News

AU$1.35bn fund follows revelations that country was hit by state-run attack

Australia will hire 500 hackers as part of a AU$1.35bn (£754m, $925m) boost to protect the nation's networks from a wave of cyber attacks.…

From Sept 1, new TLS certificates valid for more than 398 days will be snubbed

From September 1, Apple software, from Safari to macOS to iOS, will reject new HTTPS and other SSL/TLS certificates that are valid for more than 398 days, plus or minus some caveats.…

Publicity-hungry crims find new way of pressuring victims

A California university which is dedicated solely to public health research has paid a $1.14m ransom to a criminal gang in the hopes of regaining access to its data.…

Out-of-date law prevents Britain from fully developing its cybersecurity industry, say campaigners

British infosec businesses are celebrating the 30th birthday of the Computer Misuse Act 1990 by writing to Prime Minister Boris Johnson urging reform of the elderly cybercrime law.…

Plus: DDoS'er jailed, and more

In Brief  Redmond is bulking up the security around its AzureStack hardware-to-cloud bundle by acquiring infosec firm CyberX.…

Cupertino idiot-tax corp is fashionably late to the party

WWDC  Apple this year will boldly go where its peers have gone before by implementing support for encrypted DNS in iOS and macOS.…

Crooks threaten to leak swiped software blueprints

Maze ransomware masterminds claim to have stolen source code from LG after hacking into the electronics giant.…

Next week: Explore how keeping email safe can be part of a wider corporate strategy

Webcast  Leaked emails are the IT security mishap that just keeps on giving. From salacious tabloid headlines to lost elections to international security crises, a hacked or misfired email is the ultimate piece of first-hand evidence to light up a scandal, or ruin a reputation.…

Plus: Home Office urges judges to leave lax legal framework as is

South Wales Police and the UK Home Office "fundamentally disagree" that automated facial recognition (AFR) software is as intrusive as collecting fingerprints or DNA, a barrister for the force told the Court of Appeal yesterday.…

Snyk survey puts cross-site scripting top of the list for security holes – but watch out for prototype pollution too

Open-source security specialist Snyk has released a new survey combining data on vulnerabilities in available packages with responses from developers and DevOps teams about how they handle the challenge this poses.…

Last November: These ISPs know too much! June: God bless the ISPs

Comcast has agreed to be the first home broadband internet provider to handle secure DNS-over-HTTPS queries for Firefox browser users in the US, Mozilla has announced.…

WikiLeaker accused of tapping up LulzSec's Sabu as a source

Prosecutors in the US have upgraded their case against Julian Assange with a second superseding indictment claiming he sought out the services of a notorious hacker who, unbeknownst to the WikiLeaks boss, was secretly working with the Feds.…

Botnet C2, denial-of-service, phishing – and that's after filtering

Web traffic to the servers of the notorious Dutch-German Cyberbunker hosting biz was filled with all kinds of badness, including apparent botnet command-and-control and denial-of-service traffic, says SANS Institute.…

Bank on the receiving end of massive 418Gbps traffic barrage

Akamai reckons it blocked what may be the largest distributed denial-of-service attack ever, in terms of packets per second.…

Lawmakers will attempt to bend the laws of mathematics to their will

A trio of Republican senators on Tuesday proposed legislation that requires service providers and device makers in America to help the Feds bypass encryption when presented with a court-issued warrant.…

$600k starting bid, say public extortionists, or $42m to keep schtum

Ransomware criminals claiming to have siphoned confidential docs on Nicki Minaj, Mariah Carey, and Lebron James from an American law firm are threatening to auction off the info.…

Top judge replies: Don't understand what you're on about

A top judge told a barrister for the UK Information Commissioner's Office (ICO) today that his legal arguments against police facial-recognition technology face "a great difficulty" as he wondered whether they were even relevant to the case.…

This is the Apple-Google API one, not the 'world-beating' one

Harriet Harman MP, chair of Britain's Commons Human Rights Committee, has written to UK health secretary Matt Hancock seeking clarity on privacy aspects of the government's latest coronavirus contact-tracing app.…

Bungling cybercrooks throw toys out of the pram as negotiations shut down

The Maze ransomware gang has threatened to publish information stolen from an American firm that overhauls airliners and installs flight control software upgrades – because its victim refused to pay a demanded ransom.…

No intelligent pentesting systems were available to comment on this assertion

Puny humans still think they're superior to AI when it comes to infosec – and a significant number still don't venture into meatspace or get enough sunlight.…