News

Big Brother Watch warns app contains too much sensitive medical information

The UK will next week begin using the NHS App to confer an individual's vaccination status, in the face of warnings that the technology could lead to identifiable medical information being exposed.…

The data is in: most users do not opt in to third-party tracking

Mobile app analytics company Flurry is measuring how many users of iOS 14.5 are opting in to allow apps to request to track them - and so far only 15 per cent worldwide have done so.…

Patch your devi... oh, hang on a sec

A computer science professor from Sweden has discovered an arbitrary code execution vuln in the Universal Turing Machine, one of the earliest computer designs in history – though he admits it has "no real-world implications".…

Someone at West Midlands Trains approved nasty cybersecurity drill

UK rail operator West Midlands Trains sent an email to 2,500 employees to thank them for hard work during COVID and promised a one-time bonus as a reward, but that lovely news turned out to be phishing training. Needless to say, it did not go over well.…

Another auto-exploit saw rPi push Telegram messages over CAN bus to brick a car

Black Hat Asia  Researchers have used the Black Hat Asia conference to demonstrate the awesome power of the Raspberry Pi as a car-p0wning platform.…

But won’t reveal who it wants banned from social media over less obvious disinformation

As COVID-19 continues to ravage India, the nation’s government has told it populace that 5G signals have nothing to do with the spread of the virus – if only because no 5G networks operate in India.…

Blames spam filters for brownout, warns fix could be 'disruptive'

Trend Micro’s hosted email security product is experiencing a global brownout.…

But we heard the message loud and clear – it's pretty much the standard runtime platform now

Kubecon  A session on how to hack into a Kubernetes cluster was among the highlights of a Kubecon where the main events were generally bland and corporate affairs, perhaps indicative of the technology now being a de facto infrastructure standard among enterprises.…

Plus: Student cripples EU bio lab and IRS goes after cryptocurrency

In brief  The United States' Department of Defense has opened up all of its publicly facing systems and apps to investigation under a bug bounty program.…

Also we fixed SS7 use by British telcos. How? Why? Not saying

Domains'n'hosting outfit Namecheap harboured more than a quarter of all known phishing sites that falsely posed as UK government web presences during 2020, according to the National Cyber Security Centre today.…

Colonial Pipeline says damage contained, some smaller lines already back, but has no timetable for resumption

One of the USA’s largest oil pipelines has been shut by ransomware .…

Plus: NCSC warns of how hostile powers may exploit smart city infrastructure

Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets' networks as a legitimate pentesting exercise.…

Software giant vows data processing of EU cloud services to stay in EU, which means that currently...

Microsoft has announced plans to ensure data processing of EU cloud services within the borders of the political bloc in a move that expert observers claim reveals problems with the firm's existing setup.…

You know the drill: shake your head in disbelief, then figure out if patching will wipe out a weekend or be merely inconvenient

Cisco has revealed a pair of critical bugs in its HyperFlex hyperconverged infrastructure product.…

Asia is already short millions of trainees; expert warns talent pipeline will dry up in response to government snooping

Black Hat Asia  Asian nations in which governments are keen on citizen surveillance struggle to develop ethical hackers, as prospective workers fear their activities may be misunderstood, according to security specialist Mika Devonshire.…

Developers want to do this, says Google. Ummm ... guys, you do remember the thousands of malware nightmares you’ve hosted and sold?

Google has decided the time has come to require app developers to disclose the data their wares collect, and their security practices, in their Play Store listings.…

World Password Day returns to remind us how much passwords suck

Google has marked World Password Day by declaring "passwords are the single biggest threat to your online security," and announcing plans to automatically add multi-step authentication to its users' accounts.…

Good thing researchers spotted it, but no evidence of exploit in the wild

A heap overflow vulnerability in Qualcomm Snapdragon 855 modem system-on-chips used in Android devices could let malicious people run arbitrary code on unsuspecting users' devices, according to Check Point.…

On the other hand he was fine

Graphic images  Everyone knows the trope. The baddies smash their way in and gun down the guard standing in front of the vault. "Dammit," says the lead bad guy, "it's a biometric scanner, we'll never get in!" His most grizzled henchman turns round, holding up the dead guard's lifeless arm. "Oh yes we will…"…

Terms and conditions apply

Version 90 of Google's Chrome browser includes a bit of extra security for users of recent versions of Windows and the latest x86 processors, in the form of hardware-enforced stack protection.…