News

Crap security? Shocked, shocked, we tell you

This may shock you, but Huawei effectively built a poorly hidden, insecure backdoor into surveillance equipment that uses its HiSilicon subsidiary's chips, it appears.…

Or so clams this vendor's marketing

Attempts to infect computers with ransomware and other malware over networks are decreasing, reckons infosec outfit Sonicwall.…

It's 2020 and people are still letting S3 storage leak

A private yacht crew recruitment agency has left an AWS bucket containing the CVs, passports and even some drug test results for up to 17,000 people exposed to world+dog, according to reports.…

5,000 password resets, multi-day outage, och aye!

A further education college in east Scotland has been struck by what its principal described as a cyber "bomb" in an apparent ransomware attack so bad that students have been told to stay away and reset passwords en masse.…

Now there's no excuse

OpenSK, a new open-source project from Google, lets folk make their own security key for less than £10.…

Exploitable API blew away anonymity, abused by systems in Iran, Israel, Malaysia

Twitter has admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of twits en masse, which could lead to their de-anonymization.…

US watchdog struggles to do its job over illegal sale of folks' whereabouts

It’s been nearly two years since it was first revealed that US cellular networks were selling real-time location data with inadequate safeguards. Late last week, after months of political pressure, the regulator in charge, the FCC, finally revealed the results of an investigation.…

IT services offline for days now

Australian courier company Toll has shut down several of its key systems after a "security incident" last week, prompting a backlash from frustrated customers.…

He was also secretly filming in leisure centres

A perv who reportedly hacked people's iCloud accounts to obtain sexual images before sharing them online has been sent to prison for nearly four years.…

Tried not suing your customers when they make claims?

FIC 2020  EU companies aren't taking out insurance against attacks on online assets because the companies selling coverage aren't organised enough – while Brits are more likely to pay off ransomware crooks than others.…

Top military officers talk about response thresholds at French shindig

FIC 2020  Western military alliance NATO could have reacted with force to the 2017 WannaCry ransomware outbreak that locked up half of Britain's NHS, Germany's top cybergeneral has said.…

Also, Wawa data surfaces on dark markets after December's hack

Roundup  It has been a busy week in infosec, though here's a few more security news bites to mull over.…

And it only took, er, four and a half months for people to see sense

Criminal charges have been dropped against two infosec professionals who were arrested during a sanctioned physical penetration test gone wrong.…

Supply-chain hackers now taking aim at kids fighting for democracy, say researchers

A Chinese hacking crew which had previously been focusing on industrial and commercial attacks has now involved itself in efforts to suppress protests in Hong Kong.…

Would sir care for an Audi with that Jag?

Nearly a year after Malta's Bank of Valletta (BOV) yanked itself from the internet amid a "cyber intrusion", Britain's National Crime Agency (NCA) has made three arrests.…

Do you want Russia or China writing treaties on what's cool online?

FIC 2020  International progress on state-level so-called cybersecurity "norms" is hopelessly bogged down in an explosion of NGOs and internal United Nations rivalries between two overlapping groups, a French security conference heard this week.…

'Hundreds' of staffers in marketing analytics subsidiary to be hit

Avast will pull the plug on Jumpshot, its controversial data analytics business, after it was revealed the company was harvesting its users' data.…

'We are focusing on defending systems over identifying and pursuing the person behind the cyber-crime'

Enigma  A plague of ignorance and misplaced priorities in government and law enforcement, from neighborhood cops all the way up to international bodies, is allowing cyber-crime to run rampant.…

Function accidentally returns OK instead of no-way

Code dive  The OpenBSD project's OpenSMTPD can be potentially hijacked by a maliciously crafted incoming email.…

For an organization accused of being 'all talk, no action', there's not even enough talking – to its own employees

The United Nations’ European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants' fingertips. Incredibly, the organization decided to cover it up without informing those affected nor the public.…