News

Chimaera toolkit found on 'thousands' of Windows, Linux, and container systems worldwide

AT&T's Alien Labs security division has sounded the alarm on a malware campaign from TeamTNT which, it claims, has gone almost entirely undetected by anti-virus systems - and which is turning target devices into cryptocurrency miners.…

Chartered Institute of Information Security reveals what you're all thinking

The COVID-19 pandemic was good for business, according to British infosec workers – although half of them still say they feel burnt out amid the surge in work.…

Am I only dreaming, or is this burning an Eternal Blue?

Some vulnerabilities remain unreported for the longest time. The 12-year-old Dell SupportAssist remote code execution (RCE) flaw – which was finally unearthed earlier this year – would be one example.…

Join security leaders to learn why network, perimeter, and application security aren’t enough

Sponsored  Ransomware attacks have accelerated at a feverish pace in the last year leaving small businesses, large enterprises, and government agencies scrambling to protect the lifeblood of their organizations – their data. So what can you do?…

ActiveX and MSHTML, the gift that keeps on giving ... to intruders

In an advisory issued on Tuesday, Microsoft said some of its users were targeted by poisoned Office documents that exploit an unpatched flaw to hijack their Windows machines.…

Where did people think spam and harassment reports were going?

Facebook's WhatsApp states its messages are protected by the Signal encryption protocol. A report published today by investigative non-profit ProPublica contends that WhatsApp communication is less private than users understand or expect.…

Why are they asking G7 to do their job for them, muses critic

Cookies are on the menu today for the G7 as the UK's Information Commissioner's Office (ICO) proposes to the group of leading global economies that consent pop-ups should be reduced.…

Cops can read the SMTP spec too, y'know

Encrypted email service ProtonMail has become embroiled in a minor scandal after responding to a legal request to hand over a user's IP address and details of the devices he used to access his mailbox to Swiss police – resulting in the user's arrest.…

Plus: Police aren't treating breaches as terror offence

The person who reformatted the Guntrader hack data as a Google Earth-compatible CSV has said they are prepared to go to prison – while denying their actions amounted to a criminal offence.…

DialADeal is no longer operating

A Glasgow-based company is facing a £150,000 penalty handed down by the UK's data watchdog for making more than half a million nuisance calls about bogus green energy deals.…

How was your weekend? Got some patching done?

The Jenkins team issued a reminder over the weekend that one should keep one's systems patched as it found itself with a compromised Confluence service.…

Don't trust the insurer's techies, take the blame and other practical tips

Feature  When I first became a company chief techie, the finance director patronisingly explained the basic asymmetry of prevention vs cure. Spending money on assets to stop an attack come out of capex, but spending after the disaster would be up to the insurer, with premiums deducted out of opex. Also, prevention costs reduced current bonuses.…

It's not as if politicians' birthdays aren't well known, and they get jabbed on live TV

Indonesian authorities have admitted that the COVID-19 vaccination certificate of the nation's President has circulated online and tried to explain that it's an indication of admirable transparency, rather than lamentable security.…

Address randomisation not implemented on some, it seems

A Norwegian student who went wardriving around Oslo on a pushbike has discovered that several popular models of Bluetooth headphones don't implement MAC address randomisation – meaning they can be used to track their wearers.…

Critics celebrate reconsideration of 'spyPhone' regime

Apple on Friday said it intends to delay the introduction of its plan to commandeer customers' own devices to scan their iCloud-bound photos for illegal child exploitation imagery, a concession to the broad backlash that followed from the initiative.…

Security biz publishes plans for law reforms

Infosec firm Rapid7 has joined the chorus of voices urging reform to the UK's Computer Misuse Act, publishing its detailed proposals intended to change the cobwebby old law for the better.…

Here in the UK, Sky broadband users back online

Parts of New Zealand were cut off from the digital world today after a major local ISP was hit by an aggressive DDoS attack.…

We can't deny people are paying up left, right, and centre...

Interview  Many people outside of IT believe computers will do away with jobs, but the current ransomware plague shows that new and more curious kinds of jobs are created at least as fast. So what sort of background sets you up to talk to people holding your data for ransom?…

Tune in to SANS Institute's seasoned security experts

Sponsored  The sun never seems to set on the cybercriminal threat, but whether you’re heading into autumn or bursting into spring you can tap into the world’s finest cyber security training, at upcoming SANS Institute events in Asia and Oceania.…

Insecure systems were compromised by miscreant, too, watchdog said

America's trade watchdog today banned stalkerware developer SpyFone and its CEO from the surveillance industry, effectively putting an end to its business.…