Security
Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway – report
Anonymous sources get into war-by-media counterbriefing
13 May 17:44 | 10
Security
Security
Colonial Pipeline was looking to hire cybersecurity manager before ransomware attack shut down operations
Good luck to whoever got that gig
13 May 12:35 | 15
Exclusive
Oops, says Manchester City Council after thousands of number plates exposed in parking ticket spreadsheet
They are personal data, you know. Wait – you did know that, right?
13 May 10:01 | 44
Promo
When it comes to cybersecurity, there's always time for summer school or winter training
Get ready for SANS Institute's biggest ever Asia-Pacific training event
13 May 00:22 |
Security
Apple's Find My network can be abused to leak secrets to the outside world via passing devices
You gotta work hard for those three-bytes-a-second transfers, though
12 May 20:28 | 9
Webcast
Happy to pay out to ransomware masterminds? Yup, we thought so
Join us online and learn about modern extortionware and how to frustrate it
12 May 16:00 |
CyberUK 21
Britain to spend £22m influencing Indo-Pacific nations' cybersecurity policies against 'authoritarian regimes'
So says Foreign Secretary in lacklustre speech to NCSC faithful
12 May 12:15 | 25
Column
Blessed are the cryptographers, labelling them criminal enablers is just foolish
Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons
12 May 07:31 | 142
Security
Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data
Online lending apps and more given fifteen days to ‘rectify’ behaviour
12 May 05:19 | 7
Security
South Korea orders urgent review of energy infrastructure cybersecurity
No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week
12 May 03:38 | 9
Security
Tech industry quietly patches FragAttacks Wi-Fi flaws that leak data, weaken security
Dozen design, implementation blunders date back 24 years
12 May 00:58 | 4
CyberUK 21
SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach
'This can happen to anybody. There's always learning in any crisis. And we were no exception'
11 May 19:59 | 14
Patch Tuesday
Microsoft emits more fixes for Exchange Server plus patches for remote-code exec holes in HTTP stack, Visual Studio
Plus: Grab your updates for Adobe, SAP, Android, Intel
11 May 19:08 | 14
CyberUK 21
UK's Computer Misuse Act to be reviewed, says Home Secretary as she condemns ransomware payoffs
Priti Patel doesn't say a word about encryption, though
11 May 16:00 | 20
Security
NHS App gets go-ahead for vaccine passport use despite protest from privacy groups
Big Brother Watch warns app contains too much sensitive medical information
11 May 15:15 | 51
Security
App Tracking: Apps plead for users to press allow, but 85% of Apple iOS consumers are not opting in
The data is in: most users do not opt in to third-party tracking
11 May 13:45 | 44
Security
Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine
Patch your devi... oh, hang on a sec
11 May 09:15 | 55
Security
Train operator phlunks phishing test by teasing employees with non-existent COVID bonus
Someone at West Midlands Trains approved nasty cybersecurity drill
11 May 07:58 | 135
Black Hat Asia
Tencent research team scores free powerups for electric cars with Raspberry Pi-powered X-in-the-middle attack
Another auto-exploit saw rPi push Telegram messages over CAN bus to brick a car
11 May 04:04 | 8
Security
Indian government says 5G doesn’t cause COVID-19. Also points out India has no 5G networks
But won’t reveal who it wants banned from social media over less obvious disinformation
11 May 02:58 | 19
Popular
Updated
Salesforce fell over so hard today, it took out its own server status page
It’s not DNS. There is no way it’s DNS. It was DNS
Personal Tech
WhatsApp: Share your data with Facebook, or we'll make our own app useless to you
Zuck gets tough just as Germany blocks privacy policy roll-out
Applications
Microsoft says Outlook hit by 'email visibility issues' – as in, they're blank
Here's an unofficial fix for those who need their messages now
Column
Blessed are the cryptographers, labelling them criminal enablers is just foolish
Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons
Patch Tuesday
