News

Three men charged with breaking export, security laws, agree to deal after infiltrating smartphones with zero-click exploits

Three former US intelligence and military operatives broke America's weapons export and computer security laws by, among other things, helping the United Arab Emirates hijack and siphon data from people's iPhones, it emerged on Tuesday.…

Azure agent in Linux guests fixed, MSHTML exploit tackled, and much more – Plus: Adobe and SAP issue updates

Patch Tuesday  For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities alongside 20 Chromium security bugs in Microsoft Edge.…

Artists advised to delete emails asking them to download 'media bundle'

Krita, an open-source cross-platform digital painting application, has become the latest victim of ransomware – but rather than being attacked directly, its name is being used to spread malware among users via emails offering advertising revenue.…

'The first complete infrastructure to enable general-purpose hardware security experiments on the Apple iPhone SoCs,' they claim

A trio of researchers at North Carolina State University (NC State) have released what they describe as a "novel research toolkit" for Apple's iDevices - and to prove its functionality, have disclosed side-channel attacks against the company's A10 Fusion system-on-chip.…

Impersonation scams and smishing rocket, say UK Finance and Which?

Brits are too polite to tell phone scammers to "get stuffed", "take a hike" or "sling yer 'ook" when they impersonate so-called "trusted organisations" such as banks.…

Put your data on someone else's computer to keep it safe, urges Imperva

After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet.…

'Kape has moved on from those times'

UK-headquartered Kape Technologies announced on Monday it has acquired ExpressVPN in a $936m (£675m) cash and stocks deal, a move it claims will double its customer base to at least six million.…

Separate flaw in WebKit also under attack squashed, too – and two zero-days in Chrome, as well

Updated  Apple on Monday issued security patches for its mobile and desktop operating systems, and for its WebKit browser engine, to address two security flaws, at least one of which was, it is said, used by autocratic governments to spy on human rights advocates.…

Forget Agent Smith, we want to see Neo fighting implementation bugs

The Matrix.org Foundation, which oversees the Matrix decentralized communication protocol, said on Monday multiple Matrix clients and libraries contain a vulnerability that can potentially be abused to expose encrypted messages.…

Homes4Wiltshire, aka Homes4Spammers

An open redirect on a UK council-backed property website allowed low-level miscreants to evade filters.…

Tells committee: I know I said Facebook was 'morally bankrupt' but...

The incoming head of the UK's data watchdog has "gone on the record" to say he will be fair and impartial in his dealings with tech companies despite once describing Facebook as "morally bankrupt pathological liars."…

Funny how 'privacy-focused' Apple and Google haven't managed that

Facebook's WhatsApp on Friday said users will soon be able to store end-to-end (E2E) encrypted backups of their chat history on Google Drive in Android or Apple iCloud in iOS, with an option to self-manage the encryption key.…

Org releases its top ten list of bad things software vendors do

The Open Web App Security Project has released its Top Ten list of vulnerabilities in web software, as part of the general movement to make software less painfully insecure at the design stage.…

Finder tells El Reg of struggle to report snafu

McDonald's customers who won a prize draw competition got more than they hoped for after the burger chain emailed them login credentials for development and production databases used to power the campaign.…

Policies revealed after long battle for transparency and accountability

Los Angeles police are instructed to collect social media details from people they stop and talk to, even if those civilians aren’t suspected of breaking the law, according to documents finally revealed after a lengthy legal battle.…

No data went awry, Cosmos DB had a similar bug just two weeks ago

Microsoft today revealed it fixed a vulnerability in its Azure Container Instances services that could have been exploited by a malicious user "to access other customers' information."…

Nobody from government will say a word about who's behind it

Banks and post offices in New Zealand have been hit by a cyber offensive, according to reports, consisting of sustained DDoS attacks against a number of critical online services.…

'I am a firm supporter of privacy,' Sir Tim declares - even as the service is lambasted over IP logging

Privacy-centric communications specialist Proton, best known for its ProtonMail encrypted email platform, has announced the appointment of web daddy Sir Tim Berners-Lee to its advisory board.…

What have we learned during that time? Quite a bit, it appears

The OpenSSL team has released version 3.0 of its eponymous secure communications library after a lengthy gestation period.…

You can't reduce such a vital issue to concern over paedophiles and terrorists

Opinion  The British government is preparing to launch a full-scale policy assault against Facebook as the company gears up to introduce end-to-end encryption across all of its services.…