News

One of the worst things that could happen to privacy-focused community

Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK.…

Microsoft study says India is most susceptible, other studies suggest the USA cops it most

Tech support scam attempts dropped in frequency over the past two years, but remain a threat. And Millennials and Gen Z – not Boomers – fall prey most frequently, according to Microsoft in its 2021 Global Tech Support Scam Research report, released Thursday.…

Spends £££ on Silicon Valley cyber risk management firm

BT is looking to cash in on ever-growing global concerns over digital crime, and has confirmed making a multi million pound investment in US-based cyber risk management firm Safe Security.…

Users sent two further updates – one fixing an issue that prevented installation of antivirus software

Software-for-services providers business Kaseya has obtained a "universal decryptor key" for the REvil ransomware and is delivering it to clients.…

Biz insists it's trying as hard as possible to scrub clean its IRC-for-the-2020s

Sophos on Thursday warned that internet instant-chat service Discord is becoming an increasingly popular malware distribution channel.…

Learn tricks of the trade at SANS Singapore 2021 – and treat yourself to a discount

Promo  Whisper it softly, but we’re fast forwarding through the second half of 2021, which means the holiday shopping season – and accompanying hacking season – is not far behind.…

It's the only way to be sure

After setting the "days since a security cock-up" counter back to zero, Microsoft has published an official workaround for its Access Control Lists (ACLs) vulnerability (CVE-2021-36934).…

At least Redmond is taking some security seriously

Microsoft has snapped up cloud security outfit CloudKnox while researchers continue to poke holes in its down-to-earth Windows operating system.…

Some of the stuff going on in the industry is completely out of order

A new initiative aims to make it easier to report personal abuse and harassment within the information security industry – without the involvement of social media mobs.…

Would you like to pay with a poke?

Thales has announced what it claims is the "world's first" payment card to include an onboard fingerprint sensor, promising improved security and usability – and an end to contactless payment limits.…

Chinese Foreign Ministry spokesperson says 53 per cent of cyber attacks on China come from the US

China has very firmly pushed back against the accusation it paid contractors to attack Microsoft's Exchange Server.…

Denies everything, as governments open probes into the company and its wares

The NSO Group, a purveyor of spyware it hopes governments and law enforcement bodies will use to fight terrorism, has announced it will not answer any further questions about allegations raised by Amnesty International and Forbidden Stories that its products have been widely misused.…

Meanwhile, Tokyo games ticket holder data leaks, and those affected can't even use their seats

Three US senators have written to their nation's Olympic Committee with a request that it "forbid American athletes from receiving or using Digital Yuan during the Beijing Olympics" – a reference to the Winter Games scheduled to commence on February 4th, 2022.…

'PlugWalkJoe' also said to have meddled with TikTok, SnapChat

The Spanish National Police have, at the request of America, arrested UK citizen Joseph O’Connor in Estepona, Spain, in connection with the July 2020 takeover of more than 130 Twitter accounts.…

Fancy new system shown off at online summit

Google has introduced a new Intrusion Detection Service together with "Adaptive Protection" for its cloud firewall, but such services make security a costly feature.…

Patches available for priv-esc bug in the open-source software, at least

Move over, PrintNightmare. Microsoft has another privilege-escalation hole in Windows that can be potentially exploited by rogue users and malware to gain admin-level powers.…

Deletion of employer's YouTube account deemed violation of release

Former journalist Matthew Keys, who served two years in prison for posting his Tribune Company content management system credentials online a decade ago in violation of America's Computer Fraud and Abuse Act, has been ordered back to prison for violating the terms of his supervised release.…

Cure worse than the disease for anyone with the 'fgfmsd' daemon activated

Security appliance slinger Fortinet has warned of a critical vulnerability in its own FortiGate products which can be exploited to allow unauthenticated attackers full control over the target system - providing a particular daemon is enabled.…

£17m on shiny new Flowbird touchscreen kiosks well spent, apparently

Publicly owned rail operator Northern Trains has an excuse somewhat more technical than "leaves on the line" for its latest service disruption: a ransomware attack that has left its self-service ticketing booths out for the count.…

Because Verify was roaring success and cos digi ID will 'reduce cases of online fraud'. Ahem

The UK government is launching proposals to boost the legal status of digital identities, something it claims will ensure they are trusted as much as physical documents such as passports.…