News

Texan tech giant hacks off part of security real estate, sells to consortium

Dell Technologies is flogging its infosec business RSA for $2.075bn as it tries to reduce its longstanding debt.…

Not many stranger things happen at sea

Penetration testers looking at commercial shipping and oil rigs discovered a litany of flaws and vulnerabilities – including one set that would have let them take full control of a rig at sea.…

Move over, there's plenty of room on Putin's naughty step

Fresh from last week's controversy with a US telco, German secure email biz Tutanota has declared today that the Russian authorities have pulled the plug on its services.…

Remote attackers were able create their own admin accounts

A vulnerability in a popular WordPress user role plugin lets any random person create an admin-level account on targeted websites.…

Plus: Iranians accused of hacking IT service providers to get at their customers

Roundup  Everything is insecure and everything is broken, exhibits A through Z:…

Who’ll join the IT giant in staying away from San Francisco?

IBM has confirmed that it will not be attending the RSA Conference in San Francisco at the end of this month because of fears of catching COVID-19 from the novel coronavirus.…

Malvertising campaign makes big bucks for online criminals

Google has removed more than 500 Chrome extensions in response to a report from a security researcher, who found the browser plugins distributed through the Chrome Web Store facilitated ad fraud and data theft.…

Russia denies claims from well-informed broadcaster that it was homegrown Turla malware baddies

Austria's foreign ministry has said a weeks-long cyber attack from a "state actor" against its systems has ended – amid local reports that pin the blame on a Russian hacking crew and its initial four-byte payload.…

Maybe stick to walking the beat instead of infosec advice, eh?

The National Crime Agency has publicly distanced itself from a poster urging parents to call police if their child has installed Kali Linux, Tor or – brace yourself – Discord.…

Monster telco says it's working to resolve whatever's going on

Encrypted email service Tutanota on Thursday accused US mega-telco AT&T of blocking its service in some parts of America, and cited the service interruption, ongoing for more than two weeks, as evidence for the need for net neutrality.…

Shoddy code allegations are just FUD, software maker insists

Only a week after the mobile app meltdown in Iowa's Democratic Caucus, computer scientists at MIT have revealed their analysis of the Voatz app used in West Virginia's 2018 midterm election.…

Over the air? More like over the aarrrggghhh

A trio of boffins at Singapore University this week disclosed 12 security vulnerabilities affecting the Bluetooth Low Energy (BLE) SDKs offered by seven system-on-a-chip (SoC) vendors.…

And the company reaction is: not even 'meh'

An infosec researcher has published a JavaScript-based proof of concept for the Netgear routerlogin.com vulnerability revealed at the end of January.…

Meanwhile, we're still squashing bugs in Adobe Flash Player... plus stuff from Intel and SAP

Patch Tuesday  It's going to be a busy month for IT administrators as Microsoft, Intel, Adobe, and SAP have teamed up to deliver a bumper crop of security fixes for Patch Tuesday.…

So says Malwarebytes, anyway

Software nasties targeted at MacOS are on the increase faster than ones for Windows, according to antivirus biz Malwarebytes.…

One for the Cold War infosec veterans: CIA and BND literally owned the firm

Swiss encryption machine company Crypto AG was secretly owned by the US CIA and a West German spy agency at the height of the Cold War, according to explosive revelations in the Swiss and German media today.…

If you don't have auto-update switched on, time to patch

Dell has copped to a flaw in SupportAssist – a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS – that allows local hackers to load malicious files with admin privileges.…

Old Gigabyte code lets file-scrambling RobbinHood go undetected

A kernel-level driver for old PC motherboards has been abused by criminals to hijack Windows computers, disable antivirus, and hold files to ransom.…

And shares with guessable passwords

A new variant of the notorious Emotet Windows malware is able to spread wirelessly by brute-forcing Wi-Fi network passwords and scanning for shared drives to infect.…

Mozilla's browser will, from March, require manual override

Mozilla Firefox will require user intervention to connect to websites using the TLS 1.0 or 1.1 protocol from March 2020 – and plans to eventually block those weak HTTPS connections entirely.…