News

Hundreds of email addresses exposed, customers predictably less-than-thrilled

Micropayments company Coil has emailed users its new privacy policy but placed hundreds of their addresses in the “To:” field and therefore breached their privacy.…

Capcom KO'd by 'criminal organisation that calls itself Ragnar Locker'

Japanese games giant Capcom, the company behind the 33-year-old Street Fighter franchise, has issued "deepest apologies" to customers and other stakeholders whose details were exposed in a ransomware attack.…

Don’t hack, don’t backdoor, don’t hurt the internet … and don’t expect rapid adoption because there’s still a lot of multilateral work to be done

The Global Commission on the Stability of Cyberspace (GCSC), a group that works to develop policy the world can follow to keep the internet stable and secure, late last week delivered a final report that outlines its vision for how the nations of the world should behave online.…

Learn to think like an attacker so you can start fighting back

Webcast  This year has turned corporate IT upside down, scuppering digital transformation plans as tech teams struggle to keep the lights on and support a suddenly remote workforce.…

Plan calls to link government data across jurisdictions, even sharing airline records to track outbreaks and people who may be at risk of infection

Australia will develop the capability to use payment records in the service of coronavirus contact tracing.…

VoltPillager breaks enclave confidentiality, calls anti-rogue data-center operator promise into question

Boffins at the University of Birmingham in the UK have developed yet another way to compromise the confidentiality of Intel's Software Guard Extensions (SGX) secure enclaves, supposed "safe rooms" for sensitive computation.…

Also copped to RIPA breach after ignoring police demand to hand over passwords

The former BAE Systems worker accused of sending details of a UK missile system to hostile foreign powers and of ignoring police demands to hand over his device passwords, has been jailed.…

Blow to UK suspects in wake of Franco-Dutch investigation

The contents of messages from encrypted chat service EncroChat may be admissible as evidence in English criminal trials, the High Court in London, England has ruled.…

Own your screwups, growls irate watchdog

The Information Commissioner’s Office has fined Ticketmaster £1.25m after the site’s operators failed to spot a Magecart card skimmer infection until after 9 million customers’ details had been slurped by criminals.…

Learn to think like an attacker so you can start fighting back

Webcast  This year has turned corporate IT upside down, scuppering digital transformation plans as tech teams struggle to keep the lights on and support a suddenly remote workforce.…

'No evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised'

After months of fretting about the possibility that the 2020 US election might be derailed by tampering or foreign interference, nothing notable happened.…

Tens of millions of usernames and passwords go walkies amid claims of decryption

Child-friendly games website Animal Jam suffered a hack that exposed 46 million user records after a staff Slack channel was compromised by malicious people who discovered a private AWS key.…

Bought 'estimated onomastic data' that was amended to millions of Brit voters

The UK's ruling Conservative has been using personal data in a way that spots an individual's likely county of origin, ethnic origin and religion based on their first and last name.…

Wider government only told of encryption machine nobbling a year after it ended

Swiss politicians only found out last year that cipher machine company Crypto AG was (quite literally) owned by the US and Germany during the Cold War, a striking report from its parliament has revealed.…

Knox and Google device enrolment now play nice together

Samsung regularly tops Android handset sales charts and has arguably done more than any other handset-maker to make the OS. Yet the Korean company did not make the list at the launch of the Android Enterprise Recommended program, a scheme that Google created in early 2018 to point out which ‘Droids are ready to offer enterprise-grade services like remote management and swift security updates.…

Sending codes over the insecure public telephone network isn't the way to go

Microsoft on Tuesday advised internet users to embrace multi-factor authentication (MFA)... except where publicly switched telephone networks are involved.…

Plus: Naming 'n' shaming doesn't stop hostile countries having a pop the UK

The former head of the National Cyber Security Centre has warned that some British government figures have a “profound lack of understanding” of cyberspace, online warfare and information security.…

'Unusual for a vulnerability on a modern operating system to be this easy to exploit,' says bughunter

GitHub security researcher Kevin Backhouse found bugs in Ubuntu 20.04 (a long-term support release) which enabled any desktop user to get root access. The vulnerabilities have now been patched.…

No selling to evil folks albeit with a few big loopholes for some

The European Union has tightened up export rules on cybersurveillance tools in an effort to limit their spread to repressive regimes.…

Android, Adobe, SAP, Red Hat join the bug-busting party

Patch Tuesday  Microsoft published fixes for 112 software vulnerabilities for its November Patch Tuesday, 17 of which have been rated critical.…