News
Microsoft's July Patch Tuesday fixes actively exploited bug
Patch Tuesday Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live — with a slew of caveats — the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit. …
Amazon squashes years-old authentication bugs in AWS Kubernetes service
AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could allow an attacker to escalate privileges within a Kubernetes cluster.…
Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant
Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place. Mitigating this side channel is expected to take a toll on performance.…
Microsoft 365 patches for Windows 7 to end in 2023
Microsoft has warned users clinging to Windows 7 and Windows 8.1 that the end really is nigh.…
UK Info Commissioner slams use of WhatsApp by health officials during pandemic
The UK Information Commissioner's Office (ICO) on Monday issued a reprimand and called for a review of how and whether messaging services should be used for government business practices, after finding widespread and potentially dangerous use of private email, WhatsApp and other messaging tools by officials at the Department of Health and Social Care (DHSC).…
Take the day off: Windows Autopatch is live and can even fix cloudy PCs
Microsoft's promised service to enable automatic patching of Windows has gone live.…
San Francisco cops want real-time access to private security cameras for surveillance
San Francisco lawmakers are mulling a proposed law that would allow police to use private security cameras – think: those in residential doorbells, medical clinics, and retail shops – in real time for surveillance purposes.…
Defense contractor pays $9m to settle whistleblower's cybersecurity allegations
Aerojet Rocketdyne, which makes propulsion and power systems for launch vehicles, missiles and satellites for NASA and the US military, has agreed to pay $9 million to settle charges it misrepresented its products' compliance with cybersecurity requirements in federal government contracts.…
HavanaCrypt ransomware sails in as a fake Google update
A new ransomware family is being delivered as a bogus Google Software Update, using Microsoft functionality as part of its attack.…
US military contractor moves to buy Israeli spy-tech company NSO Group
US security technology provider L3Harris has courted controversial Israeli spyware firm NSO with an aim to buy it, according to reports.…
UK response to China's tech ambitions labelled 'incoherent and muted'
The UK's response to China's well-publicized efforts to use technology standards to shape the world in its image has been "incoherent and muted" according to report by the House of Commons Foreign Affairs Committee.…
How data on a billion people may have leaked from a Chinese police dashboard
Details have emerged on how more than a billion personal records were stolen in China and put up for sale on the dark web, and it all boils down to a unprotected online dashboard that left the data open to anyone who could find it.…
How to survive a SYN flood attack
Sponsored Post If you do any sort of business via the web, the damage caused by a distributed denial of service (DDoS) attack could be catastrophic for your bottom line.…
Microsoft rolls back default macro blocks in Office without telling anyone
Microsoft appears set to roll back its decision to adopt a default stance of preventing macros sourced from the internet from running in Office unless given explicit permission.…
Time to rethink data protection for cloud workloads
Sponsored Post Enterprises often forget that SLAs with cloud providers cover access to the service, but not necessarily protection for the data.…
Five accused of trying to silence China critics in US
Five suspects were indicted in a federal court in Brooklyn, New York on Wednesday for alleged crimes related to a campaign to silence dissidents in the US who opposed the government of the People's Republic of China (PRC).…
Someone may be prepping an NPM crypto-mining spree
A burst of almost 1,300 JavaScript packages automatically created on NPM via more than 1,000 user accounts could be the initial step in a major crypto-mining campaign, according to researchers at Checkmarx.…
The agent of successful cyber security defense
Webinar Agents sit on devices to perform security scanning and reporting, system restarts/reboots, software patching, configuration and general system monitoring. Agentless security tools do much the same, just without the agents, making them a better bet for security vulnerability scanning on remote machines where its harder to install an agent – like the cloud.…
Chromium's WebRTC zero-day fix arrives in Microsoft Edge
Microsoft has followed Google's lead and issued an update for its Edge browser following the arrival of a WebRTC zero-day.…
IT reseller giant SHI International knocked offline by cyberattack
New Jersey-based IT reseller and service provider SHI International was knocked off the web after a July 4 cyberattack.…
Pages
