News

Being slow to patch just means you'll get pwned faster

Attackers began scanning for vulnerabilities just five minutes after Microsoft announced there were four zero-days in Exchange Server, according to Palo Alto Networks.…

But beware the SLA: Just how much would an outage actually cost you?

Microsoft has added another 9 to its availability guarantee for Azure Key Vault, taking the service to 99.99 per cent availability.…

Hounds can sniff out SIM cards that a human might miss

Australia's Federal Police (AFP) yesterday announced an expansion in its ability to seek digital evidence will be very good boys with four paws, wagging tails, and the ability to sniff out tech equipment with their highly sensitive noses.…

Guess they'll let anyone in here

The trustworthiness of Google's Chrome Store was again called into question after an extension billing itself as Microsoft Authenticator was published by the software souk without the simplest of checks.…

Intrusion believed to have entered through email

New Zealand’s Waikato District Health Board (DHB) has been hit with a strain of ransomware that took down most IT services Tuesday morning and drastically reduced services at six of its affiliate hospitals.…

Hint: He doesn't care if you personally think it's rubbish, and here's why

A Russian spymaster has denied that his agency carried out the infamous SolarWinds supply chain attack in a public relations move worthy of the Internet Research Agency.…

Who's recommending investment? The man who already has a $1bn stake

Wikipedia says MicroStrategy is a company that provides business intelligence (BI), mobile software, and cloud-based services, but that wouldn't be the first outdated information on the crowdsourced knowledge repository.…

And you're invited to speak your brains on Computer Misuse Act changes

+Comment  The British government has vowed to create a legally binding cybersecurity framework for managed service providers (MSPs) – and if you want to tell gov.UK what you think, you've only got a few weeks to act.…

Tries to tempt penguins with Ring Crypto

1Password has unveiled a full-featured desktop app for Linux, written in Rust and using the ring crypto library for end-to-end encryption.…

Boffins find increasing MAC address randomization protection with mobiles

In 2017, US Naval Academy researchers found that MAC address randomization in mobile devices was largely worthless as a privacy defense. Three years later, the same research group took another look and found that while there's been meaningful improvement, many phones still fail to effectively prevent MAC address-based tracking.…

Plus: Biden's order on security, US govt acquiring data on citizens, and more

In brief  Unlucky owners of Eufycam security cameras were horrified earlier today when they opened their app for the equipment and saw video streams from strangers' homes instead of their own.…

Dept of Health unsuccessfully targeted in same attack against hospitals

Roundup  The murky world of ransomware criminals is all aflutter after it was revealed that Ireland's health services were hit by a second attack hot on the heels of one that took out its hospitals, while ransomware insurance refusenik Axa was itself hit with ransomware after its French branch vowed to stop buying off criminals on behalf of its customers.…

Why? It might reveal whistleblowers' names...

British infosec accreditation body CREST has declared that it will not be publishing its full report into last year's exam-cheating scandal after all, triggering anger from the cybersecurity community.…

No policy shakeup to deal with snatch of info from primary physicians

Evidence from NHS Digital's website suggests that patient data held by GPs in England will be available to private-sector companies to help them understand market opportunities in the UK's health service.…

Former Sun boss Scott McNealy offers interesting response

Alexandra Elbakyan, the creator of controversial research trove Sci-Hub, has claimed that Apple informed her it has handed over information about her account to the FBI.…

TraceTogether app becomes primary tracking tool and compulsory in many settings

Singapore has made its Bluetooth-powered "TraceTogether" contact-tracing app its preferred means of recording movements in public spaces across the island.…

Also puts brakes on data collection by carmakers

China has signalled that ride-sharing companies and laid out regulations that will stop cars from collecting unnecessary data.…

Sometimes you need to lift yourself out of the cybersec trenches and look up to the summit

Promo  Keeping your organization safe from cybercriminals and other ne’er do wells requires constant honing and refining of your own skills and knowledge.…

By probing for installed apps with custom URL schemes, it's possible to build a 32-bit unique fingerprint

FingerprintJS, maker of a browser-fingerprinting library for fraud prevention, on Thursday said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser.…

Russia-based criminals pick soft target in hope of easy gains

Ireland's nationalised health service has shut down its IT systems following a "human-operated" Conti ransomware attack, causing a Dublin hospital to cancel outpatient appointments.…