On Thursday Facebook's Libra cryptocurrency has received a Gallic dismissal courtesy of France's finance minister. Speaking at the OECD Global Blockchain Policy Forum 2019, a virtual currency conference, Bruno Le Maire said Libra poses certain difficulties in terms of financial transactions and opined that thought needs to be …

On Tuesday, fifty-one CEOs of major data-using companies urged US lawmakers to pass a national data privacy law, insisting that they're committed to protecting consumer privacy. The executives made their plea as signatories to a letter [PDF] from the Business Roundtable, a trade group, that was sent to Congressional leaders. …

Only days after Mozilla said it plans to make DNS-over-HTTPS (DoH) available by default gradually for Firefox users in the US, Google announced its intention to test DoH in Chrome 78, due for beta release in the next two weeks. DoH wraps domain-name queries in a secure, encrypted HTTPS connection to a DNS server, rather than …

The City of New Bedford, in Massachusetts, has found a way to deal with ransomware without paying: shoring up defenses, restoring from backups, and rebuilding systems. The attack on the American city's systems was identified on July 5, after employees noticed unusual network activity upon returning from the July 4th holiday, …

Crown Sterling, a Newport Beach, California-based biz that calls itself "a leading digital cryptographic firm," is suing UBM, the UK-based owner of the Black Hat USA conference, in America for allegedly violating its sponsorship agreement. The complaint [PDF], filed late last week in a New York district court, blames the …

GitHub has announced support for the Web Authentication (WebAuthn) security standard. GitHub already supports two-factor authentication (2FA) via SMS texts (the least secure option, given that phone numbers can be hijacked and SMS messages intercepted), one-time password authentication apps, or U2F (Universal Second Factor) …

On Thursday, Google reminded everyone who might have forgotten that "privacy is paramount to us" and announced an initiative called "Privacy Sandbox" that proposes paving over a few privacy pitfalls without suffocating its ad business. It takes a certain chutzpah for a company with such a lengthy history of privacy scandals to …

AnalysisFacebook's proposed digital currency Libra, and its accompanying digital wallet Calibra, should be scrutinized not only by financial regulators – as lawmakers in the US and Europe have already started to do – but by national entities concerned with law, public safety and defense. The reason for that, argue Valerie Khan, VP of …

On Wednesday, Google, Apple, and Mozilla said their web browsers will block the Kazakhstan root Certificate Authority (CA) certificate – following reports that ISPs in the country have required customers to install a government-issued certificate that enables online spying. According to the University of Michigan's Censored …

An old version of a Ruby software package called rest-client that was modified and released about a week ago has been removed from the Ruby Gems repository – because it was found to be deliberately leaking victims' credentials to a remote server. Jussi Koljonen, a developer with Visma in Helsinki, Finland, discovered the …

Twenty-three towns in Texas have been targeted with ransomware in what appears to be a coordinated attack. On Friday, the Texas Department of Information Resources (DIR), which handles state IT operations, said at least twenty local government entities had been affected. The following day, the DIR said reports from local …

UpdatedThe maintainers of Webmin – an open-source application for system-administration tasks on Unix-flavored systems – have released Webmin version 1.930 and the related Usermin version 1.780 to patch a vulnerability that can be exploited to achieve remote code execution in certain configurations. Joe Cooper, one of the …

Between February and March this year, after Google released a Chrome extension called Password Checkup to check whether people's username and password combinations had been stolen and leaked from website databases, computer scientists at the biz and Stanford University gathered anonymous telemetry from 670,000 people who …

A plan to expand the current DNSSEC security protocol to cover multiple DNS platforms has received the backing of Salesforce, with a first proof-of-concept implementation of the approach announced on Thursday. Engineers from the CRM monster, and traffic management company NS1, claim to have a working REST API that allows them …

AnalysisClickjacking, which came to the attention of security types more than a decade ago, continues to thrive, despite defenses deployed since then by browser makers. Boffins from Microsoft and universities in China, South Korea and the US recently looked at the Alexa top 250K websites and identified three different clickjacking …

The Internet Society has stepped up its long-running effort to improve routing security with a new online stats engine. The MANRS Observatory – named after the industry group Mutually Agreed Norms for Routing Security – combines stats from a number of different sources to rate and reveal operator compliance with systems …

On Tuesday, Netflix, working in conjunction with Google and CERT/CC, published a security advisory covering a series of vulnerabilities that enable denial of service attacks against servers running HTTP/2 services. HTTP/2, like earlier versions, governs the application layer of the internet stack; it runs atop the transport …

The HTTP Alternative Services header can be abused to conduct network reconnaissance and attacks, to bypass malware protection services, and to foil tracking defenses and privacy assumptions, according to a paper scheduled to be presented at the WOOT '19 security conference on Tuesday. Back in March 2016, the Internet …