Equifax may soon face the wrath of UK politicians after the chairman of the country's House of Commons Treasury Committee demanded answers from the firm over its handling of its recent data breach. Nicky Morgan MP has written to the chief executive of Equifax Limited asking for further details about the scale of the breach, …

Rapid7 has gone public with news of an e-commerce SQL injection vulnerability, saying it couldn't raise a response from the vendor. The software in question, SmartVista, is an e-commerce and financial product from BPC Banking, and in this post, Rapid7 says it told the company about the issue back in May 2017. The US CERT …

A California bloke fighting a computer hacking conviction has lost his final appeal after the US Supreme Court declined to hear his case. The ramifications of this decision could affect everyone in America who has ever shared a password with their friends and family. We'll explain. In 2004, David Nosal was a high-level …

Attention anyone using Microsoft Outlook to encrypt emails. Researchers at security outfit SEC Consult have found a bug in Redmond's software that causes encrypted messages to be sent out with their unencrypted versions attached. You read that right: if you can intercept a network connection transferring an encrypted email, …

A Washington DC judge has told the US Department of Justice (DoJ) it "does not have the right to rummage" through the files of an anti-Trump protest website – and has ordered the dot-org site's hosting company to protect the identities of its users. Chief Judge Robert E. Morin issued the revised order [PDF] Tuesday following a …

Hackers believed to be from North Korea are casing out US electric companies in preparation for a possible cyber attack – so says security firm FireEye. "FireEye devices detected and stopped spear phishing emails sent on Sept. 22, 2017, to US electric companies by known cyber threat actors likely affiliated with the North …

Shoppers at SuperValu, Centra and Mace have been told to review their bank statements following a cyber attack against Irish retailer Musgrave. Musgrave, which owns all three stores, urged customers to take the precaution amid fears that hackers may have extracted credit card and debit card numbers and expiry dates from its …

Continuing the US government's menacing of strong end-to-end encryption, Deputy Attorney General Rod Rosenstein told an audience at the US Naval Academy that encryption isn't protected by the American Constitution. In short, software writers and other nerds: the math behind modern cryptography is trumped by the Fourth …

Updated The brouhaha over Russian spies using Kaspersky antivirus to steal NSA exploits from a staffer's home PC took an explosive turn on Tuesday. Essentially, it is now claimed Israeli spies hacked into Kaspersky's backend systems only to find Russian snoops secretly and silently using the software as a global search engine. Kremlin …

Updated Hackers managed to pinch $60m from the Far Eastern International Bank in Taiwan by infiltrating its computers last week. Now, most of the money has been recovered, and two arrests have been made in connection with the cyber-heist. On Friday, the bank admitted the cyber-crooks planted malware on its PCs and servers in order to …

Microsoft today released patches for more than 60 CVE-listed vulnerabilities in its software. Meanwhile, Adobe is skipping October's Patch Tuesday altogether. Among the latest holes that need papering over via Windows Update are three vulnerabilities already publicly disclosed – with one being exploited right now by hackers to …

Updated Last month, US credit score agency Equifax admitted the personal data for just under 400,000 UK accounts was slurped by hackers raiding its database. On Tuesday this week, it upped that number ever-so-slightly to 15.2 million. In true buck-passing fashion, at the time of writing, Equifax hadn't even released a public statement …

Apple, we have a problem. A bug report filed Monday through Open Radar – which mirrors bug reports developers submit to Apple's private bug tracking system – suggests that password prompts in iOS apps can be misused to steal passwords and other secrets. In a blog post today describing the issue, developer Felix Krause, founder …

Cybercriminals in the Arab states are some of the most cooperative in the world, according to Trend Micro this week. The infosec biz's latest study, Digital Souks: A glimpse into the Middle Eastern and North African underground, identifies the most popular kinds of hacking tools and commodities, and the most active countries …

Hybrid cyber attacks on banks in former Soviet states has already resulted in estimated losses of $100m. Security researchers at Trustwave report today that cybercriminals are using mules to open accounts with counterfeit documents while hackers compromise the bank's systems to obtain unauthorised privileged access and break …

Cryptojacking is well on its way to becoming a new menace to internet hygiene. On some sites, internet publishers are making money by using the spare processor cycles of visiting surfers to mine cryptocurrency, using scripts running in the background on pages to mine coins. In other cases, hackers have planted JavaScript on …

We’re leaking location data everywhere, and it's time to fix it by design. An example: if you go on safari in Africa, you'll be asked to turn off your smartphone's location tracking capabilities. The reason is that most people have no idea that every photo they take with their phone embeds location data in the exchangeable …

Security bods have closed off a malvertising campaign targeting an ad network spread through an ad network that targeted smut site P0rnHub. The attacks exposed “millions of potential victims in the US, Canada, the UK, and Australia”, said the Proofpoint researchers who discovered the attack. Proofpoint said the campaign was …

