column in which you share stories about the emotional hangovers you've earned delivering tech support.…