News
UK elections are unaffected by China's cyber-interference, says deputy PM
The UK's deputy prime minister, Oliver Dowden, says China has been unsuccessful in its attempts to undermine UK elections.…
Row breaks out over true severity of two DNSSEC flaws
Two DNSSEC vulnerabilities were disclosed last month with similar descriptions and the same severity score, but they are not the same issue.…
New Zealand to world: China attacked us, too!
The government of South Pacific island nation New Zealand has revealed that it, too, has been attacked by China.…
US charges Chinese nationals with cyber-spying on pretty much everyone for Beijing
The United States on Monday accused seven Chinese men of breaking into computer networks, email accounts, and cloud storage belonging to numerous critical infrastructure organizations, companies, and individuals, including US businesses, politicians, and their political parties.…
Over 170K users caught up in poisoned Python package ruse
More than 170,000 users are said to have been affected by an attack using fake Python infrastructure with "successful exploitation of multiple victims."…
Tech trade union confirms cyberattack behind IT, email outage
Exclusive The Communications Workers Union (CWU), which represents hundreds of thousands of employees in sectors across the UK economy including tech and telecoms, is currently working to mitigate a cyberattack.…
Mozilla fixes $100,000 Firefox zero-days following two-day hackathon
Mozilla has swiftly patched a pair of critical Firefox zero-days after a researcher debuted them at a Vancouver cybersec competition.…
GoFetch security exploit can't be disabled on M1 and M2 Apple chips
The GoFetch vulnerability found on Apple M-series and Intel Raptor Lake CPUs has been further unpacked by the researchers who first disclosed it.…
Time to examine the anatomy of the British Library ransomware nightmare
Opinion Quiz time: name one thing you know about the Library of Alexandria. Points deducted for "it’s a library. In Alexandria." Looking things up is cheating and you know it.…
That Asian meal you eat on holidays could launder money for North Korea
If you dine out at an Asian restaurant on your next holiday, the United Nations thinks your meal could help North Korea to launder money.…
Microsoft confirms memory leak in March Windows Server security update
Infosec in brief If your Windows domain controllers have been crashing since a security update was installed earlier this month, there's no longer any need to speculate why: Microsoft has admitted it introduced a memory leak in its March patches and fixed the issue.…
Some 300,000 IPs vulnerable to this Loop DoS attack
As many as 300,000 servers or devices on the public internet are thought to be vulnerable right now to the recently disclosed Loop Denial-of-Service technique that works against some UDP-based application-level services.…
Vans claims cyber crooks didn't run off with its customers' financial info
Clothing and footwear giant VF Corporation is letting 35.5 million of its customers know they may find themselves victims of identity theft following last year's security breach.…
Russia's Cozy Bear caught phishing German politicos with phony dinner invites
The Kremlin's cyberspies targeted German political parties in a phishing campaign that used emails disguised as dinner party invitations, according to Mandiant.…
Chinese snoops use F5, ConnectWise bugs to sell access into top US, UK networks
Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to compromised US defense organizations, UK government agencies, and hundreds of other entities, according to Mandiant.…
3 million doors open to uninvited guests in keycard exploit
Around 3 million doors protected by popular keycard locks are thought to be vulnerable to security flaws that allow miscreants to quickly slip into locked rooms.…
Hardware-level Apple Silicon vulnerability can leak cryptographic keys
Apple is having its own Meltdown/Spectre moment with a new side-channel vulnerability found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys. …
NVD slowdown leaves thousands of vulnerabilities without analysis data
Opinion The United States National Institute of Standards and Technology (NIST) has almost completely stopped adding analysis to Common Vulnerabilities and Exposures (CVEs) listed in the National Vulnerability Database. That means big headaches for anyone using CVEs to maintain their security. …
Truck-to-truck worm could infect – and disrupt – entire US commercial fleet
Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University.…
FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert
The US government has recommended a series of steps that critical infrastructure operators should take to prevent distributed-denial-of-service (DDoS) attacks.…