Poll
Cloudflare launches campaign to ‘end the madness’ of CAPTCHAs
Testing dongle-driven ‘Cryptographic Attestation of Personhood’ and WebAuthn as alternative
14 May 03:29 | 12
Security
Security
Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway – report
Anonymous sources get into war-by-media counterbriefing
13 May 17:44 | 26
Security
Colonial Pipeline was looking to hire cybersecurity manager before ransomware attack shut down operations
Good luck to whoever got that gig
13 May 12:35 | 23
Exclusive
Oops, says Manchester City Council after thousands of number plates exposed in parking ticket spreadsheet
They are personal data, you know. Wait – you did know that, right?
13 May 10:01 | 48
Promo
When it comes to cybersecurity, there's always time for summer school or winter training
Get ready for SANS Institute's biggest ever Asia-Pacific training event
13 May 00:22 |
Security
Apple's Find My network can be abused to leak secrets to the outside world via passing devices
You gotta work hard for those three-bytes-a-second transfers, though
12 May 20:28 | 11
Webcast
Happy to pay out to ransomware masterminds? Yup, we thought so
Join us online and learn about modern extortionware and how to frustrate it
12 May 16:00 |
CyberUK 21
Britain to spend £22m influencing Indo-Pacific nations' cybersecurity policies against 'authoritarian regimes'
So says Foreign Secretary in lacklustre speech to NCSC faithful
12 May 12:15 | 25
Column
Blessed are the cryptographers, labelling them criminal enablers is just foolish
Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons
12 May 07:31 | 148
Security
Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data
Online lending apps and more given fifteen days to ‘rectify’ behaviour
12 May 05:19 | 7
Security
South Korea orders urgent review of energy infrastructure cybersecurity
No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week
12 May 03:38 | 9
Security
Tech industry quietly patches FragAttacks Wi-Fi flaws that leak data, weaken security
Dozen design, implementation blunders date back 24 years
12 May 00:58 | 4
CyberUK 21
SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach
'This can happen to anybody. There's always learning in any crisis. And we were no exception'
11 May 19:59 | 14
Patch Tuesday
Microsoft emits more fixes for Exchange Server plus patches for remote-code exec holes in HTTP stack, Visual Studio
Plus: Grab your updates for Adobe, SAP, Android, Intel
11 May 19:08 | 14
CyberUK 21
UK's Computer Misuse Act to be reviewed, says Home Secretary as she condemns ransomware payoffs
Priti Patel doesn't say a word about encryption, though
11 May 16:00 | 20
Security
NHS App gets go-ahead for vaccine passport use despite protest from privacy groups
Big Brother Watch warns app contains too much sensitive medical information
11 May 15:15 | 51
Security
App Tracking: Apps plead for users to press allow, but 85% of Apple iOS consumers are not opting in
The data is in: most users do not opt in to third-party tracking
11 May 13:45 | 44
Security
Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine
Patch your devi... oh, hang on a sec
11 May 09:15 | 55
Security
Train operator phlunks phishing test by teasing employees with non-existent COVID bonus
Someone at West Midlands Trains approved nasty cybersecurity drill
11 May 07:58 | 136
Black Hat Asia
Tencent research team scores free powerups for electric cars with Raspberry Pi-powered X-in-the-middle attack
Another auto-exploit saw rPi push Telegram messages over CAN bus to brick a car
11 May 04:04 | 8
Popular
Column
Blessed are the cryptographers, labelling them criminal enablers is just foolish
Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons
Updated
'Biggest data grab' in NHS history stuffs GP records in a central store for 'research' – and the time to opt out is now
'More data, more breadth, more depth... it's the whole f&*king deal'
Updated
US-based hard disk drive suppliers face further scrutiny over whether they've shipped proscribed HDDs to Huawei
The Wicker man: US Commerce Committee senator questions Toshiba, Seagate and WD
Applications
Water's wet, the Pope's Catholic, and iOS is designed to stop folk switching to Android, Epic trial judge told
Fortnite maker wheels out economist to explain how Apple works
Software
Open-source JavaScript project Babel 'running out of money' after employing paid maintainers, sponsors pull out
Creator deletes posts alleging 'mismanagement' to blame
PaaS + IaaS
Microsoft bins Azure Blockchain without explanation, gives users four months to move
Says picking a replacement is your next step. Seriously, that’s Redmond's first piece of advice. Eventually it recommends Quorum
Security
Apple's Find My network can be abused to leak secrets to the outside world via passing devices
You gotta work hard for those three-bytes-a-second transfers, though
Exclusive
On eve of national industrial ballot, BT, EE, Openreach agree to temporarily suspend compulsory redundancies
Well, the telco always said it's good to talk: Negotiations over jobs, pay, grading, and more set for this month
Personal Tech
Elon Musk hits the brakes on taking Bitcoin for Tesla purchases
CEO wakes up to BTC's connection to coal, holds onto the stash until mining becomes more eco friendly
Updated
Google Docs users, you are on notice: Code rewrite may break browser extensions
HTML and CSS? What is this, 2003?
