NHS okays hospitals and doctors storing patient data on public cloud servers

NHS Digital has issued guidance to the independent authorities and businesses that make up the UK's National Health Service, setting out the case for storing extremely sensitive patient data on public cloud servers. Read the rest

Wanna buy a baby's Social Security number? Reports of infants' SSNs for sale on dark web

Dastardly cybercriminals. Is there nothing they won't do?

Read the rest

A newly discovered strain of Android malware contains never-seen surveillance features

A new research report from Kaspersky Labs details their analysis of Skygofree, a newly discovered strain of malware that offers some of the most comprehensive and invasive surveillance tools ever seen for Android.

Read the rest

Playing low frequency noise to disrupt hard-drives: denial of service for CCTVs, data-centers, and other computing environments

A group of Princeton and Purdue researchers have demonstrated a successful acoustic attack against mechanical hard-drives where low-frequency noise keyed to the resonant frequency of the drive components is played nearby, causing the drive to vibrate so that the drive can neither be read nor written to. Read the rest

Intel's Management Engine, a secure-computer-within-your-computer, is really, really insecure

Back in 2016, we published a good technological explainer about Intel's Management Engine, an evolution of the decade-plus old idea of "Trusted Computing," in which a separate, isolated system-on-a-chip lives alongside of your computer, performing cryptographic work and overseeing the functions of your computer. Read the rest

Federal prosecutors say that Ohio man used MacOS malware that covertly operated cameras and mics and exfiltrated porn searches for 13 years

An indictment in the US District Court for the Northern District of Ohio's Eastern Division alleges that Phillip R Durachinsky created a strain of MacOS "creepware" called Fruitfly, which was able to covertly operate the cameras and microphones of infected computers as well as capturing and sharing porn searches from the infected machines; the indictment alleges that Durachinsky used the software for 13 years, targeting individuals, schools, and federal agencies including the Department of Energy. Read the rest

Vtech covered up a leak of data on 6.3m children and their families, then tried to force us not to sue - the FTC just fined them $0.09/kid

Vtech is the Taiwanese kids' crapgadget vendor that breached sensitive data on 6.3 million children and their families, lied about it and covered it up, then added a dirty EULA to its products that made us promise not to sue them if they did it again. Read the rest

Google says it can mitigate Spectre with "negligible" effect

Two days ago, an industry/academic team released a terrifying alert about a pair of CPU bugs called Spectre and Meltdown that allowed one program to steal data from another, even with the best memory-management and isolation techniques -- news that meant that virtually all the mission-critical computers in the world could no longer be trusted to handle sensitive data securely. Read the rest

Virtually every modern computer is vulnerable to a pair of devastating attacks, and there's only a fix for one of them, and it sucks

Today, three groups of security researchers from the Technical University of Graz, Cerberus Security, and Google Project Zero revealed a pair of defects in modern computers that allow adversaries to steal passwords and other sensitive data from virtually any computer in use today. Read the rest

The NSA can't recruit or retain hackers because the pay sucks and the Agency is a bureaucratic mess

The Washington Post reports that the NSA "is losing its top talent at a worrisome rate as highly skilled personnel" because of a mix of low-pay, uninspiring leaders, and a bureaucratic re-org that everyone hates. Read the rest

A bipartisan, GOP-led voting machine security bill that would actually fix vulnerabilities in US elections

The Secure Elections Act is a bipartisan Senate bill with six co-sponsors that reads like a security researcher's wish-list for voting machine reforms. Specifically, it reads like Matt Blaze's wishlist, hewing closely to the excellent recommendations laid out in his testimony to the House of Representatives' Committee on Oversight and Government Reform Subcommittee on Information Technology and Subcommittee on Intergovernmental Affairs Hearing on Cybersecurity, recounting his experiences as a security researcher and as the founder of Defcon's Vote Hacking Village. Read the rest

You absolutely must secure your home router and you probably can't

Lucian Constantin's Motherboard guide to protecting your home router is full of excellent, nearly impossible-to-follow advice that you should follow, but probably won't. Read the rest

Climate deniers beat Google and topped the page on searches for "climate change"

Google has long maintained that it must keep the workings of its search and ad-placement algorithms a secret, lest they provide a roadmap to the kinds of bad actors who'd like tweak the results and give their bad ideas (or sleazy products) pride of placement on its pages. Read the rest

No More Ransom: a clearinghouse for removing ransomware without paying

No More Ransom is a joint effort by Europol, the Dutch police, Kaspersky and McAfee to help people who've been compromised by ransomware get their data back without paying off criminals. Read the rest

Sonos and Bose speakers can be remotely taken over by hackers

Sonos and Bose speakers assume that any device on the same network segment can be trusted to send them audio without any further authentication; if these speakers are on a network whose owner has opened a hole in their firewalls (to run a game-server, say, or because another device on the network has been compromised), they can have data sent to them by anyone on the internet. Read the rest

The FBI and the New York Times warn that smart toys are emissaries from the Internet of Shit

One by one, the New York Times warns of the dangers of every hot smart toy your kids are begging for this Xmas: Furbies, Cayla, kids' smart watches, the ubiquitous Vtech toys (they omit the catastrophic Cloudpets, presumably because that company is out of business now). Read the rest

New Consumers Union report catalogs the potential collateral damage from the crypto wars

In a new white paper, Consumers Union (publishers of Consumer Reports) looks at the "consumer stake in the encryption debate": they note that governments want to ban working cryptography so that cops can spy on crooks, but the reprt does an excellent job enumerating all the applications for crypto beyond mere person to person communications privacy. Read the rest

More posts