Microsoft emits more fixes for Exchange Server plus patches for remote-code exec holes in HTTP stack, Visual Studio
Plus: Grab your updates for Adobe, SAP, Android, Intel
Security
Tech industry quietly patches FragAttacks Wi-Fi flaws that leak data, weaken security
Dozen design, implementation blunders date back 24 years
Updated
US-based hard disk drive suppliers face further scrutiny over whether they've shipped proscribed HDDs to Huawei
The Wicker man: US Commerce Committee senator questions Toshiba, Seagate and WD
Software
Open-source JavaScript project Babel 'running out of money' after employing paid maintainers, sponsors pull out
Creator deletes posts alleging 'mismanagement' to blame
Applications
Water's wet, the Pope's Catholic, and iOS is designed to stop folk switching to Android, Epic trial judge told
Fortnite maker wheels out economist to explain how Apple works
Updated
'Biggest data grab' in NHS history stuffs GP records in a central store for 'research' – and the time to opt out is now
'More data, more breadth, more depth... it's the whole f&*king deal'
STORIES
Security
Trend Micro hosted email service is down, inboxes still stuck in cloudy limbo
Blames spam filters for brownout, warns fix could be 'disruptive'
11 May 01:13 | 5
Kubecon
Kubecon 2021: A largely dry and corporate affair where the best bits involved a spot of Kubernetes-hacking roleplay
But we heard the message loud and clear – it's pretty much the standard runtime platform now
10 May 19:12 |
In brief
Uncle Sam wants 'ethical hackers' to crack its planetary defenses, but don't expect a pay-day from this bug bounty
Plus: Student cripples EU bio lab and IRS goes after cryptocurrency
10 May 11:32 | 24
Updated
Namecheap hosted 25%+ of fake UK govt phishing sites last year – NCSC report
Also we fixed SS7 use by British telcos. How? Why? Not saying
10 May 08:30 | 38
Updated
US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day
Oil transport by road allowed after Colonial Pipeline goes down, operator says recovery is under way but offers no recovery date
10 May 00:15 | 180
Security
Russian cyber-spies changed tactics after the UK and US outed their techniques – so here's a list of those changes
Plus: NCSC warns of how hostile powers may exploit smart city infrastructure
07 May 18:49 | 25
Updated
Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away
Software giant vows data processing of EU cloud services to stay in EU, which means that currently...
07 May 15:20 | 18
Security
Cisco HyperFlex web interface has critical flaw that lets attackers get
Cisco HyperFlex web interface has critical flaw that lets attackers get root and execute arbitrary commands
You know the drill: shake your head in disbelief, then figure out if patching will wipe out a weekend or be merely inconvenient
07 May 05:52 | 4
Black Hat Asia
Kids in Hong Kong and other highly surveilled states worry infosec careers are just asking for trouble
Asia is already short millions of trainees; expert warns talent pipeline will dry up in response to government snooping
07 May 05:11 | 9
Security
Google Play to require privacy labels on apps in 2022, almost two years after Apple
Developers want to do this, says Google. Ummm ... guys, you do remember the thousands of malware nightmares you’ve hosted and sold?
07 May 02:57 | 11
Security
Google will make you use two-step verification to login
World Password Day returns to remind us how much passwords suck
07 May 00:52 | 87
Security
Qualcomm Snapdragon 855 modem code flaw exposed Android smartphones to possible snooping
Good thing researchers spotted it, no evidence of exploit in the wild
06 May 16:11 | 9
Graphic images
Crane horror Reg reader uses his severed finger to unlock Samsung Galaxy phone
On the other hand he was fine
06 May 09:15 | 74
Security
Chrome on Windows turns on Intel, AMD chip-level defenses against malicious websites
Terms and conditions apply
06 May 07:23 | 3
Black Hat Asia
JET engine flaws can crash Microsoft's IIS, SQL Server, say Palo Alto researchers
Trio claim database queries can lead to remote code execution
06 May 04:59 | 17
Security
21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk
Nearly 4 million to be exact, say researchers
05 May 17:20 | 29
