News

School-friendly tool still not fully protected, privacy guru warns

Screencastify, a popular Chrome extension for capturing and sharing videos from websites, was recently found to be vulnerable to a cross-site scripting (XSS) flaw that allowed arbitrary websites to dupe people into unknowingly activating their webcams.…

Security engineer outlines self-help strategy for keeping software supply chain safe

Following the recent disclosure of a technique for hijacking certain NPM packages, security engineer Danish Tariq has proposed a defensive strategy for those looking to assess whether their web apps include dependencies tied to subvertable email domains.…

Redmond claims the numbers are scary, but won't release them

Microsoft has sounded the alarm on DDoS malware called XorDdos that targets Linux endpoints and servers.…

Less than two weeks into his new gig, Yoon cozies up to Biden as China and DPRK loom

US president Biden and South Korea's new president Yoon Suk Yeol have pledged further co-operation in many technologies, including joint efforts to combat North Korea.…

Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

In brief  The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. …

Because Beijing isn't above covert ops to accomplish its five-year goals

Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.…

May 10 update addressed serious vulns but also had problems of its own

Microsoft has released an out-of-band patch to deal with an authentication issue that was introduced in the May 10 Windows update.…

Research claims it fails to autofill certain names in Han characters, Microsoft says it's technical error

Updated  Microsoft search engine Bing censors terms deemed sensitive in China from its autosuggestion feature internationally, according to research from Citizen Lab.…

Startup QuSecure is the latest vendor to jump into the field with its as-a-service offering

Analysis  Startup QuSecure will this week introduce a service aimed at addressing how to safeguard cybersecurity once quantum computing renders current public key encryption technologies vulnerable.…

Ban on shopping from September, rip and replace order with 2024 deadline

The Canadian government has joined many of its allies and banned the use of Huawei and ZTE tech in its 5G networks, as part of a new telecommunications security framework.…

But also makes it plain that offshore entities must comply

India has slightly softened its controversial new reporting requirements for information security incidents and made it plain they apply to multinational companies.…

Well, that clears things up? Maybe not.

The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.…

Swiss banks cough up around half of the proceeds of crime

The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.…

They're using the invasion 'to take aim at the usual adversaries,' Mandiant told The Reg

Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests — namely, advancing anti-Western narratives – according to threat-intel experts at Mandiant.…

Crew's raids continue worldwide, Talos team warns

The US government's alert three months ago warning businesses and government agencies about the threat of BlackByte has apparently done little to slow down the ransomware group's activities.…

CyberThreat 22 returns this September

Sponsored Post  It might feel like you’re facing down the cyber bad guys all on your own sometimes but be assured that’s not the case. In fact, if you head to CyberThreat 22 this Autumn you can draw on the expertise of some of the world’s most experienced practitioners.…

No, you're not really gonna be hacked. But you may be surprised

Some research into the potentially exploitable low-power state of iPhones has sparked headlines this week.…

Critical authentication bypass revealed, older flaws under active attack

Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems.…

Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D

Analysis  Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.…

FBI and co blow lid off latest PHP tampering scam

The FBI and its friends have warned businesses of crooks scraping people's credit-card details from tampered payment pages on compromised websites.…