News

That's the Snoopers' Charter in action for you

British prosecutors can make use of evidence gathered by the French and Dutch police from encrypted messaging service Encrochat’s servers thanks to a legal interpretation of whether RAM counts as data storage, the Court of Appeal has ruled.…

Plus: British Mensa in data leak blunder, DARPA are Star Wars fans, Sonicwall patch out, and more

In brief  Email security biz Mimecast not only fell victim to the SolarWinds hackers, leading to its own customers being attacked, it is also trimming its workforce amid healthy profits.…

If you started off there, best change your reused credentials

SitePoint, an Australian learn-to-code publishing website, has been compromised while promoting the book Hacking for Dummies on its homepage.…

Electron 11, source control tweaks, plus general spit and polish

Microsoft has pushed out another update to dev favourite Visual Studio Code, but opted to hold off on the Apple Silicon version after a last-minute bug reared its head.…

Install your updates pronto, folks – it's an active exploit

If you use Google Chrome or a Chromium-based browser such as Microsoft Edge, update it immediately and/or check it for updates over the coming days – there is a zero-day exploit being actively exploited in the older version of Chrome that will also affect other vendors' browsers.…

They still laid him off, though

On Call  This week's episode of On Call, as ever, comes with a warning: Be careful moving that beige box, for you may not realise what it does.…

And we all know how good small business are at patching... NOT

Cisco has addressed a clutch of critical vulnerabilities in its small business and VPN routers that can be exploited by an unauthenticated, remote attacker to execute arbitrary code as the root user. All the attacker needs to do is send a maliciously crafted HTTP request to the web-based management interface.…

Turns out words have consequences

Electronic voting machine maker Smartmatic has sued Fox News, three of its hosts, and two of Donald Trump’s loyalists – Rudy Giuliani and Sidney Powell – for an eye-popping $2.7bn in defamation damages over the false claims it stole the 2020 presidential election for Joe Biden.…

'Try telling leaders of libpng, libjpeg-turbo, openssl, ffmpeg etc they can't make "unilateral" changes to their own projects'

Google has proposed a framework for discussing and addressing open-source security based on factors like verified identity, code review, and trusted builds, but its approach may be at odds with open-source culture.…

Tune in online this month and learn how to mind the security gap

Webcast  It’s been almost a year since large parts of the workforce beat a hasty retreat from their offices, and began a mass experiment in working from home, often courtesy of Microsoft 365.…

Older commercial machines rely on insecure Mifare Classic payments

Some commercial Nespresso machines in Europe that incorporate a smart card payment system can be manipulated to add unlimited funds to purchase coffee, thanks to reliance on technology that's been known to be insecure for more than a decade.…

Oh look, Cloudflare spots a sudden surge in use of other messaging apps

The new self-appointed military government of Myanmar has temporarily banned Facebook.…

Probably not used by last year's US government-busting attackers, though

As if that supply chain attack wasn't bad enough, SolarWinds has had to patch its Orion software again after eagle-eyed researchers discovered fresh vulnerabilities – including one that can be exploited to achieve remote code execution.…

Linux variant studied, dissected in detail in case you want to look out for it

ESET researchers say they have found a lightweight strain of malware that targets multiple OSes and has hit supercomputers, an ISP, and other organisations.…

450 Android apps track location, 1.7bn downloads, 44% use X-Mode code: only 10% pulled off Play Store

A report on Android apps that do location tracking identified 450 apps that use tracker SDKs, many of which use an SDK called X-Mode, which Apple and Google have banned, but are still in Google's Play Store.…

Google wants researchers, vendors to stop making attacks easy

Enigma  To limit the impact of zero-day vulnerabilities, Google security researcher Maddie Stone would like those developing software fixes to stop delivering shoddy patches.…

Mozilla meanwhile wants to continue compliance discussions with security certificate vendor

When Google Chrome 90 arrives in April, visitors to websites that depend on TLS server authentication certificates from AC Camerfirma SA, a digital certificate authority based in Madrid, Spain, will find that those sites no longer present the secure lock icon.…

I am once again asking for your financial support, says Zuckerberg's empire

Facebook has created a new screen in its iOS app that will urge people to allow it to continue stalking their online activities for targeted advertising.…

Lawyers required to hand in dead-tree copies. No, seriously

The US court system has banned the electronic submission of legal documents in sensitive cases out of concern that Russian hackers have compromised the filing system.…

Adding Serial API, Web NFC support, richer human interface device support

Google has released a beta of Chrome 89, adding further hardware interaction APIs even though Mozilla and Apple consider many of these features harmful, as well as introducing a desktop-sharing API for Windows and Chrome OS.…