News

'Espionage and criminal investigations ... almost all of which lead back to Beijing'

RSA  While Russian hackers, Kremlin-backed or otherwise, grab the headlines, China remains the biggest cyber-security threat to America, FBI director Christopher Wray warned today.…

'If someone like me can't get in to give a keynote, perhaps it's time we rethink where we organize our events'

RSA  Adi Shamir, the S in the renowned RSA encryption system, didn't take his usual place on the Cryptographers Panel at this year's RSA Conference in San Francisco – because he couldn't get a visa from the US government. And he's not alone.…

The Jmail Breaker attack leverages an old vulnerability in Joomla! along with a newly found flaw in the mail module.

Consumer confidence in companies keeping their data safe is at an all-time low, but password hygiene and not reading EULAs and app permissions remain big problems.

Here I stand, infosec in hand... turn my face to the wall

Huawei stopped fighting metaphorical fires today to lift the curtain on its Brussels Cyber Security Transparency Centre in a move to position the Chinese company as a driving force for new global security standards.…

Raoul Strackx, one of the researchers who discovered the Foreshadow speculative execution vulnerability, talks at RSA about the Catch-22 issue when it comes to fixing speculative execution flaws.

At least 463,546 malicious URLs contained in the 28.4 million analyzed emails made it through to corporate in-boxes in Q4 of 2018.

Researchers say that Microsoft won't issue a patch for the issue.

If you own Outdoor Tech's CHIPS, there's a live vuln in your winter sports headset

A set of smart speakers intended for ski helmets are a terrible data-leaking pit of badness, according to a Pen Test Partners researcher who innocently bought himself one of the devices.…

Step one: Run malware on your victim's machine. Step two: Mount some storage...

Google has publicly disclosed a zero-day flaw in Apple's macOS after the Cupertino mobe-maker failed to fix the security shortcoming within the ad giant's 90-day deadline.…

Memory operations leak data that simplifies known attack techniques

Further demonstrating the computational risks of looking into the future, boffins have found another way to abuse speculative execution in Intel chips.…

Users of Logitech’s Harmony Hub get long-awaited answers about the critical bugs that left their home networks wide open to attack.

No, no, it's not an April Fools. Backstory wants to sniff your packets for hackers

RSA  Google-spawned security outfit Chronicle this week unveiled a service that analyzes telemetry data from customers' networks to detect cyber-attacks lurking among the rivers of packets.…

In the Navy, you can sail the 7 seas! In the Navy, you'll get hacked by the Chinese!

RSA  Researchers claim to have uncovered a five-year Chinese hacking operation aimed at bolstering Beijing's naval might and trade deals to the detriment of the world's democracies and maritime hardware makers.…

He is also the all-time top-ranked hacker on HackerOne’s leaderboard, out of more than 330,000 hackers competing for the top spot.

'This isn’t a mistake now, this is clearly an intentional product choice' says ex-CSO Stamos

Another week, another Facebook privacy storm.…

A rash of security flaws in the Outdoor Tech CHIPS smart headphones, which fit in ski helmets, allow bad actors to collect data like emails, passwords, GPS location - and even listen to conversations in real time.

Access to C'n'C server data shows state hackers weren't smart enough for false flags

McAfee (the antivirus firm, not John the dodgy "playboy") reckons the Sharpshooter malware campaign it uncovered in late 2018 is the work of North Korean hacking crew the Lazarus Group.…

Google Project Zero researchers detailed a new high-severity macOS flaw after Apple failed to patch it by the 90-day disclosure deadline.

We were caught in hack that bled 617 million online accounts

Armor Games (AG) has confirmed that 100 per cent of its users were caught up in the mega breach that saw the details of 617 million online accounts hacked from 16 hacked websites being sold on the dark web.…