Articles about Security

Illustration of someone taking off a mask

FYI: AI tools can unmask anonymous coders from their binary executables

Talk about the ultimate Git Blame. Programmers can be potentially identified from the low-level machine-code instructions in their software executables by AI-powered tools. That's according to boffins from Princeton University, Shiftleft, Drexel University, Sophos, and Braunschweig University of Technology, who have described …
Thomas Claburn, 16 Mar 2018
DHS and FBI diagram of Dragonfly attack UI

We're Putin our foot down! DHS, FBI blame Russia for ongoing infrastructure hacks

The US Department of Homeland Security and the Federal Bureau of Investigation on Thursday issued an alert warning of ongoing cyber-attacks against the West's energy utilities and other critical infrastructure by individuals acting on behalf of the Russian government. The security warning coincides with the US Treasury …
Thomas Claburn, 15 Mar 2018

OK, deep breath, relax... Let's have a sober look at these 'ere annoying AMD chip security flaws

Analysis CTS-Labs, a security startup founded last year in Israel, sent everyone scrambling and headlines flying today – by claiming it has identified "multiple critical security vulnerabilities and manufacturer backdoors in AMD’s latest Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile processors." Tuesday's glitzy advisory disclosed no …
Thomas Claburn, 13 Mar 2018
diagram from MOSQUITO research paper

Air gapping PCs won't stop data sharing thanks to sneaky speakers

Computer speakers and headphones make passable microphones and can be used to receive data via ultrasound and send signals back, making the practice of air gapping sensitive computer systems less secure. In an academic paper published on Friday through preprint service ArXiv, researchers from Israel's Ben-Gurion University of …
Thomas Claburn, 12 Mar 2018
Sandvine interface

Citizen Lab says Sandvine network gear aids government spyware

Internet users in Turkey, Egypt and Syria who attempted to download legitimate Windows applications have been redirected to nation-state spyware through deep-packet inspection boxes placed on telecom networks in Turkey and Egypt, according to a report issued Friday by security research group Citizen Lab. Citizen Lab, a Canada- …
Department of Homeland Security

Audit finds Department of Homeland Security's security is insecure

The United States' Department of Homeland Security could do more to keep its IT systems secure, a government report has found. In an agency-wide audit titled "Evaluation of DHS' Information Security Program for Fiscal Year 2017" (PDF), the DHS's watchdog, the Office of Inspector General (OIG), concluded that DHS "could protect …
Man reading newspaper with glasses on his head

Guys, you're killing us! LA Times homicide site hacked to mine crypto-coins on netizens' PCs

A Los Angeles Times' website has been silently mining crypto-coins using visitors' web browsers and PCs for several days – after hackers snuck mining code onto its webpages. The newspaper's IT staffers left at least one of the publication's Amazon Web Services S3 cloud storage buckets wide open to anyone on the internet to …
Shaun Nichols, 22 Feb 2018

World's cyber attacks hit us much harder in past year – major infosec chief survey

Cyber security breaches were twice as severe in the past year, with total financial losses reaching $500,000 (£356,00) per business, according to an extensive survey of CISOs across the globe. Some 32 per cent of breaches affected more than half of an organisation's systems in 2017, up from 15 per cent the previous year, …
Kat Hall, 21 Feb 2018

Oh, Bucket! AWS in S3 status-checking tool free-for-all

Amazon Web Services has signalled it's still worried about poorly configured buckets in its Simple Storage Service (S3) by making one of the tools to manage them free. AWS suffered last year after a rash of data leaks caused by customers who had improperly configured their S3 storage. It's an easy mistake to make because the …
Simon Sharwood, 21 Feb 2018

Global security crackdown, a host of code nasties, Brit cops mocked, and more

Roundup Here's a summary of this week's security news beyond what we've already reported. At the Munich Security Conference in Germany, major companies, including Siemens, Airbus, Allianz, Daimler Group, IBM, NXP, SGS and Deutsche Telekom, signed a Charter of Trust for cybersecurity. The signatories were joined by Elżbieta Bieńkowska …
Iain Thomson, 17 Feb 2018
Grand Theft Auto (1997)

Former ICE top lawyer raided US govt database to steal aliens' identities

Yet again an insider has been caught misusing a workplace computer system to conduct identity theft and fraud. Unusually, the perp was, at the time, serving as the head lawyer for the US government's Immigration and Customs Enforcement’s (ICE) Office of Principal Legal Advisor (OPLA) at the time. And rather than turning to the …
Thomas Claburn, 15 Feb 2018
Spraying bugs with insecticide

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits

When details of the Meltdown and Spectre CPU security vulnerabilities emerged last month, the researchers involved hinted that further exploits may be developed beyond the early proof-of-concept examples. It didn't take long. In a research paper – "MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting …
Thomas Claburn, 14 Feb 2018
Lady looking at phone with the world map in the background connecting with the phone

US govt staffers use personal gear on work networks, handle biz docs on the reg – study

Employees of US government agencies are largely ignoring basic security measures. This is according to a study published this month by security biz Lookout, which suggests Uncle Sam's staffers may be putting confidential information at risk. According to a survey of 200 IT and security admins at US federal agencies, 67.5 per …
Shaun Nichols, 14 Feb 2018

From tomorrow, Google Chrome will block crud ads. Here's how it'll work

Starting tomorrow, Google, which makes most of its money from online advertising, will begin blocking egregious ads in its Chrome browser under limited circumstances – though it would really rather not. The reason, explained Chrome veep Rahul Roy-Chowdhury in a blog post on Tuesday, is that some ads suck. "It’s clear that …
Thomas Claburn, 14 Feb 2018

You dopes! US state's pot dealer database pwned after security goes up in smoke

The US state of Washington says a miscreant was able to access the system it uses to track the manufacturing and sale of marijuana. The Evergreen State's Liquor and Cannabis Board – a job that sounds way cooler than it actually is – yesterday admitted that last weekend someone was able to exploit a vulnerability in one of its …
Shaun Nichols, 9 Feb 2018

From July, Chrome will name and shame insecure HTTP websites

Three years ago, Google's search engine began favoring in its results websites that use encrypted HTTPS connections. Sites that secure their content get a boost over websites that used plain-old boring insecure HTTP. In a "carrot and stick" model, that's the carrot: rewarding security with greater search visibility. Later …
Uber CISO John Flynn

PSA: If your security starts and ends with bug bounties, you're gonna have a bad time

Analysis Remember when Uber tried to cover up the fact its AWS datastore containing records on 57 million riders and drivers had been hacked? And that it bunged the hackers $100,000 to shut them up, and then disguised the expense as a bug bounty payout? Who could forget? Certainly not shocked US lawmakers, who held a hearing in …

Unlucky 13 collared by cops hunting cyber-crew who stole up to $2.2bn

Thirteen out of 36 individuals indicted for their alleged involvement in a transnational cybercrime group know as Infraud have been arrested, the US Department of Justice announced on Wednesday. The Infraud Organization, according to prosecutors, coordinated various flavors of internet fraud including identity theft, bank …

Create a news alert about Security , or find more stories about Security .

Biting the hand that feeds IT © 1998–2018