News

Beijing's snoops don't even need zero-days to break into valuable networks

The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses.…

Atlanta to upgrade software license with more protection, clerk tells us

A court hearing on election security in America failed in its own security efforts – when it was zoombombed with porn, swastikas and images of the World Trade Center attacks.…

You can do it the easy way or the easier way

A "hack-proof" smart padlock with security based on blockchain technology could be defeated by a simple Bluetooth replay attack – or a 1kg lump hammer.…

August breach hadn't been cleared up at all – and regulators are furious

Personal data on 24 million South Africans, wrongfully sold by Experian to a person it claimed had "pretended" to represent a "legitimate client", is now not only circulating on the dark web – it's also on clearweb file-sharing sites, according to reports.…

Privacy-conscious biz insists on rolling its own mitigations, though

Encrypted email biz Tutanota has apologised for accidentally shutting its own users out while fending off the latest of a series of distributed denial-of-service (DDoS) attacks.…

Plus get patching your Palo Alto kit, there's a nasty crit out there

In brief  Cryptocurrency exchange Eterbase last week admitted hackers broke into its computers and made off with other people's coins, said to be worth $5.4m.…

Better yet - do the basics and your systems won't get encrypted in the first place

Most online attacks could be easily avoided by following basic cyber security advice, Australia’s national cyber security bureau has said – even as it warned that the impact and severity of things like ransomware attacks are getting worse and worse.…

Doing the right thing - after trying all the wrong things first

A “female social network” called Giggle whose operators left its user database unsecured has triggered a wave of Twitter controversy after its founder threatened to sue a UK infosec firm who pointed out the vulnerability.…

So says Pro Privacy after automatedly gazing at 82,000 sites

British charities are sharing information about people visiting their websites with adtech data brokers, according to a report.…

The Orange One was using a password breached four years previously

Three “grumpy old hackers” in the Netherlands managed to access Donald Trump’s Twitter account in 2016 by extracting his password from the 2012 Linkedin hack.…

BORKlife! Flaw allows overwriting of keys by the habitual voyeur

The Bluetooth Special Interest Group has admitted some previous iterations of its technology had a flaw that could be exploited to hijack or eavesdrop on nearby connections.…

UK political parties probed, too, reckons Redmond as it wades into debate with call for extra election security funding

Microsoft believes there have been extensive “cyberattacks targeting people and organizations involved in the upcoming presidential election,” and that foreign government hackers responsible for attacks ahead of the 2016 vote are back with new and nastier tactics.…

Here’s an ebook just for you, courtesy of Rapid7

Promo  When you’re running security, it can be hard not to feel you’re slogging away in the trenches, saving your organisation on a daily basis, but getting precious little in the way of recognition and even less in terms of budget.…

Swansea-based CPS Advisory hit dial 106,987 times in 80 days, says ICO

Britain’s data watchdog says it has snared Swansea-based business CPS Advisory for making more than 100,000 “unauthorised direct marketing calls” to people about their pensions, and subsequently fined the company £130,000.…

Anti-social network asked to stop piping Irish uncles' mutterings to America

Facebook has been reportedly asked to stop sending data from Ireland to the US, on orders from the EU.…

‘Anti-China elements viciously attacked’ with links to racy personal service provider and propaganda

China’s UK embassy has lashed out after the Twitter account of its ambassador Liu Xiaoming was apparently hacked.…

'Particularly students in high school and college classes'

Researchers have published the first detailed look into what makes people troll Zoom calls and other video-conferencing meetings – and found the vast majority are inside jobs, and unique per-person access codes could end the practice.…

Silently side-step software safeguards

Video  Boffins in America, the Netherlands, and Switzerland have devised a Spectre-style attack on modern processors that can defeat defenses that are supposed to stop malicious software from hijacking a computer's operating system. The end result is exploit code able to bypass a crucial protection mechanism and take over a device to hand over root access.…

US extradition attempt for ex-WikiLeaker now being heard by London beak

Julian Assange has been told to hold his tongue and not interrupt court proceedings by a judge as he contests US attempts to extradite him from Britain to stand trial over his WikiLeaks website.…

Apple crowd included - as NFC can now be used for something other than Apple Pay

Security token biz Yubico has a new key out today, its latest-generation two-factor encryption (2FA) authentication unit, the Yubico 5C NFC, which includes support for PCs and mobile devices using USB-C, as well as a built-in NFC radio.…