News

Fix the crits and backload the rest later

Over the first quarter of 2020, the number of security bugs disclosed by software makers fell 20 per cent though not for any of the right reasons, it seems.…

Open-source mail servers under active exploitation by GRU crew, make sure you're patched up

The NSA has raised the alarm over what it says is Russia's active exploitation of a remote-code execution flaw in Exim for which a patch exists.…

Early May attack hit 600-plus hosting and cloud customers

Global system integrator NTT has said someone hacked their way into its hosting and cloud services and may have accessed 600-odd customers’ data.…

The price will only go down

The maintainers of OpenSSH, widely used for connecting securely to servers and devices over networks, have warned that the SHA-1 algorithm will be disabled in a "near-future release".…

So says Barracuda Networks, anyway

Digital rogues are shunning Microsoft in favour of Google when it comes to launching branded spear-phishing attacks, according to threat intel firm Barracuda Networks.…

Patch Thursday is for you, Patch Tuesday is for everyone else

Apple has alerted users about a bunch of security fixes for its software on supported versions of macOS that you ought to install as soon as you can.…

Intel vPro platform provides hardware level of trust

Sponsored  Sometimes it feels like the hackers and malware creators are in an arms race with the teams tasked with protecting systems and data. New tools and technologies are being deployed on both sides all the time.…

Best change any recycled credentials from your blogging days

Russian-owned blogging service LiveJournal has reportedly suffered a hack affecting 26 million user accounts.…

Supply and demand in action

Crime has never been cheaper to pull off, so long as you're not particular about quality.…

Infosec's Drivergate scandal deepens

Microsoft has blocked a Trend Micro driver from running on Windows 10 – and Trend has withdrawn downloads of its rootkit detector that uses the driver – after the code appeared to cheat Redmond's QA tests.…

Naughty JS can watch you hit control+F, start typing, see what's on your mind

Analysis  A browser feature being developed for the open-source Chromium platform has raised data-leakage privacy concerns – though the Google engineers working on the project contend the potential benefits outweigh the risks.…

As the legalese changes to extend data retention period

India has open-sourced its Aarogya Setu contact-tracing app and announced a bug bounty program to detect any security issues.…

Bi-partisan amendment aims to take away easy access to your online life

US lawmakers will get another vote on whether the FBI must get a warrant before agents can search Americans’ search and web-browsing histories.…

The rules of war that protect hospitals should extend into cyberspace

Following the surge of cyber attacks on medical facilities, the head of the International Committee of the Red Cross (ICRC) and more than 40 other international leaders asked the governments of the world to do more to safeguard critical medical organizations amid the coronavirus pandemic.…

No win, no fee. But if they win it's an up to £5.4bn fee

A law firm that is already chasing British Airways now claims it is suing Easyjet for up to £18bn, intending to take a modest £5.4bn cut for itself, after nine million people's data was stolen from the airline's servers.…

Scottish trial will courier PPE and COVID-19 tests to remote hospital

Remote-control drones are to be used to deliver coronavirus testing kits to a remote Scottish hospital – and they're being flown outside of the operators' direct line of sight.…

Fraud is a big issue for etailer, but there are privacy and consent concerns too

Users visiting eBay have spotted that the website runs port scans against their computer, using the localhost address to inspect what may be running on your machine.…

Passport-grade chippery to help mobile devices prove their identity

Samsung will launch a new standalone turnkey security chip to protect mobile devices, the company announced today.…

Hangzhou wants a 'health and immunity firewall'

One of China's major tech hubs is planning to make a health and movement tracking system developed to fight the COVID-19 epidemic a permanent fixture in daily life.…

This and more bits and bytes from infosec world

Roundup  It's once again time to catch up on the latest happenings from the world of infosec.…