News

Cert authority Sectigo funds Lets Encrypt transparency log

Let’s Encrypt has wheeled out a new certificate transparency log called Oak, which is funded for a year by the certificates arm of Sectigo (formerly known as Comodo).…

Here are 10 top takeaways from Intel's most recent class of Spectre-like speculative execution vulnerabilities, disclosed this week.

Attackers have been tampering with TLS signatures at a scale never before seen using a technique called cipher-stunting.

It all went a bit Pete Tong for the Peeping Toms

Britain's Supreme Court said today that rulings from a secretive UK spy tribunal can now be appealed against after a legal challenge from pressure group Privacy International.…

Auditors poked around for a week after too many Peeping Toms had a trawl

Home Secretary Sajid Javid has confessed to Parliament that MI5 bungled the security of "certain technology environments used to store and analyse data," including that of ordinary Britons spied on by the agency.…

Plus plenty of other fixes from Redmond and Adobe – and special guest star Citrix

Patch Tuesday  It’s that time of the month again, and Microsoft has released a bumper bundle of security fixes for Patch Tuesday, including one for out-of-support operating systems Windows XP and Server 2003.…

Microsoft Patch Tuesday security bulletin tackles 22 critical vulnerabilities.

A massive update addresses the breadth of the computing giant's product portfolio.

Intel has disclosed a new class of speculative execution side channel attacks.

Intel CPUs dating back a decade are vulnerable to latest cousin of Spectre

Intel on Tuesday plans to release a set of processor microcode fixes, in conjunction with operating system and hypervisor patches from vendors like Microsoft and those distributing Linux and BSD code, to address a novel set of side-channel attacks that allow microarchitecture data sampling (MDS).…

Adobe has issued patches for 87 vulnerabilities on Patch Tuesday - the bulk of which exist in Adobe's Acrobat and Reader product.

The bug is remotely exploitable without authentication or user interaction.

WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims' phones.

Cynet  protects the entire internal environment – including hosts, files, users and the network.

SANS brings three immersive training events to London

Promo  IT security training specialist SANS Institute is bringing three major training events to London this summer and autumn, each offering a bumper programme of intensive courses designed to arm security professionals with the skills they need to defend against data breaches and malicious attacks.…

Rap for surveillanceware chaps in chat app voice yap trap flap – now everyone patch

A security flaw in WhatsApp can be, and has been, exploited to inject spyware into victims' smartphones: all a snoop needs to do is make a booby-trapped voice call to a target's number, and they're in. The victim doesn't need to do a thing other than leave their phone on.…

It's pronounced Thrangrycat: A means to bury spyware deep inside pwned networking gear

Security weaknesses at the heart of some of Cisco's network routers, switches, and firewalls can be exploited by hackers to hide spyware deep inside compromised equipment.…

The two high-severity bugs impact a wide array of enterprise, military and government networks.

A Twitter glitch "inadvertently" leaked iOS users' location data to an unnamed partner.

In its latest observed campaign, there were also overlaps in victimology with the DarkHotel APT.