News

Are they? Aren't they? Will they? Won't they? Yes, no, kind of, a bit

UK Parliament's Defence Committee is to open an investigation into 5G and Huawei with a special focus on national security concerns.…

Meanwhile, Broadcom and Symantec have merger woes

Roundup  It's that time again – the week's security news in digestible chunks beyond what we've already covered. Let's get into it.…

Ministry of Fun under pressure to admit it's going to happen

Who'd be a head of data policy for the British government? You spend all your time talking about data transparency, but it is so hard to be transparent.…

One vendor's security controls aren't enough, says Dan Riley

Interview  "I don't want to have a job any more," said Check Point's Dan Wiley, sitting in a fashionably nondescript London coffee shop. "I don't want to have to do my job. It means that we failed."…

Wait, a proposed law tackling the sexual abuse of kids and they name it... the EARN IT Act? Seriously?

On Thursday, a bipartisan group of US senators introduced legislation with the ostensible purpose of combating child sexual abuse material (CSAM) online – at the apparent cost of encryption.…

Infosec biz that found the database spill raises eyebrow at UK ISP's advisory to subscribers

A Virgin Media server left facing the public internet contained more than just 900,000 people's "limited contact information" as the Brit cable giant's CEO put it yesterday.…

Domestic intel agency's cloud server continues to get them into hot water

The UK's spy agency auditor has given public sector snoopers a clean bill of health – except for domestic surveillance specialists MI5, whose cloud data storage blunder is still under investigation.…

Fiddle with some numbers and voila

A vulnerability in NordVPN's payments platform allowed anyone to view users' payment information and email addresses, a startling HackerOne entry has revealed.…

Consumer mag Which? calls for manufacturers to be open about how long they will support devices

File this one under "well, duh." Consumer mag Which? today published research estimating that over a billion Android devices are vulnerable to hackers and malware as they are not receiving security updates.…

Contact info and more, perfect for phishing

Virgin Media, one of the UK's biggest ISPs, on Thursday admitted it accidentally spilled 900,000 of its subscribers' personal information onto the internet via a poorly secured database.…

MediaTek chipset flaw already exploited in the wild

Google has emitted its latest monthly batch of Android security fixes, addressing a total of 70 CVE-listed vulnerabilities.…

Online security initiative halts hurried purge to accommodate reality

Let's Encrypt has halted its plans to cancel all three million flawed web security certificates – after fearing the super-revocation may effectively break a chunk of the internet for netizens.…

And there it is – exactly what telco was fretting over in FY'19 results

US telco giant T-Mobile has suffered an attack that could have spaffed customer information far and wide.…

Although exploitation is like shooting a lone fish in a tiny barrel 1,000 miles away

A slit in Intel's security – a tiny window of opportunity – has been discovered, and it's claimed the momentary weakness could be one day exploited to wreak "utter chaos."…

'Really high number' could be fixed by using multi-factor authentication

Microsoft reckons 0.5 per cent of Azure Active Directory accounts as used by Office 365 are compromised every month.…

Well, isn't this a lovely paranoid bed we've made for ourselves

Column  "Hey there," the message begins. Out of the blue over Skype, someone I hadn't communicated with in nearly a year reaches out.…

Building a culture of security

Sponsored  Ask anyone in IT what it is that keeps them awake at night and most will probably reply “security”. Drill down into what specifically worries them and you’ll probably discover that it’s not the technology part but, rather, how to get the workforce to take security more seriously.…

Tales of terrible security, poor compartmentalization, and more, emerge from the Schulte hearings

Analysis  The fate of the man accused of leaking top-secret CIA hacking tools – software that gave the American spy agency access to targets' phones and computer across the world – is now in the hands of a jury. And, friend, do they have their work cut out for them.…

Lax DNS leaves door wide open for miscreants to impersonate Windows giant on its own websites

If you saw a link to mybrowser.microsoft.com, would you have trusted it? Downloaded and installed an Edge update from it? How about identityhelp.microsoft.com to change your password?…

600,000 Clubcards at risk earlier this week, said supermarket

Data stolen from Tesco clubcards could be resold for just £2.70 a pop, reckons a price comparison website that appears to have strayed into the dark web.…