News

It was a state-sponsored attack, declares US Attorney General

The United States has announced criminal charges against four Chinese Army soldiers who, it is claimed, are the hackers who stole 145 million Americans’ personal data from credit scorer Equifax.…

Including: Why was #RootGoat2020 trending on Twitter? It is as silly as you think

Roundup  It's time yet again to recap the latest security happenings.…

'I'm sorry, Dave, I'm afraid I can't fetch that document'

Continuing to drop flame retardant on the dumpster fire that is web security, Google on Thursday said it will soon prevent Chrome users from downloading files over insecure, plain old, unencrypted HTTP.…

Plus: Move to Agile is 'high risk' and infosec snafus still not fixed

British F-35Bs deploying to the South China Sea next year may not meet key reliability metrics set by an American government watchdog, its annual report has revealed.…

It may or not involve office stationery

Greater Manchester Police is struggling with a partial outage of a Capita-built computer system used by frontline officers to input information.…

'Pwned with a broadcast' bug among 25 to be patched by Google

Google has posted the February security updates for Android, including for a potentially serious remote code execution flaw in Bluetooth.…

Bad: The other 20 per cent are still wide open. Also bad: Some of those patched machines may have been hacked

Roughly a fifth of the public-facing Citrix devices vulnerable to the CVE-2019-19781 remote-hijacking flaw, aka Shitrix, remain unpatched and open to remote attack.…

That 'free' Adobe or Microsoft software isn't all it's cracked up to be, eh?

We don't know who needs to hear this, but don't download cracked commercial software. Researchers claim more than 500,000 PCs have been left wriggling with malware after a cracked app went on to retrieve further nasties from Bitbucket repos.…

To be honest, it was the impracticality and inefficiency that first attracted us to this otherwise cunning exfiltration

Boffins from Ben-Gurion University of the Negev and Shamoon College of Engineering in Israel have come up with yet another TEMPEST-style attack to exfiltrate data from an air-gapped computer: leaking binary signals invisibly by slightly modulating the light coming off its monitor.…

Now all you have to do is remember what your Y! email address was amid sounds of lawyers popping champagne

Long-suffering Yahoo! customers may finally get some compensation for having their personal details exposed to hackers not once, not twice, not three times, nor four times, but five times between 2012 and 2016.…

Dear Facebook, please keep up with Electron and Chromium fixes, ta

A vulnerability in WhatsApp could be exploited to remotely access a victim's files on their computer – if they use the desktop client paired with the iPhone app. A patch has been issued and should be installed.…

'Why does a device that is essentially a mouse need a privacy policy?'

FYI: Wacom's official tablet drivers leak to the manufacturer the names of every application opened, and when, on the computers they are connected to.…

First the lightbulb. Then the controller. Then your internal network.

Researchers at Check Point have demonstrated how to infect a network with malware via a simple IoT device, a Philips Hue smart lightbulb.…

You can turn it back on, but why?

Chrome 80 emerged from Google this week with a few more nails to hammer into the coffin of the venerable File Transfer Protocol (FTP).…

Most distros unaffected unless defaults were changed, but do check

Sudo, a standard tool on Unix-y operating systems that lets select users run some or all commands as root, can be exploited to give superpowers to any logged-in user – if deployed with a non-default configuration.…

So use our browser, Brave implies

A new report by privacy-focused browser Brave suggests UK local authorities are sharing information about their website users with dozens of private companies.…

1% of 1% of users affected, but as it's Google that's still in the six figures

A bug in Google's Photo software caused potentially 100,000 or more netizens to have their personal videos exposed to complete strangers last Thanksgiving.…

El Reg digs into claims by Kiwi browser maker that ad giant is not GDPR compliant

Analysis  Google is potentially facing a massive privacy and GDPR row over Chrome sending per-installation ID numbers to the mothership.…

Crap security? Shocked, shocked, we tell you

This may shock you, but Huawei effectively built a poorly hidden, insecure backdoor into surveillance equipment that uses its HiSilicon subsidiary's chips, it appears.…

Or so clams this vendor's marketing

Attempts to infect computers with ransomware and other malware over networks are decreasing, reckons infosec outfit Sonicwall.…