That email from King Charles asking you for a bank account to store $500 million in until after his coronation is (probably) fake. Following the death of Queen Elizabeth II at the age of 96, the UK’s National Cyber Security Centre (NCSC) has issued a warning to be on the lookout for phishing attempts.

In a bulletin on Sept. 13, the NCSC cautioned, “there may be an increase in phishing emails and other scams” in the period following the queen’s death up until her state funeral on Sept. 19.

Specifically, NCSC said that mourners should be aware that anyone claiming to sell tickets to see the queen lying in state should be ignored, as it is free and open to the public. (Instead, the price of entry is waiting in a miles-long queue stretching throughout parts of London.) The NCSC, which is part of the GCHQ, appears to have issued the warning out of an abundance of caution: It wrote in the bulletin that it “has not yet seen extensive evidence” of such scams.

ComputerWeekly noted that other likely targets of scammers include those traveling to London to pay their respects to the late monarch. Planes and trains to England are already overburdened with travelers, while some flights have been “disrupted to ensure there is silence in central London during the procession.” Hotels are also expected to be sold out or close to it. Anyone hoping to get close to any official events should anticipate delays due to heavy security. All this creates an environment ripe for scammers to prey on those looking for scarce travel and accommodation deals.

Read the rest here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @thetomzone on Twitter. Want to go encrypted? Ask Tom for his Signal.

In addition to operating systems, applications, and embedded technologies, IT pros lately have had to add one more item to the lengthy list of things to patch: patches.

The Zero Day Initiative, a vendor-agnostic bug-bounty program begun in 2005 and since acquired by Trend Micro, recently addressed concerns of incomplete and ineffective patches by modifying its disclosure deadlines.

ZDI’s reduction of timelines, announced in August, suggests a greater urgency in addressing a software-development problem: everybody’s moving too fast.

For the sake of speed, software makers are abandoning an ongoing design approach that identifies and reviews breaks throughout a system’s life cycle, according to one member of the Initiative.

“Companies aren’t really looking to support their product after release. They’d rather put their engineering resources on building ‘V next,’ whatever that is, rather than maintaining and correcting what they’d already released,” said Dustin Childs, senior communications manager for the Zero Day Initiative.

The organization announced at Black Hat that it would change its disclosure deadlines for bug reports that result from patchy patches.

“Over the last couple of years, we’ve definitely seen a decrease in quality, to the point that now 10%–20% of the bugs we purchase at ZDI are the result of faulty or otherwise incomplete patches,” Childs told IT Brew.

Instead of ZDI’s standard 120-day disclosure timeline for most vulnerabilities, critical-rated cases, where exploitation is detected or expected, now have a 30-day timeframe, “which means they need to produce a fix within 30 days, or we will go public with some of the information,” Childs said. (Learn more about the tiered deadlines.)

A variety of vendors have deployed incomplete or otherwise faulty updates. In October 2021, VMware released an incomplete, bypass-able patch. May 2021 saw Dell’s five driver fixes still open Windows-kernel level attacks. The list goes on. (See: Cisco, SonicWall, Google, and Apache.)

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

Today’s top IT reads.

Stat: $300 million. That’s the price T-Mobile paid for thousands of spectrum licenses in order to boost its 5G coverage capabilities. (CNET)

Quote: “We recently suffered a network intrusion in which an unauthorized third party illegally accessed and downloaded confidential information from our systems, including early development footage for the next Grand Theft Auto.”—Rockstar Games, after footage of the company’s upcoming Grand Theft Auto VI game was leaked by hackers (The Verge)

Read: Thanks to some less-than-secure passwords, two hackers were able to delete files and disrupt the services of Intercontinental Hotels Group, owners of Holiday Inn and other major hotel brands. (BBC)

How IT’s goin’: What’s the state of modern physical security? Rhombus surveyed 250+ physical security pros in the IT world to find out. See which strategies Fortune 500 companies leverage and how priorities have shifted in Rhombus’ report.*

^{*This is sponsored advertising content.}