News

China lashed for ignoring norms, retorts that Western clique isn't playing fair

A communiqué issued at the conclusion of the NATO summit has called for China to observe the laws of cyberspace, and set out new standards by which members of the alliance will consider cyberattacks.…

Hopes raised in West of an extradition or law enforcement agreement to stem the tide

The G7 summit of western countries has called upon Russia to "identify, disrupt, and hold to account those within its borders who conduct ransomware attacks, abuse virtual currency to launder ransoms, and other cybercrimes."…

Will be transferred to a halfway house, attorney continues to fight for presidential pardon

Reality Winner, the former NSA intelligence contractor who leaked evidence of Russian interference in a US Presidential election to the press, has been released from prison.…

Admits nothing but promises amendments to auto-renewal, refund policies

The UK's Competition and Markets Authority (CMA) has inked a deal with Norton where it will refund customers whose antivirus software subscription was automatically renewed.…

If we trust it, crooks will too – meaning Plod can get their kiloscrote nab

Column  Back in October, a call by spy agencies to weaken end-to-end encryption "because of the children" provoked a bit of analysis on how many times UK Home Secretaries had banged the same drum. All of them, it turned out. All of the time.…

Crims now know what not to trust, and how to stymie future infiltrations

Comment  In April 1943, Japanese admiral Isoroku Yamamoto was killed when the US Air Force shot down the plane carrying him to Balalae Airfield in the Solomon Islands.…

Even nuclear missile attacks came with a 4-minute heads-up

Comment  Britain has told the UN that international cyber law should allow zero-notice digital punishment directed at countries that attack others' infrastructure.…

'Surprise stealing mechanics' made short work of network perimeter security

EA Games, publisher of Battlefield, The Sims and FIFA, has admitted to a "recent incident of intrusion into our network" in which attackers reportedly stole game source code and software development kits.…

Error handling? Nah, let's just unlock everything and be done with it

A seven-year-old privilege escalation vulnerability that's been lurking in several Linux distributions was patched last week in a coordinated disclosure.…

As local search engines stop providing results on crypto-keywords

China’s crackdown on cryptocurrencies has reached a new crescendo, with the nation’s Ministry of Public Security on Wednesday proclaiming it has arrested over 1000 people and shut down 170 gangs that provided crypto-linked money-laundering services.…

FoI request details £76,800 in training fees, most of which went to staff security-specific departments

The Student Loans Company (SLC) spent £76,800 on cybersecurity training over its previous two fiscal years – including a sudden and unsurprising interest in security in a work-from-home environment.…

Fines, fines, everywhere there's fines

Microsoft and five other companies have received fines totaling US$75K from South Korea's Personal Information Protection Commission (PIPC), for running afoul of local data protection laws.…

Company also says large and well-funded IT department sorted recovery swiftly

JBS Foods, one of the world’s largest meat producers, has revealed it handed over “the equivalent of $11 million” to resolve a ransomware infection that disrupted operations in Australia, the USA, and Canada.…

Boffins find flaw in web security that enables certificate confusion

Academics from three German universities have found a vulnerability in the Transport Layer Security (TLS) protocol that under limited circumstances allows the theft of session cookies and enables cross-site scripting attacks.…

The first based in China

Huawei has opened another cyber security centre and, despite facing a crisis of trust in the West, has chosen to do so for the first time in its Chinese heartland.…

Criminal operators emerged from woodwork just as COVID hit the West

The Nefilim ransomware gang might not be the best known or most prolific online extortion crew but their penchant for attacking small numbers of $1bn+ turnover firms is paying off, according tot he latest research.…

Raspberry Pi-powered prototype proves 95% accurate, 100% private, claim boffins

Researchers at the University of Michigan have proposed a way to have your privacy cake and eat your home automation too. They've found a means of using a voice-activated smart speaker system without it having to listen to everything you say – and no, it's not "pressing a button."…

Mandiant investigation says crims gained access through legacy VPN

The boss of Colonial Pipeline has appeared before a Senate Committee to explain the events which led to US East Coast fuel supplies running dry last month and some $5m being handed over in ransom.…

Malicious crew targets ME and Asia but also tries evading Chinese AV suites

ESET has published details of an advanced persistent threat (APT) crew that appears to have deployed recent supply chain attack methods against targets including "electronics manufacturers," although it didn't specify which.…

Reports through Chipzilla's bug bounty scheme growing, but still in the minority

Intel has pushed out a raft of security advisories for June, bringing its total discovered "potential vulnerabilities" for the year to date to 132, only a quarter of which were reported by external contributors and the company's bug bounty programme.…