News
Cisco reveals critical bug in small biz VPN routers when half the world is stuck working at home
Cisco has addressed a clutch of critical vulnerabilities in its small business and VPN routers that can be exploited by an unauthenticated, remote attacker to execute arbitrary code as the root user. All the attacker needs to do is send a maliciously crafted HTTP request to the web-based management interface.…
Vote machine biz Smartmatic sues Fox News and Trump chums for $2.7bn over bogus claims of rigged 2020 election
Electronic voting machine maker Smartmatic has sued Fox News, three of its hosts, and two of Donald Trump’s loyalists – Rudy Giuliani and Sidney Powell – for an eye-popping $2.7bn in defamation damages over the false claims it stole the 2020 presidential election for Joe Biden.…
How do you fix a problem like open-source security? Google has an idea tho constraints may not go down well
Google has proposed a framework for discussing and addressing open-source security based on factors like verified identity, code review, and trusted builds, but its approach may be at odds with open-source culture.…
Is there a widening gulf between you and your remote workers? Yes – and it’s security shaped
Webcast It’s been almost a year since large parts of the workforce beat a hasty retreat from their offices, and began a mass experiment in working from home, often courtesy of Microsoft 365.…
Nespresso smart cards hacked to provide infinite coffee after someone wasn't too perky about security
Some commercial Nespresso machines in Europe that incorporate a smart card payment system can be manipulated to add unlimited funds to purchase coffee, thanks to reliance on technology that's been known to be insecure for more than a decade.…
Myanmar’s new military government bans Facebook
The new self-appointed military government of Myanmar has temporarily banned Facebook.…
More patches for SolarWinds Orion after researchers find flaw allowing low-priv users to execute code, among others
As if that supply chain attack wasn't bad enough, SolarWinds has had to patch its Orion software again after eagle-eyed researchers discovered fresh vulnerabilities – including one that can be exploited to achieve remote code execution.…
Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET
ESET researchers say they have found a lightweight strain of malware that targets multiple OSes and has hit supercomputers, an ISP, and other organisations.…
Location tracking report: X-Mode SDK still in wide use in Android apps despite Google ban
A report on Android apps that do location tracking identified 450 apps that use tracker SDKs, many of which use an SDK called X-Mode, which Apple and Google have banned, but are still in Google's Play Store.…
Rubbish software security patches responsible for a quarter of zero-days last year
Enigma To limit the impact of zero-day vulnerabilities, Google security researcher Maddie Stone would like those developing software fixes to stop delivering shoddy patches.…
Spanish banished: Google Chrome to snub Camerfirma for lax cert management
When Google Chrome 90 arrives in April, visitors to websites that depend on TLS server authentication certificates from AC Camerfirma SA, a digital certificate authority based in Madrid, Spain, will find that those sites no longer present the secure lock icon.…
In wake of Apple privacy controls, Facebook mulls just begging its iOS app users to let it track them over the web
Facebook has created a new screen in its iOS app that will urge people to allow it to continue stalking their online activities for targeted advertising.…
US court system ditches electronic filing, goes paper-only for sensitive documents following SolarWinds hack
The US court system has banned the electronic submission of legal documents in sensitive cases out of concern that Russian hackers have compromised the filing system.…
Chrome 89 beta: Google presses on with 'advanced hardware interactions' that Mozilla, Apple see as harmful
Google has released a beta of Chrome 89, adding further hardware interaction APIs even though Mozilla and Apple consider many of these features harmful, as well as introducing a desktop-sharing API for Windows and Chrome OS.…
Ransomware attack takes out UK Research and Innovation's Brussels networking office
UK Research and Innovation, the British government's science and research organisation, has temporarily turned off a couple of its web-facing services after an apparent ransomware attack.…
£30m in contracts awarded in Post Office's £357m ATM overhaul
The UK Post Office has awarded two contracts worth a total of £30m for a banking network and ATMs system in a procurement expected to be worth £357m once all contracts are awarded.…
Countless emails wrongly blocked as spam after Cisco's SpamCop failed to renew domain name at the weekend
In brief Cisco's anti-spam service SpamCop failed to renew spamcop.net over weekend, causing it to lapse, which resulted in countless messages being falsely labeled and rejected as spam around the world.…
Google QUIC-ly left privacy behind in its quest for a speedier internet, boffins find
Google's QUIC (Quick UDP Internet Connections) protocol, announced in 2013 as a way to make the web faster, waited seven years before being implemented in the ad giant's Chrome browser. But it still arrived before privacy could get there.…
Severe bug in Libgcrypt – used by GPG and others – is a whole heap of trouble, prompts patch scramble
Google Project Zero researcher Tavis Ormandy on Thursday reported a severe flaw in Libgcrypt 1.9.0, an update to the widely used cryptographic library that was released ten days ago.…
European Commission redacts AstraZeneca vaccine contract – but forgets to wipe the bookmarks tab
The European Commission's war of words against pharma company AstraZeneca over COVID-19 virus vaccines has descended into farce after Brussels accidentally published an unredacted version of a disputed supply contract.…
Pages
