UK’s Ministry of Defence coughs up bug bounties for public-facing web pentesting
Small steps could lead to bigger strides The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed its websites for vulnerabilities, according to a cheery missive from HackerOne.…
Shopping for execs: ID management biz Okta poaches Google’s veep of engineering to run product dev activities
Head techie for Chocolate Factory's search ad biz departs Mountain View Identity-as-a-service slinger Okta has poached Google veep of engineering Sagnik Nandy to become its president and chief tech officer.…
Research finds attack groups working for ‘Chinese state interests’ lurking in SE Asian telco networks since 2017
Handy way to keep tabs on 'activists, politicians, business leaders, and more' Attack protection specialist Cybereason has fingered threat actors working on behalf of "Chinese state interests" as being behind attacks on telcos operating in Southeast Asia – with...
Credit-card-stealing, backdoored packages found in Python’s PyPI library hub
Plus: SolarWinds cyber-spies hit US prosecutors' email systems, and more In brief Malicious libraries capable of lifting credit card numbers and opening backdoors on infected machines have been found in PyPI, the official third-party software repository for Python.…
Nuisance call-blocking firm fined £170,000 for making almost 200,000 nuisance calls
Irony, thy name is Yes Consumer Solutions Ltd A firm that sells nuisance call-blocking systems is itself nursing a £170,000 fine from the UK's data watchdog, ironically for cold calling almost 200,000 people registered with the Telephone Preference Service...
PwnedPiper vulns have potential to turn Swisslog’s PTS hospital products into Swiss cheese, says Armis
Hardcoded passwords, unencrypted connections and unauthenticated firmware updates... patches released Security specialist Armis has discovered vulnerabilities, collectively dubbed PwnedPiper, in pneumatic tube control systems used in thousands of hospitals worldwide – including 80 per cent of the major hospitals...
Huawei to USA: you’re not taking cybersecurity seriously until you let China vouch for us
Slams Biden's Executive Order on improving infosec and calls for multilateral trust framework Huawei has decided to school the USA on cyber security, and its lesson is to co-operate with China so its vendors – including Huawei – can...
Zoom agrees to pay subscribers $25 to put its security SNAFUs behind it
Zoombombing class action offers US$85m in payments, meaning even free accounts get a few bucks US-based Zoom users may have a little cash coming their way after the video meeting outfit lodged a preliminary settlement in a class action...
Sysadmins: Why not simply verify there’s no backdoor in every program you install, and thus avoid any cyber-drama?
Just 'validate third-party code before using it', says Euro body Half of publicly reported supply chain attacks were carried out by "well known APT groups", according to an analysis by EU infosec agency ENISA, which warned such digital assaults...
Here’s 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ
Biden-Putin summit went well, then Details of 30 servers thought to be used by Russia's SVR spy agency (aka APT29) as part of its ongoing campaigns to steal Western intellectual property were made public today by RiskIQ.…
Malware and Trojans, but there’s only one horse the boss man wants to hear about
The company's IT might be on fire, but my needs trump those of the many On Call A call from the executive floor is rarely a harbinger of happiness, especially when one is wading knee-deep through the molasses of...
We can’t believe people use browsers to manage their passwords, says maker of password management tools
You just save it in Chrome or Firefox? Ugh. And then it autofills when you need it again? Oh the horror It seems some of us are, in the year of our lord 2021, still reusing the same password...
Spam is Chipotle’s secret ingredient: Marketing email hijacked to dish up malware
More than 120 messages caught trying to filch credentials from customers of USAA Bank, Microsoft Between July 13 and July 16, someone took over the Mailgun account owned by restaurant chain Chipotle Mexican Grill and placed an order for...
Upcoming Android privacy changes include ability to blank advertising ID, and ‘safety section’ in Play store
New policies give users more control, but ad tracking still on by default Google has shared details of upcoming changes to Android including the ability to blank a device's advertising ID, and a new safety section for apps in...
Israeli authorities investigate NSO Group over Pegasus spyware abuse claims
Reason for probe unknown, but CEO claims it will vindicate company's claims Israel's Ministry of Defense says the nation's government has visited spyware-for-governments developer NSO Group to investigate allegations its wares have been widely – and perhaps willingly –...
Here’s a list of the flaws Russia, China, Iran and pals exploit most often, say Five Eyes infosec agencies
And you've patched them all, haven't you, diligent readers? Western cybersecurity agencies have published a list of 30 of the most exploited vulnerabilities abused by hostile foreign states in 2020, urging infosec bods to ensure their networks and deployments...
‘Woefully insufficient’: Biden administration’s assessment of critical infrastructure protection
Memorandum details plans to turn that around with rapid development of security baselines, not mandates The Biden administration has issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems to address what it describes as a...
Over 100 Taiwanese political figures’ messages leaked outta LINE app
Attack turned off encryption function, which made snooping rather easier Law enforcement agencies in Taiwan are investigating a cyberattack on over 100 local political figures and dignitaries who used the messaging app LINE.…
Security breaches where working from home is involved are costlier, claims IBM report
Great, it's not like employers need more reasons to haul you back to the office Firms looking to save money by shifting to more flexible ways of working will need to think carefully about IT security and the additional...
Iranian state-backed hackers posed as flirty Scouser called Marcy to target workers in defence and aerospace
Recognise this one? Oh dear... Iranian state-backed hackers posed as a flirty Liverpudlian aerobics instructor in order to trick defence and aerospace workers into revealing secrets, according to a newly-published study.…
Google Patches High-Risk Android Security Flaws
Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks.
The latest Android update provides documentation on 33 security bugs, some serious...
Mismanagement Driving Cybersecurity Skills Gap: Research
“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.”
read more
Linux Kernel Security Done Right
Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...
Raccoon Stealer Bundles Malware, Propagates Via Google SEO
An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
SAP Customer Survey Reveals False Sense of Security
Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis.
The SAP Security Survey Report 2021 is based on information from over 100 SAP...
