News

He then doubled down on spies' 'ghost user' backdoor plan

Solving the Huawei 5G security problem is a question of convincing the Chinese to embrace British "fair play", security minister Ben Wallace said yesterday without the slightest hint of irony.…

Can't spell SupportAssist without 'ass' and 'u' – other makers may be hit, too

Dell's troubleshooting software SupportAssist, bundled with the US tech titan's home and business computers, has a security flaw that can be exploited by malware and rogue logged-in users to gain administrator powers.…

Patch released after crypto-currency biz sounded alarm

The development and release of a critical Firefox security patch this week was, in part, triggered by an attempted cyber-heist of crypto-coin exchange Coinbase.…

You need to rifle through my photos why, exactly?

Regulators and campaign groups have warned a UK Parliamentary inquiry that the increasing collection, use and storage of data by corporations poses a serious risk to privacy and security.…

Senator urges NIST to do something about it

Influential US Senator Ron Wyden (D-OR) is not happy about Uncle Sam's employees using insecure .zip files and other archive formats to electronically transfer information.…

Plus: MongoDB crams end-to-end crypto into database tech

Google on Wednesday released source code for a project called Private Join and Compute that allows two parties to analyze and compare shared sets of data without revealing the contents of each set to the other party.…

Emergency security fix emitted for remote code exec hole exploited in the wild

Oracle has issued an emergency critical update to address a remote code execution vulnerability in its WebLogic Server component for Fusion Middleware – a flaw miscreants are exploiting in the wild to hijack systems.…

Office of the Inspector General brings lab back down to Earth

NASA's Jet Propulsion Lab still has "multiple IT security control weaknesses" that expose "systems and data to exploitation by cyber criminals", despite cautions earlier this year.…

150,000 personal records on people, including US veterans, upset with their healthcare

In what has become a depressingly common occurrence, the personal information of hundreds of thousands of people may have fallen into the wrong hands because yet another organization did not secure a cloud-hosted database.…

Just make sure you're running the latest version

Mozilla has released an emergency critical update for Firefox to squash a zero-day vulnerability that is under active attack.…

The tables are turned, database tables that is

The healthcare debt collector ransacked by hackers, who gained access to millions of patients' personal information, has filed for bankruptcy protection.…

Contents were cached by Google so we can all point and giggle

Someone in the Parliamentary Digital Service managed to leave a server so completely exposed to the internet that Google indexed the Windows machine’s operating system.…

Home devices are so poorly guarded, attackers don't even need sophisticated tools

While netizens and journalists worry about criminals and spies using sophisticated cyber-weapons to hijack Internet of Things devices, basic security protections are being overlooked – and pose a far greater threat.…

Bitdefender teams up with FBI, cops to rescue Windows PC documents

Victims of the latest incarnations of the GandCrab ransomware now have a way to reclaim their files without paying a penny to extortionists, thanks to the release of a decryption tool.…

Tweet deleted as telly maker reconsiders damning but refreshingly honest messaging

Samsung on Sunday sent out a tweet urging people to check their Sammy smart TVs for viruses – and then deleted the message, as if someone realized that highlighting the risks posed by connected TVs may be bad for business.…

Don't let miscreants play hacky-SACK with your gear. Apply these mitigations, patches now if you can

It is possible to crash network-facing Linux servers, PCs, smartphones and tablets, and gadgets, or slow down their network connections, by sending them a series of maliciously crafted packets. It is also possible to hamper FreeBSD machines with the same attack.…

We said engineers made the API too powerful. We weren't wrong

Analysis  In a mild PR blitz, Google engineers this month insisted the ad giant's shake up of Chrome browser extensions won't kill advert blockers. Instead, we're told, Googlers are making the plugins safer. Those engineers have more work to do than it may seem.…

Your quick guide to hacks, patches and scandal

Roundup  Here's a quick roundup of recent infosec news beyond what we've already reported.…

Guys, your security hygiene stinks

Akamai Edge World  Players of games like Fortnite and Minecraft have emerged as juicy targets for cybercriminals.…

For FIPS sake!

Yubico is recalling one of its YubiKey lines after the authentication dongles were found to have a security weakness.…