News

You can make your own joke about foxes and hen houses...

The Linux Foundation has signed up the likes of Microsoft and Google for its Confidential Computing Consortium, a group with the laudable goal of securing sensitive data.…

EoP bug now free for the world to see after bounty was rejected

A security bod angry at Valve's handling of bug reports has released a zero-day vulnerability affecting the games giant's flagship Steam app.…

Plus UCS and other gear need updates

Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers.…

* Terms and conditions apply. Offer not valid outside Kazakhstan. Your home may be repossessed if you do not keep up payments

On Wednesday, Google, Apple, and Mozilla said their web browsers will block the Kazakhstan root Certificate Authority (CA) certificate – following reports that ISPs in the country have required customers to install a government-issued certificate that enables online spying.…

Better to be aggressive and safe than sorry

IT admins could go a long way towards protecting their users from malware and other dodgy stuff on the internet if they ban access to any web domain less than a month old.…

Doors on the Edge Insider Bounty Program flung open

Having finally pushed out the first Beta preview of its Chromium-based browser, Microsoft has launched a bounty programme aimed at getting researchers to kick the tyres on its latest and greatest.…

So much for Beto O'Rourke's cow-related capers

The youthful doings of US presidential wannabe Beto O'Rourke are in sharp decline, according to threat intel biz Recorded Future, which reckons folk have fallen out of love with hacktivism.…

Keep your media player, like other apps, up to date: 13 security flaws fixed

VideoLAN has issued an update to address a baker's dozen of CVE-listed security vulnerabilities in its widely used VLC player software.…

Russian bank-hacking ring continues its global expansion

The rapidly growing hacking crew dubbed Silence, has – in less than three years – gone from ransacking small regional banks in Eastern Europe to stealing millions from some of the largest international banks.…

Developer account cracked due to credential reuse, source tampered with and released to hundreds of programmers

An old version of a Ruby software package called rest-client that was modified and released about a week ago has been removed from the Ruby Gems repository – because it was found to be deliberately leaking victims' credentials to a remote server.…

You listening, Trump?

An internal memo to Huawei staff sent by boss Ren Zhengfei is long on military metaphors and warns that the company needs to go into "battle mode" to counter trade barriers put up by the United States.…

File under: 'Breaking' news

iPhone hackers have discovered Apple's most recent iOS update, 12.4, released in July, accidentally reopened a code-execution vulnerability that was previously patched – a vulnerability that can be abused to jail-break iThings.…

Officials suspect a coordinated extortion campaign

Twenty-three towns in Texas have been targeted with ransomware in what appears to be a coordinated attack.…

Flawed code traced to home build system, vulnerability can be attacked in certain configs

The maintainers of Webmin – an open-source application for system administration tasks on Unix-flavored systems – have released Webmin version 1.930 and the related Usermin version 1.780 to patch a vulnerability that can be exploited to achieve remote code execution in certain configurations.…

Sanitised browser history sparked another investigation

One of the crew who hacked TalkTalk has been ordered to hand over £400,000 after seizing control of a high-profile Instagram account following a hack on Aussie telco Telstra.…

Spec design flaw stiffs security of gizmos

Roundup  Let's run through all the bits and bytes of security news beyond what we've already covered. Also, don't forget our articles from this year's Black Hat, DEF CON, and BSides Las Vegas conferences in the American desert.…

After inaction, technical changes promise better fraud defense

Three years ago, Google software engineer Ali Juma proposed that Chrome should be modified to ignore recently moved iframe elements on web pages as a defense against clickjacking.…

Bill approaching £9m compared to £4.1m for the system in 2016

Concerns have been raised over a key supplier of an e-counting system for the London Mayoral elections in 2020.…

Alerted to exposed credentials, users do something about it roughly a quarter of the time

Between February and March this year, after Google released a Chrome extension called Password Checkup to check whether people's username and password combinations had been stolen and leaked from website databases, computer scientists at the biz and Stanford University gathered anonymous telemetry from 670,000 people who installed the add-on.…

You never know, we might figure out how not to screw up in future

Analysis  In the clearest possible sign that the US intelligence services live within their own political bubble, the director of national intelligence has asked Congress to reauthorize a spying program that the NSA itself decided to shut down after it repeatedly – and illegally – gathered the call records of millions of innocent Americans.…