Galaxy S20 security is already old-hat as Samsung launches new safety silicon
Passport-grade chippery to help mobile devices prove their identity Samsung will launch a new standalone turnkey security chip to protect mobile devices, the company announced today.…
Galaxy S20 security is already old hat as Samsung launches new safety silicon
Passport-grade chippery to help mobile devices prove their identity Samsung will launch a new standalone turnkey security chip to protect mobile devices, the company announced today.…
Contact-tracing app may become a permanent fixture in major Chinese city
Hangzhou wants a 'health and immunity firewall' One of China's major tech hubs is planning to make a health and movement tracking system developed to fight the COVID-19 epidemic a permanent fixture in daily life.…
Pre-authentication, remote root hole in call-center software? Thanks, Cisco. Just what a long weekend needs
This and more bits and bytes from infosec world Roundup It's once again time to catch up on the latest happenings from the world of infosec.…
It wasn’t just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victims
Unsurpisingly budget airline goes cheap: No payout or credit monitoring Victims of the Easyjet hack are now being told their entire travel itineraries were accessed by hackers who helped themselves to nine million people’s personal details stored by the...
Forget BYOD, this is BYOVM: Ransomware tries to evade antivirus by hiding in a virtual machine on infected systems
Like Inception, but expensive and disappointing. So... just like Inception With antivirus tools increasingly wise to common infection tricks, one group of extortionists has taken the unusual step of stashing their ransomware inside its own virtual machine.…
To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it
Welp, at least that's better than industry averages, says code-hosting biz Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing – and a fifth of the participants submitted their...
Campaign groups warn GCHQ can re-identify UK’s phones from COVID-19 contract-tracing app data
Yes, the app that's not quite working yet Campaign groups have written to the UK Prime Minister warning GCHQ and its digital arm, the National Cyber Security Centre (NCSC) will have the capacity to re-identify the phones of people...
Campaign groups warn GCHQ can re-identify UK’s phones from COVID-19 contact-tracing app data
Yes, the app that's not quite working yet Campaign groups have written to the UK Prime Minister warning GCHQ and its digital arm, the National Cyber Security Centre (NCSC) will have the capacity to re-identify the phones of people...
Far-right leader walks free from court after conviction for refusing to hand his phone passcode over to police
British border search law strikes again The leader of far-right political group Britain First has been handed a judicial slap on the wrist after refusing to give his phone PIN to police at Heathrow Airport.…
DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline
Microsoft, BIND, Google, Cloudflare, Amazon, others fix up software A new vulnerability has been found in the design of the world's domain-name system that potentially can be exploited to flood websites off the internet.…
Zoom continues its catch-up security sprint with new training, bug bounty tweaks and promise of crypto playbook
Sigh. How many users did it have before it started this stuff? Zoom has outlined more about its efforts to improve its security.…
Remember when Securus was sued for recording 14,000 calls between prison inmates and lawyers? It just settled
It was a software bug, insists telco, as attorneys walk with most of the money Literal locked-down market biz Securus Technologies has settled a class-action lawsuit over illegally recorded prison phone calls, promising to improve its systems while avoiding...
UK’s Ministry of Defence: We’ll harvest and anonymise private COVID-19 apps’ tracing data by handing it to ‘behavioural science’ arm
Plus, Serco plays email fail game by mass-mailing human contact tracers; NCSC gives feedback on feedback about beta app COVID-19 app round-up Worried about identifiable personal data from your coronavirus contact-tracing app making it into a British government database?...
Ransomware has gone nuclear: To avoid any fallout yourself, tune in online this month to hear from KnowBe4
How to defend your organization from attack Webcast We’ve been hearing about ransomware for years now. You may even personally know a company that has been a victim and quietly paid up, and you may even know someone who’s...
Houseparty denied it had been hacked…. while miscreants were abusing its dot-com’s domain-name infrastructure
Subdomain takeover possible, says infosec bod At the end of March, video chat app Houseparty, owned by Epic Games, responded to unsubstantiated reports that user accounts had been hacked – by offering a $1m bounty to anyone able to...
Tech’s Volkswagen moment? Trend Micro accused of cheating Microsoft driver QA by detecting test suite
AV maker denies allegation, says researcher is 'looking for attention' Trend Micro is on the defensive after it was accused of engineering its software to cheat Microsoft's QA testing, branding the allegation "misleading."…
Former Labour deputy leader Harriet Harman calls on UK govt to legally protect data from contact-tracing apps
'We don't want the system to rely on the individual integrity of any minister, ministerial team, or government' Harriet Harman, chair of the UK's Joint Committee on Human Rights and former Labour Deputy Leader, has redoubled calls on the...
You know this Land of the Free thing, yeah? Well then, why allow the FBI to trawl through Americans’ browsing history without a warrant?
50-plus advocacy groups call on US House of Reps to slap protection mechanism on surveillance law Congress has been urged to introduce a measure that would require the FBI to get a warrant before agents can review Americans’ internet...
Rogue ADT tech spied on hundreds of customers in their homes via CCTV – including me, says teen girl
Security biz admits worker snooped on victims, two lawsuits filed A technician at ADT remotely accessed as many as hundreds of CCTV cameras to spy on people in their own homes, the burglar-alarm biz has admitted.…
Bluetooth Vulnerability: BIAS
This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device:
Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication...
Updated AnarchyGrabber Steals Passwords, Spreads to Discord Friends
Researchers found an updated version of AnarchyGrabber that steals victims’ plaintext passwords for and infects victims’ friends on Discord. Detected as AnarchyGrabber3, the new trojan variant modified the Discord client’s %AppData%Discordmodulesdiscord_desktop_coreindex.js file upon successful installation. This process gave the...
Forescout files lawsuit against Advent for withdrawal of merger plans due to COVID-19
Advent says the pandemic has resulted in “material” changes at Forescout. The company disagrees.
How To Achieve Balance Between Cybersecurity And The User Experience
Usability and security go hand in hand. If you have usability, then by default, you should have security designed into it.
Determining Liability For Security Breaches Isn’t Black And White
Between the volume of successful cyberattacks and the rising cost of the fallout from those attacks, it's understandable for companies and individuals to want to hold someone responsible.
