News

'A secure dev lifecycle has a much higher ROI than letting the public do the bug detection work for you'

Microsoft's bug bounty program has exploded in terms of scope and payouts.…

Qualcomm bugs among the worst – including a critical hole in wireless networking

Google has emitted the August edition of its Android software security updates.…

Bank account numbers and sort codes may have been accessed by intruders

Hackers who accessed the servers of the British Dental Association (BDA) may have made off with members' bank account numbers and sort codes, according to reports.…

Hello, 2009 called, they said they've got an email for you

A Chinese state-backed hacking crew named Taidoor is deploying a custom remote access trojan (RAT) against Western organisations, according to US authorities.…

Former trade minister Dr. Liam Fox named as source of leaked trade docs

Former UK trade minister and current Conservative MP Dr. Liam Fox has been named as the source of hacked trade documents released during last year's British elections.…

When will this madness end?

The massive amounts of exposed data on misconfigured AWS S3 storage buckets is a catastrophic network breach just waiting to happen, say experts.…

Chances of it getting enacted in time for the election - slim to almost nil

The US House of Representatives has passed a spending bill which includes a $500m election security provision.…

Chinese-owned vid app reportedly moving HQ to London

The chairman of UK Parliament's Defence Committee has suggested making popular app TikTok subject to Huawei-style code reviews by GCHQ, if its reported move to a new London HQ comes true.…

OpenSSF to take projects from CII and OSSC under its umbrella

The Linux Foundation has formed the Open Source Security Foundation (OpenSSF) with founding board members representing companies including IBM, GitHub, Google, JPMorgan Chase, Microsoft, NCC Group, and Red Hat.…

CRM biz doesn't 'anticipate any kind of material financial impact' but can't say same for those whose data was nicked

"We discovered and stopped a sophisticated attempted ransomware attack," Blackbaud CEO Michael Gianoni has told financial analysts – failing to mention the company simply paid off criminal extortionists to end the attack.…

Meanwhile, Linux KDE desktops can be pwned by evil archives

In Brief  Cisco customers once again find themselves needing to patch critical vulnerabilities in Switchzilla's gear.…

Alleged 17-year-old mastermind among trio charged over account mass hijackings

Three individuals were charged on Friday for allegedly hijacking a string of high-profile Twitter accounts after hoodwinking the social network's staff.…

$4.5m may have gone into crims' pockets after bookings biz hit by Ragnar Locker nasty

Exclusive  US corporate travel management firm Carlson Wagonlit Travel has suffered an intrusion and it is believed the company paid a $4.5m ransom to get its data back.…

Inflammatory findings from deadly serious investigation

Some 3D printers can be flashed with firmware updates downloaded directly from the internet – and an infosec research firm says it has discovered a way to spoof those updates and potentially make the printer catch fire.…

That means no security updates, which puts users at risk of compromise

An investigation by consumer watchdog Which? has found that nearly a third of all phones sold on second-hand sites are no longer supported by the vendor, leaving punters at risk of being hacked.…

Russian, Chinese, Nork groups named in bank asset freeze

The European Union has, for the first time ever, slapped sanctions on hacking crews.…

Story behind a hasty teardown, fixing of a brute-force vulnerability

Zoom has confirmed it fixed a vulnerability that could have been exploited by miscreants to crack the passcodes needed to access strangers' private chin-wagging.…

Attack came in waves that probed for staff with access to the creds crims craved

Twitter has offered further explanation of the celebrity account hijack hack that saw 130 users’ timelines polluted with a Bitcoin scam.…

Warnings either not new or need more study, reckons open-source dev team

Neal Krawetz, a computer forensics expert, has published details on how to detect Tor bridge network traffic that he characterizes as "zero-day exploits"... which the Tor Project insists are nothing of the sort.…

That's one way of speeding up the tech refresh cycle

Netgear has quietly decided not to patch more than 40 home routers to plug a remote code execution vulnerability – despite security researchers having published proof-of-concept exploit code.…