News

Report finds enterprise software collecting and shipping out sensitive customer information

Enterprise security, analytics, and hardware management tools - the very tools used to keep data safe - are collecting and sharing far more information than customers might think.…

Educator, learn thyself. Prevention is better than cure

Lancaster University has started withdrawing non-business-critical access to a breached student database – more than a week after the apparent hack took place.…

PASSENGERS IN PERIL? CRISIS IN THE SKIES? No – but neat ways to frig with your own aircraft

An investigation into the computer security of small airplanes, the results of which were made public this week, will be sure to generate some flashy headlines. However, there are important caveats.…

What's that? They found 20 weapons and the landlord was linked to a truck bomb assassination? Oh sheeeeet

Vid  Newly released footage showing cops storming the house of the woman accused of hacking Capital One's cloud servers to steal 106 million people's personal information, has again raised questions about the over-militarization of the American police force.…

Vulnerable version still on main download page, use 6.2.5 instead

The Document Foundation has recently patched LibreOffice, its open-source office suite, to fix an issue where documents can be configured to run macros silently on opening.…

Tight-lipped plod say cybercrook emailed them sample of stolen data

Around 20,000 Los Angeles Police Department job-seekers and officers have had their personal data nicked, the force has confirmed.…

180,000 SSNs nicked, Seattle woman cuffed, charged

Developing  A hacker raided Capital One's cloud storage buckets and stole personal information on 106 million credit applicants in the US and Canada.…

Still not migrated? You have until 8 September

Transport Level Security (TLS) 1.0 and 1.1 is to be axed for users of Microsoft Cloud App Security (MCAS) from 8 September as the company shores up security with a requirement for TLS 1.2+.…

Equipment in hospitals, factories, offices, etc potentially vulnerable to attack

Wind River has patched 11 security vulnerabilities in VxWorks that can be potentially exploited over networks or the internet to commandeer all sorts of equipment dotted around the planet.…

Plus: RobinHood admits to password gaffe

Roundup  Here's a quick summary of what's been happening in the infosec world lately, beyond what we've already reported.…

Crooks fail to hijack infosec bloke's site to dress it up as a legit Euro bank login page

Think you have bad luck? Imagine being the script kiddie who inadvertently tried and failed to pwn an Akamai security pro.…

Let us compete globally, say threat intel outfits

A group of British infosec companies has written to UK prime minister Boris Johnson asking him to reform the Computer Misuse Act 1990, saying the act "has failed to keep pace with technological and market developments, inadvertently prohibiting a large component of contemporary threat intelligence research."…

Let's be careful out there

Scanning of random ports and the use of encrypted malware by online criminals is on the rise, according to a threat report by Sonicwall.…

Joy as infosec researcher spared jail time in America

Marcus Hutchins is on his way home to England after a judge spared him a stretch behind bars in America for developing the Kronos banking trojan.…

When UK and US said it was Russia, they weren't thinking of the litigators!

Analysis  The defining feature of cyberwarfare is the fact that both the weapon and the target is the network itself. In June 2017, the notorious file-scrambling software nasty NotPetya caused global havoc that affected government agencies, power suppliers, healthcare providers and big biz.…

City says no customer data stolen in malware outbreak

The city of Johannesburg in South Africa is working to get its power grid back online after a ransomware infection blocked service for some customers.…

Give it a Wray, give it a Wray, give it a Wray now: Big Chris steps in to defend blowing a hole in personal crypto

FBI head honcho Christopher Wray is rather peeved that you all think the US government is trying to weaken cryptography, privacy, and online security, by demanding backdoors in encryption software.…

Group connected to election meddling now selling spy tools

A Russian software developer, currently under American sanctions for its purported role in the Kremlin's interference with the 2016 US elections, is now selling spyware to governments.…

25-year-old Bradfordian cuffed by NCA over '20k' records breach

Cops have cuffed a 25-year-old man from Bradford on suspicion of committing Computer Misuse Act crimes after Lancaster University suffered a data breach affecting more than 12,000 students and applicants.…

Someone just revealed the tricky kernel heap spray part

Vital clues on how to exploit the notorious Windows RDP bug, aka CVE-2019-0708 aka BlueKeep, and hijack vulnerable boxes, emerged online this week.…