News

Instructions for spotting and keeping suspected Russians out of systems

Any organizations that used the backdoored SolarWinds network-monitoring software should take another look at their logs for signs of intrusion in light of new guidance and tooling.…

Key doc hasn't been updated since 2018, warn politicos and trade union

The UK's Information Commissioner's Office needs to update its Code of Employment Practices to tackle workplace spying by bosses, the Prospect trade union and the Labour Party have said.…

Burglary took place 3 months before biz discovered unauthorised entry

Anyvan, the European online marketplace that lets users buy delivery, transport or removal services from a network of providers, has confirmed it was the victim of a digital burglary that involved the theft of customers' personal data.…

Which is exactly what you should do

Scotland's environmental watchdog has confirmed it is dealing with an "ongoing ransomware attack" likely masterminded by international "serious and organised" criminals during the last week of 2020.…

And them good ol' boys revokin' sanction to buy, singin', 'Soon will come the day that we fly'

As parting gifts go, this one ranks pretty low. With less than three days until the inauguration of Joe Biden, the Trump Administration has reportedly revoked several licences that would allow Huawei to buy US-made tech, and plans to deny over 150 pending requests.…

Plus: Watch out for NTFS-corrupting folder, Mimecast hack, and more

In brief  Last week ended with news that the venerable infosec mailing list Bugtraq was being shutdown at the end of the month.…

Install base explodes following WhatsApp 'privacy' update, Musk endorsement

Updated  Signal is experiencing a partial outage as tens of millions of netizens flood the free secure messaging service.…

You know that update thing? JFDI

Out of the top five vulnerabilities for 2020 three dated back to 2019 or earlier, according to infosec firm Tenable's annual threat report.…

All that counter-China stuff costs a pretty penny, y'know

The Ministry of Defence's multibillion budget overrun has been caused in part because of its spending splurge on flashy new "cyber" capabilities, according to the National Audit Office.…

And can SASE save us?

Webcast  Last year your bosses embraced remote working because, let’s face it, none of us had a choice.…

20 DarkMarket servers siezed and probed in international raids

Europol cops have taken down dark-web souk DarkMarket, after arresting an Australian citizen living in Germany who they claim was operating the world's biggest online bazaar of its kind.…

Redmond keeps us hanging with on-premises Exchange flaw still to be fixed

Patch Tuesday  Microsoft on Tuesday released updates addressing 83 vulnerabilities in its software, which doesn't include the 13 flaws fixed in its Edge browser last week.…

Crowdstrike tech analysts explain how they think it slipped under the radar

The malware that was utilised to hack SolarWinds checked to see whether software used to compile the firm's Orion product was running before deploying its payload, according to Crowdstrike.…

Endpoint Detection and Response added. For servers, not standalone Linux desktops, mind

After a few months in preview, Microsoft has made Defender Endpoint Detection and Response (EDR) generally available for Linux servers.…

Brave move for Russian firm to finger its own govt over cyber badness

Kaspersky Lab reckons the SolarWinds hackers may have hailed from the Turla malware group, itself linked to Russia’s FSB security service.…

Theft-by-a-thousand-cuts flaw fixed

Until early last year, Google's YouTube had a security flaw that made private videos visible at reduced resolution, though not audible, to anyone who knew or guessed the video identifier and possessed the technical knowledge to take advantage of the snafu.…

Salted password hashes, addresses, phone numbers may have been exposed in cloud security snafu

Networking vendor Ubiquiti has written to its customers to advise them of a possible leak of their personal information.…

Post-Flashpocalypse, we stumble outside, hoping no one ever creates software as insecure as that ever again

Adobe has finally and formally killed Flash.…

Choke chain tightened on 'general warrants' after Privacy International wins judicial review

A landmark High Court ruling has struck down Britain's ability to hack millions of people at a time through so-called "general warrants" in what privacy campaigners are hailing as a major victory.…

8-month suspended sentence for conspiracy to secure unauthorised access to computer data

An employee at emergency roadside rescue biz RAC has received an eight-month suspended prison sentence for unsanctioned access to computer systems that saw her sell customers' data to an accident claims management company.…