Viry a Červi

Out of 284 flaws, 33 are rated critical. Big Red admins have big patches ahead

Oracle admins, here's your first critical patch advisory for 2019, and it's a doozy: a total of 284 vulnerabilities patched across Big Red's product range, and 33 of them are rated “critical”.…

Open-source CMS gets a pair of critical fixes

Drupal has issued a pair of updates to address two security vulnerabilities in its online publishing platform. The vulns are a little esoteric, and will not affect most sites, but it's good to patch just in case you later add functionality that can be exploited.…

Cock-up went unnoticed for two Olympics, one World Cup, an EU referendum, and a US presidential election

Twitter has fessed up to a flaw in its Android app that, for more than four years, was making twits' private tweets public. The programming blunder has been fixed.…

Microsoft is offering rewards of up to $20,000 for flaws in its Azure DevOps online services and the latest release of the Azure DevOps server.

Apple CEO Tim Cook has called on the government to double down on data privacy regulation in 2019.

Prof Maureen Baker told tribunal info security and clinical safety are two separate things

The founders of medical symptom-checker app Your.MD knew that a number of key medical information databases were "open to anyone who knows the URL", emails seen by a London tribunal have revealed.…

Thousands of individual breaches make up the database, one of the largest troves of stolen credentials ever seen.

We see a lot of spam in the VBSpam test lab, and we also see how well such emails are being blocked by email security products. Worryingly, it is often the emails with a malicious attachment or a phishing link that are most likely to be missed.

Read more

In a case that could be straight out of a legal TV drama, a computing font has cost a couple two houses in a Canadian bankruptcy case.

She sent her bank account details three times, she said. Unfortunately, they wound up in crooks' hands, and her money wound up in their pockets.

New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.

A researcher has discovered an exposed database containing gigabytes of call logs, SMS data, and internal system credentials belonging to US Voice-over-IP (VoIP) service provider VOIPo.com.

Mydoom turns 15 this month, and is still being seen in email attachments. This Throwback Thursday we look back to March 2004, when Gabor Szappanos tracked the rise of W32/Mydoom.

Read more

They're charged with phishing and inflicting malware to get into the EDGAR filing system, stealing thousands of filings, and selling access.

Now is a good time to get a password manager app

Infosec researcher Troy Hunt has revealed that more than 700 million email addresses have been floating around “a popular hacker forum” - along with a very large number of plain text passwords.…

No idea who could have been behind this one...

The South Korea Ministry of National Defense says 10 of its internal PCs have been compromised by North Korea unknown hackers.…

Lawsuit claims coin thief was part of a gang targeting crypto whales

The victim of a $24m cryptocurrency heist is suing his assailants in what is believed to be the first ever RICO claim involving digital currency.…

Our reader poll showed overwhelming support for 2FA even in the wake of a bypass tool being released -- although lingering concerns remain.

The storage server was left open for about a week and exposed everything from sensitive FBI investigations to data related to patients with AIDS.

UEFI malware has been in the wild for more than two years

The Fancy Bear hacking group's Lojax rootkit is far from a one-off tool, and may have been active in the wild for years before it was first reported.…