After scrambling to patch a critical vulnerability late last month, Drupal is at it again. The open source content management project has issued an unscheduled security update to augment its previous patch for Drupalgeddon2. There was also a cross-site scripting bug advisory in mid-April. Rage Running Drupal? You need to …

Two new encryption algorithms developed by the NSA have been rejected by an international standards body amid accusations of threatening behavior. The "Simon" and "Speck" cryptography techniques were designed for the next generation of internet-of-things sensors, and were intended to become a global standard. But there were …

Infosec outfit F-Secure has uncovered security vulnerabilities in a hotel keycard system that can be exploited by miscreants to break into rooms across the globe. Exploitable flaws were discovered in the lock system software, Vision by VingCard, which F-Secure said is used to secure millions of hotel rooms worldwide. Their …

Updated Security researcher Kate Temkin has released proof-of-concept code dubbed Fusée Gelée that exploits a bug in Nvidia's Tegra chipsets to run custom code on locked-down devices. Temkin, who participates in the Nintendo Switch hacking project ReSwitched, has developed a cold-boot hack for the games console that takes advantage of …

Roundup Here's a roundup of this week's security news, beyond what we've already covered. Besides RSA: BSides and OURSA Sunday saw the start of the two-day BSides SF conference, which caters more for hackers – white, gray, and black hat – rather than this week's RSA Conference, which is aimed more at sales and marketing execs, and IT …

The US Federal Trade Commission has released an audit of Facebook's privacy practices and it turns out there's nothing to worry about, at least as far as accounting firm PricewaterhouseCoopers (PwC) is concerned. Clearly, there's nothing to worry about. Go back to your homes, people. PwC, retained to check on how Facebook has …

RSA has copped to a security vulnerability in the backend systems powering the smartphone app for its annual security conference, held this week in San Francisco, USA. Infosec expert "svbl" discovered and reported a privacy cockup in an API, which could be accessed by anyone with an RSA Conference account, to fetch the names …

An increasing number of Mac loyalists are complaining that the latest desktop operating system update from Apple is killing their computers. The 10.13.4 update for macOS High Sierra is recommended for all users, and was emitted at the end of March promising to "improve stability, performance, and security of your Mac." macos …

In case you needed another reason not to open Adobe Flash or Microsoft Office files from untrusted sources: ThreadKit, an app for building documents that infect vulnerable PCs with malware when opened, now targets a recently patched Flash security bug. This means less-than-expert hackers can use ThreadKit to craft booby- …

Facebook held a press conference on Thursday to provide details about its efforts to prevent electoral manipulation, only to have its damage control eclipsed by the publication of an executive's internal memo from 2016 suggesting growth mattered more than human life. Acknowledging that Facebook had been used "to divide …

The US Department of Justice and Department of the Treasury on Friday charged nine Iranians with carrying out a series of internet attacks on more than 300 universities and 47 companies in the US and abroad, as well as federal and state agencies and the United Nations. The defendants were involved in various capacities with …

Updated IT systems used by the City of Atlanta, in the US state of Georgia, have succumbed to a ransomware attack, cutting off some online city services and potentially putting the personal information of employees and citizens at risk. At a press conference held on Thursday afternoon, Atlanta Mayor Keisha Lance Bottoms said the …

AMD has finally weighed in with its opinion of the security flaws in its Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile chips, identified in a rather over-the-top fashion by CTS-Labs a week ago. The vulnerabilities affect the firmware managing the AMD Secure Processor and the chips used in some socket AM4 and socket TR4 desktop …

Software called etcd, used for storing data across clusters of containers, has a problem – it does not implement authentication by default and so poses a security risk if deployed without further fiddling. It's also rather widely used because it comes with Kubernetes, the popular container orchestration software. Giovanni …

Talk about the ultimate Git Blame. Programmers can be potentially identified from the low-level machine-code instructions in their software executables by AI-powered tools. That's according to boffins from Princeton University, Shiftleft, Drexel University, Sophos, and Braunschweig University of Technology, who have described …

The US Department of Homeland Security and the Federal Bureau of Investigation on Thursday issued an alert warning of ongoing cyber-attacks against the West's energy utilities and other critical infrastructure by individuals acting on behalf of the Russian government. The security warning coincides with the US Treasury …

Analysis CTS-Labs, a security startup founded last year in Israel, sent everyone scrambling and headlines flying today – by claiming it has identified "multiple critical security vulnerabilities and manufacturer backdoors in AMD’s latest Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile processors." Tuesday's glitzy advisory disclosed no …

Internet users in Turkey, Egypt and Syria who attempted to download legitimate Windows applications have been redirected to nation-state spyware through deep-packet inspection boxes placed on telecom networks in Turkey and Egypt, according to a report issued Friday by security research group Citizen Lab. Citizen Lab, a Canada- …