Articles about security


We asked the US military for its 'do not buy' list of Russian, Chinese gear. Surprise: It doesn't exist

The US Department of Defense's "do not buy" list of foreign software and equipment turns out to be about as long as the list of bug-free Windows releases or privacy-focused Facebook apps. In other words, it doesn't exist. According to news reports in July, there is such a list, and the Pentagon has been adding to it in an …
Thomas Claburn, 16 Nov 2018
Illustration of computer chip with spying eyes

Super Micro chief bean counter: Bloomberg's 'unwarranted hardware hacking article' has slowed our server sales

Super Micro Computer on Thursday reported net sales in the range of $952m to $962m for the first quarter of its fiscal 2019, which ended September 30, 2018. That's higher than company guidance of $810m to $870m, and up roughly 40 per cent on the year-ago period. The Silicon Valley server maker delivered GAAP EPS in the range …
Thomas Claburn, 16 Nov 2018
Businessman looking confused and doubtful

The threat to your org's data lies betwixt chair and keyboard. Join us live on the internet for expert advice on tackling issue

Webcast If you like true crime stories, you already know that at the end the criminal is usually revealed to be someone the victim knew well. The same is often true of cybercrime. Organisations might put in as many layers of IT security as they can in an attempt to keep the criminals out, but meanwhile the real threat to their …
David Gordon, 15 Nov 2018
Thumbs up for Spectre-Meltdown protection

Another Meltdown, Spectre security scare: Data-leaking holes riddle Intel, AMD, Arm chips

Computer security researchers have uncovered yet another set of transient execution attacks on modern CPUs that allow a local attacker to gain access to privileged data, fulfilling predictions made when the Spectre and Meltdown flaws were reported at the beginning of the year. In short, these processor security flaws can be …
Thomas Claburn, 14 Nov 2018
Dynamite illustration labelled Bitcoin

Bloke jailed for trying to blow up UK crypto-cash biz after it failed to reset his account password

A 43-year-old fella has been sentenced to six and a half years in prison for attempted murder – after sending a bomb to a British cryptocoin firm over its failure to reset his account password. According to London's Metropolitan Police Counter Terrorism Command, Jermu Michael Salonen, a resident of Gullspång, Sweden, sent a …
Boot print

Bruce Schneier: You want real IoT security? Have Uncle Sam start putting boots to asses

Any sort of lasting security standard in IoT devices may only happen if governments start doling out stiff penalties. So said author and computer security guru Bruce Schneier, who argued during a panel discussion at the Aspen Cyber Summit this week that without regulation, there is little hope the companies hooking their …
Shaun Nichols, 9 Nov 2018
Drone over a field

I've got the key, I've got the secret. I've got the key to another person's DJI drone account: Vids, info left open to theft

Chinese drone giant DJI has fixed a critical security hole that left its customer account data and quadcopter videos potentially up for grabs. From March through September this year, DJI's customer records, many of which include sensitive data from drone flights, video footage, and owners' personal details, could have been …
plasters cover arm. photo by shutterstock

SMBs: We don't want to spoil all of this article, but have you patched, taken away admin rights, made backups yet?

Backgrounder Recent headlines have been full of IT security breaches at major corporations, such as the theft of customer data from British Airways in September 2018. Yet, smaller companies should not believe that they fly beneath the radar of attackers. The Small Business Cyber Risk Report [PDF] from insurance firm Hiscox found that 47 …
Dan Robinson, 7 Nov 2018

Cyber-crooks think small biz is easy prey. Here's a simple checklist to avoid becoming an easy victim

Comment One of the unpleasant developments of the last decade has been the speed with which IT security threats, once aimed mainly at large enterprises, have spread to SMBs – small and medium businesses. Today, SMBs are no longer secondary targets, and are up against exactly the same cyber-threats with the same level of sophistication …
John E Dunn, 5 Nov 2018
Cargo ship in port, burning

PortSmash attack blasts hole in Intel's Hyper-Threading CPUs, leaves with secret crypto keys

Brainiacs in Cuba and Finland have found a new side-channel vulnerability in Intel x64 processors that could allow an attacker to sniff out cryptographic keys and other privileged information. Following disclosure of the flaw to Intel at the beginning of October, boffins at the Tampere University of Technology in Finland and …

I know what you're thinking: Outsource or in-source IT security? I've worked both sides, so here's my advice...

