Webcast The future of DevOps is all about speeding up software development and deployment, aided by cloud-based infrastructure, RESTful APIs and open-source software. There’s a general assumption that if everyone can see the open-source code, the chances are somebody somewhere has spotted any vulnerabilities and fixed them. Join the …

If you've been looking at SiFive's RISC-V-based chip technology and thinking, y'know what, it's missing an Arm TrustZone-style element to run sensitive code, well, here's some good news. And if you're just into processor design and checking out alternatives to Arm CPU cores, then this may be some interesting news. SiFive …

Updated A bunch of Trend Micro anti-malware tools have vanished from Apple's Mac App Store – after they were spotted harvesting and siphoning off users' browser histories. Dr Cleaner, Dr Antivirus, and App Uninstall – utilities owned by the Japan-headquartered security house and distributed on the Mac App Store – are no longer …

Roundup This week brought with it a Supermicro shoring up firmware security, a North Korean hacking charge, and a spying anti-adware macOS tool getting yanked by Apple from its App Store. Elsewhere, we had… BrokenType broken out with source code release A software vulnerability probing tool called BrokenType had appeared in public on …

Captricity, a company that touts AI software capable of reading text better than people, has been blamed for a bumper crop of data entry errors that misrepresent what many US Senate candidates are actually spending for their campaigns. According to a report published this week from the Center for Public Integrity (CPI), there …

Apple has removed an app called Adware Doctor:Anti Malware &Ad from the macOS App Store following claims it sent users' browser histories to a remote server in China. The app's misbehavior was first noted by a security researcher who goes by name Privacyis1st on Twitter and claims to have alerted Apple to the weirdness in …

Comment Businesses find themselves in a world where the threat to their networks often comes not simply from a compromise of their computers, servers, or infrastructure, but from legitimate, sanctioned users. There is nothing new about the notion of cyber-attackers seeing human beings as their biggest target. For years, real-world …

The US government has formally accused the North Korean government of being behind the Sony Pictures hack, the WannaCry ransomware that crippled the UK's National Health Service and other organizations, and a series of online bank heists including $81m stolen from Bangladesh's national bank. The state-sponsored attacks were …

British Airways on Thursday said it is investigating the theft of customer data from its website and mobile app servers. The biz, which bills itself as the world's favorite airline, said its systems had been compromised for more than two weeks. "From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the …

At some point this fall, a team of researchers from MIT's CSAIL and UC Berkeley's EECS aim to deliver an initial version of an open source, formally verified, secure hardware enclave based on RISC-V architecture called Keystone. "From a security community perspective, having trustworthy secure enclaves is really important for …

Cryptojacking, the hijacking of computing resources to mine cryptocurrency, turns out to be both relatively widespread and not particularly profitable, according to a paper published by code boffins from Braunschweig University of Technology in Germany. In a paper distributed via ArXiv, researchers Marius Musch, Christian …

The security researchers who found a way to compromise Intel's Management Engine last year have just released proof-of-concept exploit code for the now-patched vulnerability. Mark Ermolov and Maxim Goryachy at Positive Technologies have published a detailed walkthrough for accessing an Intel's Management Engine (IME) feature …

Internal cybersecurity audits rarely make it to the public domain, but when they do it’s often an eye-popping read. Take the Western Australian (WA) Auditor General’s 2017 recent report on the state of user account security in an Aussie state which tends a mammoth 234,000 Active Directory (AD) accounts across 17 state agencies …

Linux v4.19-rc1, release candidate code published on Sunday, allows those building their own kernel or Linux distribution to choose whether or not to trust the CPU hardware random number generator, a decision that has become complicated in the wake of the revelations about government surveillance over the past five years. When …

A federal judge has issued a preliminary injunction barring the online distribution of CAD files for 3D printed guns, upholding a temporary injunction issued in late July. "We just won a preliminary injunction in federal court, continuing to block the Trump admin from allowing the distribution of 3D-printed gun files," said …

Updated The CEO of Epic Games, maker of smash-hit shoot-em-up Fortnite, continues to savage Google for disclosing a security hole in his software. Calling the ad giant "irresponsible" for publicly disclosing the vulnerability on Friday, Tim Sweeney posted a string of angry tweets over the weekend and into Monday accusing the search …

Facebook has patched a remote-code execution flaw discovered in one of its servers. Researcher Daniel 'Blaklis' Le Gall, of SCRT Information Security, said on Friday he bagged a $5,000 bug bounty from the social network for reporting a flaw that could be exploited to execute arbitrary commands using malicious cookies. Though …

Encrypted comms service Wickr has hooked up with Psiphon, a maker of censorship circumvention tools, to provide an alternative to domain fronting as a defense against prying eyes online. Domain fronting is a technique for hiding requested network hostnames from those monitoring your internet traffic. It presents one hostname …