India’s Computer Emergency Response Team (CERT-In) has given many of the nation’s IT shops a big job that needs to be done in a hurry: complying with a new set of rules that require organizations …
India gives local techies 60 days to hit 6-hour deadline for infosec incident reporting Read More »
To the surprise of many users, China’s largest Twitter-esque microblogging website, Sina Weibo, announced on Thursday that it will publish users’ IP addresses and location data in an effort to keep their content honest and …
Sina Weibo, China’s Twitter analog, reveals users’ locations and IP addresses Read More »
Linux vendors on Tuesday issued patches for a memory corruption vulnerability in a component called polkit that allows an unprivileged logged-in user to gain full root access on a system in its default configuration. Security …
Linux distros haunted by Polkit-geist for 12+ years: Bug grants root access to any user Read More »
Twitter’s head of security and CISO both ejected from the social media biz this month. Infosec guru Mudge, aka Peiter Zatko, joined Twitter in 2020 in the aftermath of 130 high-profile accounts, including those of …
Twitter’s top security staff out after incoming CEO shakes things up Read More »
Folks at Technische Universität Wien in Austria have devised a formal security framework called WebSpec to analyze browser security. And they’ve used it to identify multiple logical flaws affecting web browsers, revealing a new cookie-based …
WebSpec, a formal framework for browser security analysis, reveals new cookie attack Read More »
The Belgian Ministry of Defence has suffered a cyber attack after miscreants exploited one of the vulnerabilities in Log4j. The attack marks the first occasion that a NATO country’s defence ministry has fallen victim to …
The US Attorney’s Office of Massachusetts on Monday announced the extradition of Vladislav Klyushin, a Russian business executive with ties to the Kremlin, on charges of hacking US computer networks and committing securities fraud by …
VMware has warned users a flaw in its VMware Verify two-factor authentication product could allow a malicious actor with a first-factor authentication credential to obtain a second factor from its VMware Verify product. CVE-2021-22057 is …
VMware 2FA flaw can divulge that vital second credential to malicious actors Read More »
VMware customers have probably had a busy week because more than 100 of the IT giant’s products are impacted by the Log4j bug. Now they need to make another urgent patching effort, because the virty …
Over Log4j? VMware has another critical flaw for you to patch Read More »
Facebook successor Meta on Thursday said it canceled 1,500 social media accounts used by seven surveillance-for-hire firms to conduct online attacks against government critics and members of civil society. These accounts were primarily used to …
British police have made a series of arrests over the past few months after people with apparent access to NHS databases allegedly sold fake vaccination status entries on the NHS vaccine passport app. This week …
Social media and search engine operators in Japan will be required to specify the countries in which users’ data is physically stored, under a planned tweak to local laws. The Ministry of Internal Affairs and …
Japan draws a LINE: web giants must reveal where they store user data Read More »