News

‘Chatter’ can be bugged thanks to kindergarten-grade security

A Bluetooth phone designed to evoke the carefree days of early childhood has been found to instead threaten the very adult prospect of being surveilled in your home.…

Beijing's not saying what cloudy contender did wrong

China's Ministry of Industry and Information Technology has suspended Alibaba Cloud's membership of an influential security board to protest its handling of the Log4j flaw.…

The Ellume COVID-19 Home Test was connected to the internet of woefully insecure things for a while

Security vendor F-Secure has faked a COVID test result on a Bluetooth-equipped home COVID Test. Thankfully the vendor’s since fixed the device.…

Putting the Sec into DevOps is key, says Red Hat

Paid Feature  Of all the ideas to surface in the 20-year history of cloud computing, few have proved as compelling as the hybrid cloud. Organizations understand on-premises data centers and how computing power can be rented through public clouds or accessed through dedicated private clouds.…

Perpertrators' ID unknown, however

The Belgian Ministry of Defence has suffered a cyber attack after miscreants exploited one of the vulnerabilities in Log4j. The attack marks the first occasion that a NATO country's defence ministry has fallen victim to the flaws.…

Shares them with Troy Hunt’s Have I Been Pwned after sweeping them up from ‘compromised cloud storage’

The United Kingdom’s National Crime Agency and National Cyber Crime Unit have uncovered a colossal trove of stolen passwords.…

Swiss cough up accused crim while Russia is 'deeply disappointed'

The US Attorney's Office of Massachusetts on Monday announced the extradition of Vladislav Klyushin, a Russian business executive with ties to the Kremlin, on charges of hacking US computer networks and committing securities fraud by trading on undisclosed financial data.…

Scottish MSP Dacoll was hit, however

The Clop ransomware gang pwned a managed service provider with access to the UK's Police National Computer, dumping data on its dark web leaks site – but officials deny that police data was compromised.…

Trend Micro outlines common misconfigurations and how to avoid them

Paid Feature  In an era beset by hackers at every turn, it’s no small irony that the fastest growing security threat to business data might now be the self-inflicted wound of cloud service misconfiguration.…

Plus: Deep dive into the NSO Group's zero-click exploit and 'Hack the DHS!'

In Brief  VMware has warned users a flaw in its VMware Verify two-factor authentication product could allow a malicious actor with a first-factor authentication credential to obtain a second factor from its VMware Verify product.…

Third major fix in ten days is an infinite recursion flaw rated 7.5/10

The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j.…

Report claims Huawei techs working for Chinese intelligence compromised Australian telco

Suspicions about the integrity of Huawei products among US government officials can be attributed in part to a 2012 incident involving a Huawei software update that compromised the network of a major Australian telecom company with malicious code, according to a report published by Bloomberg.…

Federal agencies have a week to get their systems patched

The US government's Cybersecurity and Infrastructure Security Agency (CISA) on Friday escalated its call to fix the Apache Log4j vulnerability with an emergency directive requiring federal agencies to take corrective action by 5 pm EST on December 23, 2021.…

£200k Anglo-French heat-seeking missile does its thing

The RAF has scored its first air-to-air "kill" – where an aircraft downs an enemy aircraft – for almost 40 years after shooting down a drone over Syria.…

Workspace ONE Unified Endpoint Management can leak info via server-side request forgery

VMware customers have probably had a busy week because more than 100 of the IT giant's products are impacted by the Log4j bug.…

Meta adverse to internet mercenaries using its social networks to help governments violate human rights

Facebook successor Meta on Thursday said it canceled 1,500 social media accounts used by seven surveillance-for-hire firms to conduct online attacks against government critics and members of civil society.…

Security teams have a choice to make – and doing nothing is not an option

Paid Feature  Time waits for no one. But ransomware attackers do. Increasingly, cybercriminals are timing their attacks, detonating them when their victims are out of the office. This gives them the chance to inflict maximum damage, and explains why ransomware attacks surge on public holidays like Thanksgiving and Christmas. How do they do it, and what can under-staffed security teams do about it?…

App runs off a database, and databases are run by humans

British police have made a series of arrests over the past few months after people with apparent access to NHS databases allegedly sold fake vaccination status entries on the NHS vaccine passport app.…

The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them

Advertorial  The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them.…

And potentially an increase in UK state-backed hacks

The British government has launched a £2.6bn National Cyber Strategy, intended to steer the state's thinking on cyber attack, defence and technology for the next three years – and there's some good news if you run a tech company.…