News

If you don’t patch, the hosts driving all your virty servers are at risk. So maybe your to-do list needs a tickle?

VMware has revealed a critical-rated bug in the HTML5 client for its flagship vSphere hybrid cloud suite.…

So says Digital Shadows as it puts a price on illicit access methods

A growing category of cyber-crime consists of breaking into corporate networks and doing nothing else – except selling that illicit access to others for about $7,000 a go, says infosec biz Digital Shadows.…

And what may be CAD drawing of a military radar antenna

The Clop ransomware gang claims to have stolen documents from aerospace giant Bombardier’s defense division – and has leaked what appears to be a CAD drawing of one of its military aircraft products, raising fears over what else they’ve got.…

Automatic updates? 'We have ideas on how to improve this,' says founder

Linux Mint founder Clem Lefebvre has complained that too many users are slow to apply updates or run unsupported versions of the operating system.…

Check Point says Beijing 'reconstructed' Equation Group's hacking tool long before leak

A zero-day exploit said to have been developed by the NSA was cloned and used by Chinese government hackers on Windows systems years before the cyber-weapon was leaked online, it is claimed.…

Real names, usernames, and what appears to be SHA-1 hashed passwords exposed

Daycare camera product NurseryCam was hacked late last week with the person behind the digital break-in coming forward to tip us off.…

It’s a bird, it’s a plane… holy crap there’s a nacelle in my kitchen

In what can only be described as a bad day for Boeing, not one but two of its planes suffered engine fire and began shedding parts along their respective flight paths.…

Plus: IBM's lawyers hacked, Kia denies ransomware hit, France declares war on hackers, and more

In brief  Brave has patched up its privacy-focused web browser after it was spotted leaking its Tor users' dark-web habits.…

Behaves like a legit software installer and phones home for instructions, but lacks a payload

US security consultancy Red Canary says it’s found MacOS malware written specifically for the shiny new M1 silicon that Apple created to power its post-Intel Macs.…

Popular programming language, at the top of its game, still struggles to please everyone

Feature  February 20, 2021, the 30th anniversary of Python, finds the programming language at the top of its game but not without challenges.…

Rival atheists accused of not believing in privacy law

The Atheist Alliance International, an organisation that works to demystify atheism and advocate for secular governance, has warned members their personal information appears to have been leaked.…

We’ll be fine, says Redmond security crew. No word on whether you will be too once crims analyse their haul

Microsoft has admitted that as a result of installing backdoored SolarWinds tools in some parts of its corporate network, portions of its source code was obtained and exfiltrated by parties unknown.…

So says Kenna Security in a refreshing piece of counter-FUD analysis

While the infosec industry is used to reading (and pumping out) FUD about software vulnerabilities, eye-catching research suggests about 500 vulns were exploited in 2019 – despite 18,000 new CVEs being created.…

Company has a habit of reacting badly to vuln disclosures

Updated  A parental webcam targeted at nursery schools was so poorly designed that anyone who downloaded its mobile app gained access to admin credentials, bypassing intended authentication, according to security pros – with one dad saying its creators brushed off his complaints about insecurities six years ago.…

Tune in next week and discover how to tighten that gap in your remote worker security

Webcast  You’ve seen large parts of your workforce take to the hills over the past year with nothing but a laptop and a Microsoft 365 account for company.…

Masslogger evolution rears its ugly head, $30 gets you three month license to cause carnage

Cisco Talos has uncovered a credential-stealing trojan that lifts your login details from the Chrome browser, Microsoft's Outlook and instant messengers.…

Oh yes, and hacking Hollywood, allegedly

Three suspected North Korean military intelligence hackers have been charged with, among other things, conspiring to loot more than $1.3bn (£938m) from banks, ATMs, and cryptocurrency companies, according to an indictment unsealed by the US Department of Justice on Wednesday.…

Just who is running your favourite project these days?

Sponsored  In November 2020, the JavaScript registry npm flashed a security advisory that a library called twilio-npm harboured malicious code which could backdoor any machine it was downloaded to. Perhaps the most troubling aspect of this tale is that this was the seventh such malicious package found on npm within a month, a stark illustration of the effort that cybercriminals are making to insert themselves into the open source software supply chain.…

Reassuring the regulators

Microsoft has unveiled a preview of Azure Firewall Premium, aimed at highly sensitive and regulated environments.…

Immutablity or vulnerability – it’s your choice

Webcast  If you think your backup strategy means you’re protected from the worst that cyber-criminals can throw at you, we’ve got some bad news. Ransomware creators know all about backups, too.…