STORIES
Security
Indian government says 5G doesn’t cause COVID-19. Also points out India has no 5G networks
But won’t reveal who it wants banned from social media over less obvious disinformation
11 May 02:58 | 19
Security
Trend Micro hosted email service is down, inboxes still stuck in cloudy limbo
Blames spam filters for brownout, warns fix could be 'disruptive'
11 May 01:13 | 5
Kubecon
Kubecon 2021: A largely dry and corporate affair where the best bits involved a spot of Kubernetes-hacking roleplay
But we heard the message loud and clear – it's pretty much the standard runtime platform now
10 May 19:12 |
In brief
Uncle Sam wants 'ethical hackers' to crack its planetary defenses, but don't expect a pay-day from this bug bounty
Plus: Student cripples EU bio lab and IRS goes after cryptocurrency
10 May 11:32 | 24
Updated
Namecheap hosted 25%+ of fake UK govt phishing sites last year – NCSC report
Also we fixed SS7 use by British telcos. How? Why? Not saying
10 May 08:30 | 38
Updated
US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day
Oil transport by road allowed after Colonial Pipeline goes down, operator says recovery is under way but offers no recovery date
10 May 00:15 | 180
Security
Russian cyber-spies changed tactics after the UK and US outed their techniques – so here's a list of those changes
Plus: NCSC warns of how hostile powers may exploit smart city infrastructure
07 May 18:49 | 25
Updated
Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away
Software giant vows data processing of EU cloud services to stay in EU, which means that currently...
07 May 15:20 | 18
Security
Cisco HyperFlex web interface has critical flaw that lets attackers get
Cisco HyperFlex web interface has critical flaw that lets attackers get root and execute arbitrary commands
You know the drill: shake your head in disbelief, then figure out if patching will wipe out a weekend or be merely inconvenient
07 May 05:52 | 4
Black Hat Asia
Kids in Hong Kong and other highly surveilled states worry infosec careers are just asking for trouble
Asia is already short millions of trainees; expert warns talent pipeline will dry up in response to government snooping
07 May 05:11 | 9
Security
Google Play to require privacy labels on apps in 2022, almost two years after Apple
Developers want to do this, says Google. Ummm ... guys, you do remember the thousands of malware nightmares you’ve hosted and sold?
07 May 02:57 | 11
Security
Google will make you use two-step verification to login
World Password Day returns to remind us how much passwords suck
07 May 00:52 | 87
Security
Qualcomm Snapdragon 855 modem code flaw exposed Android smartphones to possible snooping
Good thing researchers spotted it, no evidence of exploit in the wild
06 May 16:11 | 9
Graphic images
Crane horror Reg reader uses his severed finger to unlock Samsung Galaxy phone
On the other hand he was fine
06 May 09:15 | 74
Security
Chrome on Windows turns on Intel, AMD chip-level defenses against malicious websites
Terms and conditions apply
06 May 07:23 | 3
Black Hat Asia
JET engine flaws can crash Microsoft's IIS, SQL Server, say Palo Alto researchers
Trio claim database queries can lead to remote code execution
06 May 04:59 | 17
