News

More data points needed, says academic, but technique could give governments a spoofin' bad headache

A group of academics reckon they've found a way to uniquely fingerprint aeroplanes’ Automatic Dependent Surveillance-Broadcast (ADS-B) tracking transmitters – though an aviation infosec boffin says more research is needed to verify the new technique.…

Obscure interface lets you monitor chip activity with code as if you were physically plugged into it

Updated  Boffins based in Austria, Germany, and the UK have identified yet another data-leaking side-channel flaw affecting Intel processors, and potentially other chips, that exposes cryptographic secrets in memory.…

Fancy getting system privs? Swap out a DLL and you're in

A British infosec outfit spotted a privilege escalation vulnerability in EA Games’ Origin client after discovering the software was hunting for an absent DLL file when users opened it.…

Lauches enterprise server trying to make 'pod' data a thing at scale

Inventor of the world wide web, Tim Berners-Lee, is having another crack at fixing the internet’s biggest problems with the launch of a new enterprise server.…

Crooks want $17m for decryption key

Compal, the world’s second-largest white-label laptop manufacturer, has been hit by the file-scrambling DoppelPaymer ransomware gang – and the hackers want $17m in cryptocurrency before they'll hand over the decryption key.…

Vid-chat giant promises never again to make 'misrepresentations about its privacy and security practices'

Zoom has been forced to agree to a range of security improvements in a settlement with America's consumer watchdog, the Federal Trade Commission, as a result of earlier wrongly claiming it offered true 256-bit end-to-end encryption.…

Inoculation is simple: MFA, regular timely patching

A trojan targeting Linux and deployed by a known ransomware gang has been discovered by Russian antivirus firm Kaspersky.…

Offensive cyber operation includes 'encrypting' Vlad and Chums' disinfo servers

British eavesdropping agency GCHQ is actively hacking Russian attempts to undermine coronavirus vaccine efforts, according to The Times.…

VMware warns of incoming security fix after attackers get root on host

VMware has taken the unusual step of warning about an imminent security advisory after a Chinese team successfully popped its flagship product.…

It’s SANS training time in Tokyo, Singapore, and India

Promo  We might all be living under various degrees of lockdown, but that doesn’t mean you can’t sharpen up your security skills with some of the best instructors around – and all at early bird prices, if you’re quick.…

Expiration of cross-signed root certificates spells trouble for pre-7.1.1 kit... unless they're using Firefox

Let's Encrypt, a Certificate Authority (CA) that puts the "S" in "HTTPS" for about 220m domains, has issued a warning to users of older Android devices that their web surfing may get choppy next year.…

But we rebuilt the entire institution in 5 days, says principal as he looks back on February attack

The criminals who took out Scotland's Dundee and Angus College made a ransom demand that precisely added up to the contents of its bank account – and that was no accident, its principal has said.…

Same people who killed Travelex and revenge-published personal data when ignored. Nice folk

A social housing provider in Norwich, England, has said it was hit with the Sodinokibi ransomware following what it assumes was a successful phishing attack.…

Please make sure you're obeying the law, outgoing commissioner pleads

"There are over 6,000 systems and 80,000 cameras in operation across 183 LAs!" So exclaimed the UK's outgoing Surveillance Camera Commissioner as he detailed just how many council CCTV cameras there are across the nation.…

Six-day outage predicted as rebuild commences from untouched backups

Brazil’s Superior Tribunal de Justiça has temporarily shut down after a suspected ransomware attack.…

Cops used the opportunity to figure out remote access traps

A tech support scammer making random phone calls in the hope of finding a victim called the cybercrime squad of an Australian police force, which used the happy accident to document the scam and inform the public what to watch out for.…

Trio of bugs reported by Google Project Zero, plenty of other flaws addressed, too

Apple on Thursday issued security updates for iOS, iPadOS, watchOS, and macOS that address three holes reported by Google's Project Zero among exploitable bugs found by others. Installing the latest software for your iPhone, iPad and so on will address these programming blunders.…

That was still dwarfed by clods using 'password' itself, though

Britons began using the word "vision" in their passwords after prime ministerial advisor Dominic Cummings was caught travelling across the country from his parents' farm in Durham to Barnard Castle "to test" his eyesight, according to research from Pen Test Partners (PTP).…

We're trying, insists beleaguered Information Commissioner's Office

Scofflaws have failed to pay nearly £2m in fines handed out by the UK Information Commissioner's Office over the past 18 months, according to new research.…

Security quiz site created by advisors includes inadvertent bonus round

A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking.…