News

How Bitdefender's security software was caught napping by ad-block bod

Folks running Bitdefender's Total Security 2020 package should check they have the latest version installed following the disclosure of a remote code execution bug.…

Sorry, I was busy, came the reply

There was a time when there was a certain amount of pride in the fact internet engineers all knew one another, that systems critical to the internet’s functioning were run in the back of other facilities, and a single person was often in charge of whole services.…

Redmond knows a thing or two about tackling malware – amirite, Windows fans?!

Microsoft has extended its antivirus package for servers – better known the Defender Advanced Threat Protection (ATP) for servers suite – to Linux as a general availability release.…

Clicking through Protected View is why we can't have nice things, so here's 'Safe Documents'

Feeling a bit uncertain about things? Never fear, kind old Microsoft has made Safe Documents generally available (assuming you're a Microsoft 365 E5 subscriber).…

Appeal starts over Cardiff creepycam deployment

Automated facial recognition (AFR) use by British police forces breaches human rights laws, according to lawyers for a man whose face was scanned by the creepycam tech in Cardiff.…

The other kind of DRM strikes: Bod baffled after attempt to raise alarm over vulnerabilities is ignored

IBM is under fire for refusing to patch critical vulnerabilities in its Data Risk Manager product until exploit code was publicly disclosed.…

'BlueLeaks' data lifted after web host biz pwned, we're told

Some 269GB of data stolen from police and the Feds in America has been shared online by miscreants.…

Three-quarters claim pandemic didn't trigger big changes to corporate security settings

Nearly three-quarters of IT professionals haven't increased their company's security posture during the COVID-19 pandemic – while 90 per cent highlighted remote working as a security risk, according to a survey.…

Plus: Nigeria-based entrepreneur accused of fraud, and more

Roundup  It was another week of furious firefighting in the security space, including the curious tale of a Forbes "most promising" entrepreneur indicted over alleged phishing attacks, new privacy laws in the US, software flaws and more.…

City council demands snoop gear kit reports, mayor OK with that

New York City Council has overwhelmingly voted to require cops to report their use of surveillance technology.…

Wait and see before pointing the finger, warns threat intel boffin

As Australia reels under sustained cyber attacks following increased Chinese diplomatic hostility, the country's Lion brewery and dairy conglomerate has been hit for the second time.…

But it does have a name. 'Firefox Private Network' is out, ‘Mozilla VPN’ is in.

The Mozilla Foundation has announced it will soon launch its VPN.…

Won't say who the attackers are working for – just don't mention 中国

Australian Prime Minister Scott Morrison has called a snap press conference to reveal that the nation is under cyber-attack by a state-based actor, but the nation’s infosec advice agency says that while the attacker has gained access to some systems it has not conducted “any disruptive or destructive activities within victim environments.”…

Data pilfered from PeopleSoft HR database sold to tax fraudsters, it is claimed

US federal authorities said they had arrested Justin Sean Johnson in Detroit, Michigan, on charges associated with the 2014 hacking of a human resources database at the University of Pittsburgh Medical Center and thrown the book at him.…

Employees bag commiseration prize of free ID protection

Staff records – from social-security and corporate credit card numbers, to passport and bank account details – were siphoned from Cognizant by hackers who then doused the IT contractor in ransomware.…

New York architects hit instead of Canadian standards agency after crooks get names mixed up

The Maze ransomware gang has screwed up by targeting a New York design and construction firm instead of the Canadian Standards Association it was intending to hit.…

Only if they'd already pwned your box, mind. Still: get patching!

Cisco Webex suffered from a vuln that could have allowed an attacker to access any account by simply copy-pasting a unique session token into a browser string.…

Galcomm retorts: 'The report is at least irresponsible, if not worse'

Researchers at Awake Security have published a report on malicious extensions in the Chrome web store, making both specific claims of over 32 million downloads of one malware family, and general claims of weak security in both domain registration and Google's store.…

Choose between five options

Ubuntu has launched its Appliance Portfolio, an initiative designed to enable secure smart devices linked to cloud services. All Ubuntu appliances are "free to download and install" but may include an up-sell to paid-for services.…

Woman tracked down, accused of torching patrol vehicles amid protests

A woman accused of setting fire to two Philadelphia police cars during a May 30 protest was tracked down by her online buying-habits and reviews, a social media sweep, and a poor username choice, the FBI has claimed.…