News

F-Secure gives its take on the first half of 2020 in internet scumminess

Coronavirus-themed malicious emails were the standout feature of online naughtiness in the first half of 2020, according to infosec firm F-Secure – though overall volumes of phishing did decrease a touch.…

Phishers claimed to be from 'National Health Commission', which exists in mainland China but not Taiwan

Taiwan's CERT detected cyber-crooks impersonating medical authorities to attack the country's tech industry during the early stages of the COVID pandemic.…

Ugly: And it's all about video game robberies at this stage

Two people have been arrested in Malaysia as part of America's crackdown on the Chinese government's hackers.…

Please just patch your infrastructure, begs US-CISA

Where Chinese hackers exploit, Iranians aren’t far behind. So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure.…

Erm ... guys ... have you looked at recent patch counts? (We have: you issued 372 this quarter, 54 critical)

Microsoft has open-sourced the fuzzing tool it uses to scour its own code for potential security vulnerabilities.…

And have you tried simply asking hackers to not hack?

The NSA has published online a guide for IT admins to keep systems free of bootkits and rootkits.…

No way to sugarcoat this: New York AG eclairs the 2015 data theft matter settled

Dunkin' Donuts today settled a lawsuit in which it was accused of hushing up the fact hackers siphoned its customers' personal information from its systems in 2015.…

Video platform is not for under-13s, insists spokesman

A campaign group is suing Google for up to £2.5bn over claims that YouTube breaks EU data protection laws by harvesting information about children under 13 – and is hoping to turn it into a UK class-action-style case.…

Nearly 2,000 e-commerce shops pwned over weekend so it's time to migrate

Thousands of e-commerce stores built using Magento 1 have been poisoned with malicious code that steals customers' bank card information as they enter their details to order stuff online.…

Tune in online this month and learn how to keep them at bay

Webcast  Working from home may have turned your life upside down, but for hackers, cyber-criminals and other bad actors, it’s all been business as usual.…

Compiling using open source intel and hailed as showing extent of China’s surveillance activities

A US academic has revealed the existence of 2.4-million-person database he says is compiled by a Chinese company known to supply intelligence, military, and security agencies. The academic alleges the purpose of the database is enabling overseas influence operations to be conducted against prominent or influential people outside China.…

Probing systems during a live election 'to be treated as hostile unless authorization granted,' Voatz insists

About 70 members of the computer security community on Monday challenged US voting app maker Voatz's effort to dictate the terms under which bug hunters can look for code flaws.…

Beijing's snoops don't even need zero-days to break into valuable networks

The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses.…

Atlanta to upgrade software license with more protection, clerk tells us

A court hearing on election security in America failed in its own security efforts – when it was zoombombed with porn, swastikas and images of the World Trade Center attacks.…

You can do it the easy way or the easier way

A "hack-proof" smart padlock with security based on blockchain technology could be defeated by a simple Bluetooth replay attack – or a 1kg lump hammer.…

August breach hadn't been cleared up at all – and regulators are furious

Personal data on 24 million South Africans, wrongfully sold by Experian to a person it claimed had "pretended" to represent a "legitimate client", is now not only circulating on the dark web – it's also on clearweb file-sharing sites, according to reports.…

Privacy-conscious biz insists on rolling its own mitigations, though

Encrypted email biz Tutanota has apologised for accidentally shutting its own users out while fending off the latest of a series of distributed denial-of-service (DDoS) attacks.…

Plus get patching your Palo Alto kit, there's a nasty crit out there

In brief  Cryptocurrency exchange Eterbase last week admitted hackers broke into its computers and made off with other people's coins, said to be worth $5.4m.…

Better yet - do the basics and your systems won't get encrypted in the first place

Most online attacks could be easily avoided by following basic cyber security advice, Australia’s national cyber security bureau has said – even as it warned that the impact and severity of things like ransomware attacks are getting worse and worse.…

Doing the right thing - after trying all the wrong things first

A “female social network” called Giggle whose operators left its user database unsecured has triggered a wave of Twitter controversy after its founder threatened to sue a UK infosec firm who pointed out the vulnerability.…