Think of an attack – DoS, arbitrary code execution, memory corruption – and one of these vulns allows it Microsoft may have given us a mere 55 CVEs to worry about on November's Patch Tuesday, but AMD and Intel have together topped that number with fixes for their products.... [...]
Think of an attack – DDOS, arbitrary code execution, memory corruption – and one of these problems allows it Microsoft may have given us a mere 55 CVEs to worry about on November's Patch Tuesday, but AMD and Intel have topped that number with fixes for their products.... [...]
Joins 79 nations supporting Paris Call for Trust and Security in Cyberspace – China and Russia aren't on the list The United States has signed up for The Paris Call for Trust and Security in Cyberspace – an international effort to ensure the internet remains free and open, and an agreement …
Kiwis are done with dishes, and the Five Eyes alliance is cool with it New Zealand's Government Communications Security Bureau (GCSB) – the nation's signals intelligence and infosec agency – will retire its Waihopai satellite communications interception station because it's no longer needed.... [...]
Didn't act until CERT stepped in and pointed out problems Indian infosec consultancy CyberX9 claims it twice found records of 43.9 million shareholders exposed by systems operated by Central Depository Services Limited (CDSL) – and that the depository company responded slowly to its alerts of significant vulnerabilities.... [...]
Robinhood, Robinhood, had a data leak. Robinhood, Robinhood, infosec was weak Investment app Robinhood has revealed an extortionist accessed its internal systems and siphoned off customer data after tricking a support desk worker.... [...]
Rolls out usual lines about national security being pretext for competitive action, more strident voices keep quiet China's Ministry of Industry and Information Technology has responded with mild indignation to the USA's decision to revoke the operating licence that allowed China Telcom to operate in the land of the …
Indictment reveals org behind banking trojan even had nifty jobs titles like 'Malware Manager' The US Department of Justice claims it's arrested a member of a gang that deployed the Trickbot ransomware.... [...]
Government offered to investigate itself – Court politely declined that kind suggestion India's Supreme Court has taken the unusual step of commissioning a Technical Committee to investigate whether the national government used the NSO Group's "Pegasus" spyware on its citizens.... [...]
FCC urges more action against Huawei and DJI, too The US Federal Communications Commission (FCC) has terminated China Telecom's authority to provide communications services in the USA.... [...]
CrowdStrike says 'LightBasin' gang avoids Windows, and knows that telco networks run on badly-secured *nix A mysterious criminal gang is targeting telcos' Linux and Solaris boxes, because it perceives they aren't being watched by infosec teams that have focussed their efforts on securing Windows.... [...]
Gang says it grabbed internal info, could do the same to Acer elsewhere Taiwanese PC maker Acer has not only admitted servers it operates in India and and Taiwan were compromised but that only those systems in India contained customer data.... [...]
Sent user data to China without once thinking Beijing might decide to snoop, lied about server location Line, the Japan-based messaging and payments app with millions of users around Southeast Asia, has conceded that its data protection regimes had multiple shortcomings, and therefore put users' personal information at risk …
Ongoing crackdown saw apps 1.83 million apps tested, 4,200 told to clean up their act, pop-up ads popped China's Minister of Industry and Information Technology, Xiao Yaqing, has given a rare interview in which he signalled the nation's crackdown on the internet and predatory companies will continue …
Names and bars crypto exchange SUEX, warns paying ransoms could spell trouble Ransomware extracted at least $590 million for the miscreants who create and distribute it in the first half of 2021 alone – more than the $416 million tracked in all of 2020, according to the US government’s …
Inconsistent regulation means crooks can sneak cryptos through cracks – pretty much everyone wants them filled The 30-nation gabfest convened under the auspices of the US National Security Council’s Counter-Ransomware Initiative has ended with agreement that increased regulation of virtual assets is required to curb the digital coins' allure …
Oi, Google: how did this get past your review process? And Imperva: why does your web page offer to install software? Security vendor Imperva’s research labs have found a browser extension that claims to block ads, but actually injects them into Chrome or Opera.... [...]
Much of the 2.4Tbit/sec came from across Asia and targeted a single Euro-customer Microsoft claims its Azure cloud has fended off the largest DDOS attack it's detected, which clocked in at 2.4Tbit/sec.... [...]
Cybersecurity Advisors Network gets backing from Bugcrowd, infosec luminaries, even the OECD Cybersecurity Advisors Network (CyAN), the Paris-based body that represents infosec pros, has created a new working group to advocate for legislation that stops vendors from suing when security researchers show them zero-day bugs in their kit.... [...]
Docs were smuggled past security and sold for $110K of Monero after ProtonMail exchanges between 'Alice and 'Bob' The United States Department of Justice has announced a leak of information pertaining to the design of the nuclear-powered Virginia-class submarine, and the arrest of the alleged leakers.... [...]
Calls for anything connected to the Internet to live in a room controlled by the CISO India has announced a new security policy for its power sector and specified a grade of isolation it says exceeds that offered by air gaps.... [...]
Latest data dump also apparently contains 'a wide range of passwords and API tokens' Entities using the name and iconography of Anonymous (EUTNAIOA) claim to have leaked server disk images extracted from Epik – the controversial US outfit that has provided services to far-right orgs such as the Oath Keepers …
There is no honour among thieves Security intelligence vendor Flashpoint claims to have found forum comments from customers of the REvil ransomware-as-a-service gang, and they’re not happy. The gang's malware may contain backdoors that REvil uses to restore encrypted files itself.... [...]
Netadmins need not assume they can't take a break, as supply chain hassles may persist How much of a national security risk does the USA think Huawei and ZTE pose?... [...]
Also advised on how smart contracts could help DPRK in US nuke talks A US citizen has admitted to helping the Democratic People's Republic of Korea (DPRK) to establish cryptocurrency capabilities and faces up to 20 years jail for his actions.... [...]