News

Although it hasn't been seen in the wild yet

A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked Windows systems, making it the fourth publicly known bootkit capable of punching through the feature and hijacking a PC before the operating system loads.…

A similar vuln on Apple devices was used against 'specific targeted users'

Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices.…

Get ready for a fight over who steers the global standard for vulnerability identification

The Cybersecurity and Infrastructure Security Agency (CISA) nearly let the Common Vulnerabilities and Exposures (CVE) program lapse earlier this year, but a new "vision" document it released this week signals that it now wants more control over the global standard for vulnerability identification.…

Dorm management refuses to cover costs after payment system borked

More than a thousand university students in the Netherlands must continue to travel to wash their clothes after their building management company failed to bring its borked smart laundry machines back online.…

Big Brother Watch says a so-called BritCard could turn daily life into one long identity check – and warn that Whitehall can’t be trusted to run

A national digital ID could hand the government the tools for population-wide surveillance – and if history is anything to go by, ministers probably couldn't run it without cocking it up.…

UK data watchdog says students behind most education cyberattacks

The UK's data protection watchdog says more than half of cyberattacks in schools are caused by students, and that parents should act early to prevent their offspring from falling into the wrong crowds.…

Ethical concerns raised after crook offered themselves up on silver platter

Security outfit Huntress has been forced onto the defensive after its latest research – described by senior staff as "hilarious" – split opinion across the cybersecurity community.…

Atlantic Council warns US investors are fueling a market that undermines national security

After years of being dominated by outsiders, the computer surveillance software industry is booming in the United States as investors rush into the ethically dodgy but highly lucrative field.…

Okta uncovers new phishing-as-a-service operation with 'multiple entities' falling victim

Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have successfully stolen users' credentials, multi-factor authentication codes, and session tokens in real time, according to security researchers.…

Shady, China-based company, all the apps needed for a fully automated attack - sounds totally legit

Villager, a new penetration-testing tool linked to a suspicious China-based company and described by researchers as "Cobalt Strike's AI successor," has been downloaded about 10,000 times since its release in July.…

FastNetMon says 1.5 Gpps deluge from hijacked routers, IoT kit nearly drowned scrubbing shop

A DDoS mitigation provider was given a taste of the poison it tries to prevent, after being smacked by one of the largest packet-rate attacks ever recorded – a 1.5 billion packets per second (1.5 Gpps) flood that briefly threatened to knock it off the internet.…

AMD Zen hardware and Intel Coffee Lake affected

If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient execution vulnerability that affects AMD Zen CPUs and Intel Coffee Lake processors by breaking virtualization boundaries.…

Ron Wyden urges FTC to probe failure to secure Windows after attackers used Kerberoasting to cripple Ascension

Microsoft is back in the firing line after US Senator Ron Wyden accused Redmond of shipping "dangerous, insecure software" that helped cybercrooks cripple one of America's largest hospital networks.…

Over 600 security boffins say planned surveillance crosses the line

Europe, long seen as a bastion of privacy and digital rights, will debate this week whether to enforce surveillance on citizens' devices.…

Major UK player cagey on specifics but latest attack follows string blamed on 'third party' suppliers

One of the UK's largest rail operators, LNER, is the latest organization to spill user data via a third-party data breach.…

Academics and OSA stakeholders say watchdog needs to amend how controversial legislation is enforced

Industry experts expressed both concern and sympathy for Ofcom, the Brit regulator that is overseeing the Online Safety Act, as questions mount over the effectiveness of the controversial legislation.…

Battery powered now, fuel-cells tomorrow - all packed in a shipping box

Following a series of trials, defense biz BAE Systems says it is readying an autonomous military submarine for the end of next year.…

You don’t need to be a rocket scientist to figure out the reasons why

NASA has barred Chinese nationals from accessing its premises and assets, even those who hold visas that permit them to reside in the USA.…

Ovoid-themed in-memory malware offers a menu for mayhem

‘EggStreme’ framework looks like the sort of thing Beijing would find handy in its ongoing territorial beefs Infosec outfit Bitdefender says it’s spotted a strain of in-memory malware that looks like the work of Chinese advanced persistent threat groups that wanted to achieve persistent access at a “military company” in the Philippines.…

Patch, turn on MFA, and restrict access to trusted networks…or else

Affiliates of the Akira ransomware gang are again exploiting a critical SonicWall vulnerability abused last summer, after a suspected zero-day flaw actually turned out to be related to a year-old bug.…