Signal boost: Secure chat app is wobbly at the moment. Not surprising after gaining 30m+ users in a week, though
Install base explodes following WhatsApp 'privacy' update, Musk endorsement Signal is experiencing a partial outage as tens of millions of netizens flood the free secure messaging service.…
Coming in at number 5, it’s a blast from the past! Tenable’s 2020 security flaw chart show features hits of yesteryear
You know that update thing? JFDI Out of the top five vulnerabilities for 2020 three dated back to 2019 or earlier, according to infosec firm Tenable's annual threat report.…
Ministry of Defence’s cyber warfare drive is helping burn a hole through its budget, warns UK’s National Audit Office
All that counter-China stuff costs a pretty penny, y'know The Ministry of Defence's multibillion budget overrun has been caused in part because of its spending splurge on flashy new "cyber" capabilities, according to the National Audit Office.…
Is a remote workforce making your organisation less secure?
And can SASE save us? Webcast Last year your bosses embraced remote working because, let’s face it, none of us had a choice.…
World’s largest dark-web marketplace shuttered after Euro cybercops cuff Aussie
20 DarkMarket servers siezed and probed in international raids Europol cops have taken down dark-web souk DarkMarket, after arresting an Australian citizen living in Germany who they claim was operating the world's biggest online bazaar of its kind.…
Microsoft emits 83 security fixes in first Patch Tuesday of 2021 – and miscreants are already exploiting one of them
Redmond keeps us hanging with on-premises Exchange flaw still to be fixed Patch Tuesday Microsoft on Tuesday released updates addressing 83 vulnerabilities in its software, which doesn't include the 13 flaws fixed in its Edge browser last week.…
SolarWinds malware was sneaked out of the firm’s Orion build environment 6 months before anyone realised it was there – report
Crowdstrike tech analysts explain how they think it slipped under the radar The malware that was utilised to hack SolarWinds checked to see whether software used to compile the firm's Orion product was running before deploying its payload, according...
Microsoft’s beefed-up take on Linux server security has hit general availability
Endpoint Detection and Response added. For servers, not standalone Linux desktops, mind After a few months in preview, Microsoft has made Defender Endpoint Detection and Response (EDR) generally available for Linux servers.…
In case you hadn’t heard, SolarWinds was hacked by Moscow, says Kaspersky Lab
Brave move for Russian firm to finger its own govt over cyber badness Kaspersky Lab reckons the SolarWinds hackers may have hailed from the Turla malware group, itself linked to Russia’s FSB security service.…
How I found a bug in YouTube that let me watch private videos I wasn’t allowed to, says compsci student
Theft-by-a-thousand-cuts flaw fixed Until early last year, Google's YouTube had a security flaw that made private videos visible at reduced resolution, though not audible, to anyone who knew or guessed the video identifier and possessed the technical knowledge to...
Ubiquiti iniquity: Wi-Fi box slinger warns hackers may have peeked at customers’ personal information
Salted password hashes, addresses, phone numbers may have been exposed in cloud security snafu Networking vendor Ubiquiti has written to its customers to advise them of a possible leak of their personal information.…
That’s it. It’s over. It’s really over. From today, Adobe Flash Player no longer works. We’re free. We can just leave
Post-Flashpocalypse, we stumble outside, hoping no one ever creates software as insecure as that ever again Adobe has finally and formally killed Flash.…
Thou shalt not hack indiscriminately, High Court of England tells Britain’s spy agencies
Choke chain tightened on 'general warrants' after Privacy International wins judicial review A landmark High Court ruling has struck down Britain's ability to hack millions of people at a time through so-called "general warrants" in what privacy campaigners are...
Unauthorised RAC staffer harvested customer deets then flogged them to accident claims management company
8-month suspended sentence for conspiracy to secure unauthorised access to computer data An employee at emergency roadside rescue biz RAC has received an eight-month suspended prison sentence for unsanctioned access to computer systems that saw her sell customers' data...
SolarWinds takes a leaf out of Zoom’s book, hires A-Team of Stamos and Krebs to sort out its security woes
The week's other security news Embattled and embarrassed network management shop SolarWinds has reportedly hired two of the highest profile security bods in the biz to sort out its woes.…
Iconic BugTraq security mailing list shuts down after 27 years
BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities.
Weekly Update 226
Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineA little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people...
FIN11 e-crime group shifted to CL0P ransomware and big game hunting
The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise.
“Several...
Joker's Stash, the internet's largest carding forum, is shutting down
Joker's Stash to shut down on February 15, 2021.
Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles
President-elect Joe Biden announced funding to modernize secure IT and lure cyber talent to the public sector as part of his plan to stimulate the economy and rebuild in the wake of the pandemic. But cybersecurity experts remain skeptical...
