Articles about security

panic

Cloud-surfing orgs under attack, Microsoft antivirus for Chrome, Windows 10 S bypass, non-RSA gigs, and more

Roundup Here's a roundup of this week's security news, beyond what we've already covered. Besides RSA: BSides and OURSA Sunday saw the start of the two-day BSides SF conference, which caters more for hackers – white, gray, and black hat – rather than this week's RSA Conference, which is aimed more at sales and marketing execs, and IT …
Iain Thomson, 21 Apr 2018
Facebook's Mark Zuckerberg, speaking at the 2015 F8 conference

Facebook privacy audit by auditors finds everything is awesome!

The US Federal Trade Commission has released an audit of Facebook's privacy practices and it turns out there's nothing to worry about, at least as far as accounting firm PricewaterhouseCoopers (PwC) is concerned. Clearly, there's nothing to worry about. Go back to your homes, people. PwC, retained to check on how Facebook has …
Thomas Claburn, 21 Apr 2018
RSA history wall, photo: RSA

No way, RSA! Security conference's mobile app embarrassingly insecure

RSA has copped to a security vulnerability in the backend systems powering the smartphone app for its annual security conference, held this week in San Francisco, USA. Infosec expert "svbl" discovered and reported a privacy cockup in an API, which could be accessed by anyone with an RSA Conference account, to fetch the names …
Shaun Nichols, 20 Apr 2018
whoah

Apple's magical quality engineering strikes again: You may want to hold off that macOS High Sierra update...

An increasing number of Mac loyalists are complaining that the latest desktop operating system update from Apple is killing their computers. The 10.13.4 update for macOS High Sierra is recommended for all users, and was emitted at the end of March promising to "improve stability, performance, and security of your Mac." macos …
Kieren McCarthy, 20 Apr 2018
virus_1_648

Patch or ditch Adobe Flash: Exploit on sale, booby-trapped Office docs spotted in the wild

In case you needed another reason not to open Adobe Flash or Microsoft Office files from untrusted sources: ThreadKit, an app for building documents that infect vulnerable PCs with malware when opened, now targets a recently patched Flash security bug. This means less-than-expert hackers can use ThreadKit to craft booby- …
Facebook information operations chart

Facebook exec extracts foot from mouth: We didn't really mean growth matters more than human life

Facebook held a press conference on Thursday to provide details about its efforts to prevent electoral manipulation, only to have its damage control eclipsed by the publication of an executive's internal memo from 2016 suggesting growth mattered more than human life. Acknowledging that Facebook had been used "to divide …
Thomas Claburn, 30 Mar 2018
Mobile phones on Iran flag

Nine Iranians accused of cyber-swiping 30TB+ of blueprints from unis, biz on Tehran's orders

The US Department of Justice and Department of the Treasury on Friday charged nine Iranians with carrying out a series of internet attacks on more than 300 universities and 47 companies in the US and abroad, as well as federal and state agencies and the United Nations. The defendants were involved in various capacities with …
Thomas Claburn, 23 Mar 2018
Atlanta

City of Atlanta's IT gear thoroughly pwned by ransomware nasty

Updated IT systems used by the City of Atlanta, in the US state of Georgia, have succumbed to a ransomware attack, cutting off some online city services and potentially putting the personal information of employees and citizens at risk. At a press conference held on Thursday afternoon, Atlanta Mayor Keisha Lance Bottoms said the …
Thomas Claburn, 22 Mar 2018
AMD bloodbath

CTS who? AMD brushes off chipset security bugs with firmware patches

AMD has finally weighed in with its opinion of the security flaws in its Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile chips, identified in a rather over-the-top fashion by CTS-Labs a week ago. The vulnerabilities affect the firmware managing the AMD Secure Processor and the chips used in some socket AM4 and socket TR4 desktop …
Thomas Claburn, 21 Mar 2018
Woman holding keys

Cluster-f*ck! Etcd DBs spaff passwords, cloud keys to world by default

Software called etcd, used for storing data across clusters of containers, has a problem – it does not implement authentication by default and so poses a security risk if deployed without further fiddling. It's also rather widely used because it comes with Kubernetes, the popular container orchestration software. Giovanni …
Thomas Claburn, 20 Mar 2018
Illustration of someone taking off a mask

FYI: AI tools can unmask anonymous coders from their binary executables

Talk about the ultimate Git Blame. Programmers can be potentially identified from the low-level machine-code instructions in their software executables by AI-powered tools. That's according to boffins from Princeton University, Shiftleft, Drexel University, Sophos, and Braunschweig University of Technology, who have described …
Thomas Claburn, 16 Mar 2018
DHS and FBI diagram of Dragonfly attack UI

We're Putin our foot down! DHS, FBI blame Russia for ongoing infrastructure hacks

The US Department of Homeland Security and the Federal Bureau of Investigation on Thursday issued an alert warning of ongoing cyber-attacks against the West's energy utilities and other critical infrastructure by individuals acting on behalf of the Russian government. The security warning coincides with the US Treasury …
Thomas Claburn, 15 Mar 2018

OK, deep breath, relax... Let's have a sober look at these 'ere annoying AMD chip security flaws

Analysis CTS-Labs, a security startup founded last year in Israel, sent everyone scrambling and headlines flying today – by claiming it has identified "multiple critical security vulnerabilities and manufacturer backdoors in AMD’s latest Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile processors." Tuesday's glitzy advisory disclosed no …
Thomas Claburn, 13 Mar 2018
Sandvine interface

Citizen Lab says Sandvine network gear aids government spyware

Internet users in Turkey, Egypt and Syria who attempted to download legitimate Windows applications have been redirected to nation-state spyware through deep-packet inspection boxes placed on telecom networks in Turkey and Egypt, according to a report issued Friday by security research group Citizen Lab. Citizen Lab, a Canada- …
Department of Homeland Security

Audit finds Department of Homeland Security's security is insecure

The United States' Department of Homeland Security could do more to keep its IT systems secure, a government report has found. In an agency-wide audit titled "Evaluation of DHS' Information Security Program for Fiscal Year 2017" (PDF), the DHS's watchdog, the Office of Inspector General (OIG), concluded that DHS "could protect …
Man reading newspaper with glasses on his head

Guys, you're killing us! LA Times homicide site hacked to mine crypto-coins on netizens' PCs

A Los Angeles Times' website has been silently mining crypto-coins using visitors' web browsers and PCs for several days – after hackers snuck mining code onto its webpages. The newspaper's IT staffers left at least one of the publication's Amazon Web Services S3 cloud storage buckets wide open to anyone on the internet to …
Shaun Nichols, 22 Feb 2018

Oh, Bucket! AWS in S3 status-checking tool free-for-all

Amazon Web Services has signalled it's still worried about poorly configured buckets in its Simple Storage Service (S3) by making one of the tools to manage them free. AWS suffered last year after a rash of data leaks caused by customers who had improperly configured their S3 storage. It's an easy mistake to make because the …
Simon Sharwood, 21 Feb 2018
fingers

Global security crackdown, a host of code nasties, Brit cops mocked, and more

Roundup Here's a summary of this week's security news beyond what we've already reported. At the Munich Security Conference in Germany, major companies, including Siemens, Airbus, Allianz, Daimler Group, IBM, NXP, SGS and Deutsche Telekom, signed a Charter of Trust for cybersecurity. The signatories were joined by Elżbieta Bieńkowska …
Iain Thomson, 17 Feb 2018

Create a news alert about security, or find more stories about security.

Biting the hand that feeds IT © 1998–2018