News

Digital souks are sitting ducks for identity fraudsters

Hackers are breaking into online loyalty card accounts using stolen credentials or easily obtainable information, and then not only ransacking the profiles' balances but also harvesting victims' personal data for subsequent identity theft, Akamai has warned.…

How many times do you want to read the CVSS rating 9.8 today?

Oracle has released its final quarterly batch of patches for the year for security flaws in its products. The total this time? 402 fixes, the bulk of which are rated critical in terms of severity.…

And why AI tools will make you less vulnerable

Sponsored  Conventional email security tools are losing the battle against phishing attacks. The cause? Instead of registering a handful of domains from which to conduct their phishing campaigns, many cybercriminals now buy them by the thousand. This approach makes it harder for traditional email protection tools to spot phishing emails among the ‘noise’. Thanks to bulk domain registration services, malicious spammers can tip the balance in their favour through sheer volume.…

Source warehouse asks users to verify recent project commits to ensure they’re not malicious

OpenDev.org, which hosts the official OpenStack source code, on Tuesday tore down its Gerrit deployment after realizing it had been secretly hacked two weeks ago.…

Plus this Chrome one being exploited in the wild, we note

The NSA has blown the lid off 25 computer security vulnerabilities Chinese government hackers are using to break into networks, steal data, and so on. The US super-spies said they went public with their list to help IT staff prioritize bug fixing. That is to say: if you're unsure of which patches to apply, do these first.…

Adobe issues out-of-band patches, too, for Photoshop, Illustrator, InDesign, After Effects, etc

Sysadmins responsible for VMware deployments should test and apply the latest security updates for the software.…

ENISA annual report also calls for better use of threat intel by frontline bods

Insider threats, ransomware and cyber espionage were all in decline in the early part of 2020, according to the EU’s cybersecurity agency – though the risk of an “uncontrolled cyber arms race” among nation states is growing.…

We'll help you manage risk while chasing your RDBMS dreams

Webcast  There was a time when open source was still – no matter how many decades it had driven software projects – regarded as the playground of hippies and utopians. Bold and brave, yet thrown together, inconsistent and unsecured when compared to more established products.…

While the UK says Russia probed 2020 Games systems, too

Six men have been named as Russian military hackers and accused of spreading malware, disrupting the Olympics in retaliation for Russia's doping ban, and meddling with elections as well as probes into Novichok poisonings.…

Oh great. 'Police involvement' could deter testing, says doctors' union

As if things were not going badly enough for the UK's COVID-19 test and trace service, it now seems police will be able to access some test data, prompting fear that the disclosure could deter people who should have tests from coming forward.…

Plus: A warning to SharePoint operators

In brief  Just days after issuing fixes for scores of bugs in its products for this month's Patch Tuesday, Microsoft has issued two more patches for security holes that can be exploited by maliciously crafted files to run malware on victims' computers.…

The Great Unicorn Prayer of security services: Stay secure, but - ya know - give us backdoors

In a move as predictable as it is wearisome, a bunch of government security agencies have got together and demanded we let them have our data. This latest spooky manifestation is a collection of the Five Eyes - the US, the UK, Canada, Australia and New Zealand - and for some reason Japan and India. Let’s call this coalition of the chilling, JIANUSCUK.…

And some 800,000 installations facing the internet, patches are available

A critical vulnerability in a SonicWall enterprise VPN firewall can be exploited to crash the device or remotely execute code on it, reverse engineers said this week.…

History tells us tech companies just get bigger, even after being broken up or battered

Column  Thriving amidst the pervasive chaos of 2020, the world’s largest technology companies - the FAANGs*, as we’ve come to know them - have managed to grow larger, richer and more powerful.…

Airline was saving domain admin creds and card details alike in plaintext

British Airways is to pay a £20m data protection fine after its 2018 Magecart hack – even though the Information Commissioner’s Office discovered the airline had been saving credit card details in plain text since 2015.…

They nicked six alleged perps last year but only one was charged

Britain’s National Crime Agency arrested six men in London on suspicion of laundering “tens of millions” for the Trickbot and Dridex banking malware gangs, the not-quite-police agency declared today.…

Infosec biz issues mildly off-the-wall guidance for incident responders

The global switch to remote working in early 2020 gave hackers a whole new set of juicy ransomware targets.…

Plus: Platform censors US newspaper and triggers ordure tsunami

American financial regulators in New York have demanded Twitter be subject to harsher rules following the July hacks of prominent users' accounts – as CEO Jack Dorsey furiously backpedals after his website censored a news article from a US newspaper.…

Dare ye use RC2 in production?

The version of .NET formerly called .NET Core is crawling closer to its November launch with .NET 5.0 Release Candidate 2 packing updates for key frameworks ASP.NET Core and Entity Framework Core, and a go-live licence.…

But it’s a tech preview and requires opt-in for every meeting

The world’s plague-time video meeting tool of choice, Zoom, says it’s figured out how to do end-to-end encryption sufficiently well to offer users a tech preview.…