Keeping the UK safe from cyber attacks is now as important as fighting terrorism, the new GCHQ boss has said. Jeremy Fleming, director of the signals intelligence service, said increased funding for GCHQ was being spent on making it a "cyber-organisation" as much as an intelligence and counter-terrorism unit. Fleming, who …

BAE Systems, maker of military machinery, is to slash more than 1,000 jobs, according to reports, with most roles affected at its Warton plant in Lancashire, England – the main factory that builds the Eurofighter Typhoon. While nominally a multinational aircraft, the Typhoon is effectively a BAE design from top to bottom and …

VB2017 Poor disclosure and intrusive advertising are becoming a bête noire for gamers who increasingly find themselves getting fragged by promos. Adverts in gaming or advergaming systems are becoming more complex as marketeers resort to techniques that embed advertising deep enough so that earlier ad-blocking attempts no longer work …

Virtual private network provider PureVPN helped the FBI track down a suspected internet stalker, by combing its logs to reveal his IP address. The US Department of Justice announced on Friday the arrest of Ryan Lin, a 24-year-old from Newtown, Massachusetts, on charges that he cyber-stalked a former roommate. According to the …

"Operation Resume Hoard" was going well. Initiated around April 1, 2015, it represented David W. Kent's plan to build the membership of his oil and gas industry networking site Oilpro.com. Court documents indicate that Kent, 41, of Spring, Texas, USA, had a buyer in mind: DHI Group, the employment data biz that in 2010, when …

Disqus, the developer of website comment systems used worldwide, is playing the old "bury bad news late on a Friday" card – as it just confessed one of its databases was swiped by hackers. The software maker, which produces reader comment boards for blogs and newspapers everywhere, admitted at 4pm Pacific Time, Friday, that a …

Microsoft is silently patching security bugs in Windows 10, and not immediately rolling out the same updates to Windows 7 and 8, potentially leaving hundreds of millions of computers at risk of attack. Flaws and other programming blunders that are exploitable by hackers and malware are being quietly cleaned up and fixed in the …

Roundup Another week draws to a close so it's time to review the security news you may have missed in between the big hitters: the NSA contractor who leaked more exploits, Apple's encryption password blunder, and so on. This week we've seen bugs, hacking, and government silliness – take a look... Computerinsel PhotoLine full of bugs …

Russia doesn't want America taking one of its nationals accused of running a $4bn Bitcoin laundering ring – Moscow wants him more. The Russian foreign ministry said in a statement on Friday that a Greek court's decision to extradite Alexander Vinnik to the US is "unjust and a violation of international law". The 38-year-old …

VB2017 Avast staffers spoke at the Virus Bulletin International Conference in Madrid, Spain, on Thursday to shed more light on their postmortem of the CCleaner fiasco – and urge developers to protect their software's toolchain and distribution systems from hackers. The widely used utility, which removes unwanted temporary files and …

Yet another W3C API can be turned against the user, privacy boffin Lukasz Olejnik has warned – this time, it's in how browsers store and check credit card data. As is so often the case, a feature created for convenience can be abused in implementation. To save users from the tedious task of entering the 16 characters of their …

Analysis The US Senate Judiciary Committee has unveiled its answer to a controversial spying program run by the NSA and used by the FBI to fish for crime leads. Unsurprisingly, the proposed legislation [PDF] reauthorizes Section 702 of the Foreign Intelligence Surveillance Act (FISA) – which allows American snoops to scour …

Russian government spies used Kaspersky Lab software to extract top-secret software exploits from an NSA staffer's home PC, anonymous sources have claimed. The clumsy snoop broke regulations by taking the classified code, documentation, and other materials home to work on using his personal computer, which was running …

Video Apple on Thursday released a security patch for macOS High Sierra 10.13 to address vulnerabilities in Apple File System (APFS) volumes and its Keychain software. Matheus Mariano, a developer with Brazil-based Leet Tech, documented the APFS flaw in a blog post a week ago, and it has since been reproduced by another programmer, …

VB2017 Intel agencies and top-tier hackers are actively hacking other hackers in order to steal victim data, borrow tools and techniques, and reuse each other's infrastructure, attendees at Virus Bulletin Con, Madrid, were told yesterday. The increasing amount of spy-vs-spy type activity is making accurate threat intel increasingly …

The National Cyber Security Centre responded to 590 "significant attacks" over the last year including WannaCry, MPs' email addresses being targeted due to weak passwords and various threats to other large organisations. The body was created in October last year, bringing together previously separate parts of government, MI5 …

VB2017 Some bulletproof hosting (BPH) operations – wellspring of all manner of online villainy – are moving their operations to the disputed territories of eastern Ukraine and Transnistria on the Moldovan border. BPH is often sold through darknet bazaars. These services sit at the centre of long-lasting, large-scale and profitable …

Indian antivirus and endpoint vendor Seqrite claims the nation's internet registry has suffered a data breach, but the registry's parent organisation says while it was attacked the information obtained was trivial. Seqrite says its researchers noticed “an advertisement on DarkNet announcing secret access to the servers and …