News

If you don't have auto-update switched on, time to patch

Dell has copped to a flaw in SupportAssist – a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS – that allows local hackers to load malicious files with admin privileges.…

Old Gigabyte code lets file-scrambling RobbinHood go undetected

A kernel-level driver for old PC motherboards has been abused by criminals to hijack Windows computers, disable antivirus, and hold files to ransom.…

And shares with guessable passwords

A new variant of the notorious Emotet Windows malware is able to spread wirelessly by brute-forcing Wi-Fi network passwords and scanning for shared drives to infect.…

Mozilla's browser will, from March, require manual override

Mozilla Firefox will require user intervention to connect to websites using the TLS 1.0 or 1.1 protocol from March 2020 – and plans to eventually block those weak HTTPS connections entirely.…

It was a state-sponsored attack, declares US Attorney General

The United States has announced criminal charges against four Chinese Army soldiers who, it is claimed, are the hackers who stole 145 million Americans’ personal data from credit scorer Equifax.…

Including: Why was #RootGoat2020 trending on Twitter? It is as silly as you think

Roundup  It's time yet again to recap the latest security happenings.…

'I'm sorry, Dave, I'm afraid I can't fetch that document'

Continuing to drop flame retardant on the dumpster fire that is web security, Google on Thursday said it will soon prevent Chrome users from downloading files over insecure, plain old, unencrypted HTTP.…

Plus: Move to Agile is 'high risk' and infosec snafus still not fixed

British F-35Bs deploying to the South China Sea next year may not meet key reliability metrics set by an American government watchdog, its annual report has revealed.…

It may or not involve office stationery

Greater Manchester Police is struggling with a partial outage of a Capita-built computer system used by frontline officers to input information.…

'Pwned with a broadcast' bug among 25 to be patched by Google

Google has posted the February security updates for Android, including for a potentially serious remote code execution flaw in Bluetooth.…

Bad: The other 20 per cent are still wide open. Also bad: Some of those patched machines may have been hacked

Roughly a fifth of the public-facing Citrix devices vulnerable to the CVE-2019-19781 remote-hijacking flaw, aka Shitrix, remain unpatched and open to remote attack.…

That 'free' Adobe or Microsoft software isn't all it's cracked up to be, eh?

We don't know who needs to hear this, but don't download cracked commercial software. Researchers claim more than 500,000 PCs have been left wriggling with malware after a cracked app went on to retrieve further nasties from Bitbucket repos.…