News

The children's smartwatch allows bad actors to track their location and communicate with them, according to the alert.

25 bugs, three apps – endless pwnage

Security firm Check Point has found some 25 security vulnerabilities in three of the most popular remote desktop protocol (RDP) tools for Windows and Linux.…

Several flaws in both open-source RDP clients and in Microsoft's own proprietary client make it possible for a malicious RDP server to infect a client computer – which could then allow for an intrusion into the IT network as a whole.

Colossal intercepts are just the Bombe

Bletchley Park's National Museum of Computing will be exhibiting original, freshly discovered decrypted WWII messages to coincide with the 75th anniversary of D-Day this June – messages that were broken by the Colossus machines based on the museum's site.…

How do advanced persistent threat groups such as Double Secret Octopus and Anchor Panda get their ridiculous names?

E-waste partly to blame for proliferation of deceptively marketed silicon

Rogelio Vasquez, the owner of California-based PRB Logics Corporation, has pleaded guilty to selling fake branded semiconductor chips from China, some of which made their way into US military systems.…

Talk about a security cock-up – vuln exposing intimate snaps left wide open for 'months'

Dating-slash-hook-up app Jack'd is exposing to the public internet intimate snaps privately swapped between its users, allowing miscreants to download countless X-rated selfies without permission.…

Prof asks: What good comes from letting everyone know a vulnerability exists?

A computer engineering professor has an interesting idea for how to handle the public disclosure of serious vulnerabilities: don't.…

Referencing the Dalai Lama, the spam campaign is targeting recipients of a mailing list run by the Central Tibetan Administration.

Remote scripting flaw in open-source productivity suites is at least partly fixed

A security flaw affecting LibreOffice and Apache OpenOffice has been fixed in one of the two open-source office suites. The other still appears to be vulnerable.…

Hackers can talk to and locate the wearer, warns notice

The European Commission has ordered the recall of a smartwatch aimed at kids that allows miscreants to pinpoint the wearer's location, posing a potentially "serious risk".…

Despite several threat actors stating they are behind a massive 773M credential dump, researchers believe they have found the real distributor.

Armed with an impressive bag of exploits and other tricks for propagation, researchers believe the new trojan could be the catalyst for an upcoming, major cyber-offensive.

Your rapid-fire guide to all the other infosec news of the week

Roundup  This was the week we saw GPS grumbles, shady speakers, and Yahoo! Losing! Again!…

The decorating website said that account usernames, passwords and more have been compromised as part of a breach.

If you're going to lo-jack your offspring, at least be secure

A manufacturer of child-tracking smartwatches was under fire this week following the discovery of a second major security lapse in its technology in as many years.…

The Remexi spyware has been improved and retooled.

World+dog could view security answers and more

Exclusive  Mobile operator Three UK's website was showing visitors other customers' names, postal addresses, phone numbers, email addresses and more – all without asking for a login.…

From Facebook's research app being pulled from iOS devices to a new-found dump of compromised credentials, here are the top news of the week.

Scams, infrastructure attacks, data harvesting and attacks on streamers are all in the offing.