News

For now it's child abuse material but the tech has mission creep written in

Apple is about to announce a new technology for scanning individual users' iPhones for banned content. While it will be billed as a tool for detecting child abuse imagery, its potential for misuse is vast based on details entering the public domain.…

Patches issued for two CVE-rated vulns

Cisco has published patches for critical vulns affecting the web management interface for some of its Small Business Dual WAN Gigabit routers – including a 9.8-rated nasty.…

Party denies naming activist to police but apologises anyway

A "left-wing" German infosec researcher was this week threatened with criminal prosecution after revealing that an app used by Angela Merkel's political party to canvass voters was secretly collecting personal data.…

Identity management and access management problems are different and distinct

Sponsored  The pandemic has been an arduous time for businesses, but many have learned some important lessons about remote access security along the way.…

Trust us – you need to tune into this

Webcast  Some say the best form of defense is offense. But when it comes to modern ransomware from cyber-crime orgs that are well-funded, possibly have state actor backing, and have your data under their control, just how offensive can you afford to be?…

Company says it didn't skimp on security before everything went wrong

SolarWinds is urging a US federal judge to throw out a lawsuit brought against it by aggrieved shareholders who say they were misled about its security posture in advance of the infamous Russian attack on the business.…

Security not good enough, claims Chocolate Factory engineer

Google's open security team has claimed the Linux kernel code is not good enough, with nearly 100 new fixes every week, and that at least 100 more engineers are needed to work on it.…

Pandemic also behind fall in breaches, according to ICO annual reaport

The UK's data watchdog has defended its approach to regulating government health technologies during the pandemic as "pragmatic."…

Don’t let your endpoints become a sitting target, says Fortinet

Sponsored  Thirty years ago, the industry birthed networked antivirus (NAV), which later morphed into endpoint protection (EP), managed using endpoint protection platforms (EPPs). More recently, this era has faded as endpoint protection and response (EDR) and managed detection and response (MDR) services become the industry standard.…

And said entirely with a straight face, too

Russia has put forward a draft convention to the United Nations ostensibly to fight cyber-crime.…

Learn how to manage the risks of cloud native environments with Aqua and AWS

Promo  There’s no doubt that adopting DevOps methodologies and CI/CD pipelines, and extending cloud native technologies like containerization can massively accelerate your application development and deployment.…

Small steps could lead to bigger strides

The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed its websites for vulnerabilities, according to a cheery missive from HackerOne.…

Head techie for Chocolate Factory's search ad biz departs Mountain View

Identity-as-a-service slinger Okta has poached Google veep of engineering Sagnik Nandy to become its president and chief tech officer.…

Handy way to keep tabs on 'activists, politicians, business leaders, and more'

Attack protection specialist Cybereason has fingered threat actors working on behalf of "Chinese state interests" as being behind attacks on telcos operating in Southeast Asia – with some having been prowling the penetrated networks for information on high-value targets since 2017.…

Plus: SolarWinds cyber-spies hit US prosecutors' email systems, and more

In brief  Malicious libraries capable of lifting credit card numbers and opening backdoors on infected machines have been found in PyPI, the official third-party software repository for Python.…

Irony, thy name is Yes Consumer Solutions Ltd

A firm that sells nuisance call-blocking systems is itself nursing a £170,000 fine from the UK's data watchdog, ironically for cold calling almost 200,000 people registered with the Telephone Preference Service (TPS).…

Hardcoded passwords, unencrypted connections and unauthenticated firmware updates... patches released

Security specialist Armis has discovered vulnerabilities, collectively dubbed PwnedPiper, in pneumatic tube control systems used in thousands of hospitals worldwide – including 80 per cent of the major hospitals found in the US.…

Slams Biden's Executive Order on improving infosec, calls for multilateral trust framework

Huawei has decided to school America on cyber-security, and its lesson is to co-operate with China so its vendors – including Huawei – can be trusted around the world.…

Zoombombing class action offers US$85m in payments, meaning even free accounts get a few bucks

US-based Zoom users may have a little cash coming their way after the video meeting outfit lodged a preliminary settlement in a class action related to some of its less-than-brilliant security and data protection practices.…

Just 'validate third-party code before using it', says Euro body

Half of publicly reported supply chain attacks were carried out by "well known APT groups", according to an analysis by EU infosec agency ENISA, which warned such digital assaults need to drive "new protective methods."…