Comment You’re a small or mid-sized business and have a growing sense of unease that you aren’t doing enough on cyber security. Must be all those headlines about ransomware infections and databases ransacked. Or – perhaps – you’re experiencing an upsurge in phishing attempts. Congratulations – you’ve woken up to something that a …
A still from Total Recall's 'two weeks' scene

Now Europe wants a four-million-quid AI-powered lie detector at border checkpoints

The EU is readying an AI-based screening system designed to catch travelers who lie about their reasons for visiting the Continent. The European Commission has thrown more than €4.5m (£4m, $5.1m) into iBorderCtrl, a self-described "intelligent control system" that analyzes answers given by travelers to a series of questions at …
Shaun Nichols, 2 Nov 2018
A cry crying over her scraped knee

IT Wi-Fi kit bit by TI chip slip: Wireless gateways open to hijacking via BleedingBit chipset vuln

Updated On Thursday, network equipment makers Aruba, Cisco, and Cisco-owned Meraki plan to patch two flaws in Bluetooth Low Energy (BLE) chips made by Texas Instruments (TI) that power their respective enterprise Wi-Fi access points. The coordinated disclosure, prompted by security biz Armis' discovery of two critical vulnerabilities …
Shakespeare portrait

Tiny Twitter thumbnail tweaked to transport different file types

A picture turns out to be worth much more than a thousand words, at least on Twitter. For security researcher David Buchanan, it amounts at least 884,000, roughly the number words in the complete works of William Shakespeare. Buchanan found that Twitter image uploads can be polyglot files, meaning they can be valid …
Thomas Claburn, 31 Oct 2018
Scooters strewn about beach

Bird, Lime, and Xiaomi face scooter sueball

Scooter providers Bird and Lime, and scooter makers Segway and Xiaomi, face a lawsuit in Los Angeles, Calif., claiming that the two-wheeled tech toys are poorly manufactured and maintained. The complaint, which aspires to be certified as a class action, was filed earlier this month in a Los Angeles Superior Court by McGee, …
Thomas Claburn, 31 Oct 2018

Yahoo! $50m! hack! damages! bill!, Russian trolls menaced by Uncle Sam inaction, computer voting-machine UI confusion, and more

Roundup This week's headlines included buggy cranes, WebEx cockups, and DNS drama. Here are a few more bits of security news, prepared just for you. Lost money in a crypto-coin scam? Dear Leader Kim Jong Un thanks you for the donation With economic sanctions making it hard to move cash around, North Korean officials have been using …
Shaun Nichols, 27 Oct 2018
Welcome to Florida sign

Florida man won't be compelled to reveal iPhone passcode, yet

Florida's Fourth District Court of Appeals has granted a petition by a defendant not to be forced to reveal his iPhone passcode and iTunes password, based on the US Fifth Amendment's protection against self-incrimination. The defendant, a minor referred to as G.A.Q.L in his petition against the State of Florida, was involved …
Thomas Claburn, 27 Oct 2018
The Doctor from Star Trek: Voyager

How to build your own IT infosec holodeck: A blueprint for crafting a virtual enterprise to prod, test and hack

A group of Italian researchers have developed a blueprint for a massive virtualized enterprise network to allow for large-scale security tests without ruining an IT manager's day. The University of Rome team constructed a large-scale simulated enterprise environment where everything from public-facing servers to DMZ subnets …
Shaun Nichols, 26 Oct 2018

Create a news alert about security, or find more stories about security.

Biting the hand that feeds IT © 1998–2018