News

Perceptics confirms intrusion and theft, stays quiet on details

Exclusive  The maker of vehicle license plate readers used extensively by the US government and cities to identify and track citizens and immigrants has been hacked. Its internal files were pilfered, and are presently being offered for free on the dark web to download.…

Prosecutors try to paint a line between journos and internet dump lord in case with significant free speech implications

Julian Assange has been formally accused by the US government of breaking the Espionage Act 18 times, expanding the legal case against him and raising significant free speech issues.…

Privacy slip allegations dog US cellular network giants... while FCC twiddles its thumbs

A bounty hunter was able to get the live location of a number of different individuals from American cellphone networks through a single phone call, it is claimed.…

Part-timers needed

The British Army's psyops unit 77 Brigade is still falling short of recruiting targets, despite cyber skills being bigged up repeatedly by the military and government.…

NATO's getting in on the action too

British ministers are stepping up their rhetoric on cyber warfare, with £22m to be splurged on embiggening an "offensive hacking" unit as Foreign Secretary Jeremy Hunt vowed to retaliate against Russian cyber-attacks.…

Haul included employee passports, driving licences, bank statements and more

The third-party mailbox used by Computacenter employees and contractors to deposit data for security clearance applications has been hacked and used in phishing scams.…

War crimes trial takes a fresh twist

The US Air Force has opened an investigation into a "malware" infection – which it is blaming on lawyers employed by the US Navy who are working on a war crimes case.…

Vulnerability can be exploited to turn users into system stars, no patch available yet

A bug-hunter who previously disclosed Windows security flaws has publicly revealed another zero-day vulnerability in Microsoft's latest operating systems.…

Biz app login details encrypted at rest, though, ad giant insists

Google admitted Tuesday its paid-for G Suite of cloudy apps aimed at businesses stored some user passwords in plaintext albeit in an encrypted form.…

Cheapskate fandroids get a pass on this one, though

Your iPhone can be uniquely fingerprinted by apps and websites in a way that you can never clear. Not by deleting cookies, not by clearing your cache, not even by reinstalling iOS.…

All too often, information-sharing is limited to vertical market silos; to build better defenses, it's time to take a broader view beyond the ISAC.

A glitch in Microsoft's Windows 10 update is causing systems to freeze after users tried to use the System Reboot function. Luckily, workarounds exist.

An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.

Yes, the one with the critical security fixes

Brit security software slinger Sophos has advised its customers to uninstall Microsoft's most recent Patch Tuesday run – the same patches that protect servers against the latest Intel cockups.…

A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.

Turning off trim control software in training wouldn't give realistic results – report

Boeing has admitted that pilot training simulators for the controversial 737 Max did not accurately reproduce what happened if the infamous MCAS system went gaga.…

An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel.

Daniel Gruss, the researcher behind Spectre, Meltdown - and most recently, ZombieLoad - Intel CPU side channel attacks, gives an inside look into how he discovered the flaws.

If it walks like a duck and quacks like a duck then...

Analysis  The technology industry has numerous terms for sneaky software, including malware, adware, spyware, ransomware, and the ever adorable PUPs – potentially unwanted programs. But there isn't always a clear difference between malware and less threatening descriptors.…

...And more from the world of infosec this week

Roundup  Here's a quick catch-up of all things infosec beyond what we've already reported this week.…