Two flaws in Microsoft software are under attack on systems that haven't been patched by admins. Redmond issued fixes for the vulnerabilities – one affecting Visual Studio and the other the Win32k subsystem – in April and May, but in separate reports this week,...

The FBI doesn't want to lose its favorite codified way to spy, Section 702 of the US Foreign Intelligence Surveillance Act. In its latest salvo, the agency's deputy director Paul Abbate called it "absolutely critical for the FBI to continue protecting the...

Japanese pharma giant Eisai today confirmed to The Register that "there is no imminent risk of stock shortage" after it was hit by ransomware at the weekend. Eisai's European comms person told us it has a global stocking policy that means it always has more...

Commissioned Commissioned: If you're like most IT leaders, you are facing two uncomfortable realities. The first is that external and internal cybersecurity threats are proliferating from individuals, independent collectives and nation-state attackers. The...

A crimeware group that usually targets individuals and SMBs in North America and Europe adds cyberespionage to its activities It’s rather rare to find a cybercrime group that ventures into cyberespionage, which alone makes new ESET research all the more...

Britain's data watchdog has slapped a financial penalty on two energy companies it claims were posing as third parties, including the National Grid and UK government, when making unsolicited marketing calls. Maxen Power Supply (MPS), from Ilford, Essex, and...

The number of stolen Asian credit card numbers appearing on darkweb crime marts has fallen sharply, cyber security firm Group-IB told Singapore's ATxSG conference on Thursday. Instead, the region's bad guys have escalated their attempts to steal corporate...

Barracuda has now told customers to "immediately" replace infected Email Security Gateway (ESG) appliances — even if they have received a patch to fix a critical bug under exploit. The vendor disclosed the remote command injection bug, tracked as CVE-2023-2868...

Google Cloud has put $1 million on the table to cover customers' unauthorized compute expenses stemming from cryptomining attacks if its sensors don't spot these illicit miners. Unlike their louder, flashier counterparts (looking at you, ransomware crews),...

A curious case of a threat actor at the border between crimeware and cyberespionage Asylum Ambuscade is a cybercrime group that has been performing cyberespionage operations on the side. They were first publicly outed in March 2022 by Proofpoint researchers...