News

And needs a very blunt instrument to do the job, because the protocol works as planned

China is now blocking encrypted HTTPS traffic that uses TLS 1.3 with ESNI enabled, according to observers at the Great Firewall Report (GFR).…

In-depth dive into protocols exposing countless gadgets to miscreants

DEF CON  More than 3.7 million. That's the latest number of surveillance cameras, baby monitors, doorbells with webcams, and other internet-connected devices found left open to hijackers via two insecure communications protocols globally, we're told.…

Now that's a stretch: 'Work Yoga' memo tells folks to ignore calls, emails to 'stay in the zone'

The British offices of Barclays Bank are under investigation over allegations that managers spied upon their own staff as part of a workplace productivity improvement drive.…

Industry binning old aircraft is an opportunity for aviation infosec

DEF CON  Boeing 747-400s still use floppy disks for loading critical navigation databases, Pen Test Partners has revealed to the infosec community after poking about one of the recently abandoned aircraft.…

Plus: Sec wizard shows another way to pwn Mac users

In brief  A city in Colorado, USA, has swallowed its pride and paid off a malware gang after deciding the cost of a network nuke-and-pave was too high.…

Start the clock on those patches – they'll be coming any day, week, month soon

DEF CON  In July, the makers of millions of smartphones powered by Qualcomm's Snapdragon system-on-chips received mitigation recommendations to address a bevy of security flaws in their products, all introduced by Qualcomm's technology.…

Bug-hunter details how his team slurped data… IN SPAAAAACE

DEF CON  FYI, if you didn't already know: readily available satellite TV electronics can be used to sniff and inspect satellite internet traffic.…

These are the class-action-suit-joining 'droids lawyers are looking for. (We'll get our coats)

Google "abuses Android OS to obtain a competitive advantage", according to a lawsuit filed this week alleging that the Alphabet offshoot "secretively monitored and collected users' sensitive personal data" to develop apps to compete with TikTok, Facebook, and Instagram.…

Demirkapi shows how drivers can be misused for deep pwnage

DEF CON  Writing a successful Windows rootkit is easier than you would think. All you need is do is learn assembly and C/C++ programming, plus exploit development, reverse engineering, and Windows internals, and then find and abuse a buggy driver, and inject and install your rootkit, and bam. Happy days.…

Not exactly the first time this has happened, by a very long chalk

Google's Chrome Web Store is once again under fire for poor policing of harmful extensions.…

On grounds that they can track users, conduct corporate espionage and oppress Chinese-Americans

United States president Donald Trump has issued two executive orders banning Chinese messaging service WeChat and made-in-China-but-only-operating-abroad social network TikTok, and labelling the two a “threat”.…

All that money must be wired to the US Treasury immediately

Capital One must pay a $80m fine for its shoddy public cloud security – yes, the US banking giant that was hacked last year by a miscreant who stole personal information on 106 million credit-card applicants in America and Canada.…

A misunderstanding about the vulnerability means defenses fall short

Some of the boffins who in 2018 disclosed the data-leaking speculative-execution flaws known as Spectre and Meltdown today contend that attempts to extinguish the Foreshadow variant have missed the mark.…

China can't hold a candle to GRU's shenanigans, says expert

Black Hat  While China is the bête noire du jour of the US government, Russia is the master of spreading disinformation, fostering conflict, and derailing discourse online, the Black Hat security conference was told today.…

Leaker only 'a bit concerned' about getting sued

Updated  Swiss IT consultant Tillie Kottmann on Thursday published a trove of purportedly confidential Intel technical material, code, and documents related to various processors and chipsets.…

Should your policy cover that? Well that's up to you

The National Cyber Security Centre has urged British businesses to think carefully when picking a cyber insurance policy – but won’t say whether insurance that covers ransomware payoffs is a bad thing or not.…

Bognor Regis man still faces 20 years in clink, though

The British teenager accused of being part of the gang that hacked Twitter and posted a cryptocurrency scam from various US celebrities' accounts has not yet been arrested.…

‘Clean Network’ initiative bans use of Chinese clouds, names Alibaba, Baidu, and Tencent as compromised

US secretary of state Mike Pompeo has announced a “Clean Network plan” he says offers a “comprehensive approach to guarding our citizens’ privacy and our companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party (CCP).”…

'We are investigating the situation'

Canon has had a double shot of bad luck lately. First, its brand-new photo-and-video-hosting cloud started losing files. Now it's reportedly fallen victim to ransomware.…

ES&S takes the bold step of not ignoring vulnerability reports

Black Hat  Just hours after Professor Matt Blaze today discussed the state of election system security in America, one of the largest US voting machine makers stepped forward to say it's trying to improve its vulnerability research program.…