News

It's 2019. Should billion-dollar corps do better than offer swag for vulns?

Analysis  Hunting for exploitable security bugs in software is not an easy way to make a living, and vulnerability researchers say vendors who don't pay out for reports are making life even harder while putting their own products at risk.…

Flaws in this connected smart scale might give the diet-challenged a legitimate reason to be nervous.

And I'm OK with this, says chief of HaveIBeenPwned

During its incessant web crawling, Google's search engine constantly encounters credentials dumped by hackers or left exposed by the careless. And because it can, the ad confectionery copies and encrypts these spilled usernames and passwords.…

Eleven critical bugs will be patched as part of the February Android Security Bulletin.

Join Carbon Black at livestreamed event based on global independent research

Promo  As cyber attackers evolve their techniques, businesses are exposed to a relentless stream of worrying data security breaches. The latest big one hit hotel group Marriott International in November 2018, and may have led to the personal information of up to 500 million guests being compromised.…

The children's smartwatch allows bad actors to track their location and communicate with them, according to the alert.

25 bugs, three apps – endless pwnage

Security firm Check Point has found some 25 security vulnerabilities in three of the most popular remote desktop protocol (RDP) tools for Windows and Linux.…

Several flaws in both open-source RDP clients and in Microsoft's own proprietary client make it possible for a malicious RDP server to infect a client computer – which could then allow for an intrusion into the IT network as a whole.

Colossal intercepts are just the Bombe

Bletchley Park's National Museum of Computing will be exhibiting original, freshly discovered decrypted WWII messages to coincide with the 75th anniversary of D-Day this June – messages that were broken by the Colossus machines based on the museum's site.…

How do advanced persistent threat groups such as Double Secret Octopus and Anchor Panda get their ridiculous names?

E-waste partly to blame for proliferation of deceptively marketed silicon

Rogelio Vasquez, the owner of California-based PRB Logics Corporation, has pleaded guilty to selling fake branded semiconductor chips from China, some of which made their way into US military systems.…

Talk about a security cock-up – vuln exposing intimate snaps left wide open for 'months'

Dating-slash-hook-up app Jack'd is exposing to the public internet intimate snaps privately swapped between its users, allowing miscreants to download countless X-rated selfies without permission.…

Prof asks: What good comes from letting everyone know a vulnerability exists?

A computer engineering professor has an interesting idea for how to handle the public disclosure of serious vulnerabilities: don't.…

Referencing the Dalai Lama, the spam campaign is targeting recipients of a mailing list run by the Central Tibetan Administration.

Remote scripting flaw in open-source productivity suites is at least partly fixed

A security flaw affecting LibreOffice and Apache OpenOffice has been fixed in one of the two open-source office suites. The other still appears to be vulnerable.…

Hackers can talk to and locate the wearer, warns notice

The European Commission has ordered the recall of a smartwatch aimed at kids that allows miscreants to pinpoint the wearer's location, posing a potentially "serious risk".…

Despite several threat actors stating they are behind a massive 773M credential dump, researchers believe they have found the real distributor.

Armed with an impressive bag of exploits and other tricks for propagation, researchers believe the new trojan could be the catalyst for an upcoming, major cyber-offensive.