Articles about security

Afraid of the dark, image via Shutterstock

Better, faster, cheaper software with DevOps, but is it secure?

Webcast The future of DevOps is all about speeding up software development and deployment, aided by cloud-based infrastructure, RESTful APIs and open-source software. There’s a general assumption that if everyone can see the open-source code, the chances are somebody somewhere has spotted any vulnerabilities and fixed them. Join the …
David Gordon, 13 Sep 2018
Room with many locks on door

Arms race: SiFive, Hex Five build code safe houses for RISC-V chips

If you've been looking at SiFive's RISC-V-based chip technology and thinking, y'know what, it's missing an Arm TrustZone-style element to run sensitive code, well, here's some good news. And if you're just into processor design and checking out alternatives to Arm CPU cores, then this may be some interesting news. SiFive …
Thomas Claburn, 10 Sep 2018
Man being kicked by oversized leg with city in background

Trend Micro tools tossed from Apple's Mac App Store after spewing fans' browser histories

Updated A bunch of Trend Micro anti-malware tools have vanished from Apple's Mac App Store – after they were spotted harvesting and siphoning off users' browser histories. Dr Cleaner, Dr Antivirus, and App Uninstall – utilities owned by the Japan-headquartered security house and distributed on the Mac App Store – are no longer …
Shaun Nichols, 10 Sep 2018
spank

Gits exposed, kinky app devs spanked, Feds spy on spyware buyers, etc

Roundup This week brought with it a Supermicro shoring up firmware security, a North Korean hacking charge, and a spying anti-adware macOS tool getting yanked by Apple from its App Store. Elsewhere, we had… BrokenType broken out with source code release A software vulnerability probing tool called BrokenType had appeared in public on …
Shaun Nichols, 8 Sep 2018
Crowdsource action figure in shrink wrap package

AI biz borks US election spending data by using underpaid Amazon Mechanical Turks

Captricity, a company that touts AI software capable of reading text better than people, has been blamed for a bumper crop of data entry errors that misrepresent what many US Senate candidates are actually spending for their campaigns. According to a report published this week from the Center for Public Integrity (CPI), there …
sinister doctor

Top antivirus tool nuked from macOS App Store – after it phoned browser histories to China

Apple has removed an app called Adware Doctor:Anti Malware &Ad from the macOS App Store following claims it sent users' browser histories to a remote server in China. The app's misbehavior was first noted by a security researcher who goes by name Privacyis1st on Twitter and claims to have alerted Apple to the weirdness in …
Graphs showing deviation

Could you hack your bosses without hesitation, repetition or deviation? AI says: No

Comment Businesses find themselves in a world where the threat to their networks often comes not simply from a compromise of their computers, servers, or infrastructure, but from legitimate, sanctioned users. There is nothing new about the notion of cyber-attackers seeing human beings as their biggest target. For years, real-world …
John E Dunn, 7 Sep 2018
wanted

FBI fingers the Norks it wants to pinch for Sony hack, WannaCry attacks

The US government has formally accused the North Korean government of being behind the Sony Pictures hack, the WannaCry ransomware that crippled the UK's National Health Service and other organizations, and a series of online bank heists including $81m stolen from Bangladesh's national bank. The state-sponsored attacks were …
British Airways website

'World's favorite airline' favorite among hackers: British Airways site, app hacked for two weeks

British Airways on Thursday said it is investigating the theft of customer data from its website and mobile app servers. The biz, which bills itself as the world's favorite airline, said its systems had been compromised for more than two weeks. "From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the …
Bank vault door

Boffins are building an open-source secure enclave on RISC-V

At some point this fall, a team of researchers from MIT's CSAIL and UC Berkeley's EECS aim to deliver an initial version of an open source, formally verified, secure hardware enclave based on RISC-V architecture called Keystone. "From a security community perspective, having trustworthy secure enclaves is really important for …
Thomas Claburn, 31 Aug 2018
Cryptojacking illustration

Cryptojacking isn't a path to riches - payout is a lousy $5.80 a day

Cryptojacking, the hijacking of computing resources to mine cryptocurrency, turns out to be both relatively widespread and not particularly profitable, according to a paper published by code boffins from Braunschweig University of Technology in Germany. In a paper distributed via ArXiv, researchers Marius Musch, Christian …
Thomas Claburn, 30 Aug 2018
image of binary on screen with word 'exploit'

Intel Management Engine JTAG flaw proof-of-concept published

The security researchers who found a way to compromise Intel's Management Engine last year have just released proof-of-concept exploit code for the now-patched vulnerability. Mark Ermolov and Maxim Goryachy at Positive Technologies have published a detailed walkthrough for accessing an Intel's Management Engine (IME) feature …
Thomas Claburn, 29 Aug 2018
Password

No, eight characters, some capital letters and numbers is not a good password policy

Internal cybersecurity audits rarely make it to the public domain, but when they do it’s often an eye-popping read. Take the Western Australian (WA) Auditor General’s 2017 recent report on the state of user account security in an Aussie state which tends a mammoth 234,000 Active Directory (AD) accounts across 17 state agencies …
John E Dunn, 28 Aug 2018
Linux penguin with American flag-themed hat and flag

Linux 4.19 lets you declare your trust in AMD, IBM and Intel

Linux v4.19-rc1, release candidate code published on Sunday, allows those building their own kernel or Linux distribution to choose whether or not to trust the CPU hardware random number generator, a decision that has become complicated in the wake of the revelations about government surveillance over the past five years. When …
Thomas Claburn, 28 Aug 2018
3D printed gun

Judge bars distribution of 3D gun files... er, five years after they were slapped onto the web

A federal judge has issued a preliminary injunction barring the online distribution of CAD files for 3D printed guns, upholding a temporary injunction issued in late July. "We just won a preliminary injunction in federal court, continuing to block the Trump admin from allowing the distribution of 3D-printed gun files," said …
Thomas Claburn, 27 Aug 2018

Ah, um, let's see. Yup... Fortnite CEO is still mad at Google for revealing security hole early

Updated The CEO of Epic Games, maker of smash-hit shoot-em-up Fortnite, continues to savage Google for disclosing a security hole in his software. Calling the ad giant "irresponsible" for publicly disclosing the vulnerability on Friday, Tim Sweeney posted a string of angry tweets over the weekend and into Monday accusing the search …
Kieren McCarthy, 27 Aug 2018
Pixellated Facebook thumb

Now that's a fortune cookie! Facebook splats $5k command-injection bug in one of its servers

Facebook has patched a remote-code execution flaw discovered in one of its servers. Researcher Daniel 'Blaklis' Le Gall, of SCRT Information Security, said on Friday he bagged a $5,000 bug bounty from the social network for reporting a flaw that could be exploited to execute arbitrary commands using malicious cookies. Though …
Shaun Nichols, 24 Aug 2018
Wicker Man in landscape

Wickr gets slicker with fresh network tricker: Privacy-protecting domain fronting alternative emerges

Encrypted comms service Wickr has hooked up with Psiphon, a maker of censorship circumvention tools, to provide an alternative to domain fronting as a defense against prying eyes online. Domain fronting is a technique for hiding requested network hostnames from those monitoring your internet traffic. It presents one hostname …
Thomas Claburn, 23 Aug 2018

Create a news alert about security, or find more stories about security.

Biting the hand that feeds IT © 1998–2018