News

Also puts brakes on data collection by carmakers

China has signalled that ride-sharing companies and laid out regulations that will stop cars from collecting unnecessary data.…

Sometimes you need to lift yourself out of the cybersec trenches and look up to the summit

Promo  Keeping your organization safe from cybercriminals and other ne’er do wells requires constant honing and refining of your own skills and knowledge.…

By probing for installed apps with custom URL schemes, it's possible to build a 32-bit unique fingerprint

FingerprintJS, maker of a browser-fingerprinting library for fraud prevention, on Thursday said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser.…

Russia-based criminals pick soft target in hope of easy gains

Ireland's nationalised health service has shut down its IT systems following a "human-operated" Conti ransomware attack, causing a Dublin hospital to cancel outpatient appointments.…

Retention of now-deleted security breach evidence sparks spat

+Comment  IT pro Rob Dyke says an NHS-backed company not only threatened him with legal action after he flagged up an exposed GitHub repository containing credentials and insecure code, it even called the police on him.…

Testing dongle-driven ‘Cryptographic Attestation of Personhood’ and WebAuthn as alternative

Poll  Cloudflare has called on the world to “end this madness” by consigning CAPTCHAS to the dustbin of history.…

Anonymous sources get into war-by-media counterbriefing

Colonial Pipeline's operators reportedly paid $5m to regain control of their digital systems and get the pipeline pumping oil following last week's ransomware infection.…

Good luck to whoever got that gig

Stricken US bulk hydrocarbon conveyor Colonial Pipeline advertised for a new cybersecurity manager a month before that ransomware attack forced operators to shut down the pipeline as a pre-emptive safety measure.…

They are personal data, you know. Wait – you did know that, right?

Exclusive  Manchester City Council exposed online the number plates of more than 60,000 cars slapped with parking tickets, breaking data protection laws as it did so.…

Get ready for SANS Institute's biggest ever Asia-Pacific training event

Promo  Whatever your plans for the third quarter of 2021, an emerging security vulnerability or a network security breach has the potential to throw them into disarray. Unless, of course, you’ve made the effort to hone your existing skills or expand your knowledge into new areas ahead of time.…

You gotta work hard for those three-bytes-a-second transfers, though

Apple's Find My network, used to locate iOS and macOS devices – and more recently AirTags and other kit – also turns out to be a potential espionage tool.…

Join us online and learn about modern extortionware and how to frustrate it

Webcast  It’s shocking how blasé ransomware-toting criminals can be about freezing the operations of any organisation they can insinuate themselves into, including critical utilities or medical facilities.…

So says Foreign Secretary in lacklustre speech to NCSC faithful

CyberUK 21  Britain is to spend £22m on training African and Indo-Pacific nations to stave off cyber influences from "authoritarian regimes", foreign secretary Dominic Raab said today.…

Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons

Column  Nearly a decade ago I decided to try my hand as a cryptographer. It went about as well as you might expect. I’d gotten the crazy idea to write a tool that would encrypt Twitter’s direct messages - sent in the clear - so that your private communications would truly be private, visible to no one, including Twitter.…

Online lending apps and more given fifteen days to ‘rectify’ behaviour

China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…

No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week

South Korea’s Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation’s energy infrastructure.…

Dozen design, implementation blunders date back 24 years

A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef.…

'This can happen to anybody. There's always learning in any crisis. And we were no exception'

CyberUK 21  SolarWinds’ chief exec has described the 18,000 customers who downloaded backdoored versions of its Orion software as a “very small” number while giving a speech to an infosec event.…

Plus: Grab your updates for Adobe, SAP, Android, Intel

Patch Tuesday  Microsoft's May Patch Tuesday brought a lighter-than-usual load of 55 fixes for 32 of the Windows giant's applications and services, which is about half what was served up in April.…

Priti Patel doesn't say a word about encryption, though

CyberUK 21  Priti Patel has promised a government review of the UK's 30-year-old Computer Misuse Act "this year" as well as condemning companies that buy off ransomware criminals.…