News

Nothing like topping off unauth'd remote code execution with a su password of ... password

Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances.…

Law enforcement agency now has one year to delete any data older than 6 months not related to criminal activity

The European Data Protection Supervisor (EDPS) has ordered European Union law enforcement agency Europol to delete any data it has on individuals that's over six months old, provided there's no link to criminal activity.…

Good: New requirements in new law. Bad: Grace period

Electric car chargers will have to include secure boot and automatic network disconnection if unsigned software runs on the smart devices – but only from 2023, the British government has said.…

It's not as though folks haven't been warned about this

There have been millions of downloads of outdated, vulnerable Log4j versions despite the emergence of a serious security hole in December 2021, according to figures compiled by the firm that runs Apache Maven's Central Repository.…

Departure comes as app courts controversy by integrating private cryptocurrency scheme

Moxie Marlinspike, the creator of the Signal secure messaging app, on Monday announced his resignation as CEO of the company.…

Who should your PC work for: you, or your antivirus vendor?

Germany-based security biz Avira's antivirus has enabled a new feature: "Avira Crypto". It's opt-in, but if you click "yes", the AV will use your computer to mine Ethereum.…

Warning comes weeks after govt body accused subsidiary Sam’s Club of 'ulterior motive' in goods stocking spat

American budget retailer Walmart was cited for 19 alleged cybersecurity breaches in China, state-sponsored media reported last week.…

Auditor IPCO flagged it up – but then approved 99.94% of state snooping

Former foreign secretary Dominic Raab rebuked GCHQ for secretly halting internal compliance audits that ensured the spy agency was obeying the law, a government report has revealed – while just 0.06 per cent of spying requests made by Britain's public sector were refused by its supposed overseer.…

How sad would you be to see AV go? Us neither

Opinion  Game knows game. Thus it came as little surprise that Norton's consumer security software not only sprouted a cryptominer that slurps your computer's life essence and skims a cut, but that it's hard to turn it off.…

Boffins in Vienna devise way to make software prove how it behaves

Folks at Technische Universität Wien in Austria have devised a formal security framework called WebSpec to analyze browser security.…

Thales: ‘Significant change in security culture'

Paid Feature  Of all the cybersecurity developments in 2021, a relatively low-key announcement made by software company Salesforce.com (SFDC) in March might eventually turn out to be one of the most significant.…

Immutability, analytics, and a complete lack of trust…

Webinar  When it comes to cybersecurity, your backup data is no longer your last line of defence.…

Apply fixes responsibly in a timely manner or face the wrath of Lina Khan

The US Federal Trade Commission on Tuesday warned companies that vulnerable Log4j software needs to be patched … or else.…

No more chip factories would surely change Beijing's mind about unification

A top US Army War College paper suggests Taiwan should credibly threaten to eradicate its semiconductor industry if threatened by China so that Beijing would no longer be interested in unification.…

Disable anti-tamper features first and you'll be alright

Norton antivirus's inbuilt cryptominer has re-entered the public consciousness after a random Twitter bod expressed annoyance at how difficult it is to uninstall.…

Yes, you're going to have to get a new CPU (again)

It's been a while coming, but it looks like PCs with Microsoft's Pluton security processor are just around the corner. So long as your silicon of choice comes from AMD, for the time being at least.…

They're developing new techniques 'in every area' says Darktrace

Paid Feature  Ransomware has come a long way since the early days. When it first started out, it spread indiscriminately and often used poor code. Over the years, it has become more sophisticated and is now an efficient business. How did it become so professional?…

French regulator's investigation finds multiple breaches of GDPR

SlimPay, a Paris-based subscription payment services company, has been fined €180,000 by the French CNIL regulatory body after it was found to have held sensitive customer data on a publicly accessible server for five years.…

Information Commissioner faces a year of upheaval in data law

The Information Commissioner's Office has confirmed that former New Zealand privacy commissioner John Edwards has started his new role as the UK's Information Commissioner.…

Firm that found the flaw also spotted ChaosDB and OMIGOD, confident this one’s been exploited

Microsoft has revealed a vulnerability in its Azure App Service for Linux allowed the download of files that users almost certainly did not intend to be made public.…