November 2024

DARPA-backed voting system for soldiers abroad savaged

VotingWorks, developer of the system, disputes critics' claims An electronic voting project backed by DARPA – Uncle Sam's boffinry nerve center – to improve the process of absentee voting for American military personnel stationed abroad has been slammed by security researchers.…

Chinese ship casts shadow over Baltic subsea cable snipfest

Danish military confirms it is monitoring as Swedish police investigate. Cloudflare says impact was 'minimal' The Danish military has confirmed it is tracking a Chinese ship that is under investigation after two optical fiber internet cables under the Baltic Sea were damaged, an situation German Defense Minister Boris…

‘Alarming’ security bugs lay low in Linux’s needrestart server utility for 10 years

Update now: Qualys says flaws give root to local users, are 'easily exploitable' Researchers at Qualys refuse to release exploit code for five bugs in the Linux world's needrestart utility that allow unprivileged local attackers to gain root access without any user interaction.…

Now Online Safety Act is law, UK has ‘priorities’ – but still won’t explain ‘spy clause’

Draft doc struggles to describe how theoretically encryption-busting powers might be used The UK government has set out plans detailing how it will use the new law it has created to control online platforms and social media – with one telling exception.…

Put your usernames and passwords in your will, advises Japan’s government

Digital end of life planning saves your loved ones from a little extra anguish Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it.…

Five Scattered Spider suspects indicted for phishing spree and crypto heists

DoJ also shutters allleged crimeware and credit card mart PopeyeTools The US Department of Justice has issued an indictment that names five people accused of stealing millions in cryptocurrency – and we are told they are suspected members of cyber-gang Scattered Spider.…

Mega US healthcare payments network restores system 9 months after ransomware attack

Change Healthcare’s $2 billion recovery is still a work in progress Still reeling from its February ransomware attack, Change Healthcare confirms its clearinghouse services are back up and running, almost exactly nine months since the digital disruption began.…

Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed

OSS-Fuzz is making a strong argument for LLMs in security research Google's OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities, including a critical flaw in the widely used OpenSSL library.…

D-Link tells users to trash old VPN routers over bug too dangerous to identify

Vendor offers 20% discount on new model, but not patches Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.…

Data is the new uranium – incredibly powerful and amazingly dangerous

CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value Column  I recently got to play a 'fly on the wall' at a roundtable of chief information security officers. Beyond the expected griping and moaning about funding shortfalls and always-too-gullible users,…

Copyright © 2024 Lugapel