News

Make your move before the cyber-crims make theirs, says Sysdig

Promo  The cloud has transformed how you manage your infrastructure and software development, enabling continuous integration and deployment, while allowing you to keep your operations running, well, continuously.…

200 other companies also targeted, but no data lost

Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…

Crucial flaw won't be fixed until next month

Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised by China via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day flaw that won't be patched until next month.…

Blundering mouthpiece sent arrogant line to journalist by accident

Facebook wants you to believe that the scraping of 533 million people’s personal data from its platform, and the dumping of that data online by nefarious people, is something to be “normalised.”…

Campaign launched to alert public sector staff that not everyone on the internet is nice

Ten thousand Britons have been targeted on LinkedIn by recruiters for the Chinese and Russian intelligence services, according to an awarenss campaign launched by domestic spy agency MI5 this morning.…

Cisco Talos discovers flaws in air fryer, connected chip cooker firm fails to fix

Bad news for lockdown slimmers who've ignored advice about not needing to connect every friggin' appliance in their home to the internet: Talos researchers have sniffed out security flaws allowing attackers to hijack your air fryer.…

Taskforce and two forums to consider Central Bank Digital Currency

The Bank of England and HM Treasury have formed a Taskforce to “coordinate the exploration of a potential UK Central Bank Digital Currency (CBDC).”…

Lessons learned and mission accomplished, apparently

The US government's response groups for dealing with recent SolarWinds and Microsoft Exchange vulnerabilities have reached the end of the road.…

Let's opt every WordPress site out of FLoC. Nice idea, but security update? Really?

A proposal by a WordPress core contributor to treat Google's FLoC ad tech as a security vulnerability, and therefore backport an automatic opt-out to previous WordPress versions, shows the depth of community opposition to the technology.…

Change the record, nobody's fooled by this now

UK Home Secretary Priti Patel will badmouth Facebook's use of end-to-end encryption on Monday evening as she links the security technology with paedophilia, terrorism, organised crime, and so on.…

Environment variables full of secrets uploaded to attacker server

Codecov, makers of a code coverage tool used by over 29,000 customers, has warned that a compromised script may have stolen credentials over a period of two months, before it was discovered a few weeks ago.…

Plus Pwn2Own faces fire and update Chrome immediately

In Brief  The former systems administrator for the FIN7 card-slurping gang has been sentenced to 10 years in a US prison.…

Would move for The Greater Good™ actually be good, though?

Comment  UK authorities could lawfully copy the FBI and forcibly remove web shells from compromised Microsoft Exchange server deployments – but some members of the British infosec industry are remarkably quiet about whether this would be a good thing.…

To stop protests by far-right party that wants France’s ambassador expelled

Pakistan shut down several social networks within its borders last Friday but lifted the ban after around four hours.…

Company insists it's a legit operator that's here to help

Positive Technologies has hit back at the US government's "groundless accusations" that it helped the Russian state carry out cyber attacks against the West – by highlighting how "government agencies of different countries" use its products.…

25% were rejected, and it's less than 2013's figure... but be wary of what Redmond does with your information

Microsoft has had a busy six months if its latest biannual digital trust report is anything to go by as law enforcement agencies crept closer to making 25,000 legal requests.…

Google employees called the meeting to discuss AP's data privacy reveal the 'Oh Shit' meeting

Australian federal court sent a message to Big Tech about its willingness to act on privacy violations when it ruled today that Google had "partially" misled consumers about collecting mobile phone personal location data.…

ioXt Alliance aims to bring 'transparency and visibility'

On Thursday the ioXt Alliance, an Internet of Things (IoT) security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be a bit less of a dumpster fire.…

And Positive Technologies has been slapped with American sanctions

Breaking  Russia’s infamous APT 29, aka Cozy Bear, was behind the SolarWinds Orion attack, the US and UK governments said today as America slapped sanctions on Russian infosec companies as well as expelling diplomats from that country’s US embassy.…

Another UK institution topples at the hands of miscreants

The University of Hertfordshire has fallen victim to a cyber attack that has resulted in the establishment pulling all its systems offline to deal with the situation.…