Viry a Červi

Prototypes now available for testing

Arm has made available for testing prototypes of its Morello architecture, aimed at bringing features into the design of CPUs that provide greater robustness and make them resistant to certain attack vectors. If it performs as expected, it will likely become a fundamental part of future processor designs.…

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.

McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.

The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.

The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.

But if I give him my bank details, I'll be rich!

On Call  Friday is here. We'd suggest an adult beverage or two to celebrate, but only if you BYOB. While you fill your suitcase, may we present an episode of On Call in which a reader saves his boss from a dunking.…

Enhanced 'Cyber and Critical Technology Partnership' will transport crime to harsh penal regime on the other side of the world

The United Kingdom and Australia have signed a Cyber and Critical Technology Partnership that will, among other things, transport criminals to a harsh penal regime on the other side of the world.…

Coinhive-slinger wins on appeal

A man found guilty of using the Coinhive cryptojacking script to mine Monero on users' PCs while they browsed the web has been cleared by Japan's Supreme Court on the grounds that crypto mining software is not malware.…

Central bank worries that block-bucks reduce government control and are used by crims

Russia has floated the prospect of Putin a ban on cryptocurrencies.…

In a display of 2FA's fallibility, unauthorized transactions approved without users' authentication bled 483 accounts of funds.

Won't reveal net loss, says it stopped some withdrawals and has reimbursed those who had funds taken

Crypto.com on Thursday said in a roundabout way that an unidentified person stole or attempted to steal as much as $34m in cryptocurrency from customer accounts.…

Folks can enable or disable it, install Linux as normal. Just sayin'

PCs coming out this year with Microsoft's integrated Pluton security chip won't be locked down to Windows 11, and users will have the option to turn off the feature completely as well as install, say, Linux as normal, we understand.…

Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.

Latest epsiode - listen now!

UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to log in to the file-sharing software.

And to pay for the privilege. Consultation's open, though

Small and medium-sized managed service providers (MSPs) could find themselves subject to the Network and Information Systems Regulations under government plans to tighten cybersecurity laws – and have got three months to object to the tax hikes that will follow.…

The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.

A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration.

So far we've got a pisspoor video and... er, that's it

Opinion  The British government's PR campaign to destroy popular support for end-to-end encryption on messaging platforms has kicked off, under the handle "No Place To Hide", and it's as broad as any previous attack on the safety-guaranteeing technology.…

Red Hat agrees

The CVE-2022-0185 vulnerability in Ubuntu is severe enough that Red Hat is also advising immediate patching.…