News

AWS engineers given a dressing-down after proposing fix for 'paranoid' tasks

Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data (L1D) CPU cache.…

I'm from the government, and I'm here to help you and your friends

British people will soon begin receiving random phone calls from so-called "contact tracers" warning them about having been in close proximity with potential coronavirus carriers. One of many problems with this scheme is it's dangerously easy to pose as a government contact tracer.…

Web sites and services tied to older versions of OpenSSL and GnuTLS have been dropping like flies

On Saturday, at 10:48 UTC, Sectigo's AddTrust legacy root certificate expired, causing a bit of weekend havoc for thousands of websites and services that rely on it for making a secure TLS/SSL connection.…

Yeah, we know 'just' is doing a lot of hard work, we're being flippant

Security researcher Bhavuk Jain has landed a $100,000 payday after he reported a critical flaw in Apple’s sign-in system that could be exploited to access countless accounts on sites from Dropbox and Spotify to Airbnb.…

Cybercrooks take revenge after planned heist failed

The REvil/Sodinokibi ransomware gang has just published what it claimed were files stolen from UK power grid middleman Elexon.…

And if you win, we'll make it into a kitemark

British companies have been offered access to a £400k pot of cash to design a UK-specific "kitemark" assurance scheme for Internet of Things products.…

They’re not very sophisticated, but they’re working: Watch and learn how to fight back

Webcast  You’ve probably had the COVID-19 coronavirus social-engineering scams quietly filtering into, hopefully, your junk folder by now. Featuring anything from bogus medical research with malware-laden URLs to one-to-one approaches offering fake vaccines, it’s not taken very long.…

Plus other news from infosec land this week

Roundup  Six Cisco-operated servers were hacked via SaltStack security vulnerabilities, the networking giant revealed this week.…

'No evidence of damage to network or computers, no evidence of theft, damage, or loss of data'

On November 4th, 2018, now-Georgia Republican Governor Brian Kemp announced an investigation into his rival Democratic party, accusing the organization of trying to hack the US state's voter registration system.…

'No evidence of damage to network or computers, no evidence of theft, damage, or loss of data'

On November 4th, 2018, now-Georgia Republican Governor Brian Kemp announced an investigation into his rival Democratic party, accusing the organization of trying to hack the US state's voter registration system.…

Fix the crits, sort out the rest later

Over the first quarter of 2020, the number of security bugs disclosed by software makers fell 20 per cent though not for any of the right reasons, it seems.…

Fix the crits and backload the rest later

Over the first quarter of 2020, the number of security bugs disclosed by software makers fell 20 per cent though not for any of the right reasons, it seems.…

GRU crew actively exploit hole – but you patched it months ago, right?

The NSA has raised the alarm over what it says is Russia's active exploitation of a remote-code execution flaw in Exim for which a patch exists.…

Open-source mail servers under active exploitation by GRU crew, make sure you're patched up

The NSA has raised the alarm over what it says is Russia's active exploitation of a remote-code execution flaw in Exim for which a patch exists.…

Early May attack hit 600-plus hosting and cloud customers

Global system integrator NTT has said someone hacked their way into its hosting and cloud services and may have accessed 600-odd customers’ data.…

Early May attack hit 600-plus hosting and cloud customers

Global system integrator NTT has said someone hacked their way into its hosting and cloud services and may have accessed 600-odd customers’ data.…

The price will only go down

Updated  The maintainers of OpenSSH, the widely used toolkit for connecting securely to servers and devices over networks, have warned that the SHA-1 algorithm will be disabled in a "near-future release".…

The price will only go down

The maintainers of OpenSSH, widely used for connecting securely to servers and devices over networks, have warned that the SHA-1 algorithm will be disabled in a "near-future release".…

So says Barracuda Networks, anyway

Digital rogues are shunning Microsoft in favour of Google when it comes to launching branded spear-phishing attacks, according to threat intel firm Barracuda Networks.…

So says Barracuda Networks, anyway

Digital rogues are shunning Microsoft in favour of Google when it comes to launching branded spear-phishing attacks, according to threat intel firm Barracuda Networks.…