News

NATO's getting in on the action too

British ministers are stepping up their rhetoric on cyber warfare, with £22m to be splurged on embiggening an "offensive hacking" unit as Foreign Secretary Jeremy Hunt vowed to retaliate against Russian cyber-attacks.…

Haul included employee passports, driving licences, bank statements and more

The third-party mailbox used by Computacenter employees and contractors to deposit data for security clearance applications has been hacked and used in phishing scams.…

War crimes trial takes a fresh twist

The US Air Force has opened an investigation into a "malware" infection – which it is blaming on lawyers employed by the US Navy who are working on a war crimes case.…

Vulnerability can be exploited to turn users into system stars, no patch available yet

A bug-hunter who previously disclosed Windows security flaws has publicly revealed another zero-day vulnerability in Microsoft's latest operating systems.…

Biz app login details encrypted at rest, though, ad giant insists

Google admitted Tuesday its paid-for G Suite of cloudy apps aimed at businesses stored some user passwords in plaintext albeit in an encrypted form.…

Cheapskate fandroids get a pass on this one, though

Your iPhone can be uniquely fingerprinted by apps and websites in a way that you can never clear. Not by deleting cookies, not by clearing your cache, not even by reinstalling iOS.…

All too often, information-sharing is limited to vertical market silos; to build better defenses, it's time to take a broader view beyond the ISAC.

A glitch in Microsoft's Windows 10 update is causing systems to freeze after users tried to use the System Reboot function. Luckily, workarounds exist.

An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.

Yes, the one with the critical security fixes

Brit security software slinger Sophos has advised its customers to uninstall Microsoft's most recent Patch Tuesday run – the same patches that protect servers against the latest Intel cockups.…

A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.

Turning off trim control software in training wouldn't give realistic results – report

Boeing has admitted that pilot training simulators for the controversial 737 Max did not accurately reproduce what happened if the infamous MCAS system went gaga.…

An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel.

Daniel Gruss, the researcher behind Spectre, Meltdown - and most recently, ZombieLoad - Intel CPU side channel attacks, gives an inside look into how he discovered the flaws.

If it walks like a duck and quacks like a duck then...

Analysis  The technology industry has numerous terms for sneaky software, including malware, adware, spyware, ransomware, and the ever adorable PUPs – potentially unwanted programs. But there isn't always a clear difference between malware and less threatening descriptors.…

...And more from the world of infosec this week

Roundup  Here's a quick catch-up of all things infosec beyond what we've already reported this week.…

Explosives activated by wireless networking signals discovered amid election

Terrorists have been caught strapping Wi-Fi-activated backup triggers to bombs in Indonesia, police revealed this week.…

A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites.

Six-week investigation delay shrank payment by 13%

A $1.2m shipment of livestock feed went awry when "hackers" intercepted and tweaked emails with payment details, eventually costing the cheeky buyers an extra $161,000 after exchange rates moved during the legal fallout.…

The decision to pay a ransom in the case of a ransomware attack can be a complex one for businesses.