News

Don't be so smug, Mac users, you're open to an InDesign project file

A nightmare flaw for Exchange Server headlines this month's Patch Tuesday lineup from Microsoft and others.…

Doppelpaymer gang publishes Geordie institution's stolen files online

A cyber attack at Newcastle University has turned out to be a ransomware infection courtesy of the Doppelpaymer gang.…

State-sponsored infrastructure hacking, backdoors-by-fiat and even lock-in all out of bounds in draft code

China has proposed a “Global Initiative on Data Security” that it hopes the world will adopt to govern the collection and use of data by governments and the private sector alike.…

And no good deed (for drug dealers) goes unpunished

In Brief  The US Court of Appeals for the Ninth Circuit ruled last week that the activities of American intelligence agencies unmasked by Edward Snowden were illegal.…

Ripping and replacing Chinese-made gear won't be cheap

The US Federal Communications Commission (FCC) says that performing a full replacement of all Huawei and ZTE hardware on American wireless networks will cost $1.837bn in total.…

'Most developers are highly intelligent, but also highly stupid'

Hard-working but naive developers are a little known but highly dangerous soft spot in an organisation that attackers can exploit.…

And reveals half a dozen WhatsApp bugs into the bargain

Facebook has published its first Vulnerability Disclosure Policy and given itself grounds to blab the existence of bugs to the world if it thinks that’s the right thing to do.…

We should be able to outlaw unauthorized inquiry, Voatz argues

Voatz, the maker of a blockchain-based mobile election voting app pilloried for poor security earlier this year, has urged the US Supreme Court not to change the 1986 Computer Fraud and Abuse Act (CFAA), a law that critics say inhibits security research because it's overly broad.…

Eight DDoS attacks targeted networks, virtual classrooms, say officials

A teenager in America has apparently admitted knocking virtual learning classes offline with a string of distributed denial-of-service (DDoS) attacks.…

Sites with WP File Manager should update ASAP – exploits in the wild

A critical vulnerability in a popular WordPress plugin called WP File Manager was spotted on Tuesday and was quickly patched by the plugin's developers.…

Snowden, privacy campaigners cheer ruling 7 years in the making

The United States Court of Appeals for the Ninth Circuit has ruled [PDF] that the National Security Agency's phone-call slurping was indeed naughty, seven years after former contractor Edward Snowden blew the whistle on the tawdry affair.…

Great – and who will be the first responders?

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday ordered US federal agencies outside the defense and intelligence communities to develop a working vulnerability disclosure policy.…

APT phishing crew had COVID-themed fling with the west during height of pandemic, claim researchers

Malware pathologists have noted a return to "business as usual" as groups associated with Chinese state interests turned their attentions back to Tibetan matters after a European dalliance earlier this year.…

Transaction 'disturbed the order of the capital market', claim Seoul prosecutors

South Korea has indicted Samsung Group vice chairman Lee Jae-yong over his role in a 2015 merger that made him heir apparent to the multinational's empire.…

That's certainly one way to get around COVID-19 travel restrictions

A British citizen has been extradited to the US to face charges he oversaw a series of business email compromise attacks to steal over $2m from unwary accounts departments and individuals.…

Chat app chaps, Electron security, Microsoft Teams under fire

A critical remote-code-execution vulnerability affecting past versions of the Slack desktop app was disclosed on Friday after the software maker fixed its app.…

Wait! What? Aaah ... legacy systems strike again, but won't get another bite

Microsoft has published a new security baseline for Microsoft Edge and one of the new rules is titled “Allow certificates signed using SHA-1 when issued by local trust anchors.”…

Perl clutching time again

Stop us if you've heard this one before: a remote-code execution vulnerability needs patching in Pulse Secure VPNs.…

A quick lesson in how not to deploy Sharepoint as a 'my account' file retrieval system

Southern Water - British supplier of the liquid of life - botched its internal Sharepoint implementation so badly that a customer was able to view other people’s account details.…

...read the article, of course

North Korean government hackers dubbed the BeagleBoyz are trying to electronically rob banks, the United States warned this week.…