News

Sign up, tune in, expand your knowledge, and compete in hacking contests

Promo  On December 9, SANS will launch its second annual KringleCon virtual conference followed shortly thereafter by its 13th Holiday Hack Challenge.…

OpenVPN, WireGuard, IKEv2/IPSec also vulnerable to unmasking flaw, we're told

A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted traffic hijacked, it is claimed.…

Who needs an elevator pitch when you have man-in-the-middle attack?

A group of hackers used a compromised email account to steal a start-up's $1m venture capital payment.…

Boffins ride the memory bus past Intel's SGX to your data

Computer scientists from UC Berkeley, Texas A&M, and semiconductor biz SK Hynix have found a way to defeat secure enclave protections by observing memory requests from a CPU to off-chip DRAM through the memory bus.…

What happens when you throw your lot in with crypto-coin types

Collaboration site Keybase, once touted for its encrypted meetup channels and robust developer features, is struggling to ward off an epidemic of harassment and spam brought about by its shift toward cryptocurrency.…

Account-draining malware masterminds charged but remain in motherland

US prosecutors have slapped a $5m bounty on the heads of two Russian nationals they claim are part of the malware gang behind the banking trojans ZeuS and Dridex.…

Learning points, not an instruction manual

Black Hat 2019  Faking digital evidence during a cyber attack – planting a false flag – is simple if you know how, as noted infosec veteran Jake Williams told London's Black Hat conference.…

ZeroCleare wipes up where Shamoon left off

An Iran-based hacking crew long known to target energy facilities in neighboring Middle Eastern countries is believed to be launching new attacks.…

Exposed private cert key may also be an issue for IBM Aspera

Twitter security celeb SwiftOnSecurity on Tuesday inadvertently disclosed a zero-day vulnerability affecting enterprise software biz Atlassian, a flaw that may be echoed in IBM's Aspera software.…

In-memory malware a first for suspected Nork hacking crew

The Lazarus group, which has been named as one of North Korea's state-sponsored hacking teams, has been found to be using new tactics to infect macOS machines.…

Add-ons accused of slurping every URL netizens visit

The Firefox extensions built by Avast have been pulled from the open-source browser's online add-on store over privacy fears.…

Security a popular topic at Las Vegas event

re:Invent  At its re:Invent event under way in Las Vegas, Amazon Web Services (AWS) dropped the veil on a new tool to help customers to avoid spewing data stored on its S3 (Simple Storage) service to world+dog.…

Shipped from expensive shop X? In the shed, you say? Researcher spots badness

Parcel wrangler Yodel has corked up a security hole in which random user data leaked to people using its Android app.…

Feds tell Congress that Russian apps are a real security risk

Users who fire up FaceApp for fun might be unknowingly putting national security at risk, according to the US Feds.…

TrueDialog, Mixcloud, Magento Marketplace expose accounts

Thanksgiving is an ideal time to either hack (IT admins need holidays too) or to drop news of hacks (because no one's reading much news) so here's your roundup of the weekend's shenanigans.…

Aw man, I was still downl...err.. great work everyone!

Europol says its latest piracy takedown netted three arrests and more than 30,000 website takedowns.…

Video link request from September finally granted

Julian Assange will be interviewed via video link by a judge investigating claims that a Spanish company orchestrated a spying operation against him while he resided in the Ecuadorian embassy.…

Arm yourself with the latest cybersecurity know-how

Promo  As more and more organisations move to new technologies, data thieves constantly try to find ingenious new ways of penetrating even the most well-protected systems.…

Or a mix of both?

Sponsored  Organisations are attacked every day: cybercriminals gain a foothold within the corporate network, and data is stolen and operations disrupted. The target of an attack could be your employer, a customer, a social media platform, or an intermediary responsible for secure access control, or financial record holding.…

Adtech firm also sent 12k phishing warnings to users of its services

Google has said it fired off 12,000 warnings to unlucky users of its GMail, Drive and YouTube services telling them that they’re being phished by state-backed hackers.…