News

By contrast, Russian hack-treason trial ends with 22-year sentence and accusations of foul play

A US judge this week sentenced website hacker Billy Anderson to three months behind bars, refusing his lawyer's request not to put him in jail, in order to "send a message" to others.…

Chipzilla rips sticker off its graphics accelerator, switches off GPU – now you're a security wizard, Harry!

RSA  Intel is touting a PCIe card packed with SGX tech to plug into servers in time for next week's RSA conference in San Francisco.…

Last week's disclosures are now this week's live attacks

Just days after a remote code execution flaw in open-source web publishing software Drupal was made public, researchers have already spotted live exploits in the wild – reinforcing the need for admins to patch and update their sites immediately.…

The campaign is marked by a significant level of customization, with an “individualized yet very consistent approach to every compromise.

Researchers are urging Ring users to update to the latest version of the smart doorbell after a serious flaw triggered privacy concerns.

Third time's hopefully a charm for Cisco, which has patched a high-severity flaw once again in its Webex video conferencing platform.

Many machines, including almost all Apple laptops and desktops produced since 2011, are vulnerable to data exfiltration via weaponized peripherals.

Yes it's years out of date but there's no such thing as security through obscurity

Cisco's security limb has spotted nefarious people targeting Elasticsearch clusters using relatively ancient vulns to plant malware, cryptocurrency miners and worse – though it does root out some other cybercrims’ dodgy wares, cuckoo-style.…

The China-linked threat group has returned in 2018 using updated RATs to launch its attacks, including ZxShell, Gh0st RAT, and SysUpdate malware.

Choose between 10 intensive training courses

Promo  However sophisticated computer systems become, skilled and determined cyber criminals manage to find endless new and more ingenious ways of breaking in to steal data or hold organisations to ransom.…

Honey, I've shrunk the spyware and concealed it with speculative execution

Spectre – the security vulnerabilities in modern CPUs' speculative execution engines that can be exploited to steal sensitive data – just won't quietly die in the IT world.…

Open memory defenses allow mischief from connected kit

Computers have enough trouble defending sensitive data in memory from prying eyes that you might think it would be unwise to provide connected peripherals with direct memory access (DMA).…

National security, sanctions allegations, pfft, you don't understand the art of the deal

Efforts to pressure the White House into banning Huawei hardware from America's networks may have backfired.…

Needs manpower, bags of time, full knowledge of target

Analysis  A group of infosec researchers have uncovered neat ways to track a phone's location via 4G or 5G. However, the mechanics of the surveillance, while fascinating, are difficult to pull off for all but the most determined foe.…

A known vulnerability combined with a weakness in bare-metal server reclamation opens the door to powerful, high-impact attacks.

Businesses as well as ordinary punters hit by viral nasties

Antisocial media sites like Facebook, LinkedIn, Twitter, and YouTube aren't merely inciting hatred, enabling discrimination, driving content moderators to the brink, and showing kids how to commit suicide. They're also making cybercrime more practical and profitable, at the expense of law-abiding internet users.…

SHAREit has fixed two flaws in its app that allow bad actors to authenticate their devices and steal files from a victim's device.

The spam campaign is being used to spread a malicious .exe file, taking advantage of a vulnerability in WinRAR which was patched in January.

Direct-to-memory attacks now account for 57 per cent of hacks, apparently

A company's internal network, once compromised, is now more likely to be ransacked by automated scripts than a piece of malware.…

Red scare reaches new heights as intel committee urges further crackdown on network-connected gear

Equipment made by Chinese electronics giant Huawei could be torn out of America's electrical grid, if US senators get their way.…