News

Retention of now-deleted security breach evidence sparks spat

+Comment  IT pro Rob Dyke says an NHS-backed company not only threatened him with legal action after he flagged up an exposed GitHub repository containing credentials and insecure code, it even called the police on him.…

Testing dongle-driven ‘Cryptographic Attestation of Personhood’ and WebAuthn as alternative

Poll  Cloudflare has called on the world to “end this madness” by consigning CAPTCHAS to the dustbin of history.…

Anonymous sources get into war-by-media counterbriefing

Colonial Pipeline's operators reportedly paid $5m to regain control of their digital systems and get the pipeline pumping oil following last week's ransomware infection.…

Good luck to whoever got that gig

Stricken US bulk hydrocarbon conveyor Colonial Pipeline advertised for a new cybersecurity manager a month before that ransomware attack forced operators to shut down the pipeline as a pre-emptive safety measure.…

They are personal data, you know. Wait – you did know that, right?

Exclusive  Manchester City Council exposed online the number plates of more than 60,000 cars slapped with parking tickets, breaking data protection laws as it did so.…

Get ready for SANS Institute's biggest ever Asia-Pacific training event

Promo  Whatever your plans for the third quarter of 2021, an emerging security vulnerability or a network security breach has the potential to throw them into disarray. Unless, of course, you’ve made the effort to hone your existing skills or expand your knowledge into new areas ahead of time.…

You gotta work hard for those three-bytes-a-second transfers, though

Apple's Find My network, used to locate iOS and macOS devices – and more recently AirTags and other kit – also turns out to be a potential espionage tool.…

Join us online and learn about modern extortionware and how to frustrate it

Webcast  It’s shocking how blasé ransomware-toting criminals can be about freezing the operations of any organisation they can insinuate themselves into, including critical utilities or medical facilities.…

So says Foreign Secretary in lacklustre speech to NCSC faithful

CyberUK 21  Britain is to spend £22m on training African and Indo-Pacific nations to stave off cyber influences from "authoritarian regimes", foreign secretary Dominic Raab said today.…

Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons

Column  Nearly a decade ago I decided to try my hand as a cryptographer. It went about as well as you might expect. I’d gotten the crazy idea to write a tool that would encrypt Twitter’s direct messages - sent in the clear - so that your private communications would truly be private, visible to no one, including Twitter.…

Online lending apps and more given fifteen days to ‘rectify’ behaviour

China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…

No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week

South Korea’s Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation’s energy infrastructure.…

Dozen design, implementation blunders date back 24 years

A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef.…

'This can happen to anybody. There's always learning in any crisis. And we were no exception'

CyberUK 21  SolarWinds’ chief exec has described the 18,000 customers who downloaded backdoored versions of its Orion software as a “very small” number while giving a speech to an infosec event.…

Plus: Grab your updates for Adobe, SAP, Android, Intel

Patch Tuesday  Microsoft's May Patch Tuesday brought a lighter-than-usual load of 55 fixes for 32 of the Windows giant's applications and services, which is about half what was served up in April.…

Priti Patel doesn't say a word about encryption, though

CyberUK 21  Priti Patel has promised a government review of the UK's 30-year-old Computer Misuse Act "this year" as well as condemning companies that buy off ransomware criminals.…

Big Brother Watch warns app contains too much sensitive medical information

The UK will next week begin using the NHS App to confer an individual's vaccination status, in the face of warnings that the technology could lead to identifiable medical information being exposed.…

The data is in: most users do not opt in to third-party tracking

Mobile app analytics company Flurry is measuring how many users of iOS 14.5 are opting in to allow apps to request to track them - and so far only 15 per cent worldwide have done so.…

Patch your devi... oh, hang on a sec

A computer science professor from Sweden has discovered an arbitrary code execution vuln in the Universal Turing Machine, one of the earliest computer designs in history – though he admits it has "no real-world implications".…

Someone at West Midlands Trains approved nasty cybersecurity drill

UK rail operator West Midlands Trains sent an email to 2,500 employees to thank them for hard work during COVID and promised a one-time bonus as a reward, but that lovely news turned out to be phishing training. Needless to say, it did not go over well.…